932
edits
Changes
m
Updating for Winter 2014 semester. No significant changes.
[[Category:OPS335]][[Category:OPS335 Labs]]
==Basic Apache (Web Server) Setup==
This lab will show you how to set up the Apache Web server using a Fedora 17 20 installed PC.
{{Admon/important|Prerequisites|
Your hard drive should have Fedora 17Centos 6.5, 64 bit Live edition already installed.<br />You have Fedora 1720, 64bit version on VM01, VM02, and VM03
Both your host and all VMs should have SELinux enabled.<br />
Both host and all VMs should have all software updated.<br />
systemctl enable httpd.service
* Using a text browser such as lynx on vm01 go to localhost. You should get the "Fedora Test Page" which indicates your web server is running on the local virtual machine.
*backup your existing iptables rules on vm01 and ensure (make sure it still meets the following conditions:**Allow all packets "specifications set out in the earlier labs) and add a rule to" and "from" the loop back interface "lo".**Allow NEW connections allow new traffic to your ssh http server and httpd.**Allow all RELATED and ESTABLISHED connections.**The default policy on the INPUT chain is set to DROP.
*Using Firefox on the <b>host</b> go to address for vm01 "192.168.X.2" (your ip addressing may differ). You should get the "Fedora Test Page" which indicates you can access your web server on VM01 via network connection. Do not continue until this step works.
**Once you have this working, save your iptables.
*You should also be able to open the webpage using the hostname of vm01.
*Now create your <b>own</b> test page named index.html and put it into directory /var/www/html/. This does not have to anything fancy, just a basic [http://validator.w3.org/docs/help.html#validation_basics valid] html page with enough content for you to recognize it as your own. Reload the web page on the host - you should see your own test page now.*Repeat the above steps for vm03. Remember that it is using a different firewall.*Now, as root on f17 (the gateway/host), try to forward incoming http connections to your host to the web server on vm01. Use an iptables command something like this
iptables -t nat -A PREROUTING -i *yourinterface* -p tcp --dport 80 -j DNAT --to 192.168.X.2
*You will also need to create a rule in the FORWARD chain in the default table to accept connections to port 80.
*Change your firewall rules on vm01 (and also vm03) to allow connections to this port (8080), and remove the previous rule to allow connections to port 80.
*Restart the apache server on vm01 and vm03 (this may take a minute).
*Go back to f17 the host and redo your iptables command to forward connections to port 80 (on your host) to the new port 8080 on vm01, removing the previous rule for port 80.
*Verify that other students on their PCs can still view your web page.
=== Load balancing using iptables ===
*Iptables can be used for load balancing connections. On your host machine add a rule(s) to the PREROUTING chain that will alternate connections bound for port 80 on your host machine to vm01 and vm03 (remove the other prerouting rules you just created before doing this).
iptables -t nat -I PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j DNAT --to-destination 192.168.X.4:8080
iptables -t nat -I PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j DNAT --to-destination 192.168.X.2:8080
=== Add missing DNS resource records ===
* Edit your forward look-up zone file and add the following resource records.
** A mail exchange record that points mail for the domain to vm02.
** Alases as follows:
***f17 host - alias router
***vm02 - alias mail
***vm01 - alias www1
**Add text records that identify the roles on each of these machines and a text record for the domain "This is < your full name here>'s OPS335 Domain".
**Once these records have been added, be sure to increment your Serial number for the zone file. While not crucial for the lab as we do not yet have a slave DNS server, getting into the habit ensures when needed slaves will be informed of the changes.
**Use the tools you have learned in earlier labs (e.g. ping, host, lynx, etc.) to make sure these records work.
=== Adding Webmail to your domain ===
*Use the menu to select #2 - Server Settings. Edit #1 Domain - choosing your domain name, and #3 Selecting SMTP. Ensure you have saved the data then return to the main menu. From the main menu select option D - Set pre-defined settings for specific IMAP servers, then enter 'dovecot'.
*From the main menu select '1. Organization Preferences', then select option #1 'Organization Name' and change this to your domain name.
*Edit Check The Postfix configuration file and find the below line and add make sure "$mydomain" is listed to ensure delivery of emails sent to the domain and not just the host name.
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
*Edit the dovecot configuration file (use dovecot -n to find out where it is) and uncomment the following line
==Completing the Lab==
Upon completing this lab you have gained experience in balancing traffic between several servers, and in routing traffic from one server to another. You have also made use of some more advanced resource records in your DNS server. Remove the prerouting that were balancing web traffic between your VMs. While the rules themselves are fine, the iptables-save command will break them when it saves them, preventing your tables from working properly. #Give the full path names of Where are the Apache apache log files.stored? What does each one log?
#What does the server root parameter determine? What is its default value?
#What does the document root parameter determine? What is its default value?
#What is the default configuration file for the Apache web server on Fedora 1720? Give the absolute path.
#What is the maximum number of connections allowed on the server by default?
#What user/group does Apache run under on Fedora 1720?#What % share of the web server market was running apache as of June December 2013?#What specific command (give full details) would you need to use on f17 your host to forward all ssh connections to vm01?
#What is the web site for Apache?
#What is Apache's highest version number? What is the version running on your system?