12).

web server
•Configure a web server for the site http://system1.networkX.example.com then
perform the following steps:-
download file from http://server.networkX.example.com/materials/station.html on
document root of your web server.
Rename the downloaded file to index.html.Do NOT make any modifications to the
content of index.html.
it should be accessible by your network networkX.example.com and not accessible
by my133t.org

Q-14. Configure the system1 as “web server” for the site http://server1.example.com
→ Download the web page station.html from
http://classroom.example.com/pub/updates/station.html
→ Rename the downloaded page as index.html
→ Copy the index.html file to the “document root” and don’t modify

Make sure the web site should be allow to example.com only and deny to my123t.org
domain.

WEB SERVER
################
Question#13 Configure "web server":
---------------------------------------
--> Configure the system1 as "web server" for the site
http://serverX.example.com
--> Download the web page station.html from
http://classroom.example.com/pub/updates/station.html
--> Rename the downloaded page as index.html.
--> Copy the index.html file to the "document root" and dont
modify

a. Make sure the web site should be allowing to example.com only and deny
to my133t.org domain.
!!!!!!!!!!!!

Solution
#yum install httpd* -y
#systemctl enable httpd.service
#systemctl restart httpd.service
#firewall-cmd --permanent --add-service=http
Success
#firewall-cmd --reload
success
#rpm -qd httpd <--run this command
/usr/share/doc/httpd-2.4.6/

#cat /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf (read this file and

copy last 7 lines)
and paste in vim /etc/httpd/conf/httpd.conf
segreate from 354 line#########################
paste is here
<VirtualHost *:@@Port@@>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "@@ServerRoot@@/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "/var/log/httpd/dummy-host2.example.com-error_log"
CustomLog "/var/log/httpd/dummy-host2.example.com-access_log"
common
</VirtualHost>
and please observe the changes:

<VirtualHost 172.25.X.11:80>(X is your system number)

ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com
</VirtualHost>
<Directory /var/www/html> [this is file lines you have to remember]
Order deny,allow
Deny from .my133t.org
Allow from .example.com
</Directory>
!!!!!!!
Now download the web page station.html from
http://classroom.example.com/pub/updates/station.html
#wget -O index.html
http://classroom.example.com/pub/updates/station.html ( run this
command)
#systemctl restart httpd.service
#curl -k http://serverX.example.com (better use firefox)

13). Virtual hosting

•Configure web server to include a virtual host for the site
http://www.networkX.example.com,
perform The following steps:

•Create a virtual directory in document root of your web server Download page from
http://server.networkX.example.com/materials/www.html.
Rename the downloaded file to index.html.
Place this index.html in the Document Root of the virtual host.
Do NOT make any modifications to the content of index.html. Ensure that sarah is
able to create
content in /var/www/virtual.

The original web site http://system1.networkX.example.com must still accessible.

DNS resolution for the hostname www.networkXexample.com is already provided

by the name server.
Q16. Configure the name virtual hosting server for the site
http://www5.example.com . Download the page “www.html” from
http://classroom.example.com/pub/updates/www.html and reame as index.html under
document root /var/www/virtual” . User called rock should able to add some content
into /var/www/virtual directory.

Question#15
Configure name virtual hosting server:
--------------------------------------
Configure the name virtual hosting server for the site
http://wwwX.example.com. Download the page "www.html" from
http://classroom.example.com/pub/updates/www.html and rename as
index.html under documenRoot "/var/www/virtual". User called rock
should able to add some content into /var/www/virtual directory.

