Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:network_services_overview_apache_web_server [2016/08/27 14:37] billdozor [Configure the service for basic operation] |
linux_wiki:network_services_overview_apache_web_server [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 12: | Line 12: | ||
* Configure the service for basic operation | * Configure the service for basic operation | ||
* Configure host-based and user-based security for the service | * Configure host-based and user-based security for the service | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Lab Setup ====== | ||
+ | |||
+ | The following virtual machines will be used: | ||
+ | * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | ||
+ | * server2.example.com (192.168.1.151) -> Install Apache Web Server here | ||
---- | ---- | ||
Line 17: | Line 25: | ||
====== Install the packages needed to provide the service ====== | ====== Install the packages needed to provide the service ====== | ||
- | Install Apache Web Server (httpd) | + | Install Apache Web Server (httpd) |
<code bash> | <code bash> | ||
- | yum install httpd | + | yum install httpd httpd-manual |
+ | </ | ||
+ | * **NOTE:** The httpd-manual can come in handy for checking syntax/ | ||
+ | |||
+ | \\ | ||
+ | Access the httpd-manual | ||
+ | <code bash> | ||
+ | http:// | ||
+ | OR | ||
+ | elinks / | ||
</ | </ | ||
Line 26: | Line 43: | ||
====== Configure SELinux to support the service ====== | ====== Configure SELinux to support the service ====== | ||
- | * Service agnostic -> [[linux_wiki: | + | * Service agnostic -> [[linux_wiki: |
+ | * **IMPORTANT**: | ||
+ | yum install setools-console | ||
+ | |||
+ | # View all label types | ||
+ | seinfo -t | ||
+ | |||
+ | # Find Apache types | ||
+ | seinfo -t | grep httpd | ||
+ | </ | ||
---- | ---- | ||
Line 34: | Line 60: | ||
Configuring the Apache Web Server with a non standard port and allowing port access with selinux. | Configuring the Apache Web Server with a non standard port and allowing port access with selinux. | ||
- | **NOTE**: "man semanage-port" | + | |
+ | * Tip: To see current port labels< | ||
- | ---- | ||
- | ===== Change HTTPD' | + | __**Change HTTPD' |
Change httpd port | Change httpd port | ||
Line 62: | Line 88: | ||
* Should see permission denied to make socket 8282 | * Should see permission denied to make socket 8282 | ||
- | ---- | + | \\ |
- | + | __**SELinux: Configure Non Standard Port**__ | |
- | ===== SELinux: Configure Non Standard Port ===== | + | |
View http ports SELinux allows | View http ports SELinux allows | ||
Line 102: | Line 127: | ||
====== Configure the service for basic operation ====== | ====== Configure the service for basic operation ====== | ||
- | * Basic [[linux_wiki: | + | Enable and Start the service |
- | + | ||
- | Start the service | + | |
<code bash> | <code bash> | ||
+ | systemctl enable httpd | ||
systemctl start httpd | systemctl start httpd | ||
</ | </ | ||
Line 117: | Line 141: | ||
Allow access through the firewall | Allow access through the firewall | ||
<code bash> | <code bash> | ||
+ | # Standard http/https ports | ||
firewall-cmd --permanent --add-service=http | firewall-cmd --permanent --add-service=http | ||
firewall-cmd --permanent --add-service=https | firewall-cmd --permanent --add-service=https | ||
+ | firewall-cmd --reload | ||
+ | |||
+ | # Non-standard port example | ||
+ | firewall-cmd --permanent --add-port=8282/ | ||
firewall-cmd --reload | firewall-cmd --reload | ||
</ | </ | ||
Line 124: | Line 153: | ||
===== Host Based ===== | ===== Host Based ===== | ||
+ | / | ||
+ | <code bash> | ||
+ | < | ||
+ | | ||
+ | # Blacklist " | ||
+ | < | ||
+ | Require all granted | ||
+ | Require not host server1 | ||
+ | </ | ||
+ | | ||
+ | </ | ||
+ | </ | ||
+ | * The above will allow access from all hosts except " | ||
+ | * Must be inside of a < | ||
===== User Based ===== | ===== User Based ===== | ||
+ | See [[linux_wiki: | ||
---- | ---- | ||