Professional Documents
Culture Documents
web server
•Configure a web server for the site http://system1.networkX.example.com then
perform the following steps:-
download file from http://server.networkX.example.com/materials/station.html on
document root of your web server.
Rename the downloaded file to index.html.Do NOT make any modifications to the
content of index.html.
it should be accessible by your network networkX.example.com and not accessible
by my133t.org
Q-14. Configure the system1 as “web server” for the site http://server1.example.com
→ Download the web page station.html from
http://classroom.example.com/pub/updates/station.html
→ Rename the downloaded page as index.html
→ Copy the index.html file to the “document root” and don’t modify
Make sure the web site should be allow to example.com only and deny to my123t.org
domain.
WEB SERVER
################
Question#13 Configure "web server":
---------------------------------------
--> Configure the system1 as "web server" for the site
http://serverX.example.com
--> Download the web page station.html from
http://classroom.example.com/pub/updates/station.html
--> Rename the downloaded page as index.html.
--> Copy the index.html file to the "document root" and dont
modify
a. Make sure the web site should be allowing to example.com only and deny
to my133t.org domain.
!!!!!!!!!!!!
Solution
#yum install httpd* -y
#systemctl enable httpd.service
#systemctl restart httpd.service
#firewall-cmd --permanent --add-service=http
Success
#firewall-cmd --reload
success
#rpm -qd httpd <--run this command
/usr/share/doc/httpd-2.4.6/
•Create a virtual directory in document root of your web server Download page from
http://server.networkX.example.com/materials/www.html.
Rename the downloaded file to index.html.
Place this index.html in the Document Root of the virtual host.
Do NOT make any modifications to the content of index.html. Ensure that sarah is
able to create
content in /var/www/virtual.
Question#15
Configure name virtual hosting server:
--------------------------------------
Configure the name virtual hosting server for the site
http://wwwX.example.com. Download the page "www.html" from
http://classroom.example.com/pub/updates/www.html and rename as
index.html under documenRoot "/var/www/virtual". User called rock
should able to add some content into /var/www/virtual directory.
Solution
#mkdir /var/www/virtual
#cd /var/www/virtual
#wget -O index.html http://classroom.example.com/pub/updates/www.html
copy the begining 5 lines from main web server configuration and
observe the changes
Changes
#useradd rock
#setfacl -m u:rock:rwx /var/www/virtual
#su - rock
$vim /var/www/virtual/rock.html
Rock is modifying the virtual content
:wq
#systemctl restart httpd.service
first browse firefox http://wwwX.example.com
then browse firefox http://wwwX.example.com/rock.html
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((DONE))))))
14). Restrict web servers
• Restrict your web server for site http://system1.networkX.example.com. Configure
such that restrict directory
in this document root is access by your system only. Create index.html in restrict
directory. Previous website
remains same.
Q15. Create the directory “confidential” for the Document Root of your web server.
Download the page “host.html” from
http://classroom.example.com/pub/updates/host.html and rename as index.html under
confidential. It should be accessible to localhost only and not to any other host.
Question#14
Configure "web server":
---------------------------
Create the directory "confidential" for the DocumentRoot of your
webserver. Download the page "host.html" from
http://classroom.example.com/pub/updates/host.html And move as
index.html.It should be accessable to localhost only and not to any
other host.
----------------------------------------------
#mkdir /var/www/html/confidential
N.B--Again open the conifguration file
<Directory /var/www/html/confidential>
Order deny,allow
Deny from all
Allow from serverX.example.com
</Directory>
:wq
15). Configure web server to include a virtual host for the site
http://webapp.networkX.example.com,
perform The following steps:mkdir
Question#16
Configure wsgi web server:
-------------------------------
Configure "wsgi" web server site name "webappX.example.com" and
download dynamic WSGI conent from
http://classroom.example.com/pub/updates/webapp.wsgi and stored inside
virtual web server DocumentRoot of your webserver. and donot effect
virtual web serevr. port should be 8999 and client should access the
web site using webappX.example.com:8999.
##########
Solution
#yum install mod_wsgi -y
#cd /var/www/virtual
#wget http://classroom.example.com/pub/updates/webapp.wsgi
#firewall-cmd --permanent --add-port=8999/tcp
#firewall-cmd --reload
#man semanage-port
search for /example and copy and paste in terminal
#semanage port -a -t http_port_t -p tcp 8999 (and change it 81 to
8999)
Final output
--------------
<VirtualHost 172.25.X.11:8999>
WSGIScriptAlias / /var/www/virtual/webapp.wsgi
ServerAdmin root@webappX.example.com
ServerName webappX.example.com
</VirtualHost>
:wq
Q18. Configure secure web server site named http://serverX.example.com and the
web site will need to protect with tls and the certificate can be download from
http://classroom.example.com/pub/example-ca.crt ,
http://classroom.example.com/pub/tls/private/serverX.key and
http://classroom.example.com/pub/tls/certs/serverX.crt
Question#17
confiure ssl web server
-----------------------------
Configure secure web server site name http://serverX.example.com and
the web site will need to protect with SSL.