Solution
#mkdir /var/www/virtual
#cd /var/www/virtual
#wget -O index.html http://classroom.example.com/pub/updates/www.html

copy the begining 5 lines from main web server configuration and
observe the changes

<VirtualHost 172.25.X.11:80>(X is your system number)

ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com
</VirtualHost>

Changes

<VirtualHost 172.25.X.11:80>(X is your system number)

ServerAdmin root@wwwX.example.com
DocumentRoot /var/www/virtual
ServerName wwwX.example.com
</VirtualHost>

#systemctl restart httpd.service

#useradd rock
#setfacl -m u:rock:rwx /var/www/virtual
#su - rock
$vim /var/www/virtual/rock.html
Rock is modifying the virtual content
:wq
#systemctl restart httpd.service
first browse firefox http://wwwX.example.com
then browse firefox http://wwwX.example.com/rock.html
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((DONE))))))
14). Restrict web servers
• Restrict your web server for site http://system1.networkX.example.com. Configure
such that restrict directory
in this document root is access by your system only. Create index.html in restrict
directory. Previous website
remains same.

Q15. Create the directory “confidential” for the Document Root of your web server.
Download the page “host.html” from
http://classroom.example.com/pub/updates/host.html and rename as index.html under
confidential. It should be accessible to localhost only and not to any other host.

Question#14
Configure "web server":
---------------------------
Create the directory "confidential" for the DocumentRoot of your
webserver. Download the page "host.html" from
http://classroom.example.com/pub/updates/host.html And move as
index.html.It should be accessable to localhost only and not to any
other host.
----------------------------------------------
#mkdir /var/www/html/confidential
N.B--Again open the conifguration file

and copy from the

<Directory /var/www/html> [this is file lines you have to remember]
Order deny,allow
Deny from .my133t.org
Allow from .example.com
</Directory>

please observe the changes

<Directory /var/www/html/confidential>
Order deny,allow
Deny from all
Allow from serverX.example.com
</Directory>
:wq

Now Download Download the page "host.html" from

http://classroom.example.com/pub/updates/host.html

#wget -O index.html http://classroom.example.com/pub/updates/host.html

(run this command no need to raname again)

#systemctl restart httpd.service

open firefox from desktop,foundation machine it should be

forbiddent,if it brsowseable then mistake with your configuration
It will only browse with serverX.example.com
((((((((((((((((((((((((((((((((((((((((((((((((Done))))))))))))))))))

15). Configure web server to include a virtual host for the site
http://webapp.networkX.example.com,
perform The following steps:mkdir

• Download page from

http://server.networkX.example.com/materials/webapp.wsgi.
on document root of your web server.

Q17. Configure “wsgi” web server site named “webapp5.example.com” and

download dynamic wsgi content from
thhp://classroom.example.com/pub/updates/weapp.wsgi and stored inside virtual web
server Document Root of your web server. And do not affect virtual web server. Port
should be 8999 and client should access the web site using
webapp5.example.com:8999.

Question#16
Configure wsgi web server:
-------------------------------
Configure "wsgi" web server site name "webappX.example.com" and
download dynamic WSGI conent from
http://classroom.example.com/pub/updates/webapp.wsgi and stored inside
virtual web server DocumentRoot of your webserver. and donot effect
virtual web serevr. port should be 8999 and client should access the
web site using webappX.example.com:8999.
##########

Solution
#yum install mod_wsgi -y
#cd /var/www/virtual
#wget http://classroom.example.com/pub/updates/webapp.wsgi
#firewall-cmd --permanent --add-port=8999/tcp

#firewall-cmd --reload

#man semanage-port
search for /example and copy and paste in terminal
#semanage port -a -t http_port_t -p tcp 8999 (and change it 81 to
8999)

open the vim /etc/httpd/conf/httpd.conf

and search Listen and Copy the Listen and paste it down
and change like this
Listen webappX.example.com:8999

and in this file only copy from

<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@wwwX.example.com
DocumentRoot /var/www/virtual
ServerName wwwX.example.com
</VirtualHost>

and observe the changes

<VirtualHost 172.25.X.11:80> change 80 to 8999 (X is your

system number)
ServerAdmin root@webappX.example.com <--wwwX to webappX
DocumentRoot /var/www/virtual/webapp.wsgi<-- add this one
and change DocumentRoot to WSGIScriptAlias / so final
WSGIScriptAlias / /var/www/virtual/webapp.wsgi
ServerName wwwX.example.com<-- servername -webappX.example.com
</VirtualHost>

