in Linux, rhce

RHCE6 Preperation (8) – http, virtual host, http limited access

1, Implement a web server for the site http://serverX.example.com,then perform the following steps:
— Download ftp://instructor.example.com/pub/rhce/server.html
— Rename the downloaded file to index.html
— Copy this index.html to DocumountRoot of your web server

— Do NOT make any modifications to the content of index.html

Install the http,

yum install http*

start the service and make it auto start when booting,

service httpd start
chkconfig httpd on

download the server.html to the DocumentRoot

cd /var/www/html/
lftp 192.168.0.254
cd pub/rhce
get server.html

rename it to index.html

mv server.html index.html

copy to the DocumentRoot,

cp index.html /var/www/html

Restore the default SELinux security context,

restorecon –RvF *

restart the httpd service,

service httpd restart

Test it in the Firefox, input the server3.example.com, you will get the content of the index.html

or test from the instructor computer,

elinks server4.example.com

2, Extend your web server to include a virtual host for the site http://wwwX.example.com/,where X is your server number,then
perform the following steps:
— Set the DocumentRoot to /var/http/virtual
— Download ftp://instructor.example.com/pub/rhce/www.html
— Rename the downloaded file to index.html
— Place this index.html in the DocumentRoot of the virtual host
— Do NOT make any modifications to the content of index.html
— Ensure that harry is able to create content in /var/http/virtual
Note: The original web site http://serverX.example.com must still be accessable,DNS resolution for the hostname wwwX.example.com is already provided by the name server on instructor.example.com.

Create folder /var/http/virtual

mkdir –p /var/http/virtual

change the context value of /var/http and /var/http/virutal, one command change both,

chcon –Rt httpd_sys_content_t /var/http

can also use this command,

chcon -R -reference=/var/www/html/ /var/http/virtual

download the www.html from the instructor.example.com,

lftp 192.168.0.254 > cd pub/rhce/ > get www.html

change the name to index.html and copy to /var/http/virtual,

mv www.html index.html
cp index.html /var/http/virtual

modify the http configuration file,

vim /etc/httpd/conf/httpd.conf

add the virtual host configuration, you can copy the template from the same document,

<VirtualHost *:80>
     DocumentRoot  /var/http/virtual
     ServerName www3.example.com
</VirtualHost>

the servername www3.example.com should be resolved by the DNS server at instructor.example.com

switch on the virtual host port, otherwise cannot work, at line 990, uncomments the line,

NameVirtualHost *:80

The virtual host will overlap and overwrite the original shared host,  so needs to add one additional virtual host to make the original host to continue to work and coexist with the virtual host, so the two virtual host can work independently without affection to each other.

<VirtualHost *:80>
    DocumentRoot  /var/www/html
    ServerName server3.example.com
</VirtualHost>

Restart the httpd and make it auto start when boot

service httpd restart
chkconfig httpd on

can test both address at Firefox, www3.example.com, server3.example.com

set the access condition of user harry to /var/http/virtual

setfacl -m u:harry:rwx /var/http/virtual

3, Create a directory /var/http/virtual/limited, Limit access to only local users, non-local user prohibited access

The folder /var/http/virtual/ is the same as the virtual host www3.example.com.

Create the folder limited,

cd /var/http/virtual
mkdir limited

modify the configuration of /etc/httpd/conf/httpd.conf, in the configuration of the www3.example.com virtual host configuration,

vim /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
    DocumentRoot /var/http/virtual
    ServerName www3.example.com
<directory /var/http/virtual/limited>
order deny,allow
deny from all
allow from 192.168.0.
</directory>
</VirtualHost>

from the configuration, the deny has lower priority than the allow, so allow IP segment of 192.168.0. will take effect. here cannot use the domain name, might not work.

another way to achieve the same result is to put the <directory> outside of the <VirtualHost>,

make sure the root directory necessary parameters uncommented,

<Directory "/var/www/html">
    Options Indexes FollowSymlinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

configure the additional Directory configuration,

<Directroy "/var/http/virtual/limited">
    Options Indexes FollowSymlinks
    Allow from 127.0.0.1 localhost server3.example.com 192.168.0.103
    Deny from all
</Directory>

test from the local server, input the address, www3.example.com/limited, can access, if in the Instructor computer, input the www3.example.com/limited, cannot access.

4, Configure the http service, needs to input the username and password to access the location, and the username is ‘student’, configure the /etc/httpd/conf/httpd.conf

vim /etc/httpd/conf/httpd.conf

modify the server3.example.com configuration as,

<VirtualHost *:80>
    DocumentRoot /var/www/html
    ServerName server3.example.com
<directory /var/www/html/server2>
authname userauth
authtype basic
authuserfile /etc/httpd/httpuser
require user student
</directory>
</VirtualHost>

add the student user to the http service

htpasswd -cm /etc/httpd/httpuser student

test the result, at Firefox input the server3.example.com/server2, it will prompt out the interface to ask you to input the username and password, or you can copy one index.html file into the folder /var/www/html/server2/ and test again, after input the username and password, can access successful.

Write a Comment

Comment

  1. whoah this blog is wonderful i really like studying your posts.

    Keep up the good work! You already know, many people are hunting round for this info,
    you could help them greatly.