Vous êtes sur la page 1sur 4

########## INSTALL AND CONFIGURE BASIC WEBSITE ###########

INSTALL PACKAGE:-

[root@Server /]# yum install httpd httpd-manual

FIREWALL CONFIGURATION:-

[root@Server /]# firewall-cmd --permanent --add-service=http


[root@Server /]# firewall-cmd --permanent --add-service=https
[root@Server /]# firewall-cmd --reload

[root@Server /]# systemctl enable httpd.service


[root@Server /]# systemctl restart httpd.service

[root@Server /]# vim /var/www/html/index.html


This is a Test Page !!!

[root@Server /]# systemctl restart httpd.service

http://192.168.110.30/index.html

HTTP CONFIGURATION:-

[root@Server /]# vim /etc/httpd/conf/httpd.conf

########## CONFIGURE A VIRTUAL HOSTS #############

INSTALL PACKAGE:-

[root@Server /]# yum install httpd httpd-manual

SETUP A VIRTUAL HOST:-

CREATE Content directories.

[root@Server /]# mkdir -p /WebSites/{Site1,Site2}/www

CREATE index.html file for each Site.

[root@Server /]# vim /WebSites/Site1/www/index.html


This is WebSite1 !!!

[root@Server /]# vim /WebSites/Site2/www/index.html


This is WebSite2 !!!

SELinux CONFIGURATION:-

[root@Server /]# yum install policycoreutils-python-2.5-11.el7_3.x86_64

[root@Server ~]# ls -lZ /var/www/html/


-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html

[root@Server /]# semanage fcontext -a -t httpd_sys_content_t '/WebSites/.*)?'

[root@Server /]# restorecon -Rv /WebSites/


[root@Server ~]# semanage fcontext -a -t httpd_sys_content_t "/WebSites(/.*)?"
[root@Server ~]# restorecon -Rv /WebSites/

[root@Server ~]# ls -lZ /WebSites/


drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 Site1
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 Site2

[root@Server ~]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf


/etc/httpd/conf.d/vhost1.conf
[root@Server ~]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf
/etc/httpd/conf.d/vhost2.conf

CONFIGURE 1ST VHOST:-

[root@Server ~]# vim /etc/httpd/conf.d/vhost1.conf

<VirtualHost *:80>
ServerAdmin root@site1.oit..com
DocumentRoot "/WebSites/Site1/www"
ServerName site1.oit.com
ServerAlias www.site1.oit.com
ErrorLog "/var/log/httpd/site1.oit.com-error_log"
CustomLog "/var/log/httpd/site1.oit.com-access_log" combined

<Directory "/WebSites/Site1/www">
AllowOverride None
Require all granted
</Directory>

</VirtualHost>

[root@Server ~]# systemctl restart httpd.service


[root@Server ~]# systemctl enable httpd.service

CONFIGURE 2ND VHOST:-

<VirtualHost *:80>
ServerAdmin root@site2.oit.com
DocumentRoot "/WebSites/Site2/www/"
ServerName site2.oit.com
ServerAlias www.site2.oit.com
ErrorLog "/var/log/httpd/site2.oit.com-error_log"
CustomLog "/var/log/httpd/site2.oit.com-access_log" combined

<Directory "/WebSites/Site2/www">
AllowOverride None
Require all granted
</Directory>

</VirtualHost>

[root@Server ~]# systemctl restart httpd.service


[root@Server ~]# systemctl enable httpd.service

Access Site:-

[root@Client /]# curl site1.oit.com


This is WebSite1 !!!
[root@Client /]# curl site2.oit.com
This is WebSite2 !!!
############# CONFIGURE TLS ENABLED VIRTUAL HOSTS ##################

FIREWALL CONFIGURATION:-

[root@Server ~]# firewall-cmd --add-service=https


[root@Server ~]# firewall-cmd --reload

INSTALL GENKEY PACKAGE:-

[root@Server ~]# yum install crypto-utils mod_ssl


-----------------------------------------------------------------------------------
GENARATE SSL CERTIFICATE:-

You are now generating a new keypair which will be used to encrypt all SSL traffic
to the server named site3.oit.com.

The key will be stored in


/etc/pki/tls/private/site3.oit.com.key
The certificate stored in
/etc/pki/tls/certs/site3.oit.com.crt

Press NEXT>

Choose the size of your key.


2048 (medium-security, medium speed) [RECOMMENDED]

Press NEXT>

Generating random bits


(this may take some time)
NEXT>

Generate CSR
Would you like to send a Certificate Request (CSR) to a Certificate Authority (CA)?
NO Encripting the Kry:-
NEXT>

Enter details for your certificate


Country Name (ISO 2 letter code) LK
Common Name (fully qualified domain name) site3.oit.com
NEXT>

A copy of this CSR has been saved in the file


/etc/pki/tls/certs/site3.oit.com.0.csr

[root@Server /]# openssl req -newkey rsa:2048 -keyout


/etc/pki/tls/private/site3.oit.com.key -nodes -x509 -days 365 -out
/etc/pki/tls/certs/site3.oit.com.crt

[root@Server /]# ls -la /etc/pki/tls/certs/site3.oit.com.crt


-rw-r--r--. 1 root root 1391 May 11 16:12 /etc/pki/tls/certs/site3.oit.com.crt

-----------------------------------------------------------------------------------
-

[root@Server ~]# mkdir -p /WebSites/Site3/www


[root@Server ~]# vim /WebSites/Site3/www/index.html
This is a TLS enabled WebSite3 !!!

[root@Server ~]# ls -lZ /WebSites/


drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 Site1
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 Site2
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 Site3

[root@Server ~]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf


/etc/httpd/conf.d/vhost3.conf

CONFIGURE 3RD VHOST:-

[root@Server ~]# vim /etc/httpd/conf.d/vhost3.conf

<VirtualHost *:443>
ServerAdmin root@sitei3.oit.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
SSLEngine on
SSLProtocol all -SSLv2 -SSLV3
SSLCipherSuite HIGH:MEDIUM:!aNull:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/site3.oit.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/site3.oit.com.key
DocumentRoot "/WebSites/Site3/www/"
ServerName site3.oit.com
ServerAlias www.site3.oit.com
ErrorLog "/var/log/httpd/site3.oit.com-error_log"
CustomLog "/var/log/httpd/site3.oit.com-access_log" combined

<Directory "/WebSites/Site3/www">
AllowOverride None
Require all granted
</Directory>

</VirtualHost>

[root@Server /]# systemctl restart httpd.service

[root@Client /]# curl --insecure https://site3.oit.com


This is a TLS enabled WebSite3 !!!

REF:-
https://www.lisenet.com/2016/advanced-apache-configuration-with-selinux-on-rhel-7/
https://www.rootusers.com/how-to-configure-tls-security-in-apache/