Contents
1. Apache2 installation and virtual host configuration
1.1 Apache2 Install
①httpd Install
|
1 2 3 4 5 6 |
# dnf -y install httpd Version Check # httpd -v Server version: Apache/2.4.62 (Fedora Linux) Server built: Aug 1 2024 00:00:00 |
1.2 Apache Configuration
①Edit httpd.conf file
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak # vi /etc/httpd/conf/httpd.conf #Line 91 : Specify administrator address ServerAdmin [Email Address] #Per line 101: Change ServerName #ServerName www.example.com:80 ServerName [Domain name] #Line 149 : Change (Indexes are deleted) Options FollowSymLinks #Line 156 : Change AllowOverride All #Line 169 : File names accessible by directory name only Add "index.php index.cgi index.htm" #Add to the last line ServerTokens Prod |
②If Firewalld is enabled, HTTP service permission is required; use [80/TCP] for HTTP
|
1 2 |
# firewall-cmd --add-service=http --permanent # firewall-cmd --reload |
③Apache Auto-Start Configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# systemctl start httpd # systemctl enable httpd # systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled) Drop-In: /usr/lib/systemd/system/service.d └─10-timeout-abort.conf Active: active (running) since Sun 2024-11-03 14:43:29 JST; 15s ago Invocation: 42d20ff5d63740ddb8e64e2ee5c6ab38 Docs: man:httpd.service(8) Main PID: 3072 (httpd) Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes served/sec: 0 B> Tasks: 177 (limit: 2251) Memory: 14.7M (peak: 15.1M) CPU: 114ms CGroup: /system.slice/httpd.service ├─3072 /usr/sbin/httpd -DFOREGROUND ├─3075 /usr/sbin/httpd -DFOREGROUND ├─3076 /usr/sbin/httpd -DFOREGROUND ├─3077 /usr/sbin/httpd -DFOREGROUND └─3079 /usr/sbin/httpd -DFOREGROUND Nov 03 14:43:29 Lepard systemd[1]: Starting httpd.service - The Apache HTTP Server... Nov 03 14:43:29 Lepard (httpd)[3072]: httpd.service: Referenced but unset environment variable ev> Nov 03 14:43:29 Lepard httpd[3072]: Server configured, listening on: port 80 Nov 03 14:43:29 Lepard systemd[1]: Started httpd.service - The Apache HTTP Server. |
④operation check
If you access http://[server IP address] and the Fedora Webserver Test Page is displayed as shown below, it is OK.
Hide the Welcome page, create a new index.html file as a Test Page, and check apache operation
Rename the welcome page
|
1 |
# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.org |
|
1 2 3 4 5 6 7 8 9 |
Create HTML test page # vi /var/www/html/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Apache Test Page </div> </body> </html> |
If you access "http://[server IP address]" and the Test Page is displayed as shown below, it is OK.
1.3 Virtual Host Settings
Assign and configure the [FQDN] to be operated on the virtual host in the document root [/var/www/html/FQDN] directory
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# vi /etc/httpd/conf.d/vhost.conf <VirtualHost *:80> DocumentRoot /var/www/html/[FQDN] ServerName [FQDN] ServerAdmin [Email Address] ←Administrator Email Address ErrorLog logs/[FQDN]-error_log CustomLog logs/[FQDN]-access_log combined </VirtualHost> <Directory "/var/www/html/[FQDN]"> Options FollowSymLinks AllowOverride All </Directory> |
Creating a Document Directory
|
1 |
# mkdir /var/www/html/[FQDN] |
Apache restart
|
1 |
# systemctl restart httpd |
Create test pages and check operation
|
1 2 3 4 5 6 7 8 |
# vi /var/www/html/[FQDN]/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Virtual Host Test Page </div> </body> </html> |
If you access http://[FQDN]/index.html with a browser, the following screen should appear.
