HTTP/HTTPS Flashcards

1
Q

Configure a Virtual Host

A

Configure a virtual host.

1. Install the “Web Server” package group:
#yum groupinstall -y "Web server"
2. Edit the /etc/httpd/conf/httpd.conf file and uncomment the following directive:
#NameVirtualHost *:80
At the end of the same file, uncomment the following stanza:
#
# ServerAdmin webmaster@dummy-host.example.com
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#

Don’t forget to replace dummy-host.example.com by the name of your webserver.

3. Check the validity of the /etc/httpd/conf/httpd.conf file:
# httpd -t
# service httpd configtest
4. Check the virtual host(s) configuration:
# httpd -S
# httpd -D DUMP_VHOSTS
5. Add a new rule to the firewall:
# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
6. Save the firewall configuration:
# service iptables save
7. Activate the httpd service at boot:
#chkconfig httpd on
8. Start the httpd service:
#service httpd start
9. Check the httpd service:
#yum install -y elinks
#elinks http://localhost
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Configure group-managed content.

A

Configure group-managed content.

1. Install the “Web Server” package group:
#yum groupinstall -y "Web Server"
  1. Edit the /etc/hosts file and add the ip address and the fully qualified domain name of the server:
  2. 2.3.4 server.example.com
  3. To allow only a group of users (here nikos and steve from the team) to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and type:
AuthType Basic
AuthName "Password protected area"
AuthGroupFile /etc/httpd/conf/team
AuthUserFile /etc/httpd/conf/passwd
Require group team
  1. Check the configuration file:
    #service httpd configtest
    Syntax OK
5. Create the private directory:
#mkdir -p /var/www/html/private
#restorecon /var/www/html/private
  1. Create the /etc/httpd/conf/team file:
    team: nikos steve
7. Create the /etc/httpd/conf/passwd file:
#htpasswd -c /etc/httpd/conf/passwd nikos
New password: nikos
Re-type new password: nikos
Adding password for user nikos
#htpasswd /etc/httpd/conf/passwd steve
New password: steve
Re-type new password: steve
Adding password for user steve
8. Add a new rule to the firewall:
#iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
9. Save the firewall configuration:
#service iptables save
10. Activate the httpd service at boot:
#chkconfig httpd on
11. Start the httpd service:
#service httpd start
12. Check the httpd service:
#yum install -y elinks
#elinks http://localhost/private/
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Configure private directories

A

service httpd configtest

Configure private directories.

1. Install the “Web server” package group:
#yum groupinstall -y "Web server"
  1. There are several ways to restrict access to directories:

a) host-based private directories
To only allow test.example.com (add the name/IP address in the /etc/hosts file if necessary) to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and type:

AllowOverride None
Options None
Order allow,deny
Allow from test.example.com

Check the configuration file:

# service httpd configtest
Create the private directory:
 #mkdir -p /var/www/html/private
 #restorecon -R /var/www/html/private

b) user-based private directories
To only allow me to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and type:

AuthType Basic
AuthName “Password protected area”
AuthUserFile /etc/httpd/conf/passwd
Require user me

Check the configuration file:

3. Create the private directory:
#mkdir -p /var/www/html/private
#restorecon -R /var/www/html/private
4. Create the passwd file and store me’s password:
#htpasswd -c /etc/httpd/conf/passwd me

Note: the .htpasswd file can locally be used instead of the httpd.conf file in 1) and 2) for the same purpose.

5. Whatever the option chosen, add a new rule to the firewall:
#iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
6. Save the firewall configuration:
#service iptables save
7. Activate the httpd service at boot:
#chkconfig httpd on
8. Start the httpd service:
#service httpd start
9. Check the httpd service:
#yum install -y elinks
#elinks http://localhost/private
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Deploy a basic CGI application

A

Deploy a basic CGI application.

1. Install the “Web server” package group:
#yum groupinstall -y "Web server"
2. Create the /var/www/cgi-bin/hello.pl Perl script and insert the following lines:
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World!";
3. Make this script executable:
#chmod 755 /var/www/cgi-bin/hello.pl
4. Add a new rule to the firewall:
#iptables -I INPUT -p tcp -m state --state NEW -m tcp —dport 80 -j ACCEPT
5. Save the firewall configuration:
#service iptables save
6. Activate the httpd service at boot:
#chkconfig httpd on
7. Start the httpd service:
#service httpd start
8. Check the httpd service:
#yum install -y elinks
#elinks http://localhost/cgi-bin/hello.pl
Alternatively, if you want to use a directory other than the /var/www/cgi-bin/ default (/webapp for example), you will have some additional steps.
9. Create the webapp directory:
#mkdir /webapp
10. Copy the hello.pl file into it:
#cp /var/www/cgi-bin/hello.pl /webapp
11. Set up SElinux configuration for the /webapp directory:
#yum install -y setroubleshoot-server
#semanage fcontext -a -t httpd_sys_script_exec_t "/webapp(/.*)?"
#restorecon -R /webapp
  1. Edit the /etc/httpd/conf/httpd.conf file and replace the ‘ScriptAlias‘ option with the following content:
    ScriptAlias /cgi-bin/ “/webapp/”

In the same file, where the configuration of your website (or virtual host) is located, add the following lines:

AllowOverride None
Options None
Order allow,deny
Allow from all

In the same stanza, you can optionally add the following lines (but it doesn’t seem mandatory):
Options ExecCGI
AddHandler cgi-script .pl

13. Check the configuration file:
#service httpd configtest
14. Restart the httpd service:
#service httpd restart
15. Check the execution of the Perl script:
#yum install -y elinks
#elinks http://localhost/cgi-bin/hello.pl
How well did you know this?
1
Not at all
2
3
4
5
Perfectly