Contents
1.Apache2 Install / Virtual Hosts
1.1 Apache2
①httpd install
|
1 2 3 4 5 6 |
# dnf -y install httpd Version Check # httpd -v Server version: Apache/2.4.51 (MIRACLE LINUX) Server built: Mar 21 2022 00:00:00 |
1.2 Apache Configuration
①Edit httpd.conf file
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak # vi /etc/httpd/conf/httpd.conf ●Line 91 : Administrator's email address ServerAdmin [Email Address] ●Per line 100 : ServerName change #ServerName www.example.com:80 ServerName [Domai name] ●Line 149 : Change (Delete Indexes) Options FollowSymLinks ●Line 156 : Change AllowOverride All ●Line 169 : File names accessible by directory name only Add "index.php index.cgi index.htm" ●Add to the last line ServerTokens Prod |
②If Firewalld is enabled, HTTP service permission is required; HTTP uses [80/TCP]
|
1 2 3 |
# firewall-cmd --add-service=http --permanent # firewall-cmd --add-service=https --permanent # firewall-cmd --reload |
③Apache Auto-Start Configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
# systemctl start httpd # systemctl enable httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. # systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor pre> Active: active (running) since Tue 2022-11-15 21:51:33 JST; 16s ago Docs: man:httpd.service(8) Main PID: 3245 (httpd) Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes> Tasks: 213 (limit: 10938) Memory: 29.1M CPU: 103ms CGroup: /system.slice/httpd.service tq3245 /usr/sbin/httpd -DFOREGROUND tq3246 /usr/sbin/httpd -DFOREGROUND tq3247 /usr/sbin/httpd -DFOREGROUND tq3248 /usr/sbin/httpd -DFOREGROUND mq3249 /usr/sbin/httpd -DFOREGROUND Nov 15 21:51:33 Lepard systemd[1]: Starting The Apache HTTP Server... Nov 15 21:51:33 Lepard httpd[3245]: Server configured, listening on: port 80 Nov 15 21:51:33 Lepard systemd[1]: Started The Apache HTTP Server |
④operation check
If you access http://[server IP address] and MiracleLinux Test Page is displayed as follows, it is OK.
If you access http://[server IP address] and MiracleLinux Test Page is displayed as follows, it is OK.
⑤Hide the Welcome page, create a new index.html file as a Test Page, and check the operation of apache.
Rename the welcome page
|
1 |
# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.org |
|
1 2 3 4 5 6 7 8 9 |
Create HTML test page # vi /var/www/html/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Apache Test Page </div> </body> </html> |
If you access http://<server IP address> and the Test Page is displayed as shown below, it is OK.
1.3 Virtual Host Settings
Assign and configure the domain name [miracle.korodes.com] to the document root [/var/www/html/miracle.korodes.com] directory for virtual host operation
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# vi /etc/httpd/conf.d/vhost.conf <VirtualHost *:80> DocumentRoot /var/www/html/miracle.korodes.com ServerName miracle.korodes.com ServerAdmin<Email Address> ←Administrator's email address ErrorLog logs/miracle.korodes.com-error_log CustomLog logs/miracle.korodes.com-access_log combined </VirtualHost> <Directory "/var/www/html/miracle.korodes.com"> Options FollowSymLinks AllowOverride All </Directory> |
|
1 |
# mkdir /var/www/html/miracle.korodes.com |
|
1 |
# systemctl restart httpd |
2. Confirmation of CGI script use
①Confirmation of CGI availability
|
1 2 3 |
# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 252: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" The above is displayed and available under "/var/www/cgi-bin/". |
②Create test scripts and check operation
|
1 2 3 4 5 |
# vi /var/www/cgi-bin/index.cgi #!/usr/libexec/platform-python print("Content-type: text/html\n") print("CGI Script Test Page") |
|
1 2 3 |
# chmod 755 /var/www/cgi-bin/index.cgi # curl localhost/cgi-bin/index.cgi CGI Script Test Page |
3. PHP installation and configuration
1.PHP8
①Install
|
1 |
# dnf -y install php |
②Version Check
|
1 2 3 4 5 |
# php -v PHP 8.0.13 (cli) (built: Nov 16 2021 18:07:21) ( NTS gcc x86_64 ) Copyright (c) The PHP Group Zend Engine v4.0.13, Copyright (c) Zend Technologies with Zend OPcache v8.0.13, Copyright (c), by Zend Technologies |
|
1 |
# dnf -y install https://rpms.remirepo.net/enterprise/remi-release-9.rpm |
Stop PHP once.
