Topics:
1.
Apache Intro
2.
Mod Alias
3.
Virtual Hosting
4.
Apache Log
5.
Apache Access Control
6.
Apache SSL
7.
Webalizer Logs
8.
AWSTATS Logs
9.
Apache CGI
10. Tomcat
Servlet Engine
11. Weblogic
J2EE Engine
12.
Jboss J2EE Engine
APACHE
INTRO:
#
rpm -q httpd
#
rpm -q httpd-manual
#
rpm -q redhat-config-httpd
#
rpm -q mod_ssl
If
they doesn't exist then install them.
#
rpm -ivh httpd*
#
rpm -ivh httpd-manual*
#
rpm -ivh redhat-config-httpd*
#
rpm -ivh mod_ssl*
Restart
the services and make them to run at start up.
#
service httpd restart ; chkconfig httpd on
Default
Document Root : /var/www/html
Default
Configuration Root : /etc/httpd/conf
MOD
ALIAS:
#
vi /etc/httpd/conf/httpd.conf
Go
to the end of the file and add your new alias information.
ALIAS URL_TAB FILE_SYSTEM
alias /tiltectest /var/tiltectest
(Note:
The URL_TAB name and the FILE_SYSTEM name need not be the same.)
:x
#
cd /var
#
mkdir tiltectest
#
chown apache tiltectest/
#
cd tiltectest
#
touch index.html
#
chown apache index.html
#
vi index.html
<html>
<body>TILTEC
Test Alias using Mod alias</body>
</html>
:x
#
service httpd reload
Go
to the browser and check the url.
http://localhost/tiltectest
Redirecting
from local system to other urls.
#
vi /etc/httpd/conf/httpd.conf
Go
to the end of the file and append as the following.
REDIRECT URL
of the Local_System URL to which we need to redirect
redirect /redirecttest http://www.tiltec.net
redirect /redhat http://www.redhat.com
redirect /gnu http://www.gnu.org
:x
#
service httpd reload
Go
to the browser and check the url.
http://localhost/tiltectest
Secured
Directory Hosting:
#
vi /etc/httpd/conf/httpd.conf
<Directory
/var/tiltectest>
Order
deny,allow
Deny
from all
Allow
from <IP_ADDRESS> or <SUBNET/MASK>
</Directory>
<Directory
/var/tiltectest>
Order
deny,allow
Deny
from all
Allow
from <192.168.0.200> or <192.168.0.0/24>
</Directory>
:x
#
service httpd reload
VIRTUAL
HOSTING:
I.
IP Based Virtual Hosts
II.
Name Based Virtual Hosts
I.
IP Based Virtual Hosting:
1.
Creating a virtual host named tiltec.internal
#
vi /etc/httpd/conf/httpd.conf
Go
to the end of the file and add the following.
<VirtualHost www.tiltec.internal:80>
ServerAdmin root@server.tiltec.com
DocumentRoot /var/www/tiltec.internal
ServerName www.tiltec.internal
ErrorLog logs/tiltec.internal-error_log
accessLog logs/tiltec.internal-access_log
</VirtualHost>
:x
#
cd /var/www/
#
mkdir tiltec.internal
#
chown apache tiltec.internal
#
cd tiltec.internal/
#
vi index.html
<html>
<body>
Welcome
to the TILTEC Internal Server.
Testing
the IP based Virtual Hosts!
</body>
</html>
:x
#
chown apache index.html
Basically
our server address is 192.168.0.200 and there isn't any
192.168.0.201.
So
we have to create that.
#
ifconfig eth0 add 192.168.0.201
Verify
that we have a new virtual ethernet connection named eth0:0
Configure
the DNS:
#
rpm -q named
#
rpm -ivh named*
vi
/etc/named.conf
Go
to the zone configurations and edit the following.
zone "tiltec.internal"
{
type master;
file "tiltec.internal";
};
:x
#
cd /var/named/
#
vi tiltec.internal
$TTL 86400
@ IN SOA @root.localhost
(
2012101701
; serial
28800
; refresh
7200
; retry
604800
; expire
86400
; ttl
)
IN NS ns1.
