Open main menu

CDOT Wiki β

Changes

OPS335 Lab 5

1,971 bytes added, 17:16, 6 July 2016
Addign steps for controlling access to directories.
* [http://www.w3schools.com/sql/ MySQL / SQL Language Resources] (w3schools.com)
== INVESTIGATION 1: SETTING UP A LAMP SOLUTION FOR WEBMAIL ==
=== Install, Configure & Run a Webserver (Apache) ===
Next, since we will be running a webmail application, we need to install, configure and run a webserver on one of our Linux VMVMs.
{{Admon/tip |Apache Webserver Resources|Apache web-server configuration can be a very complex topic (covering an entire course!). Although this lab focuses only on one small application of a web-server, you can refer to the following link to refer to additional configuration help: [http://www.hitmill.com/computers/apache.htm Apache Resources].}}
#Install the Apache package (the name of the package is: '''httpd''').
#Start the httpd service, and enable this service to start automatically upon system startup.
#Using a text browser such as lynx on vm1 go to localhost. You should get the "Fedora Test Page" which indicates your web server is running on the local virtual machine.#Make certain to configure your firewall to allow access to the httpd service (i.e. the Apache serves HTTP traffic which goes over TCP port '''80''')and to update the firewall_restore script to include it.#Open a web-browser in your '''host''' machine and enter the following URL: '''vm1.youruserid.org'''.<br/>If you setup your Apache webserver correctly, you should be able to view the Apache Test page.
#Although we will not be exploring webservers in depth, we will have you create a simple webpage for testing purposes, then later setup a web resource for webmail.
#The term'''DocumentRoot''' specifies where the Apache webserver will search for documents to serve. Create the file '''index.html''' in your '''DocumentRoot''' directory with the following contents (replace the date with the current one):
'''Perform the following steps:'''
#Replace our Copy the '''index.html''' file with an to '''index.php''' with the following contentsand modify it to contain:
<pre>Hello, this is a web page on vm1.yourid.org and the current time is <?php system("date"); ?>!</pre>
<ol><li value="2">On your host machine, again refresh your web-browser. Notice that in a web browser the ''index.php'' file isn't treated as a default page and the contents don't contain the date, but instead are displaying the text in the php code you entered into the index.php file (refer to above code).</li><li>The reason this occurs is that the PHP interpreter hasn't been installed on your vm by default.</li><li>Install the php packeage package on your vm1 machine, and restart your webserver. NOTE: The php package comes with a working default Apache configuration so you don't need to enable it manually.</li><li>Refresh the webpage for your web-browser on your host machine. You should now notice that you see the date instead of the call to the date command. Refresh your webpage several times to see how the time changes. This is simply a "trivial example" of dynamic web content does it does provide a simple demonstration of how scripting languages can be used to create more dynamic webpages.</li></ol> === Controlling Access to Pages === *Now, as root on your gateway/host, try to forward incoming http connections that arrive on your host to the web server on vm1. Use an iptables command something like this:<pre>iptables -t nat -A PREROUTING -i *yourinterface* -p tcp --dport 80 -j DNAT --to 192.168.X.2</pre>*You will also need to create a rule in the FORWARD chain in the default table to accept connections to port 80.*To test this setup you'll need to ask a classmate on another PC to try to use a browser to view your web page. S/he'll have to enter your host's external interface IP number in their browser's address window.*Have them view both index.html and index.php*create a new directory inside your '''DocumentRoot''' and move index.php inside it.*Have your partner view both files again.*We will now modify the settings on the web-server to prevent machines outside our network from accessing the private directory.*Add the following directory statement to your apache configuration (making sure to replace the X with your own network octet):<pre><Directory "/var/www/html/private"> AllowOverride None Require ip 192.168.X.0/24</Directory></pre>*This sets up separate rules and access permissions for that subdirectory.*Your partner should no longer be able to access any pages in the private directory (or any sub-directories of it), but your other internal machines (including your host) should still have access.
=== Install, Configure and Run MySQL Database Server ===
We complete the last piece of the puzzle by installing, configuring and running a database server to support your webmail application that will be installed and setup in the next investigationa later lab.
MySQL is used to allow storage and retrieval of structured data. SQL is a command language (used by scripting languages such as PHP) to allow programmers to access databases contained within a server (or other servers via a network) to be used within web-based applications via the web-browser.
#Note that the MySQL service has two root passwords:<ul><li>For the localhost</li><li>For external requests</li></ul>
#Refer to the log file to learn how to run the two commands in order to generate the appropriate passwords.<br><br>NOTE: Use a password you make up yourself, but do <u>not</u> generate a secret password, since you will be storing that password in a plain text file for later reference.
#If you have performed the '''Record steps in INVESTIGATION 1 correctly, then we can proceed to the next investigation to installcommands, configure and testyour observations on this investigation in your OPS335 lab log-out accessing encrypted email messages book''' === Test Connection to MySQL Database Server ===*While the web server (performed in labs 4b, 4cwith php), and 4d)MySQL server may be working, but use we need to ensure that they can connect to each other.*Since we are going to be storing the database password in a convenient webmail application via plain-text html file, we want to make sure no one else can access it.*Modify the Directory statement for your private directory to prevent any machine other than your vm1 from accessing it.*Re-start the web-browserserver and try to access the page from another machine. Make sure that you can not do so before you continue.*TODO: A quick demo page proving the connection works.
'''Record steps, commands, and your observations in INVESTIGATION 1 in your OPS335 lab log-book'''
<!--
'''Record steps, commands, and your observations in INVESTIGATION 2 in your OPS335 lab log-book'''
-->
 
== COMPLETING THE LAB ==
932
edits