Contents
1.Apache2 installation and virtual host configuration
1.1 Apache2 Install
|
1 2 3 4 5 6 |
# dnf -y install httpd Version Check # httpd -v Server version: Apache/2.4.53 (CentOS Stream) Server built: Jan 30 2023 00:00:00 |
1.2 Apache Configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak # vi /etc/httpd/conf/httpd.conf ●Line 91 : administrator address ServerAdmin [Email Address] ●Per line 100: Change ServerName #ServerName www.example.com:80 ServerName [Domain name] ●Line 149 : Change (Indexes are deleted) Options FollowSymLinks ●Line 156 : Change AllowOverride All ●Line 169 : File names accessible by directory name only Add "index.php index.cgi index.htm" ●Add to the last line ServerTokens Prod |
②If Firewalld is enabled, HTTP service permission is required; use [80/TCP] for HTTP and [443/TCP] for HTTPS
|
1 2 3 |
# firewall-cmd --add-service=http --permanent # firewall-cmd --add-service=https --permanent # firewall-cmd --reload |
③Apache Auto-Start Configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# systemctl start httpd # systemctl enable httpd # systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: di> Active: active (running) since Wed 2023-02-22 16:34:20 JST; 17s ago Docs: man:httpd.service(8) Main PID: 8237 (httpd) Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes> Tasks: 213 (limit: 10948) Memory: 41.5M CPU: 51ms CGroup: /system.slice/httpd.service tq8237 /usr/sbin/httpd -DFOREGROUND tq8238 /usr/sbin/httpd -DFOREGROUND tq8239 /usr/sbin/httpd -DFOREGROUND tq8240 /usr/sbin/httpd -DFOREGROUND mq8241 /usr/sbin/httpd -DFOREGROUND Feb 22 16:34:20 Lepard systemd[1]: Starting The Apache HTTP Server... Feb 22 16:34:20 Lepard systemd[1]: Started The Apache HTTP Server. Feb 22 16:34:20 Lepard httpd[8237]: Server configured, listening on: port 80 |
④operation check
If you access http://[server IP address] and the Test Page is displayed as shown below, it is OK.
⑤Hide the Welcome page, create a new index.html file as a Test Page, and check apache operation
Rename the welcome page
|
1 |
# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.org |
Create HTML test page
|
1 2 3 4 5 6 7 8 |
# vi /var/www/html/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Apache Test Page </div> </body> </html> |
If you access http:// and the Test Page is displayed as shown below, it is OK.
1.3 Virtual Host Settings
Assign and configure the domain name [cent.korodes.com], the document root [/var/www/html/cent.korodes.com] directory to be operated on the virtual host
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# vi /etc/httpd/conf.d/vhost.conf <VirtualHost *:80> DocumentRoot /var/www/html/cent.korodes.com ServerName cent.korodes.com ServerAdmin<Email Address> ←Administrator Email Address ErrorLog logs/cent.korodes.com-error_log CustomLog logs/cent.korodes.com-access_log combined </VirtualHost> <Directory "/var/www/html/cent.korodes.com"> Options FollowSymLinks AllowOverride All </Directory> |
Creating a Document Directory
|
1 |
# mkdir /var/www/html/cent.korodes.com |
Apache restart
|
1 |
# systemctl restart httpd |
2. Ensure CGI Script Usage
①Confirmation of CGI availability
|
1 2 3 |
# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 252: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" The above is displayed and available under "/var/www/cgi-bin/". |
②Create test scripts and check operation
|
1 2 3 4 5 |
# vi /var/www/cgi-bin/index.cgi #!/usr/libexec/platform-python print("Content-type: text/html\n") print("CGI Script Test Page") |
|
1 2 3 |
# chmod 755 /var/www/cgi-bin/index.cgi # curl localhost/cgi-bin/index.cgi CGI Script Test Page |
3. PHP installation and configuration
3.1 PHP8 Install
①Install
|
1 |
# dnf -y install php |
②Version Check
|
1 2 3 4 5 |
# php -v PHP 8.0.27 (cli) (built: Jan 3 2023 16:17:26) ( NTS gcc x86_64 ) Copyright (c) The PHP Group Zend Engine v4.0.27, Copyright (c) Zend Technologies with Zend OPcache v8.0.27, Copyright (c), by Zend Technologies |
If you are installing Php8.1, you will need the Remi repository, so install it if you have not already done so.
|
1 |
# dnf -y install https://rpms.remirepo.net/enterprise/remi-release-9.rpm |
Stop PHP once.
|
1 |
# dnf module disable php |
Installing PHP 8.1
|
1 |
# dnf module install php:remi-8.1 |
php-fpm configuration
|
1 2 |
# systemctl enable php-fpm Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service. |
|
1 2 3 |
# systemctl start php-fpm # php -v If the version is updated to 8.1 (or later), OK. |
③Apache restatrt
After PHP installation, restarting Apache will invoke PHP-FPM (FPM : FastCGI Process Manager) by default, and php-fpm service will be started in conjunction with httpd startup.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# systemctl restart httpd # systemctl status php-fpm ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; preset: > Active: active (running) since Wed 2023-02-22 17:04:24 JST; 3min 34s ago Main PID: 10713 (php-fpm) Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic: 0req> Tasks: 6 (limit: 10948) Memory: 12.3M CPU: 43ms CGroup: /system.slice/php-fpm.service tq10713 "php-fpm: master process (/etc/php-fpm.conf)" tq10714 "php-fpm: pool www" tq10715 "php-fpm: pool www" tq10716 "php-fpm: pool www" tq10717 "php-fpm: pool www" mq10718 "php-fpm: pool www" Feb 22 17:04:24 Lepard systemd[1]: Starting The PHP FastCGI Process Manager... Feb 22 17:04:24 Lepard systemd[1]: Started The PHP FastCGI Process Manager. |
④Confirmation of PHP operation
Create the following file
|
1 2 |
# vi /var/www/html/<Domain name>/test.php <?php phpinfo(); ?> |
Access http://[Domain name]/test.php and if the following screen appears, OK
4. Digest authentication in Apache2
Since Basic Authentication, a well-known authentication authentication method for http, transmits authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.
On the other hand, Digest Authentication encrypts the authentication information and sends it in encrypted form, so there is almost no risk of information leakage.
4.1 Create password file for Digest authentication
Specify an authenticated area called realm. This realm allows the same directory to be accessed as authenticated.
As an example, we will create a user named "secretuser" and a password file ".digestauth" with "DigestAuth" as the realm. Execute the following command and enter the password for "secretuser" when prompted.
|
1 |
# /usr/bin/htdigest -c /etc/httpd/.digestauth "DigestAuth" secretuser |
Confirmation
|
1 2 |
# cat /etc/httpd/.digestauth secretuser:DigestAuth:64939177c7b7c6eac3687925b27e771d |
As above, secretuser and encrypted password are created
4.2 Edit Apache configuration file
Specify the directory to which Digest authentication will be applied. (In this case, specify the secret directory.)
|
1 2 3 4 5 6 7 8 9 |
# vi /etc/httpd/conf/httpd.conf Add the following at the end <Directory "/var/www/html/[FQDN]/secret"> AuthType Digest AuthName "DigestAuth" AuthDigestDomain /secret/ AuthUserFile "/etc/httpd/.digestauth" Require valid-user </Directory> |
Create a directory for Digest authentication
|
1 |
# mkdir /var/www/html/[FQDN]/secret |
Enable Digest authentication and reboot
|
1 |
# systemctl restart httpd.service |
When accessing http://[FQDN]/secret with a browser, a screen appears asking for "user name" and "password".