Final output
--------------
<VirtualHost 172.25.X.11:8999>
WSGIScriptAlias / /var/www/virtual/webapp.wsgi
ServerAdmin root@webappX.example.com
ServerName webappX.example.com
</VirtualHost>
:wq

#systemctl restart httpd.service

-->browse #firefox http://webappX.example.com:8999 (If Unix epoch time

is coming its done)
and
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((DONE))))

Q18. Configure secure web server site named http://serverX.example.com and the
web site will need to protect with tls and the certificate can be download from
http://classroom.example.com/pub/example-ca.crt ,
http://classroom.example.com/pub/tls/private/serverX.key and
http://classroom.example.com/pub/tls/certs/serverX.crt

Question#17
confiure ssl web server
-----------------------------
Configure secure web server site name http://serverX.example.com and
the web site will need to protect with SSL.
Download the certificates form following locations
http://classroom.example.com/pub/example-ca.crt
http://classroom.example.com/pub/tls/private/serverX.key
http://classroom.example.com/pub/tls/certs/serverX.crt

#solution
----------
# yum install mod_ssl -y
firewall-cmd --permanenet --add-service=https
success
#firewall-cmd --reload
success
---->download the keys below location (please download only .crt
extension keys in this directory)
#cd /etc/pki/tls/certs/
wget http://classroom.example.com/pub/example-ca.crt
wget http://classroom.example.com/pub/tls/certs/serverX.crt
#cd /etc/pki/tls/private
wget http://classroom.example.com/pub/tls/private/serverX.key

Now run a command

# egrep 'SSLC|SSLE|SSLP' /etc/httpd/conf.d/ssl.conf
and copy form SSL engine on to server-chain.crt
and what ever # commented delete except server-chain.crt(just
uncomment it)

Step#1
copy the first 5 lines from the begining and observe the changes
<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com

Step 2
(And what ever you copied from egrep 'SSLC|SSLE|SSLP'
/etc/httpd/conf.d/ssl.conf )
please paste in the middle
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
# Point SSLCertificateFile at a PEM encoded certificate. If
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Point SSLCertificateChainFile at a file containing the
# the referenced file can be the same as SSLCertificateFile
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
</VirtualHost>

final changes please observer:

<VirtualHost 172.25.X.11:443>(X is your system number) 80 to 443

ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 <-- this one you have to add
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

SSLCertificateFile /etc/pki/tls/certs/serverX.crt
SSLCertificateKeyFile /etc/pki/tls/private/serverX.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost>

#systemctl restart httpd.services

And this should be browse from all the systems.

(((((((((((((((((((((((((((((((((((((((((((((((((((((DONE))))))))))))
HTTPD
SERVER

yum -y install httpd* mod_wsgi elinks.x86_64

lab webapp setup

wget http://classroom.example.com/pub/station.html
mv station.html /var/www/html/index.html
restorecon -vvFR /var/www/html/index.html
ls -ldZ /var/www/html/index.html

vim /etc/httpd/conf.d/server.conf

<virtualhost 172.25.0.11:80>
servername server0.example.com
documentroot /var/www/html
</virtualhost>

<directory /var/www/html>
order allow,deny
allow from 172.25.0.0/24
</directory>

wq!

systemctl restart httpd

systemctl enable httpd
firewall-cmd --permanent --add-service=http
firewall-cmd --complete-reload

elinks server0.example.com
#####################################

CLIENTE

yum install elinks.x86_64

elinks server0.example.com

#########################################################
SERVER

mkdir /var/www/html/private
wget http://classroom.example.com/pub/secure.html
mv secure.html /var/www/html/private/index.html
restorecon -vvFR /var/www/html/private/index.html
restorecon -vvFR /var/www/html/private

vim /etc/httpd/conf.d/server.conf

….