# IN NS www.
@ IN A 192.168.0.200
www IN A 192.168.0.201
ns1 IN A 192.168.0.200
:x
#
chown named tiltec.internal
#
chgrp named tiltec.external
#
service named reload (if not possible try to restart the service)
#
ifconfig
#
vi /etc/resolv.conf
nameserver 127.0.0.1
:x
#
service named reload
#
dig www.tiltec.internal
#
service httpd status
#
service httpd reload
#
service httpd status
#
ps -ax | grep httpd
Open
the browser and check for the site.
2.
Creating a virtual host named tiltec.external
#
cd /var/named
#
cp tiltec.internal tiltec.external
#
vi /etc/named.conf
Go
to the zone configurations and add the following.
zone "tiltec.external"
{
type master;
file "tiltec.external";
};
:x
#
chown named tiltec.external
#
chgrp named tiltec.external
#
service named reload
#
service httpd reload
#
dig www.tiltec.external
#
cd /var/www/
#
mkdir tiltec.external
#
chown apache tiltec.external
#
cd tiltec.external
#
vi index.html
<html>
<body>
Welcome
to TILTEC External web server.
Testing
Virtual Hosts!
</body>
</html>
:x
#
chown apache index.html
#
service httpd reload
#
vi /etc/httpd/conf/httpd.conf
Go
to the end of the file and add the following.
<VirtualHost www.tiltec.external:80>
ServerAdmin root@server.tiltec.com
DocumentRoot /var/www/tiltec.external
ServerName www.tiltec.external
ErrorLog logs/tiltec.external-error_log
accessLog logs/tiltec.external-access_log common/combined
</VirtualHost>
:x
#
service httpd reload
Go
to the browser and test the web sites.
II.
Name Based Virtual Hosting:
Open
the apache main configuration file.
#
vi /etc/httpd/conf/httpd.conf
Go
to the line mentioned below.
NameVirtualHost *
(<IPADDR>
for a disered IP on the machine or * for all IPs that are being used
on the machine.)
<VirtualHost (www.tiltec.external:80)
or (IPADDR) or (* for all IPs)>
ServerAdmin root@server.tiltec.com
DocumentRoot /var/www/tiltec.external
ServerName www.tiltec.external
ServerAlias tiltec.external www2.tiltec.external
ErrorLog logs/tiltec.external-error_log
accessLog logs/tiltec.external-access_log common/combined
</VirtualHost>
:x
Update
the details for www2 in the DNS file named tiltec.external located at
/etc/named as follows.
www2 IN A 192.168.0.200
APACHE
LOGS:
The
"logs" directory located at /etc/httpd contains the
error,access and custom logs and
this
directory is a symbolic link for /var/log/httpd directory.
"error_log"
file is the main error log file contains log of the errors.
"access_log"
file contains the information of the webserver accessing details
generated by
remote
clients as well as the local system.
Log
Format :
"%h
%l %u %t \"%r\" %s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
"%h
%l %u %t \"%r\" %s %b" common
"%{Referer}i
-> %U" referer
"%{User-agent}i"
agent
%h : Client
Information
%l : Seldom
use
%u : User
%t : Time
stamp
%r : Request
to the server
%s : Status
code
%b : Number
of bytes
Log
Rotate :
Depending
on the settings made to rotate the logs each log will rotate.
Settings
for the default log rotate are made under "/etc/logrotate.d/httpd"
file.
Ex:
access_log
After
a week it'll be rotated as access_log.1.
But
apache has its own log rotator which is "rotatelogs".
#
rotatelogs <logfile> <rotation time in seconds> [offset
minutes from UTC] or <rotation
size
in megabytes>
At
the end of each rotation time or when the file size is reached a new
log is started.
