Apache Web Server

Topics:

1. Apache Intro

2. Mod Alias

3. Virtual Hosting

4. Apache Log

5. Apache Access Control

6. Apache SSL

7. Webalizer Logs

8. AWSTATS Logs

9. Apache CGI 

10. Tomcat Servlet Engine

11. Weblogic J2EE Engine

12. Jboss J2EE Engine

APACHE INTRO:

# rpm -q httpd

# rpm -q httpd-manual

# rpm -q redhat-config-httpd

# rpm -q mod_ssl

If they doesn't exist then install them.

# rpm -ivh httpd*

# rpm -ivh httpd-manual*

# rpm -ivh redhat-config-httpd*

# rpm -ivh mod_ssl*

Restart the services and make them to run at start up.

# service httpd restart ; chkconfig httpd on

Default Document Root : /var/www/html

Default Configuration Root : /etc/httpd/conf

MOD ALIAS:

# vi /etc/httpd/conf/httpd.conf

Go to the end of the file and add your new alias information.

ALIAS URL_TAB FILE_SYSTEM

alias /tiltectest /var/tiltectest

(Note: The URL_TAB name and the FILE_SYSTEM name need not be the same.)

:x

# cd /var

# mkdir tiltectest

# chown apache tiltectest/

# cd tiltectest

# touch index.html

# chown apache index.html

# vi index.html

<html>

<body>TILTEC Test Alias using Mod alias</body>

</html>

:x

# service httpd reload

Go to the browser and check the url.

http://localhost/tiltectest

Redirecting from local system to other urls.

# vi /etc/httpd/conf/httpd.conf

Go to the end of the file and append as the following.

REDIRECT URL of the Local_System URL to which we need to redirect

redirect /redirecttest http://www.tiltec.net

redirect /redhat http://www.redhat.com

redirect /gnu http://www.gnu.org

:x

# service httpd reload

Go to the browser and check the url.

http://localhost/tiltectest

Secured Directory Hosting:

# vi /etc/httpd/conf/httpd.conf

<Directory /var/tiltectest>

Order deny,allow

Deny from all

Allow from <IP_ADDRESS> or <SUBNET/MASK>

</Directory>

<Directory /var/tiltectest>

Order deny,allow

Deny from all

Allow from <192.168.0.200> or <192.168.0.0/24>

</Directory>

:x

# service httpd reload

VIRTUAL HOSTING:

I. IP Based Virtual Hosts

II. Name Based Virtual Hosts

I. IP Based Virtual Hosting:

1. Creating a virtual host named tiltec.internal

# vi /etc/httpd/conf/httpd.conf

Go to the end of the file and add the following.

<VirtualHost www.tiltec.internal:80>

ServerAdmin root@server.tiltec.com

DocumentRoot /var/www/tiltec.internal

ServerName www.tiltec.internal

ErrorLog logs/tiltec.internal-error_log

accessLog logs/tiltec.internal-access_log

</VirtualHost>

:x

# cd /var/www/

# mkdir tiltec.internal

# chown apache tiltec.internal

# cd tiltec.internal/

# vi index.html

<html>

<body>

Welcome to the TILTEC Internal Server.

Testing the IP based Virtual Hosts!

</body>

</html>

:x

# chown apache index.html

Basically our server address is 192.168.0.200 and there isn't any 192.168.0.201.

So we have to create that.

# ifconfig eth0 add 192.168.0.201

Verify that we have a new virtual ethernet connection named eth0:0

Configure the DNS:

# rpm -q named

# rpm -ivh named*

vi /etc/named.conf

Go to the zone configurations and edit the following.

zone "tiltec.internal" {

type master;

file "tiltec.internal";

};

:x

# cd /var/named/

# vi tiltec.internal

$TTL 86400

@ IN SOA @root.localhost (

2012101701 ; serial

28800 ; refresh

7200 ; retry

604800 ; expire

86400 ; ttl

)

IN NS ns1.

# IN NS www.

@ IN A 192.168.0.200

www IN A 192.168.0.201

ns1 IN A 192.168.0.200

:x

# chown named tiltec.internal

# chgrp named tiltec.external

# service named reload (if not possible try to restart the service)

# ifconfig

# vi /etc/resolv.conf

nameserver 127.0.0.1

:x

# service named reload

# dig www.tiltec.internal

# service httpd status

# service httpd reload

# service httpd status

# ps -ax | grep httpd

Open the browser and check for the site.

