Thursday, April 29, 2010

RHCT / RHCE Notes- Apache / Squid (29/04/2010)

Apache configuration

Question:
- implement a web server for the site http://stationX.example.com, then perform the following steps:
- Download ftp://server1.example.com/pub/rhce/station.html
- Rename the download file to index.html
- Copy this index.html to the DocumentRoot of your web server
- Do Not make any modifications to the content of index.html
- Extend your webserver to include a virtual host for the site http://wwwx.example.com/, where x is your station number, then perform the following steps:
- Set the DocumentRoot to /var/www/virtual
- Download ftp://server1.example.com/pub/rhce/www.html
- Rename the download file to index.html
- Copy this index.html in the DocumentRoot of the virtual host
- Do Not make any modifications to the content of index.html
- Ensure that user1 is able to create content in /var/www/virtual
Note: The original web site http://stationx.example.com must still be accessible. DNS resolution for the hostname wwwx.example.com is already provided by the name server on server1.example.com.

Answer:

#netstat –ntlp / netstat –nulp
#check port 80 / 443 listening
# rpm -qi httpd
# yum grouplist | less
# yum groupinstall "Web Server"
# yum install mod_ssl ---- for port 443
# vi /etc/httpd/conf/httpd.conf - Main Webserver config
# vi /etc/httpd/conf.d/ssl.conf - SSL webpage
------------------------------------------------------------------------------------------------------
### Default website config ### (stationx.example.com) x = your station number
ftp://server1.example.com/pub/rhce/station.html
mv station.html /var/www/html/index.html
-------------------------------------------------------------------------------------------------------
#### VirtualHost #### (wwwx.example.com) x= your station number
mkdir /var/www/virtual
ftp://server1.example.com/pub/rhce/www.html
mv www.html /var/www/virtual/index.html
--------------------------------------------------------------------------------------------------------

## Create VirtualHost ##

/NameVirtual ß search in vi

NameVirtualHost 192.168.0.10:80

ServerName station10.example.com

ServerAlias station10

DocumentRoot /var/www/html

ServerName www10.example.com

ServerAlias www10

DocumentRoot /var/www/virtual

ErrorLog logs/www10.example.com-error_log

CustomLog logs/www10.example.com-access_log common

-----------------------------------------------------------------------------------------------------------

### HTTPS VirtualHost port 443 ### https://ssl.example.com

vi /etc/httpd/conf.d/ssl.conf

NameVirtualHost 192.168.0.10:443

ServerName ssl.example.com

ServerAlias ssl

DocumentRoot /var/www/virtual-ssl

----------------------------------------------------------------------------------------

SELinux Permission

chcon -R --reference=/var/www/html /var/www/virtual

OR

chcon -R –u system_u /var/www/virtual

chcon -R -t httpd_sys_content_t /var/www/virtual

---------------------------------------------------------------------------------------------------------

Basic text password Auth for Apache

vi /etc/httpd/conf/httpd.conf

/Directory çsearch in vi

###Default configuration for Apache###

Options Indexes FollowSymLinks

AllowOverride None

Order allow,deny

Allow from all

>

###Create one for Basic text Auth###

Alias /virtual "/var/www/virtual/"

AuthType Basic

AuthName "Text Based Auth"

AuthUserFile /etc/httpd/passwords

Require user user1

>

----------------------------------------------------------------------------------------------------------

###Create user name and password file###

htpasswd -c /etc/httpd/passwords user1

###Next Time don need to add –c ###

htpasswd /etc/httpd/passwords user2

httpd -S (Virtualhost setting check)

httpd –t (Syntax Check) OR service httpd configtest

Question:

- Implement a web proxy server bound to port 8080

- Clients within example.com should have access to your proxy server

- Clients outside of example.com should NOT have access to your proxy server.

Answer:

RHCE squid proxy server configuration

#rpm –qi squid – check squid already install or not

#squid –v – check squid version

#if squid not installed

#yum –y install squid

#cp /etc/squid/squid.conf /tmp

vi /etc/squid/squid.conf

1. http_port 3128 à change to http_port 8080

2. acl our_networks src 192.168.0.0/24

3. http_access allow our_networks

4. visible_hostname stationx.example.com (x = your station name)

5. squid -z

6. service squid start

7. chkconfig squid on

8. chkconfig --list squid

Test on client side !!!

vi /etc/profile.d/proxy.sh

export http_proxy=http://192.168.0.10:8080/

export https_ proxy=http://192.168.0.10:8080/

export ftp_proxy=http://192.168.0.10:8080/

export no_proxy=.example.com

No comments: