Recent changes

This is an old revision of the document!

Laborator 04: Serverul web

Exerciții

Documentatie: http://httpd.apache.org/docs/2.2/

Virtual Hosts

Configurare de baza

  • Instalati serverul Apache.
  • In /etc/hosts, adaugati 2 alias-uri, astfel incat host-urile gsr.ro si www.gsr.ro sa fie mapate pe adresa IP 127.0.0.1
Show solution
Hide solution
Show solution
root@mjolnir:~# cat /etc/hosts | head -n 3
127.0.0.1	localhost
127.0.1.1	mjolnir.labs.cs.pub.ro	mjolnir
127.0.0.1	gsr.ro www.gsr.ro
  • In configuratia server-ului Apache, adaugati un Virtual Host pentru domeniul gsr.ro.
    • Ca model, puteti folosi configuratia Virtual Host-ului pentru site-ul default din Apache.
  • Aveti in vedere urmatoarele:
    • Fisierul de configurare al site-ului se va numi gsr.ro.conf si se va afla in directorul /etc/apache2/sites-available.
    • Virtual Host-ul va fi mapat pe portul 80.
    • ServerName-ul va fi gsr.ro
    • Adresa de mail a administatorului este admin@gsr.ro
    • Site-ul va servi fisiere din directorul /var/www/html/gsr.ro
      • Creati in acest director un fisier index.html care sa afiseze mesajul This is gsr.ro.
    • Fisierele de log pentru acest site vor fi in /var/log/apache2/gsr.ro.log si /var/log/apache2/gsr.ro.err.log
Show solution
Hide solution
Show solution
root@mjolnir:~# mkdir /var/www/html/gsr.ro

root@mjolnir:~# echo "This is gsr.ro" > /var/www/html/gsr.ro/index.html

root@mjolnir:~# cat /etc/apache2/sites-available/gsr.ro.conf
<VirtualHost *:80>
        ServerAdmin admin@gsr.ro
        ServerName gsr.ro

        DocumentRoot /var/www/html/gsr.ro
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/html/gsr.ro/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

        ErrorLog /var/log/apache2/gsr.err.log

        LogLevel warn

        CustomLog /var/log/apache2/gsr.log combined
</VirtualHost>
  • Activati site-ul gsr.ro
    • Hint: a2ensite.
Show solution
Hide solution
Show solution
root@mjolnir:~# a2ensite gsr.ro
Enabling site gsr.ro.
To activate the new configuration, you need to run:
  service apache2 reload

root@mjolnir:~# /etc/init.d/apache2 restart
Restarting web server: apache2[Fri Jan 27 18:29:34 2012] [warn] NameVirtualHost 172.16.7.133:8080 has no VirtualHosts
 ... waiting [Fri Jan 27 18:29:35 2012] [warn] NameVirtualHost 172.16.7.133:8080 has no VirtualHosts
.

Alias-uri

  • Vom configura 2 tipuri de alias-uri:
    • Alias-uri pentru partea de domeniu din URL.
    • Alias-uri pentru partea de cale (path) din URL.
  • Pentru primul tip de alias-uri, configurati Virtual Host-ul gsr.ro astfel incat sa raspunda si la cereri pentru www.gsr.ro
    • Hint: ServerAlias
  • Testati accesand adresa http://www.gsr.ro intr-un browser.
  • Pentru al doilea tip de alias-uri, configurati Virtual Host-ul gsr.ro astfel incat la accesarea adresei http://gsr.ro/config sa fie afisat continutul directorului /var/www/html/gsr.ro/configfiles.
  • Creati directorul /var/www/html/gsr.ro/configfiles. In interiorul acestuia, creati fisierele file1, file2 si file3.
  • Hint: Puteti folosi ca model configuratia alias-ului doc → /usr/share/doc din fisierul de configurare al site-ului default al Apache.
  • Testati accesand adresa http://gsr.ro/config intr-un browser.
Show solution
Hide solution
Show solution
root@mjolnir:~# mkdir /var/www/html/gsr.ro/configfiles

root@mjolnir:~# cd $_

root@mjolnir:/var/www/html/gsr.ro/configfiles# touch file1 file2 file3

root@mjolnir:/var/www/html/gsr.ro/configfiles# ls -l
total 0
-rw-r--r-- 1 root root 0 Jan 27 18:30 file1
-rw-r--r-- 1 root root 0 Jan 27 18:30 file2
-rw-r--r-- 1 root root 0 Jan 27 18:30 file3

root@mjolnir:/var/www/html/gsr.ro/configfiles# cd -
/root

root@mjolnir:~# cat /etc/apache2/sites-available/gsr.ro | tail -n 7
    Alias /config "/var/www/html/gsr.ro/configfiles/"
    <Directory "/var/www/html/gsr.ro/configfiles/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
    </Directory>

</VirtualHost>

root@mjolnir:~# /etc/init.d/apache2 restart
Restarting web server: apache2[Fri Jan 27 18:32:57 2012] [warn] NameVirtualHost 172.16.7.133:8080 has no VirtualHosts
 ... waiting [Fri Jan 27 18:32:58 2012] [warn] NameVirtualHost 172.16.7.133:8080 has no VirtualHosts
.

Redirect

Show solution
Hide solution
Show solution
root@mjolnir:~# mkdir /var/www/html/gsr.ro/redirect
root@mjolnir:~# echo "redirect" > /var/www/html/gsr.ro/redirect/index.html

root@mjolnir:~# cat /etc/apache2/sites-available/gsr.ro | tail -n 3
    redirect /redirect http://gsr.ro/labs

</VirtualHost>

root@mjolnir:~# /etc/init.d/apache2 restart
Restarting web server: apache2[Fri Jan 27 18:41:54 2012] [warn] NameVirtualHost 172.16.7.133:8080 has no VirtualHosts
 ... waiting [Fri Jan 27 18:41:55 2012] [warn] NameVirtualHost 172.16.7.133:8080 has no VirtualHosts
.

Restrictionarea accesului pe baza adresei IP

  • Testati accesand adresa http://gsr.ro/ de pe sistemul local si adresa http://restricted.gsr.ro de pe sistemul unui coleg.
    • In Virtual Host-ul gsr.ro, adaugati un nou ServerAlias, cu numele restricted.gsr.ro
    • Pe sistemul colegului, adaugati o intrare in /etc/hosts pentru restricted.gsr.ro, care sa se mapeze cu adresa IP a sistemului vostru.
Show solution
Hide solution
Show solution
root@mjolnir:~# cat /etc/apache2/sites-available/gsr.ro.conf
<VirtualHost *:80>
        ServerName gsr.ro
        ServerAlias www.gsr.ro
        ServerAlias restricted.gsr.ro

        DocumentRoot /var/www/html/gsr.ro
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/html/gsr.ro/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order deny,allow
                allow from 127.0.0.1
                deny from all
        </Directory>
</VirtualHost>

root@mjolnir:~# /etc/init.d/apache2 restart
Restarting web server: apache2[Fri Jan 27 19:27:55 2012] [warn] NameVirtualHost 172.16.7.133:8080 has no VirtualHosts
 ... waiting [Fri Jan 27 19:27:56 2012] [warn] NameVirtualHost 172.16.7.133:8080 has no VirtualHosts
.

SSL / TLS

  • Activati modulul SSL pentru Apache.
    • Hint: a2enmod
  • Pe ce port asculta serverul Apache pentru conexiuni SSL? Inspectati folosind netstat.
Show solution
Hide solution
Show solution
root@mjolnir:~# netstat -lntp | grep apache
tcp        0      0 172.16.7.133:8080       0.0.0.0:*               LISTEN      7747/apache2    
tcp6       0      0 :::80                   :::*                    LISTEN      7747/apache2    
tcp6       0      0 :::443                  :::*                    LISTEN      7747/apache2
  • Activati site-ul default Apache care are suport pentru SSL.
    • Hint: ls /etc/apache2/sites-available, a2ensite
  • Testati accesand adresa https://localhost intr-un browser.
Show solution
Hide solution
Show solution
root@mjolnir:~# ls /etc/apache2/sites-available/
default  default-ssl  gsr.ro  sric.ro