2. Creating a virtual host named tiltec.external

# cd /var/named

# cp tiltec.internal tiltec.external

# vi /etc/named.conf

Go to the zone configurations and add the following.

zone "tiltec.external" {

type master;

file "tiltec.external";

};

:x

# chown named tiltec.external

# chgrp named tiltec.external

# service named reload

# service httpd reload

# dig www.tiltec.external

# cd /var/www/

# mkdir tiltec.external

# chown apache tiltec.external

# cd tiltec.external

# vi index.html

<html>

<body>

Welcome to TILTEC External web server.

Testing Virtual Hosts!

</body>

</html>

:x

# chown apache index.html

# service httpd reload

# vi /etc/httpd/conf/httpd.conf

Go to the end of the file and add the following.

<VirtualHost www.tiltec.external:80>

ServerAdmin root@server.tiltec.com

DocumentRoot /var/www/tiltec.external

ServerName www.tiltec.external

ErrorLog logs/tiltec.external-error_log

accessLog logs/tiltec.external-access_log common/combined

</VirtualHost>

:x

# service httpd reload

Go to the browser and test the web sites.

II. Name Based Virtual Hosting:

Open the apache main configuration file.

# vi /etc/httpd/conf/httpd.conf

Go to the line mentioned below.

NameVirtualHost *

(<IPADDR> for a disered IP on the machine or * for all IPs that are being used on the machine.)

<VirtualHost (www.tiltec.external:80) or (IPADDR) or (* for all IPs)>

ServerAdmin root@server.tiltec.com

DocumentRoot /var/www/tiltec.external

ServerName www.tiltec.external

ServerAlias tiltec.external www2.tiltec.external

ErrorLog logs/tiltec.external-error_log

accessLog logs/tiltec.external-access_log common/combined

</VirtualHost>

:x

Update the details for www2 in the DNS file named tiltec.external located at /etc/named as follows.

www2 IN A 192.168.0.200

APACHE LOGS:

The "logs" directory located at /etc/httpd contains the error,access and custom logs and

this directory is a symbolic link for /var/log/httpd directory.

"error_log" file is the main error log file contains log of the errors.

"access_log" file contains the information of the webserver accessing details generated by

remote clients as well as the local system.

Log Format :

"%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

"%h %l %u %t \"%r\" %s %b" common

"%{Referer}i -> %U" referer

"%{User-agent}i" agent

%h : Client Information

%l : Seldom use

%u : User

%t : Time stamp

%r : Request to the server

%s : Status code

%b : Number of bytes

Log Rotate :

Depending on the settings made to rotate the logs each log will rotate.

Settings for the default log rotate are made under "/etc/logrotate.d/httpd" file.

Ex:

access_log

After a week it'll be rotated as access_log.1.

But apache has its own log rotator which is "rotatelogs".

# rotatelogs <logfile> <rotation time in seconds> [offset minutes from UTC] or <rotation

size in megabytes>

At the end of each rotation time or when the file size is reached a new log is started.

APACHE ACCESS CONTROL AND AUTHORIZATION

Apache Security / Authentication requirements:

1. Create password file using - htpasswd

2. Make reference to password file via:

.htaccess

Directory directive

Basically we have two authentication types Basic and Digest.

Using the AuthType as Basic:

# cd /etc/httpd/conf

# vi httpd.conf

Go to the end of the file

<Directory /var/www/tiltec.external>

AuthType Basic

AuthName "securityrealm1"

AuthUserFile conf/securityrealm1

Require user mallik

<Directory>

:x

# cd /etc/httpd/conf

# htpasswd -c securityrealm1 mallik

abc123

abc123

Check whether the password file created or not.

After that change the permissions of the file to 644 and then reload the apache service.

# chmod 644 securityrealm1

# service httpd reload

Open the browser and verify.

Authorization using the htaccess file:

# vi /etc/httpd/conf/httpd.conf

Go to the end of the file and there instead of the previous directory directive give the

following.

<Directory /var/www/tiltec.external>

AllowOverride Authconfig ---> This will allow us to read or parse the

<Directory> contents of the htaccess file.

:x

# cd /var/www/tiltec.external

# touch .htaccess

# vi .htaccess

AuthType Basic

AuthName "securityrealm1"

AuthUserFile /etc/httpd/conf/securityrealm1

Require user mallik

:x

# service httpd reload

Open the browser and verify.

