Question:
- implement a web server for the site http://stationX.example.com, then perform the following steps:
- Download ftp://server1.example.com/pub/rhce/station.html
- Rename the download file to index.html
- Copy this index.html to the DocumentRoot of your web server
- Do Not make any modifications to the content of index.html
- Extend your webserver to include a virtual host for the site http://wwwx.example.com/, where x is your station number, then perform the following steps:
- Set the DocumentRoot to /var/www/virtual
- Download ftp://server1.example.com/pub/rhce/www.html
- Rename the download file to index.html
- Copy this index.html in the DocumentRoot of the virtual host
- Do Not make any modifications to the content of index.html
- Ensure that user1 is able to create content in /var/www/virtual
Note: The original web site http://stationx.example.com must still be accessible. DNS resolution for the hostname wwwx.example.com is already provided by the name server on server1.example.com.
Answer:
#netstat –ntlp / netstat –nulp
#check port 80 / 443 listening
# rpm -qi httpd
# yum grouplist | less
# yum groupinstall "Web Server"
# yum install mod_ssl ---- for port 443
# vi /etc/httpd/conf/httpd.conf - Main Webserver config
# vi /etc/httpd/conf.d/ssl.conf - SSL webpage
------------------------------------------------------------------------------------------------------
### Default website config ### (stationx.example.com) x = your station number
ftp://server1.example.com/pub/rhce/station.html
mv station.html /var/www/html/index.html
-------------------------------------------------------------------------------------------------------
#### VirtualHost #### (wwwx.example.com) x= your station number
mkdir /var/www/virtual
ftp://server1.example.com/pub/rhce/www.html
mv www.html /var/www/virtual/index.html
--------------------------------------------------------------------------------------------------------
## Create VirtualHost ##
/NameVirtual ß search in vi
NameVirtualHost 192.168.0.10:80
ServerName station10.example.com
ServerAlias station10
DocumentRoot /var/www/html
ServerName www10.example.com
ServerAlias www10
DocumentRoot /var/www/virtual
ErrorLog logs/www10.example.com-error_log
CustomLog logs/www10.example.com-access_log common
-----------------------------------------------------------------------------------------------------------
### HTTPS VirtualHost port 443 ### https://ssl.example.com
vi /etc/httpd/conf.d/ssl.conf
NameVirtualHost 192.168.0.10:443
ServerName ssl.example.com
ServerAlias ssl
DocumentRoot /var/www/virtual-ssl
----------------------------------------------------------------------------------------
SELinux Permission
chcon -R --reference=/var/www/html /var/www/virtual
OR
chcon -R –u system_u /var/www/virtual
chcon -R -t httpd_sys_content_t /var/www/virtual
---------------------------------------------------------------------------------------------------------Basic text password Auth for Apache
vi /etc/httpd/conf/httpd.conf
/Directory çsearch in vi
###Default configuration for Apache###
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
>
###Create one for Basic text Auth###
Alias /virtual "/var/www/virtual/"
AuthType Basic
AuthName "Text Based Auth"
AuthUserFile /etc/httpd/passwords
Require user user1
>
----------------------------------------------------------------------------------------------------------
###Create user name and password file###
htpasswd -c /etc/httpd/passwords user1
###Next Time don need to add –c ###
htpasswd /etc/httpd/passwords user2
httpd -S (Virtualhost setting check)
httpd –t (Syntax Check) OR service httpd configtest
Question:
- Implement a web proxy server bound to port 8080
- Clients within example.com should have access to your proxy server
- Clients outside of example.com should NOT have access to your proxy server.
Answer:
RHCE squid proxy server configuration
#rpm –qi squid – check squid already install or not
#squid –v – check squid version
#if squid not installed
#yum –y install squid
#cp /etc/squid/squid.conf /tmp
vi /etc/squid/squid.conf
1. http_port 3128 à change to http_port 8080
2. acl our_networks src 192.168.0.0/24
3. http_access allow our_networks
4. visible_hostname stationx.example.com (x = your station name)
5. squid -z
6. service squid start
7. chkconfig squid on
8. chkconfig --list squid
Test on client side !!!
vi /etc/profile.d/proxy.sh
export http_proxy=http://192.168.0.10:8080/
export https_ proxy=http://192.168.0.10:8080/
export ftp_proxy=http://192.168.0.10:8080/
export no_proxy=.example.com
elinks http://www.google.com
No comments:
Post a Comment