OPS335 Web Server Lab

From CDOT Wiki
Revision as of 21:14, 7 February 2012 by Paul.W (talk | contribs) (Adding a Webmail to your domain)
Jump to: navigation, search

Basic Apache (Web Server) Setup

This lab will show you how to set up the Apache Web server using a Fedora 16 installed PC.

Important.png
Prerequisites

Your hard drive should have Fedora 16, 64 bit Live edition already installed.
Both your host and vm's should have SELinux enabled.
Both host and vm's should have all software updated.

Ensure the clocks on both machines are set to the correct date and time.

Testing your network

  • Start Firefox on your host and authenticate yourself on Sene2net with your LEARN account.
  • Ensure you can surf the web on your host machine.

Install and test Apache

  • Login to vm02 and install the following packages:
 yum install httpd httpd-tools
  • Still on vm02 you can now start your web server with this command and enable the service to start at boot.
systemctl start httpd.service
systemctl enable httpd.service
  • Flush your existing iptables rules on vm02.
    • Add a rule to allow NEW connections to your ssh server and httpd.
    • Add a rule to allow all RELATED and ESTABLISHED connections.
    • Change the default policy on the INPUT chain to DROP.
  • Using Firefox on the host go to address for vm02 "192.168.X.3" (your ip addressing may differ). You should get the "Fedora Test Page" which indicates your web server is running. Do not continue until this step works.
  • You should also be able to open the webpage using the hostname.
  • Now create your own test page named index.html and put it into directory /var/www/html/. Reload the web page on the host - you should see your own test page now.
  • Repeat the above steps for vm03.
  • Now, as root on f16 (the gateway/host), try to forward incoming http connections to our server on vm02. Use an iptables command something like this
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.X.3
  • You will also need to create a rule in the FORWARD chain in the default table to accept connections to port 80.
  • To test this setup you'll need to ask a classmate on another PC to try to use Firefox to view your web page. S/he'll have to enter your external interface IP number (142.204.141.yyy) in Firefox's address window.
  • As root edit the Apache configuration file and change the port your webserver is listening for incoming connections on.
vi /etc/httpd/conf/httpd.conf
  • Change your rules to allow connections to this port, and remove the previous rule to allow connections to port 80.
  • Go back to f16 and redo your iptables command to forward connections to port 80 to the new port 8080 on vm02, removing previous rule for port 80.
  • Verify that other students on other PCs can still view your web page.

Load balancing using iptables

  • Iptables can be used for load balancing connections. On your host machine add a rule(s) to the PREROUTING chain that will alternate connections bound for port 80 on your host machine to vm02 and vm03.
iptables -t nat -I PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j DNAT --to-destination 192.168.70.4:8080
iptables -t nat -I PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j DNAT --to-destination 192.168.70.3:8080
  • Again ask another student to test that load balancing is indeed working.

Add missing DNS resource records

  • Edit your forward look-up zone file and add the following resource records.
    • A mail record that points to vm01.
    • Aliases as follows:
      • f16 - alias router
      • vm01 - alias mail
      • vm02 - alias www1
      • vm03 - alias www2
    • Add text records that identify the roles on each of these machines and a text record for the domain "This is < your full name here>'s OPS335 Domain".
    • Once these records have been added, be sure to increment your Serial number for the zone file. While not crucial for the lab as we do not yet have a slave DNS server, getting into the habit ensures when needed slaves will be informed of the changes.

Adding a Webmail to your domain

  • In order for our domain to offer webmail services to its users you will need to install the following packages on vm01
yum install squirrelmail httpd dovecot
  • The SquirrelMail files are in /usr/share/squirrelmail, create the a symbolic link to share those files on the internet.
ln -s /usr/share/squirrelmail /var/www/html/mail
  • Change directories and run the configuration script for SquirrelMail
cd /usr/share/squirrelmail/config
./conf.pl
  • Use the menu to select #2 - Server Settings. Edit #1 Domain - choosing your domain name, and #3 Selecting SMTP. Ensure you have saved the data then return to the main menu. From the main menu select option D - Set pre-defined settings for specific IMAP servers, then enter 'dovecot'.
  • From the main menu select '1. Organization Preferences', then select option #1 'Organization Name' and change this to your domain name.
  • Edit The Postfix configuration file and find the below line and add "$mydomain" to ensure delivery of emails sent to the domain and not just the host name.
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
  • Edit the dovecot configuration file and uncomment the following line
protocols = imap pop3 lmtp
  • And add to the bottom of the file
mail_location = mbox:~/mail:INBOX=/var/mail/%u
  • You will need to change the permissions on the mail directories for the users from the default 660 to 600.
chmod 0600 /var/mail/*
  • Finally edit the Apache configuration file and add the following:

Alias /squirrelmail /usr/local/squirrelmail/www <Directory /usr/local/squirrelmail/www> Options None AllowOverride None DirectoryIndex index.php Order Allow,Deny Allow from all </Directory> <Directory /usr/local/squirrelmail/www/*> Deny from all </Directory> <Directory /usr/local/squirrelmail/www/images> Allow from all </Directory> <Directory /usr/local/squirrelmail/www/plugins> Allow from all </Directory> <Directory /usr/local/squirrelmail/www/src> Allow from all </Directory> <Directory /usr/local/squirrelmail/www/templates> Allow from all </Directory> <Directory /usr/local/squirrelmail/www/themes> Allow from all </Directory> <Directory /usr/local/squirrelmail/www/contrib> Order Deny,Allow Deny from All Allow from 127 Allow from 10 Allow from 192 </Directory> <Directory /usr/local/squirrelmail/www/doc> Order Deny,Allow Deny from All Allow from 127 Allow from 10 Allow from 192 </Directory>

Completing the Lab

Answer the following questions and and email them to your teacher in ASCII text format

  1. Give the full path names of the Apache log files.
  2. What directory is the default server root? Give the full path name.
  3. What directory is the default document root? Give the full path name.
  4. What is the default configuration file for the Apache web server on Fedora 16? Give the full path name.
  5. What is the default maximum number of connections allowed on the server by default?
  6. What user/group does Apache run under on Fedora 16?
  7. What exact command did you use to allow requests to port 80 to be forwarded to 8080 on your VM?
  8. What specific command (give full details) would you need to use on f16 to forward ssh connections to vm01?
  9. What is the web site for Apache?
  10. What is Apache's current version number? Note: this may be different from the version running on Fedora 16.