Rocky Linux8.6 : WEB Server

1. Install Apache2  & Virtual Host

1.1 Install Apache2

①Install httpd

# dnf -y install httpd

Version Check
# httpd -v
Server version: Apache/2.4.37 (rocky)
Server built: May 10 2022 18:05:14

1.2 Apache Configuration

① Edit httpd.conf file
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak
# vi /etc/httpd/conf/httpd.conf
# Line 89 : Administrator address specification
ServerAdmin [Email Address] # Per line 98 : Change ServerName
ServerName <domain name>
# Line 147 : Change (Indexes removed)
Options FollowSymLinks
# Line 154 : change
AllowOverride All
# Line 167 : File names accessible by directory name only
Add "index.php index.cgi index.htm"
# Add to the last line
ServerTokens Prod
②If Firewalld is enabled, HTTP service permission is required; HTTP uses [80/TCP]
# firewall-cmd --add-service=http --permanent
# firewall-cmd --add-service=https --permanent
# firewall-cmd --reload
⑤Apache Auto-Start Configuration
# systemctl start httpd
# systemctl enable httpd
# systemctl status httpd
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor prese>
Active: active (running) since Wed 2022-06-08 10:53:30 JST; 14s ago
Docs: man:httpd.service(8)
Main PID: 9013 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 11170)
Memory: 43.1M
CGroup: /system.slice/httpd.service
tq9013 /usr/sbin/httpd -DFOREGROUND
tq9014 /usr/sbin/httpd -DFOREGROUND
tq9015 /usr/sbin/httpd -DFOREGROUND
tq9016 /usr/sbin/httpd -DFOREGROUND
mq9017 /usr/sbin/httpd -DFOREGROUND
⑥operation check
If you access http://[server IP address] and you see Rocky HTTP server Test Page as shown below, it is OK.
⑦Hide Rocky test page, create a new index.html file as Test Page, and check apache operation
Rename the Rocky test page
# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/
Create HTML test page
# vi /var/www/html/index.html
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Apache Test Page
If you access http://<server IP address> and the Test Page is displayed as shown below, it is OK.

1.3 Virtual Host Settings

Assign and configure the domain name [] to the document root [/var/www/html/] directory for virtual host operation

# vi /etc/httpd/conf.d/vhost.conf
Virtual Host Domain Settings
<VirtualHost *:80>
DocumentRoot /var/www/html/
ServerAdmin <Email Address>   ←Administrator's email address
ErrorLog logs/
CustomLog logs/ combined

<Directory "/var/www/html/">
Options FollowSymLinks
AllowOverride All

Creating a Document Directory

# mkdir /var/www/html/

Restart Apache

# systemctl restart httpd

2. Use of CGI Scripts

①Confirmation of CGI availability

# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf
250:     ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
The above is displayed and available under "/var/www/cgi-bin/".

②Create test scripts and check operation

# vi /var/www/cgi-bin/index.cgi
print("Content-type: text/html\n")
print("CGI Script Test Page")# chmod 755 /var/www/cgi-bin/index.cgi
# curl localhost/cgi-bin/index.cgi
CGI Script Test Page

3. PHP installation and configuration

1.Install PHP

# dnf module -y install php:7.2/common
②Restart Apache
After PHP installation, restart Apache and PHP-FPM (FPM : FastCGI Process Manager) will be invoked by default, and php-fpm service will be started in conjunction with httpd startup.
# systemctl restart httpd
# systemctl status php-fpm
php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor pr>
Active: active (running) since Wed 2022-06-08 11:08:06 JST; 14s ago
Main PID: 10728 (php-fpm)
Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic: 0req/s>
Tasks: 6 (limit: 11170)
Memory: 18.1M
CGroup: /system.slice/php-fpm.service
tq10728 php-fpm: master process (/etc/php-fpm.conf)
tq10729 php-fpm: pool www
tq10730 php-fpm: pool www
tq10731 php-fpm: pool www
tq10732 php-fpm: pool www
mq10733 php-fpm: pool www
③PHP operation check
Create the following files
# vi /var/www/html/<ドメイン名>/test.php
<?php phpinfo(); ?>
Access http://<domain name>/test.php in your browser and if you see the following screen, it is OK

4. Digest authentication with Apache2

Since Basic Authentication, a well-known authentication authorization method for http, sends authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.
On the other hand, Digest Authentication encrypts and transmits authentication information, so there is almost no risk of information leakage.

4.1 Create password file for Digest authentication

Specify an authenticated area called realm. This realm allows the same directory to be accessed as authenticated.
As an example, we will create a user named "secretuser" and a password file ".digestauth" with "DigestAuth" as the realm. Execute the following command and enter the password for "secretuser" when prompted.

# /usr/bin/htdigest -c /etc/httpd/.digestauth "DigestAuth" secretuser


# cat /etc/httpd/.digestauth
As above, secretuser and encrypted password are created

4.2 Edit Apache configuration file

Specify the directory to which Digest authentication will be applied. (In this case, specify the secret directory.)

# vi /etc/httpd/conf/httpd.conf

Add the following at the end

<Directory "/var/www/html/secret">
AuthType Digest
AuthName "DigestAuth"
AuthDigestDomain /secret/
AuthUserFile "/etc/httpd/.digestauth"
Require valid-user

Enable Digest authentication and reboot

# systemctl restart httpd.service

When accessing http://<domain name>/ with a browser, a screen appears asking for "user name" and "password".