root@mjolnir:~# a2ensite default-ssl
Enabling site default-ssl.
To activate the new configuration, you need to run:
  service apache2 reload
  • In continuare, vom general un certificat self-signed pentru domeniul gsr.ro. Vom folosi o cheie pe 2048 de biti.
    • Creati directorul /etc/apache2/ssl-certs/.
    • Generati perechea de chei RSA:
openssl genrsa -out gsr.ro.key 2048
  • Generati un certificate signing request (CSR), pe baza cheii:
openssl req -new -key gsr.ro.key -out gsr.ro.csr
  • Creati un certificat self-signed pe baza CSR-ului generat anterior:
openssl x509 -req -days 365 -in gsr.ro.csr -signkey gsr.ro.key -out gsr.ro.crt
  • Copiati fisierele generate in /etc/apache2/ssl-certs/
  • Creati un nou Virtual Host pentru domeniul gsr.ro, dar care sa serveasca peste HTTPS.
    • Fisierul de configurare va fi /etc/apache2/sites-available/gsr.ro-ssl.conf
    • Site-ul va folosi certificatele generate anterior.
    • Ca model, puteti folosi fisierul de configurare pentru site-ul default SSL.
  • Activati site-ul gsr.ro-ssl.
  • Testati accesand adresa https://gsr.ro intr-un browser.
    • In browser, inspectati certificatul primit de la server.
Show solution
Hide solution
Show solution
root@mjolnir:/etc/apache2/sites-available# cat gsr.ro-ssl.conf | grep -v '^.*#' | grep -v '^$'
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
	ServerAdmin webmaster@localhost
        ServerName gsr.ro
        ServerAlias www.gsr.ro
	DocumentRoot /var/www/html/gsr.ro
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/html/gsr.ro/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">
		AllowOverride None
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>
	ErrorLog ${APACHE_LOG_DIR}/error.log
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
	Alias /doc/ "/usr/share/doc/"
	<Directory "/usr/share/doc/">
		Options Indexes MultiViews FollowSymLinks
		AllowOverride None
		Order deny,allow
		Deny from all
		Allow from 127.0.0.0/255.0.0.0 ::1/128
	</Directory>
	SSLEngine on
	SSLCertificateFile    /etc/apache2/ssl-certs/gsr.ro.crt
	SSLCertificateKeyFile /etc/apache2/ssl-certs/gsr.ro.key
	<FilesMatch "\.(cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
		SSLOptions +StdEnvVars
	</Directory>
	BrowserMatch "MSIE [2-6]" \
		nokeepalive ssl-unclean-shutdown \
		downgrade-1.0 force-response-1.0
	BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>


root@mjolnir:/etc/apache2/sites-available# a2ensite gsr.ro-ssl
Enabling site gsr.ro-ssl.
To activate the new configuration, you need to run:
  service apache2 reload

root@mjolnir:/etc/apache2/sites-available# /etc/init.d/apache2 restart
Restarting web server: apache2[Fri Jan 27 21:13:02 2012] [warn] NameVirtualHost 172.16.7.133:8080 has no VirtualHosts
[Fri Jan 27 21:13:02 2012] [warn] NameVirtualHost *:443 has no VirtualHosts
[Fri Jan 27 21:13:02 2012] [warn] NameVirtualHost *:80 has no VirtualHosts
 ... waiting [Fri Jan 27 21:13:03 2012] [warn] NameVirtualHost 172.16.7.133:8080 has no VirtualHosts
[Fri Jan 27 21:13:03 2012] [warn] NameVirtualHost *:443 has no VirtualHosts
[Fri Jan 27 21:13:03 2012] [warn] NameVirtualHost *:80 has no VirtualHosts
.

mod_rewrite

Modulul rewrite din Apache permite rescrierea URL-urilor din request-urile HTTP, dupa anumite reguli. 

root@mjolnir:/etc/apache2/sites-available# a2enmod rewrite
Enabling module rewrite.
To activate the new configuration, you need to run:
  service apache2 restart
  
root@mjolnir:/etc/apache2/sites-available# cat gsr.ro | tail -n 5
        RewriteEngine On
        RewriteOptions Inherit
        RewriteRule ^/users/([^/]+)/?(.*) /~$1 [R]
        RewriteRule ^/~/([^/]+)$ /~$1/ [R]
</VirtualHost>

Resurse

Cursuri

Laboratoare

Table of Contents

gsr/laboratoare/laborator-04.1446743954.txt.gz · Last modified: 2015/11/05 19:19 by alexandru.carp
Old revisions
Media ManagerBack to top
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0