Contents
1. Install Apache2 & Virtual Host
1.1 Install Apache2
①Install httpd
|
1 2 3 4 5 6 |
# dnf -y install httpd Version Check # httpd -v Server version: Apache/2.4.37 (rocky) Server built: May 10 2022 18:05:14 |
1.2 Apache Configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak # vi /etc/httpd/conf/httpd.conf # Line 89 : Administrator address specification ServerAdmin [Email Address] # Per line 98 : Change ServerName #ServerName www.example.com:80 ServerName <domain name> # Line 147 : Change (Indexes removed) Options FollowSymLinks # Line 154 : change AllowOverride All # Line 167 : File names accessible by directory name only Add "index.php index.cgi index.htm" # Add to the last line ServerTokens Prod |
|
1 2 3 |
# firewall-cmd --add-service=http --permanent # firewall-cmd --add-service=https --permanent # firewall-cmd --reload |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# systemctl start httpd # systemctl enable httpd # systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor prese> Active: active (running) since Wed 2022-06-08 10:53:30 JST; 14s ago Docs: man:httpd.service(8) Main PID: 9013 (httpd) Status: "Running, listening on: port 80" Tasks: 213 (limit: 11170) Memory: 43.1M CGroup: /system.slice/httpd.service tq9013 /usr/sbin/httpd -DFOREGROUND tq9014 /usr/sbin/httpd -DFOREGROUND tq9015 /usr/sbin/httpd -DFOREGROUND tq9016 /usr/sbin/httpd -DFOREGROUND mq9017 /usr/sbin/httpd -DFOREGROUND |
If you access http://[server IP address] and you see Rocky HTTP server Test Page as shown below, it is OK.
Rename the Rocky test page
|
1 |
# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.org |
Create HTML test page
|
1 2 3 4 5 6 7 8 |
# vi /var/www/html/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Apache Test Page </div> </body> </html> |
1.3 Virtual Host Settings
Assign and configure the domain name [rocky.korodes.com] to the document root [/var/www/html/rocky.korodes.com] directory for virtual host operation
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# vi /etc/httpd/conf.d/vhost.conf Virtual Host Domain Settings <VirtualHost *:80> DocumentRoot /var/www/html/rocky.korodes.com ServerName rocky.korodes.com ServerAdmin <Email Address> ←Administrator's email address ErrorLog logs/rocky.korodes.com-error_log CustomLog logs/rocky.korodes.com.access_log combined </VirtualHost> <Directory "/var/www/html/rocky.korodes.com"> Options FollowSymLinks AllowOverride All </Directory> |
|
1 |
# mkdir /var/www/html/rocky.korodes.com |
|
1 |
# systemctl restart httpd |
2. Use of CGI Scripts
①Confirmation of CGI availability
|
1 2 3 |
# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 250: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" The above is displayed and available under "/var/www/cgi-bin/". |
②Create test scripts and check operation
|
1 2 3 4 5 6 |
# vi /var/www/cgi-bin/index.cgi #!/usr/bin/python3 print("Content-type: text/html\n") print("CGI Script Test Page")# chmod 755 /var/www/cgi-bin/index.cgi # curl localhost/cgi-bin/index.cgi CGI Script Test Page |
3. PHP installation and configuration
1.Install PHP
|
1 |
# dnf module -y install php:7.2/common |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# systemctl restart httpd # systemctl status php-fpm ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor pr> Active: active (running) since Wed 2022-06-08 11:08:06 JST; 14s ago Main PID: 10728 (php-fpm) Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic: 0req/s> Tasks: 6 (limit: 11170) Memory: 18.1M CGroup: /system.slice/php-fpm.service tq10728 php-fpm: master process (/etc/php-fpm.conf) tq10729 php-fpm: pool www tq10730 php-fpm: pool www tq10731 php-fpm: pool www tq10732 php-fpm: pool www mq10733 php-fpm: pool www |
Create the following files
|
1 2 |
# vi /var/www/html/<ドメイン名>/test.php <?php phpinfo(); ?> |
4. Digest authentication with Apache2
Since Basic Authentication, a well-known authentication authorization method for http, sends authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.
On the other hand, Digest Authentication encrypts and transmits authentication information, so there is almost no risk of information leakage.
4.1 Create password file for Digest authentication
Specify an authenticated area called realm. This realm allows the same directory to be accessed as authenticated.
As an example, we will create a user named "secretuser" and a password file ".digestauth" with "DigestAuth" as the realm. Execute the following command and enter the password for "secretuser" when prompted.
|
1 |
# /usr/bin/htdigest -c /etc/httpd/.digestauth "DigestAuth" secretuser |
Confirmation
|
1 2 |
# cat /etc/httpd/.digestauth secretuser:DigestAuth:64939177c7b7c6eac3687925b27e771d |
As above, secretuser and encrypted password are created
4.2 Edit Apache configuration file
Specify the directory to which Digest authentication will be applied. (In this case, specify the secret directory.)
|
1 |
# vi /etc/httpd/conf/httpd.conf |
Add the following at the end
|
1 2 3 4 5 6 7 |
<Directory "/var/www/html/[FQDN]secret"> AuthType Digest AuthName "DigestAuth" AuthDigestDomain /secret/ AuthUserFile "/etc/httpd/.digestauth" Require valid-user </Directory> |
Create a directory for Digest authentication
|
1 |
# mkdir /var/www/html/[FQDN]/secret |
Enable Digest authentication and reboot
|
1 |
# systemctl restart httpd.service |