Download the certificates form following locations
http://classroom.example.com/pub/example-ca.crt
http://classroom.example.com/pub/tls/private/serverX.key
http://classroom.example.com/pub/tls/certs/serverX.crt
#solution
----------
# yum install mod_ssl -y
firewall-cmd --permanenet --add-service=https
success
#firewall-cmd --reload
success
---->download the keys below location (please download only .crt
extension keys in this directory)
#cd /etc/pki/tls/certs/
wget http://classroom.example.com/pub/example-ca.crt
wget http://classroom.example.com/pub/tls/certs/serverX.crt
#cd /etc/pki/tls/private
wget http://classroom.example.com/pub/tls/private/serverX.key
Step#1
copy the first 5 lines from the begining and observe the changes
<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com
Step 2
(And what ever you copied from egrep 'SSLC|SSLE|SSLP'
/etc/httpd/conf.d/ssl.conf )
please paste in the middle
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
# Point SSLCertificateFile at a PEM encoded certificate. If
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Point SSLCertificateChainFile at a file containing the
# the referenced file can be the same as SSLCertificateFile
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
</VirtualHost>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 <-- this one you have to add
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/serverX.crt
SSLCertificateKeyFile /etc/pki/tls/private/serverX.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost>
wget http://classroom.example.com/pub/station.html
mv station.html /var/www/html/index.html
restorecon -vvFR /var/www/html/index.html
ls -ldZ /var/www/html/index.html
vim /etc/httpd/conf.d/server.conf
<virtualhost 172.25.0.11:80>
servername server0.example.com
documentroot /var/www/html
</virtualhost>
<directory /var/www/html>
order allow,deny
allow from 172.25.0.0/24
</directory>
wq!
elinks server0.example.com
#####################################
CLIENTE
#########################################################
SERVER
mkdir /var/www/html/private
wget http://classroom.example.com/pub/secure.html
mv secure.html /var/www/html/private/index.html
restorecon -vvFR /var/www/html/private/index.html
restorecon -vvFR /var/www/html/private
vim /etc/httpd/conf.d/server.conf
….
<directory /var/www/html/private>
order allow,deny
allow from 172.25.0.11
</directory>
CLIENT
elinks server0.example.com/private
#######################################################
SERVER
mkdir /var/www/virtual
wget http://classroom.example.com/pub/www.html
mv www.html /var/www/virtual/index.html
restorecon -vvFR /var/www/virtual/
restorecon -vvFR /var/www/virtual/index.html
vim /etc/httpd/conf.d/www.conf
<virtualhost 172.25.0.11:80>
servername www0.example.com
documentroot /var/www/virtual
</virtualhost>
<directory /var/www/virtual>
require all granted
</directory>
wq!
elinks www0.example.com
##################################
SERVER
mv /home/student/webapp.wsgi /var/www/html/
restorecon -vvFR /var/www/html/webapp.wsgi
vim /etc/httpd/conf.d/webapp.conf
listen 8909
<virtualhost 172.25.0.11:8909>
servername webapp0.example.com
wsgiscriptalias / /var/www/html/webapp.wsgi
</virtualhost>
</directory /var/www/html>
order allow,deny
allow from 172.25.0.0/24
</directory>
wq!
CLIENT
elinks wepapp0.example.com:8909
#####################
#####################################################################
Server
man semanage-port
semanage port -a -t http_port_t -p tcp 8999
systemctl restart httpd
mkdir /var/www/html/confidencial
mkdir /var/www/virtual
useradd rock
setfacl -m u:rock:rwx /var/www/virtual
wget -O /var/www/html/index.html
http://classroom.example.com/pub/updates/station.html
wget -O /var/www/html/confidential/index.html
http://classroom.example.com/pub/updates/host.html
wget -O /var/www/virtual/index.html
http://classroom.example.com/pub/uptades/www.html
wget -O /var/www/virtual/webapp.wsgi
http://classroom.example.com/pub/updates/webapp.wsgi
wget -O /etc/pki/tls/certs/server2.crt
http://classroom.example.com/pub/tls/certs/server2.crt
wget -O /etc/pki/tls/private/server2.key
http://classroom.example.com/pub/tls/private/server2.key
vim /etc/httpd/conf.d/web1.conf
<VirtualHost 172.25.2.11:80>
ServerAdmin root2@server2.example.com
ServerName server2.example.com
DocumentRoot /var/www/html
ErrorLog logs/err.log
CustomLog logs/cust.log combined
</VirtualHost>
<Directory /var/www/html>
Order Allow,Deny
Allow from 172.25.0.0/16
</Directory>
<Directory /var/www/html/confidential>
Order Allow,Deny
Allow from 172.25.2.11
</Directory>
wq!
vim /etc/httpd/conf.d/web2.conf
<VirtualHost 172.25.2.11:80>
ServerAdmin root@serever2.example.com
ServerName www2.example.com
DocumentRoot /var/www/virtual
</VirtualHost>
<Directory /var/www/virtual>
require all granted
AllowOverride none
</Directory>
<VirtualHost 172.25.2.11:8999>
ServerAdmin root@server2.example.com
ServerName webapp2.example.com
WSGIScriptAlias / “/var/www/virtual/webapp.wsgi”
</VirtrualHost>
Listen 8999
wq!
httpd -t
vim /etc/hosts (hacer esto también en el desktop 2)
172.16.2.11 server2.example.com
172.16.2.11 www2.example.com
172.16.2.11 webapp2.example.com
wq!
systemctl restart httpd
_______________________________________________________