Differences

This shows you the differences between two versions of the page.

--- linux_wiki:network_services_overview_apache_web_server [2016/08/27 14:37]
billdozor [Configure the service for basic operation]
+++ linux_wiki:network_services_overview_apache_web_server [2019/05/25 23:50] (current)
@@ Line 12: / Line 12: @@
   * Configure the service for basic operation
   * Configure host-based and user-based security for the service
+----
+====== Lab Setup ======
+The following virtual machines will be used:
+  * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here
+  * server2.example.com (192.168.1.151) -> Install Apache Web Server here
 ----
@@ Line 17: / Line 25: @@
 ====== Install the packages needed to provide the service ======
-Install Apache Web Server (httpd)
+Install Apache Web Server (httpd) and manual
 <code bash>
-yum install httpd
+yum install httpd httpd-manual
+</code>
+  * **NOTE:** The httpd-manual can come in handy for checking syntax/getting help.
+\\
+Access the httpd-manual
+<code bash>
+http://localhost/manual
+OR
+elinks /usr/share/httpd/manual/<page|section>
 </code>
@@ Line 26: / Line 43: @@
 ====== Configure SELinux to support the service ======
-  * Service agnostic -> [[linux_wiki:configure_selinux_to_support_the_service|Ensure SELinux is running and enabled]].
+  * Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]].
+  * **IMPORTANT**: View all label types<code bash># Install package
+yum install setools-console
+# View all label types
+seinfo -t
+# Find Apache types
+seinfo -t | grep httpd
+</code>
 ----
@@ Line 34: / Line 60: @@
 Configuring the Apache Web Server with a non standard port and allowing port access with selinux.
-**NOTE**: "man semanage-port" has examples for allowing non-standard ports!
+  * Examples: "man semanage-port" has examples for allowing non-standard ports!
+  * Tip: To see current port labels<code bash>semanage port -l | grep http</code>
-----
-===== Change HTTPD's Port =====
+__**Change HTTPD's Port**__
 Change httpd port
@@ Line 62: / Line 88: @@
   * Should see permission denied to make socket 8282
-----
+\\
+__**SELinux: Configure Non Standard Port**__
-===== SELinux: Configure Non Standard Port =====
 View http ports SELinux allows
@@ Line 102: / Line 127: @@
 ====== Configure the service for basic operation ======
-  * Basic [[linux_wiki:configure_the_service_for_basic_operation|systemctl service control]].
+Enable and Start the service
-Start the service
 <code bash>
+systemctl enable httpd
 systemctl start httpd
 </code>
@@ Line 117: / Line 141: @@
 Allow access through the firewall
 <code bash>
+# Standard http/https ports
 firewall-cmd --permanent --add-service=http
 firewall-cmd --permanent --add-service=https
+firewall-cmd --reload
+# Non-standard port example
+firewall-cmd --permanent --add-port=8282/tcp
 firewall-cmd --reload
 </code>
@@ Line 124: / Line 153: @@
 ===== Host Based =====
+/etc/httpd/conf/httpd.conf
+<code bash>
+<Directory "/var/www/html">
+  # Blacklist "server1"
+  <RequireAll>
+    Require all granted
+    Require not host server1
+  </RequireAll>
+</Directory>
+</code>
+  * The above will allow access from all hosts except "server1"
+  * Must be inside of a <Directory> context.
 ===== User Based =====
+See [[linux_wiki:configure_access_restrictions_on_directories#restrict_access|Restrict Access to a Directory]].
 ----