Changes

Jump to: navigation, search

OPS335 Web Server Lab

363 bytes removed, 14:38, 30 September 2015
Updates for Fall 2015
[[Category:OPS335]][[Category:OPS335 Labs]]
==Basic Apache (Web Server) Setup==
This lab will show you how to set up the Apache Web server using a Fedora 20 22 installed PC.
{{Admon/important|Prerequisites|
Your hard drive should have Centos 6.57, 64 bit already installed.<br />You have Fedora 2022, 64bit version on VM1, VM2, and VM3.<br />
Both your host and all VMs should have SELinux enabled.<br />
Both host and all VMs should have all software updated.<br />
Ensure the clocks on both machines are set to the correct date and time.}}
{{Admon/important|Security Issue|
Due to a recently discovered [http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability security issue] regarding bash and CGI, it is imperative that you update your machines before proceeding with this lab.}}
===Testing your network===
*Start Firefox on your host and authenticate yourself on Senenet.
=== Install and test Apache on your VM1 and VM3 ===
*Login to vm1 and install the following packages:
yum dnf install httpd httpd-tools
*Still on vm1 you can now start your web server with this command and enable the service to start at boot.
systemctl start httpd.service
systemctl enable httpd.service
* Using a text browser such as lynx on vm1 go to localhost. You should get the "Fedora Test Page" which indicates your web server is running on the local virtual machine.
*backup your existing iptables rules on vm1 (make Make sure it the firewall still meets the specifications set out in the earlier labs) and add a rule to allow new incoming traffic to your http server.
*Using Firefox on the <b>host</b> go to address for vm1 "192.168.X.2" (your ip addressing may differ). You should get the "Fedora Test Page" which indicates you can access your web server on VM1 via network connection. Do not continue until this step works.
**Once you have this working, save your iptablesfirewall.
*You should also be able to open the webpage using the hostname of vm1.
*Now create your <b>own</b> test page named index.html in the directory /var/www/html/. This does not have to anything fancy, just a [http://validator.w3.org/docs/help.html#validation_basics valid] html page with enough content for you to recognize it as your own. Reload the web page on the host - you should see your own test page now instead of the default page from apache.
*Repeat the above steps for vm3. Remember that it is using a different firewall.
*Now, as root on the gateway/host, try to forward incoming http connections to your host to the web server on vm1. Use an iptables command something like this
iptables -t nat -A PREROUTING -i *yourinterface* -p tcp --dport 80 -j DNAT --to 192.168.X.2
*You will also need to create a rule in the FORWARD chain in the default table to accept connections to port 80.
*To test this setup you'll need to ask a classmate on another PC to try to use Firefox to view your web page. S/he'll have to enter your host's external interface IP number (142.204.141.yyy) in Firefox's address window.
*Login to your vm1 (and then vm3) as root, edit the Apache configuration file and change the port your webserver is listening for incoming connections from 80 to 8080.
vi /etc/httpd/conf/httpd.conf
=== Adding Webmail to your domain ===
*In order for our domain to offer webmail services to its users you will need to install the following packages on vm2
yum dnf install squirrelmail httpd dovecot
*The SquirrelMail files are in /usr/share/squirrelmail, create the a symbolic link to share those files on the internet.
ln -s /usr/share/squirrelmail /var/www/html/mail
*test your connection to SquirrelMail by opening a browser and navigating to vm2/mail. You should see a log in page. Sign in using your login credentials on vm2.
**You may receive an error stating: 'Error connecting to IMAP server: localhost. 13 : Permission denied'. If you do, run the command 'setsebool -P httpd_can_network_connect=1'. This will set an SELinux boolean to allow httpd connections across the network.
*You will need to open ports on your firewall to allow connections to the webserver, and adjust the port forwarding on the host so that any web traffic sent to it will be redirected to your VM2.
==Completing the Lab==
Upon completing this lab you have gained experience in balancing traffic between several servers, and in routing traffic from one server to another. You have also made use of some more advanced resource records in your DNS server.
Remove the prerouting rules that were balancing web traffic between your VMs. While the rules themselves are fine, the iptables-save command will break them when it saves them, preventing your tables from working properly.
Exploration questions:
#What does the server root parameter determine? What is its default value?
#What does the document root parameter determine? What is its default value?
#What is the default configuration file for the Apache web server on Fedora 2022? Give the absolute path.
#What is the maximum number of connections allowed on the server by default?
#What user/group does Apache run under on Fedora 2022?#What % share of the web server market was running apache as of December 2013September 2015?
#What specific command (give full details) would you need to use on your host to forward all ssh connections to vm1?
#What is the web site for Apache?
#What is Apache's highest version number? What is the version running on your system?
932
edits

Navigation menu