APACHE
ACCESS CONTROL AND AUTHORIZATION
Apache
Security / Authentication requirements:
1.
Create password file using - htpasswd
2.
Make reference to password file via:
.htaccess
Directory
directive
Basically
we have two authentication types Basic and Digest.
Using
the AuthType as Basic:
#
cd /etc/httpd/conf
#
vi httpd.conf
Go
to the end of the file
<Directory /var/www/tiltec.external>
AuthType Basic
AuthName "securityrealm1"
AuthUserFile conf/securityrealm1
Require user mallik
<Directory>
:x
#
cd /etc/httpd/conf
#
htpasswd -c securityrealm1 mallik
abc123
abc123
Check
whether the password file created or not.
After
that change the permissions of the file to 644 and then reload the
apache service.
#
chmod 644 securityrealm1
#
service httpd reload
Open
the browser and verify.
Authorization
using the htaccess file:
#
vi /etc/httpd/conf/httpd.conf
Go
to the end of the file and there instead of the previous directory
directive give the
following.
<Directory /var/www/tiltec.external>
AllowOverride Authconfig --->
This will allow us to read or parse the
<Directory>
contents of the htaccess file.
:x
#
cd /var/www/tiltec.external
#
touch .htaccess
#
vi .htaccess
AuthType Basic
AuthName "securityrealm1"
AuthUserFile /etc/httpd/conf/securityrealm1
Require
user mallik
:x
#
service httpd reload
Open
the browser and verify.
Using
the Auth Type as Digest:
#
cd /etc/httpd/conf
#
vi httpd.conf
Go
to the end of the file
<Directory /var/www/tiltec.external>
AuthType Digest
AuthName "securityrealm2"
AuthDigestFile conf/securityrealm2
Require user mallik
<Directory>
:x
#
htdigest -c /etc/httpd/conf/securityrealm2 securityrealm2 mallik
abc123
abc123
Check
whether the password file created or not.
After
that change the permissions of the file to 644 and then reload the
apache service.
#
chmod 644 securityrealm2
#
service httpd reload
Open
the browser and verify.
Authorization
using the htaccess file:
#
vi /etc/httpd/conf/httpd.conf
Go
to the end of the file and there instead of the previous directory
directive give the
following.
<Directory /var/www/tiltec.external>
AllowOverride Authconfig --->
This will allow us to read or parse the
<Directory>
contents of the htaccess file.
:x
#
cd /var/www/tiltec.external
#
touch .htaccess
#
vi .htaccess
AuthType Digest
AuthName "securityrealm2"
AuthDigestFile /etc/httpd/conf/securityrealm2
Require
user mallik
:x
#
service httpd reload
Open
the browser and verify.
For
group authentication:
#
cd /etc/httpd/conf/
#
touch group1
#
vi group1
Group1: mallik nivas shri (We
can continue up to N number of user if we need.)
:x
#
htpasswd securityrealm1 nivas
abc123
abc123
#
htpasswd securityrealm1 shri
abc123
abc123
#
cd /var/www/tiltec.internal
#
vi .htaccess
AuthType Basic
AuthName "securityrealm1"
AuthUserFile /etc/httpd/conf/securityrealm1
AuthGroupFile /etc/httpd/conf/group1
Require
group Group1
:x
#
service httpd reload
Open
the browser and check with all the 3 users of the group.
APACHE
SSL (SECURED SOCKET LAYER)
***
Note ***
SSL
certificates doesn't work for the name based virtual hosts.
First
of all query for the below packages.
#
rpm -q httpd
#
rpm -q openssl
#
rpm -q mod_ssl
Go
to the conf directory where the SSL public as well as the private key
files exists.
#
cd /etc/httpd/conf
There
will be two directories named "ssl.crt" which consists
public keys or certificates and the "ssl.key" consists the
private keys. First of all we need to remove the defaults private as
well as public keys which are generated by redhat.
