RHEL6 – RTFM Apache Web Server

King-James-BibleThere is a lot to know and remember about configuring Apache as you may or may not have seen from the numerous posts I have written on the subject, and the reality is that no one is going to be able to memorize each and every settings, configuration, and directive. Sure you can bing it or google it , you can even alta-vista it, but only if you have internet access at the time, however there is always a chance that you might get some bad information. So why not refer to the official httpd documentation. You know RTFM and what not.

By and large the best bet for HTTP documentation is the http-manual package that can be installed via yum. It installs to /var/www/manual

# yum -y install httpd-manual

Now one bit of information to note. The documentation installed via the httpd-manual package are in html format, so it not advised that you try to view it with an editor like vim or emacs.  You are going to need an text based web browser like lynx or elinks. I prefer lynx in this situtation, so lets install it.

# yum -y install lynx

Now you can peruse the documentation  as you see fit using lynx.

# lynx /var/www/manual/howto/auth.html

Below are some of the better and more often useful docs that I think that could be found useful in a crunch. Note our base directory is /var/www/manual

  • vhosts/named-based.html – which outlines configuring named-based virtual hosts
  • ssl/ssl_howto.html – which outlines has a nice section on HTTP Basic Authentication.
  • howto/cgi.html – which nicely documents creating a custom cgi directory
  • howt0/auth.html – more on HTTP Auth using htpasswd

Yup thats a lot of very good documentation right there, and its actually written by the people who wrote apache, not some 13 year old kid taking his first shot running apache on Ubuntu.

RHEL6 – Configuring Apache with TLS/SSL Encryption

Henery-Hawk-iconDon’t let the acronyms and the word “Encryption” scare you, its actually very easy to enable TLS/SSL in Apache. So basically it sounds more complicated than it is — like these last two sentences for example.

First you should probably know what TLS and SSL are. Well according to Wikipedia …”Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the internet”

I am going to assume here that you have already installed and started Apache, I will also assume that you have SELinux configured properly, as well as IPTables.

So next step is to install mod_ssl

# yum -y install mod_ssl

Once install a new config file, called ssl.conf will be installed in /var/www/html/conf.d. Inside that file are a couple of configuration items that you need to be aware of.

# Point SSLCertificateFile at a PEM encoded certificate.  If
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

If you are replacing the test cert with a signed one you will need to drop it in /etc/pki/tls/certs and modify the lines in the section above to point to your new cert and your new key file.

Now restart apache.

RHEL6 – Using htpasswd to Create a Secure Apache Directory

Bank-vaultThe process of setting up a simple password protected web directory on an Apache server is rather easy. The simplest way to accomplish this task is to use flat-file user authentication. Disclaimer, I am not claiming that the directions below are the most complete, or the most secure. However they work and are probably the most simple.

The first thing that you need to do is to create a "secret" directory. In this instance my web root is /var/www2/html, so I will create my secure directory under that tree.

#mkdir /var/www2/html/secret

Now lets create an index.html inside our secret directory for the purpose of testing.

#echo "Secret Directory Working" > /var/www2/html/secret/index.html

This way we have something to look at when we actually are able to get this working correctly.

Now using the htpasswd command we need to create an htpasswd file and add a user that will have access to our top secret directory. Note that you should not create this file inside your web-root.

#htpasswd -c /etc/httpd/.htpasswd fatmin

In the example above the "-c" option creates our htpasswd file, fatmin is the user that we want to grant access to. You will be prompted for a password.

Now add the following stanza to your httpd.conf. Note that AuthName is the text that will display when the user is prompted for a password. AuthUserFile is the location of the password file. Basic is pretty much the only auth method that anyone uses.

<Directory /var/www2/html/secret>
AuthName "Secret Directory"
AuthType basic
AuthUserFile /etc/httpd/.htpasswd
Require valid-user

Now restart apache, and when you navigate to http://www.mysite.com/secret you should be prompted for a userid and password.



RHEL6 -Configuring Apache Name-Based Virtual Hosts the Quick and Easy Way

Ghost_with_a_cellephone_cartoon_TVirtual Hosts allow you to serve up content for more then one website from one Apache instance. In named-based virtual hosting, multiple web sites all point back to one server with one ip address. Apache itself determines which site to serve up depening on the hostname used to reach the site.

Honestly is sounds more exciting than it is.

Note that before we get started you will need to have a DNS entry for both the domain names that you plan to use. In my case my primary webserver is my hostname and the virtual server is a CNAME.

Install Apache

First lets install and configure Apache to start at boot.

#  yum -y  install httpd && chkconfig httpd on && service httpd start

Configure Selinux

Ok lets make a directory for our virtual server under /var/www2

In order to keep things as simple as possible, I am going to configure SELinux now.  As you can see the original web directory of /var/www/ has a different context then our new directory of /var/www2

# ls -dZ /var/www
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www

# ls -dZ /var/www2
drwxr-xr-x. root root unconfined_u:object_r:var_t:s0   /var/www2

So now we must change the context for /var/www2 to match /var/www

# semanage fcontext -a -t httpd_sys_content_t ‘ /var/www2

# restorecon -Rv ‘/var/www2

Ok now thats we have done that lets create some content for our webservers

For testing purposes, I am going to create an index.html in /var/www/html  that contains the text “fatmin01.mydomain”. This will be useful for testing.

Now lets create the directory /var/www2 for our second virtual host. Inside this directory we create an index.html that contains the text “fatmin02.mydomain”.

Because of the fact that we configured SELinux first, any file of directory created under /var/www2 will inherit the SELinux context of its parent directory. What does this mean? Well in a nut shell we dont have to worry about the permissions on our new index.html that we created above.

Configure Apache

Now we etc /etc/http/conf/httpd.conf. Make sure that the following line is uncommented. Its near the bottom of the file.

NameVirtualHost *:80

Now add the two sections below. One fo each virtual server.

<VirtualHost *:80>
ServerName fatmin01.mydomain
DocumentRoot /var/www/html

<VirtualHost *:80>
ServerName fatmin02.mydomain
DocumentRoot /var/www2/html

Boom – Now restart apache and test.