Contents
1. Apache2 installation and virtual host configuration
1.1 Apache2 Install
①httpd install
|
1 2 3 4 |
# dnf -y install httpd # httpd -v Server version: Apache/2.4.37 (AlmaLinux) Server built: Jun 22 2022 07:12:01 |
1.2 Apache Configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak # vi /etc/httpd/conf/httpd.conf ●Line 89 : Administrator Email Address ServerAdmin <Email Address> ●Per line 98 : ServerName Add #ServerName www.example.com:80 ServerName <Domain Name> ●Line 147 : Change (Indexes removed) Options FollowSymLinks ●Line 154 : Change AllowOverride All ●Line 167 : File names accessible by directory name only Add "index.php index.cgi index.htm" DirectoryIndex index.html index.php index.cgi index.htm ●Add to the last line ServerTokens Prod |
|
1 2 |
# firewall-cmd --add-service=http --permanent # firewall-cmd --reload |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# systemctl start httpd # systemctl enable httpd # systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor prese> Active: active (running) since Wed 2022-06-08 10:53:30 JST; 14s ago Docs: man:httpd.service(8) Main PID: 9013 (httpd) Status: "Running, listening on: port 80" Tasks: 213 (limit: 11170) Memory: 43.1M CGroup: /system.slice/httpd.service tq9013 /usr/sbin/httpd -DFOREGROUND tq9014 /usr/sbin/httpd -DFOREGROUND tq9015 /usr/sbin/httpd -DFOREGROUND tq9016 /usr/sbin/httpd -DFOREGROUND mq9017 /usr/sbin/httpd -DFOREGROUND |
If you access http://[server IP address] and see the AlamLinux Test Page as shown below, it is OK.
Rename the welcome page
|
1 |
# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.org |
Create HTML test page
|
1 2 3 4 5 6 7 8 |
# vi /var/www/html/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Apache Test Page </div> </body> </html> |
1.3 Virtual Host Settings
Assign and configure the FQDN [alma.korodes.com] to be operated by the virtual host in the document root [/var/www/html/alam.korodes.com] directory
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# vi /etc/httpd/conf.d/vhost.conf Virtual Host Domain Settings <VirtualHost *:80> DocumentRoot /var/www/html/alma.korodes.com ServerName alma.korodes.com ServerAdmin <Email Address> ←Administrator's email address ErrorLog logs/alma.korodes.com-error_log CustomLog logs/alma.korodes.com-access_log combined </VirtualHost> <Directory "/var/www/html/alma.korodes.com"> Options FollowSymLinks AllowOverride All </Directory> |
|
1 |
# mkdir /var/www/html/alma.korodes.com |
|
1 |
# systemctl restart httpd |
2. Use of CGI Scripts
①Confirmation of CGI availability
|
1 2 3 |
# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 250: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" The above is displayed and available under "/var/www/cgi-bin/". |
②Create test scripts and check operation
|
1 2 3 4 |
# vi /var/www/cgi-bin/index.cgi #!/usr/bin/python3 print("Content-type: text/html\n") print("CGI Script Test Page") |
|
1 2 3 |
# chmod 755 /var/www/cgi-bin/index.cgi # curl localhost/cgi-bin/index.cgi CGI Script Test Page |
3. PHP installation and configuration
1.PHP Install
|
1 |
# dnf module -y install php:7.2/common |
|
1 |
# php -v |
If you are on Php 7.2, upgrade
The EPEL and Remi repositories are required, so install them if you have not already done so.
|
1 2 |
# dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm # dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm |
|
1 |
# dnf module disable php |
|
1 |
# dnf module install php:remi-8.1 |
|
1 |
# systemctl enable php-fpm |
|
1 2 3 |
# systemctl start php-fpm # php -v If the version is updated to 8.1 (or later), OK. |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# systemctl restart httpd # systemctl status php-fpm ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor pre> Active: active (running) since Fri 2022-07-15 16:17:34 JST; 17s ago Main PID: 6046 (php-fpm) Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic: 0req/s> Tasks: 6 (limit: 11187) Memory: 20.1M CGroup: /system.slice/php-fpm.service tq6046 php-fpm: master process (/etc/php-fpm.conf) tq6047 php-fpm: pool www tq6048 php-fpm: pool www tq6049 php-fpm: pool www tq6050 php-fpm: pool www mq6051 php-fpm: pool wwwJul 15 16:17:34 Alma systemd[1]: Starting The PHP FastCGI Process Manager... Jul 15 16:17:34 Alma systemd[1]: Started The PHP FastCGI Process Manager. |
Create the following files
|
1 2 |
# vi /var/www/html/<FQDN>/test.php <?php phpinfo(); ?> |
4. Digest authentication with Apache2
Since Basic Authentication, a well-known authentication authorization method for http, sends authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.
On the other hand, Digest Authentication encrypts and transmits authentication information, so there is almost no risk of information leakage.
4.1 Create password file for Digest authentication
Specify an authenticated area called realm. This realm allows the same directory to be accessed as authenticated.
As an example, we will create a user named "secretuser" and a password file ".digestauth" with "DigestAuth" as the realm. Execute the following command and enter the password for "secretuser" when prompted.
|
1 |
# /usr/bin/htdigest -c /etc/httpd/.digestauth "DigestAuth" secretuser |
Confirmation
|
1 2 |
# cat /etc/httpd/.digestauth secretuser:DigestAuth:64939177c7b7c6eac3687925b27e771d |
As above, secretuser and encrypted password are created
4.2 Edit Apache configuration file
Specify the directory to which Digest authentication will be applied. (In this case, specify the secret directory.)
|
1 |
# vi /etc/httpd/conf/httpd.conf |
Add the following at the end
|
1 2 3 4 5 6 7 |
<Directory "/var/www/html/[FQDN]/secret"> AuthType Digest AuthName "DigestAuth" AuthDigestDomain /secret/ AuthUserFile "/etc/httpd/.digestauth" Require valid-user </Directory> |
Create a directory for Digest authentication
|
1 |
# mkdir /var/www/html/[FQDN]/secret |
Enable Digest authentication and reboot
|
1 |
# systemctl restart httpd.service |
