Contents
1.Apache2 Install , Virtual Host Configuration
1.1 Apache2 Install
①httpd Install
1 2 3 4 5 6 |
# dnf -y install httpd Version Check # httpd -v Server version: Apache/2.4.37 (rocky) Server built: Sep 22 2023 23:22:00 |
1.2 Apache Configuration
①Edit httpd.conf file
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak # vi /etc/httpd/conf/httpd.conf Line 89 : Administrator address specification ServerAdmin [Email Address] Per Line 99 : Change ServerName Add "ServerName <domain name>" under "#ServerName www.example.com:80" Line 147 : Change (Delete Indexes) Options FollowSymLinks Line 154 : Change AllowOverride All Line 167 : File names accessible by directory name only Add "index.php index.cgi index.htm" Add to the last line ServerTokens Prod |
②If Firewalld is enabled, HTTP/HTTPS service permission is required; HTTP uses [80/TCP][443/TCP]
1 2 3 |
# firewall-cmd --add-service=http --permanent # firewall-cmd --add-service=https --permanent # firewall-cmd --reload |
③Apache Auto-Start Configuration
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# systemctl start httpd # systemctl enable httpd # systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2023-10-25 11:21:41 JST; 15s ago Docs: man:httpd.service(8) Main PID: 10899 (httpd) Status: "Running, listening on: port 80" Tasks: 213 (limit: 10944) Memory: 27.3M CGroup: /system.slice/httpd.service tq10899 /usr/sbin/httpd -DFOREGROUND tq10900 /usr/sbin/httpd -DFOREGROUND tq10901 /usr/sbin/httpd -DFOREGROUND tq10902 /usr/sbin/httpd -DFOREGROUND mq10904 /usr/sbin/httpd -DFOREGROUND Oct 25 11:21:41 Lepard systemd[1]: Starting The Apache HTTP Server... Oct 25 11:21:41 Lepard systemd[1]: Started The Apache HTTP Server. Oct 25 11:21:41 Lepard httpd[10899]: Server configured, listening on: port 80 |
④operation check
If you access http://[server IP address] and see the RockyLinux Test Page as shown below, it is OK.
⑤Hide the Welcome page, create a new index.html file as a Test Page, and check apache operation
Rename the welcome page
1 |
# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.org |
1 2 3 4 5 6 7 8 9 |
Create HTML test page # vi /var/www/html/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Apache Test Page </div> </body> </html> |
If you access "http://[Server IP address]" and the Test Page is displayed as shown below, it is OK.
1.3 Virtual Host Settings
Assign and configure the domain name [rocky.korodes.com] to the document root [/var/www/html/rocky.korodes.com] directory for virtual host operation
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# vi /etc/httpd/conf.d/vhost.conf #Virtual Host Domain Settings <VirtualHost *:80> DocumentRoot /var/www/html/rocky.korodes.com ServerName rocky.korodes.com ServerAdmin [Email Address] ←Administrator's email address ErrorLog logs/rocky.korodes.com-error_log CustomLog logs/rocky.korodes.com-access_log combined </VirtualHost> <Directory "/var/www/html/rocky.korodes.com"> Options FollowSymLinks AllowOverride All </Directory> |
Creating a Document Directory
1 |
# mkdir /var/www/html/rocky.korodes.com |
Apache Restart
1 |
# systemctl restart httpd |
Create test pages and check operation
1 2 3 4 5 6 7 8 |
# vi /var/www/html/rocky.korodes.com/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Virtual Host Test Page </div> </body> </html> |
Access."http://rocky.korodes.com/index.html"
If the following screen appears, it is normal.
2. Use of CGI Scripts
①CGI availability check
1 2 3 |
# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 250: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" The above is displayed and available under "/var/www/cgi-bin/". |
②Create test scripts and check operation
1 2 3 4 5 |
# vi /var/www/cgi-bin/index.cgi #!/usr/libexec/platform-python print("Content-type: text/html\n") print("CGI Script Test Page") |
1 2 3 |
# chmod 755 /var/www/cgi-bin/index.cgi # curl localhost/cgi-bin/index.cgi CGI Script Test Page |
3. PHP installation and configuration
3.1.PHP Install
①Install
1 |
# dnf -y install php |
②Version Check
1 2 3 4 |
# php -v PHP 7.2.24 (cli) (built: Oct 22 2019 08:28:36) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies |
If you are on Php 7.2, upgrade to Php 8.2.