|
1 |
# dnf module disable php |
PHP 8.1 install
|
1 |
# dnf module install php:remi-8.1 |
php-fpm configuration
|
1 2 |
# systemctl enable php-fpm Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service. |
|
1 2 3 4 5 6 |
# php -v PHP 8.1.12 (cli) (built: Oct 25 2022 17:30:00) (NTS gcc x86_64) Copyright (c) The PHP Group Zend Engine v4.1.12, Copyright (c) Zend Technologies with Zend OPcache v8.1.12, Copyright (c), by Zend Technologies If the version is updated to 8.1, OK. |
After PHP installation, restarting Apache will invoke PHP-FPM (FPM : FastCGI Process Manager) by default, and php-fpm service will be started in conjunction with httpd startup.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# systemctl restart httpd # systemctl status php-fpm ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor p> Active: active (running) since Tue 2022-11-15 22:10:49 JST; 6s ago Main PID: 5553 (php-fpm) Status: "Ready to handle connections" Tasks: 6 (limit: 10938) Memory: 12.1M CPU: 26ms CGroup: /system.slice/php-fpm.service tq5553 "php-fpm: master process (/etc/php-fpm.conf)" tq5554 "php-fpm: pool www" tq5555 "php-fpm: pool www" tq5556 "php-fpm: pool www" tq5557 "php-fpm: pool www" mq5558 "php-fpm: pool www" Nov 15 22:10:49 Lepard systemd[1]: Starting The PHP FastCGI Process Manager... Nov 15 22:10:49 Lepard systemd[1]: Started The PHP FastCGI Process Manager. |
④Confirmation of PHP operation
Create the following file
Create the following file
|
1 2 |
# vi /var/www/html/<FQDN>/test.php <?php phpinfo(); ?> |
If you access http://<domain name>/test.php in your browser and see the following screen, it is OK
4. Digest authentication with Apache2
Since Basic Authentication, a well-known authentication authorization method for http, sends authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.
On the other hand, Digest Authentication encrypts and transmits authentication information, so there is almost no risk of information leakage.
4.1 Create password file for Digest authentication
Specify an authenticated area called realm. This realm allows the same directory to be accessed as authenticated.
For this example, the realm is "DigestAuth" and a user and password file named "secretuser" ".digestauth" is created.
|
1 |
# /usr/bin/htdigest -c /etc/httpd/.digestauth "DigestAuth" secretuser |
|
1 2 |
# cat /etc/httpd/.digestauth secretuser:DigestAuth:64939177c7b7c6eac3687925b27e771d |
As above, secretuser and encrypted password are created
4.2 Edit Apache configuration file
Specify the directory to which Digest authentication will be applied. (In this case, specify the "secret" directory.)
|
1 |
# vi /etc/httpd/conf/httpd.conf |
Add the following at the end
|
1 2 3 4 5 6 7 |
<Directory "/var/www/html/[FQDN]/secret"> AuthType Digest AuthName "DigestAuth" AuthDigestDomain /secret/ AuthUserFile "/etc/httpd/.digestauth" Require valid-user </Directory> |
Create a directory for Digest authentication
|
1 |
# mkdir /var/www/html/[FQDN]/secret |
Enable Digest authentication and reboot
|
1 |
# systemctl restart httpd.service |