Using the Auth Type as Digest:

# cd /etc/httpd/conf

# vi httpd.conf

Go to the end of the file

<Directory /var/www/tiltec.external>

AuthType Digest

AuthName "securityrealm2"

AuthDigestFile conf/securityrealm2

Require user mallik

<Directory>

:x

# htdigest -c /etc/httpd/conf/securityrealm2 securityrealm2 mallik

abc123

abc123

Check whether the password file created or not.

After that change the permissions of the file to 644 and then reload the apache service.

# chmod 644 securityrealm2

# service httpd reload

Open the browser and verify.

Authorization using the htaccess file:

# vi /etc/httpd/conf/httpd.conf

Go to the end of the file and there instead of the previous directory directive give the

following.

<Directory /var/www/tiltec.external>

AllowOverride Authconfig ---> This will allow us to read or parse the

<Directory> contents of the htaccess file.

:x

# cd /var/www/tiltec.external

# touch .htaccess

# vi .htaccess

AuthType Digest

AuthName "securityrealm2"

AuthDigestFile /etc/httpd/conf/securityrealm2

Require user mallik

:x

# service httpd reload

Open the browser and verify.

For group authentication:

# cd /etc/httpd/conf/

# touch group1

# vi group1

Group1: mallik nivas shri (We can continue up to N number of user if we need.)

:x

# htpasswd securityrealm1 nivas

abc123

abc123

# htpasswd securityrealm1 shri

abc123

abc123

# cd /var/www/tiltec.internal

# vi .htaccess

AuthType Basic

AuthName "securityrealm1"

AuthUserFile /etc/httpd/conf/securityrealm1

AuthGroupFile /etc/httpd/conf/group1

Require group Group1

:x

# service httpd reload

Open the browser and check with all the 3 users of the group.

APACHE SSL (SECURED SOCKET LAYER)

*** Note ***

SSL certificates doesn't work for the name based virtual hosts.

First of all query for the below packages.

# rpm -q httpd

# rpm -q openssl

# rpm -q mod_ssl

Go to the conf directory where the SSL public as well as the private key files exists.

# cd /etc/httpd/conf

There will be two directories named "ssl.crt" which consists public keys or certificates and the "ssl.key" consists the private keys. First of all we need to remove the defaults private as well as public keys which are generated by redhat.

# rm ssl.crt/server.crt

# rm ssl.key/server.key

Generating our own keys:

Generating a private key :

# openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key

Generating a certificate or public key :

# cd /usr/share/ssl/certs/

# make testcert

Country Name : IN

State or Province name : AndhraPradesh

Locality Name : Visakhapatnam

Organization Name : TILTEC

Organizational Unit Name : IT

Common Name (Server Host Name) : www.tiltec.external

Email Address : mallik@server.tiltec.com or vmsnivas@gmail.com

The public key will be generated in the "/etc/httpd/conf/ssl.crt" directory.

# cd /etc/httpd/conf/ssl.crt

# ls -l

We can find a new file named server.crt

# service httpd reload / restart

Open the browser and verify the addresses.

Instead of using "http" try to use "https".

For the first time the browser asks to accecpt the certificate.

Depending upon our choice we can accept it permanently or temporarily.

WEBALIZER LOGS

# rpm -q webalizer

# rpm -e webalizer

Go to the http://www.rpmfind.net website and find the latest webalizer rpm and download it

to the temp directory.

# cd temp

# rpm -ivh webalizer*

# cd /etc

# ls webalizer.conf

This file is the main configuration file for the webalizer.

# cd /var/lib/webalizer

This directory contains three files they are

1. dns_cache.db

2. webalizer.current

3. webalizer.hist

We can verify the log of our machine from the web browser.

Go to the web browser and enter http://127.0.0.1/usage

# vi /etc/webalizer.conf

Go to the directive HostName and add a new line as follows.

HostName 192.168.0.200

:x

Run the webalizer and open the browser for testing.

# webalizer

Open the browser and enter http://127.0.0.1/usage

# cd /etc

# mkdir webalizer

# mv webalizer.conf webalizer/tiltec.external.conf

# cd webalizer

# vi tiltec.external.conf

Find the below directives and change as the following.

LogFile /var/log/httpd/tiltec/external-access_log

OutputDir /var/www/tiltec.external/usage

HistoryName /var/www/tiltec.external/usage/webalizer.hist

IncrementalName /var/www/tiltec.external/usage/webalizer.current

HostName www.tiltec.external

:x

# cd /var/www/tiltec.external/

# mkdir usage

# webalizer -c /etc/webalizer/tiltec.external.conf

# cd usage

Verify that whether all the files are created or not.

