Contents
1. Apache2 installation and virtual host configuration
1.1 Apache2 Install
①httpd Install
|
1 2 3 4 5 6 |
# dnf -y install httpd Version Check # httpd -v Server version: Apache/2.4.37 (Oracle Linux) Server built: Jun 22 2022 14:35:49 |
1.2 Apache Configuration
①Edit httpd.conf file
|
1 |
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# vi /etc/httpd/conf/httpd.conf ●Line 89 : Specify administrator address ServerAdmin <mail address> ●Add per line 98 「#ServerName www.example.com:80」 ServerName <domain name> ●Line 147 : Change (Indexes is deleted) Options FollowSymLinks ●Line 154 : Change AllowOverride All ●Line 167 : file name accessible only by directory name 「index.php index.cgi index.htm」Add ●Add to the last line ServerTokens Prod |
②If Firewalld is enabled, HTTP service permission is required; HTTP uses [80/TCP]
|
1 2 3 |
# firewall-cmd --add-service=http --permanent # firewall-cmd --add-service=https --permanent # firewall-cmd --reload |
⑤Configure Apache to start automatically
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# systemctl start httpd # systemctl enable httpd # systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor prese> Active: active (running) since Fri 2022-09-02 11:30:24 JST; 14s ago Docs: man:httpd.service(8) Main PID: 7659 (httpd) Status: "Running, listening on: port 80" Tasks: 213 (limit: 10602) Memory: 28.4M CGroup: /system.slice/httpd.service tq7659 /usr/sbin/httpd -DFOREGROUND tq7660 /usr/sbin/httpd -DFOREGROUND tq7661 /usr/sbin/httpd -DFOREGROUND tq7662 /usr/sbin/httpd -DFOREGROUND mq7663 /usr/sbin/httpd -DFOREGROUND Sep 02 11:30:24 Lepard systemd[1]: Starting The Apache HTTP Server... Sep 02 11:30:24 Lepard systemd[1]: Started The Apache HTTP Server. Sep 02 11:30:24 Lepard httpd[7659]: Server configured, listening on: port 80 |
⑥operation check
If you access http://[server IP address] and you see the Oracle Apache2 Test Page as shown below, it is OK.
If you access http://[server IP address] and you see the Oracle Apache2 Test Page as shown below, it is OK.
⑦Hide the Oracle Welcome page, create a new index.html file as a Test Page, and check the operation of apache.
Rename the welcome page
|
1 |
# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.org |
Create HTML test page
|
1 2 3 4 5 6 7 8 |
# vi /var/www/html/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Apache Test Page </div> </body> </html> |
If you access http://<server IP address> and the Test Page is displayed as shown below, it is OK.
1.3 Virtual Host Settings
Assign and configure the domain name [oracle.korodes.com] to the document root [/var/www/html/oracle.korodes.com] directory for virtual host operation
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# vi /etc/httpd/conf.d/vhost.conf Virtual Host Domain Settings <VirtualHost *:80> DocumentRoot /var/www/html/oracle.korodes.com ServerName oracle.korodes.com ServerAdmin <Email Address> ErrorLog logs/oracle.korodes.com-error_log CustomLog logs/oracle.korodes.com-access_log combined </VirtualHost> <Directory "/var/www/html/oracle.korodes.com"> Options FollowSymLinks AllowOverride All </Directory> |
|
1 |
# mkdir /var/www/html/oracle.korodes.com |
|
1 |
# systemctl restart httpd |
2. Confirmation of CGI Script Usage
①Confirmation of CGI availability
|
1 2 3 |
# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 250: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" The above is displayed and available under "/var/www/cgi-bin/". |
②Create test scripts and check operation
|
1 2 3 4 |
# vi /var/www/cgi-bin/index.cgi #!/usr/bin/python3 print("Content-type: text/html\n") print("CGI Script Test Page") |
|
1 2 3 |
# chmod 755 /var/www/cgi-bin/index.cgi # curl localhost/cgi-bin/index.cgi CGI Script Test Page |
3. PHP installation and configuration
1.PHP Inatall
①Inatall
|
1 |
# dnf -y install php php-mbstring php-pear |
②Version Check
|
1 2 3 4 |
# php -v PHP 7.2.24 (cli) (built: Oct 22 2019 08:28:36) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies |
If you are on Php 7.2, upgrade to Php8
EPEL and Remi repositories are required, so install them if you have not already done so.
|
1 2 |
# dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm # dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm |
Stop PHP once
|
1 |
# dnf module disable php |
Installing PHP 8.1
|
1 |
# dnf module install php:remi-8.1 |
php-fpm configuration
|
1 |
# systemctl enable php-fpm |
③Restart Apache
After PHP installation, restarting Apache will invoke PHP-FPM (FPM : FastCGI Process Manager) by default, and php-fpm service will be started in conjunction with httpd startup.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# systemctl restart httpd # systemctl status php-fpm ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor pre> Active: active (running) since Fri 2022-09-02 13:14:21 JST; 6s ago Main PID: 10717 (php-fpm) Status: "Ready to handle connections" Tasks: 6 (limit: 10602) Memory: 23.3M CGroup: /system.slice/php-fpm.service tq10717 php-fpm: master process (/etc/php-fpm.conf) tq10718 php-fpm: pool www tq10719 php-fpm: pool www tq10720 php-fpm: pool www tq10721 php-fpm: pool www mq10722 php-fpm: pool www Sep 02 13:14:21 Lepard systemd[1]: Starting The PHP FastCGI Process Manager... Sep 02 13:14:21 Lepard systemd[1]: Started The PHP FastCGI Process Manager. |
④PHP operation check
Create the following files
Create the following files
|
1 2 3 4 |
# vi /var/www/html/<domain name>/test.php <?php phpinfo(); ?> |
Access http://<domain name>/test.php with a browser and if the following screen appears, OK
4. Digest authentication with Apache2
Since Basic Authentication, a well-known authentication authorization method for http, sends authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.
On the other hand, Digest Authentication encrypts and transmits authentication information, so there is almost no risk of information leakage.
4.1 Create password file for Digest authentication
Specify an authentication area called realm. This realm allows the same directory to be accessed as authenticated.
As an example, we will create a user named "secretuser" and a password file ".digestauth" with "DigestAuth" as the realm. Execute the following command and enter the password for "secretuser" when prompted.
|
1 |
# /usr/bin/htdigest -c /etc/httpd/.digestauth "DigestAuth" secretuser |
Check it out.
|
1 2 |
# cat /etc/httpd/.digestauth secretuser:DigestAuth:64939177c7b7c6eac3687925b27e771d |
As above, secretuser and encrypted password are created
4.2 Edit Apache configuration file
Specify the directory to which Digest authentication will be applied. (In this case, specify the secret directory.)
|
1 |
# vi /etc/httpd/conf/httpd.conf |
Add the following at the end
|
1 2 3 4 5 6 7 |
<Directory "/var/www/html/[FQDN]/secret"> AuthType Digest AuthName "DigestAuth" AuthDigestDomain /secret/ AuthUserFile "/etc/httpd/.digestauth" Require valid-user </Directory> |
Create a directory for Digest authentication
|
1 |
# mkdir /var/www/html/[FQDN]/secret |
Enable Digest authentication and reboot
|
1 |
# systemctl restart httpd.service |
