############################ Everything below are my raw notes that I took while attending an unofficial RHCSA training session. I am posting them here in hopes they will assist others who may be preparing to take this exam. My notes are my own interpretation of the lectures, and are certainly not a replacement to classroom training either through your company, or by taking the official RHCSA classes offered through Red Hat. If you are new to the Red Hat world, I strongly suggest looking into their training courses over at Red Hat. ############################
Apache
Apache is the default web server on RHEL6. The default configuration file exists at:
/etc/httpd/conf/httpd.conf
In Apache2, the /etc/httpd/conf.d directory stores configuration that are specific to a particular Apache module. All files in this directory ending in .conf will be parsed as a configuration file.
Basic apache vhost default:
< VirtualHost blah.com> ServerName blah.com ServerAlias www.blah.com DocumentRoot /var/www/vhosts/www.blah.com CustomLog /var/log/httpd/blah.com.access ErrorLog /var/log/httpd/blah.com.error < VirtualHost>
Apache supports 3 types of virtual hosting:
- IP based hosting : (All sites have different IP's) - Port based virtual hosting : (Can use the port to tell the server were to go to. ie. google.com:33333 - Name based virtual hosting : (most popular, as apache looks at the host header and directs the name to the vhost container and match)
Additional docs:
[root@web01 ~]# yum install httpd-manual [root@web01 ~]# service httpd restart [root@web01 ~]# firefox localhost:/manual
Lab
1. Configure two websites on your server. "X" represents your station #. 2. wwwX.example.com should be served from the /var/www/html and should also respond to requests for the short hostname wwwX. 3. vhostX.example.com should be served from /home/linus/html and should also respond to requests for the short hostname vhostX. 4. Both should be listening on your primary ip address, but wwwX.exmaple.com should be the default site. ** Too much to post answers here... but its really straight forward. Just watch selinux, and perms on /home/linus
Securing Apache
2 directives for setting up access controls
- allow from (host|network|ALL) - deny from (host|network|ALL)
These are applied in the given order:
1. order allow,deny : Allows explicitly allowed clients and denies everyone else. Anyone matching both deny and allow are denied. 2. order deny,allow : Denies explicitly denied clients and allows everyone else. Anyone matching both deny and allow are allowed.
These directives are placed inside one of the following tags:
< Directory> < File>
In theory, its best to keep these as global variables in the httpd.conf. You have to remember that you are protecting your data, your files and directories, so its best to keep these secured against all vhosts… so you set them globally. In other words, set it OUTSIDE the vhost tag.