To verify that its working on the provided hostname go to the browser and enter the following

address.

http://www.tiltec.external/usage

We will do the same thing for the tiltec.internal server.

# cd /etc/webalizer

# cp tiltec.external.conf tiltec.internal.conf

# vi tiltec.internal.conf

Find the below directives and change as the following.

LogFile /var/log/httpd/tiltec/internal-access_log

OutputDir /var/www/tiltec.internal/usage

HistoryName /var/www/tiltec.internal/usage/webalizer.hist

IncrementalName /var/www/tiltec.internal/usage/webalizer.current

HostName www.tiltec.internal

:x

# cd /var/www/tiltec.internal/

# mkdir usage

# webalizer -c /etc/webalizer/tiltec.internal.conf

# cd usage

Verify that whether all the files are created or not.

To verify that its working on the provided hostname go to the browser and enter the following

address.

http://www.tiltec.internal/usage

AWSTATS LOGS

AWSTATS (Advanced Web Statistics)

For downloading the AWSTATS software go to the below address.

awstats.sourceforge.net

Download the latest software with tgz extension.

Go to the downloaded directory and decompress the files to a selected directory.

# cd /temp

# tar -xzvf awstats-XXX.tgz

# cd awstats-XXX/wwwroot/

Copy the mentioned to the /var/www directory

# cp -r cgi-bin /var/www/

# cp -r icon /var/www/

# cd /var/www/cgi-bin/

# mkdir /etc/awstats

# cd /var/www/cgi-bin/

# mv awstats.model.conf /etc/awstats/awstats.<hostname or domain_name>.conf

For example my domain name is tiltec.com and the conf file name will be awstats.tiltec.conf

# cd /etc/awstats/

# vi awstats.tiltecserver.conf

Go to the following directives and modify as mentioned below.

Logfile="/var/log/httpd/access_log"

LogFormat=1

SiteDomain="<myvirtualhostname> or www.tiltec.com"

:x

# cd /var/www/cgi-bin/

# ./awstats.pl -config=myvirtualhostname (or) tiltec -update

Open the browser and type the address as follows.

http://192.168.0.200/cgi-bin/awstats.pl?config=tiltec

APACHE CGI

Apache Common Gateway Interface

CGI scripts provides gateway to the system.

CGI scripts apply to all scripts that can run on the web server and execute commands

on the system including PHP, Perl, JSP, etc.

First of all we need to modify the main apache configuration file.

# cd /etc/h

APACHE CGI

Apache Common Gateway Interface

CGI scripts provides gateway to the system.

CGI scripts apply to all scripts that can run on the web server and execute commands

on the system including PHP, Perl, JSP, etc.

First of all we need to modify the main apache configuration file.

# cd /etc/httpd/conf/

# vi httpd.conf

We have two virtual hosts here, www.tiltec.internal and www.tiltec.external

In this case we will modify the tiltec.external.

For executing the scripts we'll use the directive ScriptAlias.

<VirtualHost 192.168.0.200>

DocumentRoot /var/www/tiltec.external

ServerName www.tiltec.externa

ServerAlias tiltec.external www2.tiltec.external

ErrorLog logs/tiltec.external-error_log

CustomLog logs/tiltec.external-access_log common

ScriptAlias /cgi-bin /var/www/tiltec.external/cgi-bin

</VirtualHost>

:x

# cd /var/www/tiltec.external

# mkdir cgi-bin

# cd cgi-bin

# touch helloworld.pl

# vi helloworld.pl

#!/usr/bin/perl

print "Content-type:text/html\n\n";

print "Hello World!";

:x

# chmod a+x helloworld.pl

# service apache reload

Open the browser and try to execute the Hello World Script.

http://www.tiltec.external/cgi-bin/helloworld.pl

Ensure the script has been executed.

Now lets try to execute a PHP script on our web server.

At first ensure that the PHP package was installed on your system.

# rpm -q php

If it doesn't exists then install it.

# rpm -ivh php*

# cd /var/www/tiltec.external

# touch helloworld.php

# vi helloworld.php

<html>

<body>

<?php echo "<b> Hello World - PHP test </b>"; ?>

</body>

</html>

:x

PHP files need not to be executives.

