Contents
1.Apache2 installation and virtual host setup
1.1 Apache2 Install
①Install httpd
|
1 2 3 4 5 6 |
# yum -y install httpd Version Check # httpd -v Server version: Apache/2.4.6 (CentOS) Server built: May 10 2022 18:05:14 |
1.2 Apache Configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak # vi /etc/httpd/conf/httpd.conf ●Line 86 : Administrator address ServerAdmin [Email Address] ●Per Line 95: Change ServerName #ServerName www.example.com:80 ServerName domain name ●Line 144 : Change (Indexes removed) Options FollowSymLinks ●Line 151 : Change AllowOverride All ●Line 164 : File names accessible by directory name only Add "index.php index.cgi index.htm" ●Add to last line ServerTokens Prod |
|
1 2 3 |
# firewall-cmd --add-service=http --permanent # firewall-cmd --add-service=https --permanent # firewall-cmd --reload |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# systemctl start httpd # systemctl enable httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. # systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2023-02-17 12:21:28 JST; 33s ago Docs: man:httpd(8) man:apachectl(8) Main PID: 2234 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/httpd.service tq2234 /usr/sbin/httpd -DFOREGROUND tq2235 /usr/sbin/httpd -DFOREGROUND tq2236 /usr/sbin/httpd -DFOREGROUND tq2237 /usr/sbin/httpd -DFOREGROUND tq2238 /usr/sbin/httpd -DFOREGROUND tq2239 /usr/sbin/httpd -DFOREGROUND mq2240 /usr/sbin/httpd -DFOREGROUND Feb 17 12:21:28 Lepard systemd[1]: Starting The Apache HTTP Se.... Feb 17 12:21:28 Lepard systemd[1]: Started The Apache HTTP Server. Hint: Some lines were ellipsized, use -l to show in full. |
④operation check
If you access http://[server IP address] and the Test Page is displayed as shown below, it is OK.
Rename the welcome page
|
1 |
# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.org |
|
1 2 3 4 5 6 7 8 9 |
Create HTML test page # vi /var/www/html/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Apache Test Page </div> </body> </html> |
1.3 Virtual Host Settings
Assign and configure the domain name [cent.korodes.com] to the document root [/var/www/html/cent.korodes.com] directory for virtual host operation
Create a new /etc/httpd/conf.d/vhost.conf
|
1 |
# vi /etc/httpd/conf.d/vhost.conf |
<VirtualHost *:80>
DocumentRoot /var/www/html/cent.korodes.com
ServerName cent.korodes.com
ServerAdmin<Email Address> ←Administrator Email Address
ErrorLog logs/cent.korodes.com-error_log
CustomLog logs/cent.korodes.com-access_log combined
</VirtualHost>
<Directory "/var/www/html/cent.korodes.com">
Options FollowSymLinks
AllowOverride All
</Directory>
Creating a Document Directory
|
1 |
# mkdir /var/www/html/cent.korodes.com |
Restart Apache
|
1 |
# systemctl restart httpd |
2. Confirmation of CGI Script Usage
①CGI availability check
|
1 2 3 |
# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 250: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" The above is displayed and available under "/var/www/cgi-bin/". |
②Create test scripts and check operation
|
1 2 3 4 5 |
# vi /var/www/cgi-bin/index.cgi #!/usr/bin/python2 print("Content-type: text/html\n") print("CGI Script Test Page") |
|
1 2 3 |
# chmod 755 /var/www/cgi-bin/index.cgi # curl localhost/cgi-bin/index.cgi CGI Script Test Page |
3. PHP installation and configuration
1.PHP Installation
|
1 |
# yum -y install --enablerepo=remi,remi-php74 php php-mbstring php-xml php-xmlrpc php-gd php-pdo php-pecl-mcrypt php-mysqlnd php-pecl-mysql |
②Version Check
|
1 2 3 4 |
# php -v PHP 7.4.33 (cli) (built: Feb 14 2023 09:31:03) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies |
③Restart Apache
|
1 |
# systemctl restart httpd |
④Confirmation of PHP operation
Create the following file
|
1 2 |
# vi /var/www/html/<Domain name>/test.php <?php phpinfo(); ?> |
If you access http://<domain name>/test.php in your browser and see the following screen, it is OK
4. Digest authentication in Apache2
Since Basic Authentication, a well-known authentication authentication method for http, transmits authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.
On the other hand, Digest Authentication encrypts the authentication information and sends it in encrypted form, so there is almost no risk of information leakage.
4.1 Create password file for Digest authentication
Specify an authenticated area called realm. This realm is used to allow access to the same directory as authenticated.
In this example, the realm is "DigestAuth" and a user and password file named "secretuser" (".digestauth") is created. Execute the following command and enter the password for "secretuser" when prompted.
|
1 2 3 |
# /usr/bin/htdigest -c /etc/httpd/.digestauth "DigestAuth" secretuser New password: Re-type new password: |
Confirmation
|
1 2 |
# cat /etc/httpd/.digestauth secretuser:DigestAuth:64939177c7b7c6eac3687925b27e771d |
As above, secretuser and encrypted password are created
4.2 Edit Apache configuration file
Specify the directory to which Digest authentication will be applied. (In this case, specify the secret directory.)
|
1 |
# vi /etc/httpd/conf/httpd.conf |
Add the following at the end
|
1 2 3 4 5 6 7 |
<Directory "/var/www/html/[FQDN]/secret"> AuthType Digest AuthName "DigestAuth" AuthDigestDomain /secret/ AuthUserFile "/etc/httpd/.digestauth" Require valid-user </Directory> |
Create a directory for Digest authentication
|
1 |
# mkdir /var/www/html/[FQDN]/secret |
Enable Digest authentication and reboot
|
1 |
# systemctl restart httpd.service |
When accessing http://[FQDN]/secret with a browser, a screen appears asking for "user name" and "password".