#
rm ssl.crt/server.crt
#
rm ssl.key/server.key
Generating
our own keys:
Generating
a private key :
#
openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key
Generating
a certificate or public key :
#
cd /usr/share/ssl/certs/
#
make testcert
Country
Name : IN
State
or Province name : AndhraPradesh
Locality
Name : Visakhapatnam
Organization
Name : TILTEC
Organizational
Unit Name : IT
Common
Name (Server Host Name) : www.tiltec.external
Email
Address : mallik@server.tiltec.com or
vmsnivas@gmail.com
The
public key will be generated in the "/etc/httpd/conf/ssl.crt"
directory.
#
cd /etc/httpd/conf/ssl.crt
#
ls -l
We
can find a new file named server.crt
#
service httpd reload / restart
Open
the browser and verify the addresses.
Instead
of using "http" try to use "https".
For
the first time the browser asks to accecpt the certificate.
Depending
upon our choice we can accept it permanently or temporarily.
WEBALIZER
LOGS
#
rpm -q webalizer
#
rpm -e webalizer
Go
to the http://www.rpmfind.net website and find the latest webalizer
rpm and download it
to
the temp directory.
#
cd temp
#
rpm -ivh webalizer*
#
cd /etc
#
ls webalizer.conf
This
file is the main configuration file for the webalizer.
#
cd /var/lib/webalizer
This
directory contains three files they are
1.
dns_cache.db
2.
webalizer.current
3.
webalizer.hist
We
can verify the log of our machine from the web browser.
Go
to the web browser and enter http://127.0.0.1/usage
#
vi /etc/webalizer.conf
Go
to the directive HostName and add a new line as follows.
HostName 192.168.0.200
:x
Run
the webalizer and open the browser for testing.
#
webalizer
Open
the browser and enter http://127.0.0.1/usage
#
cd /etc
#
mkdir webalizer
#
mv webalizer.conf webalizer/tiltec.external.conf
#
cd webalizer
#
vi tiltec.external.conf
Find
the below directives and change as the following.
LogFile /var/log/httpd/tiltec/external-access_log
OutputDir /var/www/tiltec.external/usage
HistoryName /var/www/tiltec.external/usage/webalizer.hist
IncrementalName /var/www/tiltec.external/usage/webalizer.current
HostName www.tiltec.external
:x
#
cd /var/www/tiltec.external/
#
mkdir usage
#
webalizer -c /etc/webalizer/tiltec.external.conf
#
cd usage
Verify
that whether all the files are created or not.
To
verify that its working on the provided hostname go to the browser
and enter the following
address.
http://www.tiltec.external/usage
We
will do the same thing for the tiltec.internal server.
#
cd /etc/webalizer
#
cp tiltec.external.conf tiltec.internal.conf
#
vi tiltec.internal.conf
Find
the below directives and change as the following.
LogFile /var/log/httpd/tiltec/internal-access_log
OutputDir /var/www/tiltec.internal/usage
HistoryName /var/www/tiltec.internal/usage/webalizer.hist
IncrementalName /var/www/tiltec.internal/usage/webalizer.current
HostName www.tiltec.internal
:x
#
cd /var/www/tiltec.internal/
#
mkdir usage
#
webalizer -c /etc/webalizer/tiltec.internal.conf
#
cd usage
Verify
that whether all the files are created or not.
To
verify that its working on the provided hostname go to the browser
and enter the following
address.
AWSTATS
LOGS
AWSTATS
(Advanced Web Statistics)
For
downloading the AWSTATS software go to the below address.
awstats.sourceforge.net
Download
the latest software with tgz extension.
Go
to the downloaded directory and decompress the files to a selected
directory.