Open the browser and test.

http://www.tiltec.external/helloworld.php

# touch testphp1.php

# vi testphp1.php

<html>

<body>

<?php phpinfo(INFO_CREDITS) ?>

</body>

</html>

:x

Open the browser and test the newly created php file.

http://www.tiltec.external/testphp1.php

It will redirect to the PHP - Credits page.

Now let us try to access the date in the php file.

# touch datephp.php

# vi datephp.php

<?php echo date ("1 ds of F Y h:i:s A")?>

:x

Open the browser and test the datephp file.

http://www.tiltec.external/datephp.php

TOMCAT SERVLET ENGINE

Tomcat allows us to run Servlets or JSP scripts on our Redhat Linux System.

Open the browser go to the java.oracle.com site and download the latest Java SE (Standard Edition).

In the standard edition download the Development Kit i.e., JDK or J2SDK.

Now lets download the Apache software.

Navigate to apache.org.

Go to the Tomcat section and download the latest version of the TOMCAT software.

Go to the downloads location.

# cd temp

# cd java

The sdk will be in a ".bin" format and is not executable.

So change the permission set for that and make it executable.

# chmod 700 j2sdk*.bin

Run the package.

# ./j2sdk*.bin

Accept the license by typing yes.

Now we could get an rpm and lets install the rpm.

# rpm -ivh j2sdk*.rpm

Now move the tomcat package to the var directory.

# mv tomcat*.tar.gz /var

# cd /var

# tar -xgvf tomcat*.tar.gz

# cd /etc

# mkdir java

# touch java.conf

# vi java.conf

JAVA_HOME="/usr/java/j2sdk*" (Get this entire path of java through navigating to the specific java directory.)

:x

Check whether the java environment is set or not.

# env | grep JAVA

If it doesn't then set.

# export JAVA_HOME=/usr/java/j2sdk*

Now again verify whether it is set or not.

# env | grep JAVA

Now everything is ready so lets run the tomcat startup script.

# cd /var/tomcat*/bin

# ./startup.sh

# netstat -antP | grep 8080

# ps -ax | grep tomcat

Ensure that tomcat is running.

Open the browser and try to navigate to the default tomcat page of the localhost.

http://localhost:8080/index

Tomcat Administration and Management

We should have a separate or dedicated user for these two.

In addition to that the user should have admin or manager role.

# cd /var/tomcat*/

# cd conf

# vi tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>

<tomcat-users>

<role rolename="admin"/>

<role rolename="manager"/>

<user username="tomcat" password="tomcat" roles="admin,manager"/>

</tomcat-users>

:x

# ps -ax | grep tomcat

If the tomcat service is running then restart it by using the scripts provided within the tomcat directory.

# cd /var/tomcat*/bin/

# ./shutdown.sh

# ./startup.sh

# netstat -ant | grep 8080

# ps -ax | grep tomcat

Open the browser and try to login as the user tomcat.

http://localhost:8080/index

Click on the Tomcat Administration for Administration and for Management click on Tomcat Manager.

WEBLOGIC J2EE ENGINE

Web Logic is used for clustering and server load balancing.

Download the package from the following site.

http://www.bea.com/

Go to the downloads tab and search for the package Weblogic Server package installer for Linux 32-bit.

# cd /temp/weblogic/

Change the permissions of the downloaded file to make it executable.

Run the file.

# ./server810_linux32.bin

In the graphical installer follow the instructions to install the server.

Click Next.

Accept the License agreement and Click Next.

Give the BEA Home Directory /opt/bea/ and click Next.

Select Custom Installation and click Next.

Leave the Product Installation Directory and click Next.

After completing the installation it will launch the configuration wizard.

Select Create a new Weblogic Configuration and click Next.

Click Next.

Select Express Installation and click Next.

Provide the username and the password both as weblogic and click Finish.

# cd /opt/bea/weblogic81/bin/

# ./startWLS.sh

Open the browser and go to the weblogic server by using the following address.

http://localhost:7001/console/

Login with username weblogic and password weblogic.

JBOSS J2EE ENGINE

Go to the below site and download the JBOSS package.

http://www.jboss.org/index

Go to the download location and unzip the package.

# cd /temp

# unzip jboss.zip

Move the JBOSS directory into the opt directory.

# mv jboss /opt/

# cd /opt/jboss/bin/

# ./run.sh

After sucessful initilization of the script go to the following address for JBOSS administration.

http://127.0.0.1:8080/web-console/

Thank You