Contents
1.Apache2 installation and virtual host configuration
1.1 Apache2
①httpd install
1 2 3 4 5 6 |
# dnf -y install httpd Version Check # httpd -v Server version: Apache/2.4.53 (Oracle Linux Server) Server built: Oct 3 2022 00:00:00 |
1.2 Apache Configuration
1 |
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# vi /etc/httpd/conf/httpd.conf ●Line 91 : Specify administrator address ServerAdmin <mail address> ●Add per line 101 「#ServerName www.example.com:80」 ServerName <domain name> ●Line 149 : Change (Indexes is deleted) Options FollowSymLinks ●Line 156 : Change AllowOverride All ●Line 169 : file name accessible only by directory name Add "index.php index.cgi index.htm" ●Add to the last line ServerTokens Prod |
1 2 3 |
# firewall-cmd --add-service=http --permanent # firewall-cmd --add-service=https --permanent # firewall-cmd --reload |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# systemctl start httpd # systemctl enable httpd # systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor pre> Active: active (running) since Thu 2022-12-29 16:34:43 JST; 16s ago Docs: man:httpd.service(8) Main PID: 16378 (httpd) Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes> Tasks: 102 (limit: 9393) Memory: 23.3M CPU: 102ms CGroup: /system.slice/httpd.service tq16378 /usr/sbin/httpd -DFOREGROUND tq16379 /usr/sbin/httpd -DFOREGROUND tq16380 /usr/sbin/httpd -DFOREGROUND tq16381 /usr/sbin/httpd -DFOREGROUND mq16382 /usr/sbin/httpd -DFOREGROUND Dec 29 16:34:43 Lepard systemd[1]: Starting The Apache HTTP Server... Dec 29 16:34:43 Lepard httpd[16378]: Server configured, listening on: port 80 Dec 29 16:34:43 Lepard systemd[1]: Started The Apache HTTP Server. |
If you access http://[server IP address] and you see the Oracle Apache2 Test Page as shown below, it is OK.
Rename the welcome page
1 |
# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.org |
Create HTML test page
1 2 3 4 5 6 7 8 |
# vi /var/www/html/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Apache Test Page </div> </body> </html> |
1.3 Virtual Host Settings
Assign and configure the domain name [oracle.korodes.com] to the document root [/var/www/html/oracle.korodes.com] directory for virtual host operation
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# vi /etc/httpd/conf.d/vhost.conf Virtual Host Domain Settings <VirtualHost *:80> DocumentRoot /var/www/html/oracle.korodes.com ServerName oracle.korodes.com ServerAdmin <Email Address> ErrorLog logs/oracle.korodes.com-error_log CustomLog logs/oracle.korodes.com-access_log combined </VirtualHost> <Directory "/var/www/html/oracle.korodes.com"> Options FollowSymLinks AllowOverride All </Directory> |
Creating a Document Directory
1 |
# mkdir /var/www/html/oracle.korodes.com |
Restart Apache
1 |
# systemctl restart httpd |
2. Confirmation of CGI Script Usage
①Confirmation of CGI availability
1 2 3 |
# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 252: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" The above is displayed and available under "/var/www/cgi-bin/". |
②Create test scripts and check operation
1 2 3 4 |
# vi /var/www/cgi-bin/index.cgi #!/usr/bin/python3 print("Content-type: text/html\n") print("CGI Script Test Page") |
1 2 3 |
# chmod 755 /var/www/cgi-bin/index.cgi # curl localhost/cgi-bin/index.cgi CGI Script Test Page |
3. PHP installation and configuration
1.PHP install
1 |
# dnf -y install php php-mbstring php-pear |
1 2 3 4 |
# php -v PHP 8.0.20 (cli) (built: Jun 8 2022 00:33:06) ( NTS gcc x86_64 ) Copyright (c) The PHP Group Zend Engine v4.0.20, Copyright (c) Zend Technologies |
1 2 |
# dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm # dnf -y install https://rpms.remirepo.net/enterprise/remi-release-9.rpm |
1 |
# dnf module disable php |
1 |
# dnf module install php:remi-8.1 |
1 2 |
# systemctl enable php-fpm Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service. |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# systemctl restart httpd # systemctl status php-fpm ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor p> Active: active (running) since Thu 2022-12-29 16:46:46 JST; 9s ago Main PID: 17614 (php-fpm) Status: "Ready to handle connections" Tasks: 6 (limit: 9393) Memory: 9.5M CPU: 79ms CGroup: /system.slice/php-fpm.service tq17614 "php-fpm: master process (/etc/php-fpm.conf)" tq17615 "php-fpm: pool www" tq17616 "php-fpm: pool www" tq17617 "php-fpm: pool www" tq17618 "php-fpm: pool www" mq17619 "php-fpm: pool www" Dec 29 16:46:46 Lepard systemd[1]: Starting The PHP FastCGI Process Manager... Dec 29 16:46:46 Lepard systemd[1]: Started The PHP FastCGI Process Manager. |
Create the following files
1 2 3 4 |
# vi /var/www/html/<domain name>/test.php <?php phpinfo(); ?> |
4. Digest authentication with Apache2
Since Basic Authentication, a well-known authentication authorization method for http, sends authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.
On the other hand, Digest Authentication encrypts and transmits authentication information, so there is almost no risk of information leakage.
4.1 Create password file for Digest authentication
Specify an authenticated area called realm. This realm allows the same directory to be accessed as authenticated.
For this example, the realm is "DigestAuth" and a user and password file named "secretuser" ".digestauth" is created.
1 |
# /usr/bin/htdigest -c /etc/httpd/.digestauth "DigestAuth" secretuser |
Confirmation
1 2 |
# cat /etc/httpd/.digestauth secretuser:DigestAuth:64939177c7b7c6eac3687925b27e771d |
As above, secretuser and encrypted password are created
4.2 Edit Apache configuration file
Specify the directory to which Digest authentication will be applied. (In this case, specify the "secret" directory.)
1 |
# vi /etc/httpd/conf/httpd.conf |
Add the following at the end
1 2 3 4 5 6 7 |
<Directory "/var/www/html/[FQDN]/secret"> AuthType Digest AuthName "DigestAuth" AuthDigestDomain /[FQDN]/secret/ AuthUserFile "/etc/httpd/.digestauth" Require valid-user </Directory> |
Create a directory for Digest authentication
1 |
# mkdir /var/www/html/[FQDN]/secret |
Enable Digest authentication and reboot
1 |
# systemctl restart httpd.service |
When accessing http://[FQDN]/secret with a browser, a screen appears asking for "user name" and "password".