#
cd /temp
#
tar -xzvf awstats-XXX.tgz
#
cd awstats-XXX/wwwroot/
Copy
the mentioned to the /var/www directory
#
cp -r cgi-bin /var/www/
#
cp -r icon /var/www/
#
cd /var/www/cgi-bin/
#
mkdir /etc/awstats
#
cd /var/www/cgi-bin/
#
mv awstats.model.conf /etc/awstats/awstats.<hostname or
domain_name>.conf
For
example my domain name is tiltec.com and the conf file name will be
awstats.tiltec.conf
#
cd /etc/awstats/
#
vi awstats.tiltecserver.conf
Go
to the following directives and modify as mentioned below.
Logfile="/var/log/httpd/access_log"
LogFormat=1
SiteDomain="<myvirtualhostname>
or www.tiltec.com"
:x
#
cd /var/www/cgi-bin/
#
./awstats.pl -config=myvirtualhostname (or) tiltec -update
Open
the browser and type the address as follows.
http://192.168.0.200/cgi-bin/awstats.pl?config=tiltec
APACHE
CGI
Apache
Common Gateway Interface
CGI
scripts provides gateway to the system.
CGI
scripts apply to all scripts that can run on the web server and
execute commands
on
the system including PHP, Perl, JSP, etc.
First
of all we need to modify the main apache configuration file.
#
cd /etc/h
APACHE
CGI
Apache
Common Gateway Interface
CGI
scripts provides gateway to the system.
CGI
scripts apply to all scripts that can run on the web server and
execute commands
on
the system including PHP, Perl, JSP, etc.
First
of all we need to modify the main apache configuration file.
#
cd /etc/httpd/conf/
#
vi httpd.conf
We
have two virtual hosts here, www.tiltec.internal and
www.tiltec.external
In
this case we will modify the tiltec.external.
For
executing the scripts we'll use the directive ScriptAlias.
<VirtualHost
192.168.0.200>
DocumentRoot /var/www/tiltec.external
ServerName www.tiltec.externa
ServerAlias tiltec.external www2.tiltec.external
ErrorLog logs/tiltec.external-error_log
CustomLog logs/tiltec.external-access_log common
ScriptAlias /cgi-bin
/var/www/tiltec.external/cgi-bin
</VirtualHost>
:x
#
cd /var/www/tiltec.external
#
mkdir cgi-bin
#
cd cgi-bin
#
touch helloworld.pl
#
vi helloworld.pl
#!/usr/bin/perl
print
"Content-type:text/html\n\n";
print
"Hello World!";
:x
#
chmod a+x helloworld.pl
#
service apache reload
Open
the browser and try to execute the Hello World Script.
http://www.tiltec.external/cgi-bin/helloworld.pl
Ensure
the script has been executed.
Now
lets try to execute a PHP script on our web server.
At
first ensure that the PHP package was installed on your system.
#
rpm -q php
If
it doesn't exists then install it.
#
rpm -ivh php*
#
cd /var/www/tiltec.external
#
touch helloworld.php
#
vi helloworld.php
<html>
<body>
<?php
echo "<b> Hello World - PHP test </b>"; ?>
</body>
</html>
:x
PHP
files need not to be executives.
Open
the browser and test.
http://www.tiltec.external/helloworld.php
#
touch testphp1.php
#
vi testphp1.php
<html>
<body>
<?php
phpinfo(INFO_CREDITS) ?>
</body>
</html>
:x
Open
the browser and test the newly created php file.
http://www.tiltec.external/testphp1.php
It
will redirect to the PHP - Credits page.
Now
let us try to access the date in the php file.
#
touch datephp.php
#
vi datephp.php
<?php
echo date ("1 ds of F Y h:i:s A")?>
:x
Open
the browser and test the datephp file.
http://www.tiltec.external/datephp.php
TOMCAT
SERVLET ENGINE
Tomcat
allows us to run Servlets or JSP scripts on our Redhat Linux System.
Open
the browser go to the java.oracle.com site and download the latest
Java SE (Standard Edition).
In
the standard edition download the Development Kit i.e., JDK or J2SDK.