<directory /var/www/html/private>
order allow,deny
allow from 172.25.0.11
</directory>

systemctl restart httpd

systemctl enable httpd

CLIENT

elinks server0.example.com/private

#######################################################

SERVER

mkdir /var/www/virtual
wget http://classroom.example.com/pub/www.html
mv www.html /var/www/virtual/index.html
restorecon -vvFR /var/www/virtual/
restorecon -vvFR /var/www/virtual/index.html

vim /etc/httpd/conf.d/www.conf

<virtualhost 172.25.0.11:80>
servername www0.example.com
documentroot /var/www/virtual
</virtualhost>
<directory /var/www/virtual>
require all granted
</directory>

wq!

systemctl restart httpd

CLIENT

elinks www0.example.com

##################################
SERVER

mv /home/student/webapp.wsgi /var/www/html/
restorecon -vvFR /var/www/html/webapp.wsgi
vim /etc/httpd/conf.d/webapp.conf

listen 8909
<virtualhost 172.25.0.11:8909>
servername webapp0.example.com
wsgiscriptalias / /var/www/html/webapp.wsgi
</virtualhost>
</directory /var/www/html>
order allow,deny
allow from 172.25.0.0/24
</directory>

wq!

semanage port -a -t http_port_t -p tcp 8909

firewall-cmd --permanent --add-port=8909/tcp
firewall-cmd --complete-reload
systemctl restart httpd

CLIENT
elinks wepapp0.example.com:8909

#####################
#####################################################################

Server

yum -y install http mod_ssl mod_wsgi

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-port=8999/tcp
firewall-cmd --reload

systemctl start httpd

systemctl enable httpd

man semanage-port
semanage port -a -t http_port_t -p tcp 8999
systemctl restart httpd
mkdir /var/www/html/confidencial
mkdir /var/www/virtual
useradd rock
setfacl -m u:rock:rwx /var/www/virtual
wget -O /var/www/html/index.html
http://classroom.example.com/pub/updates/station.html

wget -O /var/www/html/confidential/index.html
http://classroom.example.com/pub/updates/host.html

wget -O /var/www/virtual/index.html
http://classroom.example.com/pub/uptades/www.html

wget -O /var/www/virtual/webapp.wsgi
http://classroom.example.com/pub/updates/webapp.wsgi

wget -O /etc/pki/tls/certs/example-ca.crt http://classroom.example.com/pub/example-

ca.crt

wget -O /etc/pki/tls/certs/server2.crt
http://classroom.example.com/pub/tls/certs/server2.crt

wget -O /etc/pki/tls/private/server2.key
http://classroom.example.com/pub/tls/private/server2.key

vim /etc/httpd/conf.d/web1.conf

<VirtualHost 172.25.2.11:80>
ServerAdmin root2@server2.example.com
ServerName server2.example.com
DocumentRoot /var/www/html
ErrorLog logs/err.log
CustomLog logs/cust.log combined
</VirtualHost>

<Directory /var/www/html>
Order Allow,Deny
Allow from 172.25.0.0/16
</Directory>

<Directory /var/www/html/confidential>
Order Allow,Deny
Allow from 172.25.2.11
</Directory>

wq!

vim /etc/httpd/conf.d/web2.conf

<VirtualHost 172.25.2.11:80>
ServerAdmin root@serever2.example.com
ServerName www2.example.com
DocumentRoot /var/www/virtual
</VirtualHost>

<Directory /var/www/virtual>
require all granted
AllowOverride none
</Directory>

<VirtualHost 172.25.2.11:8999>
ServerAdmin root@server2.example.com
ServerName webapp2.example.com
WSGIScriptAlias / “/var/www/virtual/webapp.wsgi”
</VirtrualHost>
Listen 8999

wq!

httpd -t
vim /etc/hosts (hacer esto también en el desktop 2)
172.16.2.11 server2.example.com
172.16.2.11 www2.example.com
172.16.2.11 webapp2.example.com
wq!
systemctl restart httpd
_______________________________________________________