2. Ensure CGI Script Usage
①Confirmation of CGI availability
|
1 2 3 |
# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 252: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" The above is displayed and available under "/var/www/cgi-bin/". |
②Create test scripts and check operation
|
1 2 3 4 5 |
# vi /var/www/cgi-bin/index.cgi #!/usr/bin/python3 print("Content-type: text/html\n") print("CGI Script Test Page") |
|
1 2 3 |
# chmod 755 /var/www/cgi-bin/index.cgi # curl localhost/cgi-bin/index.cgi CGI Script Test Page |
3. PHP installation and configuration
3.1.PHP Install
①Install
|
1 |
# dnf -y install php |
②Version Check
|
1 2 3 4 5 |
# php -v PHP 8.3.13 (cli) (built: Oct 22 2024 18:39:14) (NTS gcc x86_64) Copyright (c) The PHP Group Zend Engine v4.3.13, Copyright (c) Zend Technologies with Zend OPcache v8.3.13, Copyright (c), by Zend Technologies |
Configure php-fpm
|
1 2 |
# systemctl enable php-fpm Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service. |
|
1 |
# systemctl start php-fpm |
③Apache restatrt
After PHP installation, restarting Apache will invoke PHP-FPM (FPM : FastCGI Process Manager) by default, and php-fpm service will be started in conjunction with httpd startup.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# systemctl restart httpd # systemctl status php-fpm ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; preset: disabled) Drop-In: /usr/lib/systemd/system/service.d └─10-timeout-abort.conf Active: active (running) since Mon 2024-11-04 09:06:31 JST; 24s ago Invocation: 649226f15e934554920172ef6fef7fee Main PID: 2079 (php-fpm) Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic: 0.00req/sec" Tasks: 6 (limit: 2251) Memory: 11.1M (peak: 11.4M) CPU: 64ms CGroup: /system.slice/php-fpm.service ├─2079 "php-fpm: master process (/etc/php-fpm.conf)" ├─2080 "php-fpm: pool www" ├─2081 "php-fpm: pool www" ├─2082 "php-fpm: pool www" ├─2083 "php-fpm: pool www" └─2084 "php-fpm: pool www" Nov 04 09:06:31 Lepard systemd[1]: Starting php-fpm.service - The PHP FastCGI Process Manager... Nov 04 09:06:31 Lepard systemd[1]: Started php-fpm.service - The PHP FastCGI Process Manager. |
④Confirmation of PHP operation
Create the following file
|
1 2 |
# vi /var/www/html/[FQDN]/test.php <?php phpinfo(); ?> |
Access http://[FQDN]/test.php and if the following screen appears, OK
4. Digest authentication in Apache2
Since Basic Authentication, a well-known authentication authentication method for http, transmits authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.
On the other hand, Digest Authentication encrypts the authentication information and sends it in encrypted form, so there is almost no risk of information leakage
4.1 Create password file for Digest authentication
Specify an authenticated area called realm. This realm allows the same directory to be accessed as authenticated.
As an example, we will create a user named "secretuser" and a password file ".digestauth" with "DigestAuth" as the realm. Execute the following command and enter the password for "secretuser" when prompted.
|
1 |
# /usr/bin/htdigest -c /etc/httpd/.digestauth "DigestAuth" secretuser |
Confirmation
|
1 2 |
# cat /etc/httpd/.digestauth secretuser:DigestAuth:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
As above, secretuser and encrypted password are created
4.2 Edit Apache configuration file
Specify the directory to which Digest authentication will be applied. (In this case, specify the secret directory.)
|
1 |
# vi /etc/httpd/conf/httpd.conf |
Add the following at the end
|
1 2 3 4 5 6 7 |
<Directory "/var/www/html/[FQDN]/secret"> AuthType Digest AuthName "DigestAuth" AuthDigestDomain /[FQDN]/secret/ AuthUserFile "/etc/httpd/.digestauth" Require valid-user </Directory> |
Create a directory for Digest authentication
|
1 |
# mkdir /var/www/html/[FQDN]/secret |
Enable Digest authentication and reboot
|
1 |
# systemctl restart httpd.service |
When accessing http://[FQDN]/secret with a browser, a screen appears asking for "user name" and "password".