If you are installing Php8.2, you will need the Remi repository, so install it if you have not already done so.
1 |
# dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm |
Stop PHP once
1 |
# dnf module disable php |
PHP 8.2 Install
1 |
# dnf module install php:remi-8.2 |
php-fpm configuration
1 2 |
# systemctl enable php-fpm Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service. |
1 2 3 4 5 6 |
# systemctl start php-fpm # php -v PHP 8.2.11 (cli) (built: Sep 26 2023 11:11:58) (NTS gcc x86_64) Copyright (c) The PHP Group Zend Engine v4.2.11, Copyright (c) Zend Technologies with Zend OPcache v8.2.11, Copyright (c), by Zend Technologies |
If the version is updated to 8.2, it is OK.
③Apache Restart
After PHP installation, restarting Apache will invoke PHP-FPM (FPM : FastCGI Process Manager) by default, and php-fpm service will be started in conjunction with httpd startup.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# systemctl restart httpd # systemctl status php-fpm ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2023-10-25 11:38:25 JST; 38s ago Main PID: 13413 (php-fpm) Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic: 0req/sec" Tasks: 6 (limit: 10944) Memory: 22.0M CGroup: /system.slice/php-fpm.service tq13413 php-fpm: master process (/etc/php-fpm.conf) tq13414 php-fpm: pool www tq13415 php-fpm: pool www tq13416 php-fpm: pool www tq13417 php-fpm: pool www mq13418 php-fpm: pool www Oct 25 11:38:25 Lepard systemd[1]: Starting The PHP FastCGI Process Manager... Oct 25 11:38:25 Lepard systemd[1]: Started The PHP FastCGI Process Manager. |
④Confirmation of PHP operation
Create the following files
1 2 |
# vi /var/www/html/[FQDN]/test.php <?php phpinfo(); ?> |
If you access http://[FQDN]/test.php in your browser and see the following screen, it is OK
4. Digest authentication with Apache2
Since Basic Authentication, a well-known authentication authorization method for http, sends authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.
On the other hand, Digest Authentication encrypts and transmits authentication information, so there is almost no risk of information leakage.
4.1 Create password file for Digest authentication
Specify an authenticated area called realm. This realm allows the same directory to be accessed as authenticated.
For this example, the realm is "DigestAuth" and a user and password file named "secretuser" ".digestauth" is created.
1 |
# /usr/bin/htdigest -c /etc/httpd/.digestauth "DigestAuth" secretuser |
Confirmation
1 2 |
# cat /etc/httpd/.digestauth secretuser:DigestAuth:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
As above, secretuser and encrypted password are created
4.2 Edit Apache configuration file
Specify the directory to which Digest authentication will be applied. (In this case, specify the "secret" directory.)
1 |
# vi /etc/httpd/conf/httpd.conf |
Add the following at the end
1 2 3 4 5 6 7 |
<Directory "/var/www/html/[FQDN]/secret"> AuthType Digest AuthName "DigestAuth" AuthDigestDomain /[FQDN]/secret/ AuthUserFile "/etc/httpd/.digestauth" Require valid-user </Directory> |
Create a directory for Digest authentication
1 |
# mkdir /var/www/html/[FQDN]/secret |
Enable Digest authentication and reboot
1 |
# systemctl restart httpd.service |
Create index.html under /var/www/html/[FQDN]/secret
1 2 3 4 5 6 7 8 9 |
# vi /var/www/html/[FQDN]/secret/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Digest Secret Test Page </div> </body> </html> |
When accessing http://[FQDN]/secret with a browser, a screen appears asking for "user name" and "password"
Success if the following screen appears