Now
lets download the Apache software.
Navigate
to apache.org.
Go
to the Tomcat section and download the latest version of the TOMCAT
software.
Go
to the downloads location.
#
cd temp
#
cd java
The
sdk will be in a ".bin" format and is not executable.
So
change the permission set for that and make it executable.
#
chmod 700 j2sdk*.bin
Run
the package.
#
./j2sdk*.bin
Accept
the license by typing yes.
Now
we could get an rpm and lets install the rpm.
#
rpm -ivh j2sdk*.rpm
Now
move the tomcat package to the var directory.
#
mv tomcat*.tar.gz /var
#
cd /var
#
tar -xgvf tomcat*.tar.gz
#
cd /etc
#
mkdir java
#
touch java.conf
#
vi java.conf
JAVA_HOME="/usr/java/j2sdk*"
(Get this entire path of java through navigating to the specific java
directory.)
:x
Check
whether the java environment is set or not.
#
env | grep JAVA
If
it doesn't then set.
#
export JAVA_HOME=/usr/java/j2sdk*
Now
again verify whether it is set or not.
#
env | grep JAVA
Now
everything is ready so lets run the tomcat startup script.
#
cd /var/tomcat*/bin
#
./startup.sh
#
netstat -antP | grep 8080
#
ps -ax | grep tomcat
Ensure
that tomcat is running.
Open
the browser and try to navigate to the default tomcat page of the
localhost.
http://localhost:8080/index
Tomcat
Administration and Management
We
should have a separate or dedicated user for these two.
In
addition to that the user should have admin or manager role.
#
cd /var/tomcat*/
#
cd conf
#
vi tomcat-users.xml
<?xml
version='1.0' encoding='utf-8'?>
<tomcat-users>
<role
rolename="admin"/>
<role
rolename="manager"/>
<user
username="tomcat" password="tomcat"
roles="admin,manager"/>
</tomcat-users>
:x
#
ps -ax | grep tomcat
If
the tomcat service is running then restart it by using the scripts
provided within the tomcat directory.
#
cd /var/tomcat*/bin/
#
./shutdown.sh
#
./startup.sh
#
netstat -ant | grep 8080
#
ps -ax | grep tomcat
Open
the browser and try to login as the user tomcat.
http://localhost:8080/index
Click
on the Tomcat Administration for Administration and for Management
click on Tomcat Manager.
WEBLOGIC
J2EE ENGINE
Web
Logic is used for clustering and server load balancing.
Download
the package from the following site.
http://www.bea.com/
Go
to the downloads tab and search for the package Weblogic Server
package installer for Linux 32-bit.
#
cd /temp/weblogic/
Change
the permissions of the downloaded file to make it executable.
Run
the file.
#
./server810_linux32.bin
In
the graphical installer follow the instructions to install the
server.
Click
Next.
Accept
the License agreement and Click Next.
Give
the BEA Home Directory /opt/bea/ and click Next.
Select
Custom Installation and click Next.
Leave
the Product Installation Directory and click Next.
After
completing the installation it will launch the configuration wizard.
Select
Create a new Weblogic Configuration and click Next.
Click
Next.
Select
Express Installation and click Next.
Provide
the username and the password both as weblogic and click Finish.
#
cd /opt/bea/weblogic81/bin/
#
./startWLS.sh
Open
the browser and go to the weblogic server by using the following
address.
http://localhost:7001/console/
Login
with username weblogic and password weblogic.
JBOSS
J2EE ENGINE
Go
to the below site and download the JBOSS package.
http://www.jboss.org/index
Go
to the download location and unzip the package.
#
cd /temp
#
unzip jboss.zip
Move
the JBOSS directory into the opt directory.
#
mv jboss /opt/
#
cd /opt/jboss/bin/
#
./run.sh
After
sucessful initilization of the script go to the following address for
JBOSS administration.
http://127.0.0.1:8080/web-console/
Thank
You