Changes

Jump to: navigation, search

OPS335 Web Server Lab

No change in size, 09:34, 28 September 2012
Reconciling vm numbers to match earlier labs.
*Ensure you can access the web on your host machine and all your VMs.
=== Install and test Apache on your VM02 VM01 and VM03 ===*Login to vm02 vm01 and install the following packages:
yum install httpd httpd-tools
*Still on vm02 vm01 you can now start your web server with this command and enable the service to start at boot.
systemctl start httpd.service
systemctl enable httpd.service
* Using a text browser such as lynx on vm02 vm01 go to localhost. You should get the "Fedora Test Page" which indicates your web server is running on the local virtual machine.*Flush your existing iptables rules on vm02vm01.
**Add a rule to allow all packets "to" and "from" the loop back interface "lo".
**Add a rule to allow NEW connections to your ssh server and httpd.
**Add a rule to allow all RELATED and ESTABLISHED connections.
**Change the default policy on the INPUT chain to DROP.
*Using Firefox on the <b>host</b> go to address for vm02 vm01 "192.168.X.32" (your ip addressing may differ). You should get the "Fedora Test Page" which indicates you can access your web server on VM02 VM01 via network connection. Do not continue until this step works. (You may have to adjust your firewall settings on VM02VM01.)*You should also be able to open the webpage using the hostname of vm02vm01.
*Now create your own test page named index.html and put it into directory /var/www/html/. Reload the web page on the host - you should see your own test page now.
*Repeat the above steps for vm03.
*Now, as root on f16 (the gateway/host), try to forward incoming http connections to your host to the web server on vm02vm01. Use an iptables command something like this iptables -t nat -A PREROUTING -i *yourinterface* -p tcp --dport 80 -j DNAT --to 192.168.X.32
*You will also need to create a rule in the FORWARD chain in the default table to accept connections to port 80.
*To test this setup you'll need to ask a classmate on another PC to try to use Firefox to view your web page. S/he'll have to enter your host's external interface IP number (142.204.141.yyy) in Firefox's address window.
*Login to your vm02 vm01 (and then vm03) as root, edit the Apache configuration file and change the port your webserver is listening for incoming connections from 80 to 8080.
vi /etc/httpd/conf/httpd.conf
*Change your firewall rules on vm02 vm01 (and also vm03) to allow connections to this port (8080), and remove the previous rule to allow connections to port 80.*Go back to f16 and redo your iptables command to forward connections to port 80 (on your host) to the new port 8080 on vm02vm01, removing previous rule for port 80.
*Verify that other students on their PCs can still view your web page.
=== Load balancing using iptables ===
*Iptables can be used for load balancing connections. On your host machine add a rule(s) to the PREROUTING chain that will alternate connections bound for port 80 on your host machine to vm02 vm01 and vm03.
iptables -t nat -I PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j DNAT --to-destination 192.168.70.4:8080
iptables -t nat -I PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j DNAT --to-destination 192.168.70.32:8080
*Again ask another student to test that load balancing is indeed working.
=== Add missing DNS resource records ===
* Edit your forward look-up zone file and add the following resource records.
** A mail record that points to vm01vm02.
** Aliases as follows:
***f16 - alias router
***vm01 vm02 - alias mail***vm02 vm01 - alias www1
***vm03 - alias www2
**Add text records that identify the roles on each of these machines and a text record for the domain "This is < your full name here>'s OPS335 Domain".
=== Adding Webmail to your domain ===
*In order for our domain to offer webmail services to its users you will need to install the following packages on vm01vm02
yum install squirrelmail httpd dovecot
*The SquirrelMail files are in /usr/share/squirrelmail, create the a symbolic link to share those files on the internet.
chmod 0600 /var/mail/*
*you should now start and enable dovecot, httpd and restart postfix if it was already running.
*test your connection to SquirrelMail by opening a browser and navigating to vm01vm02/mail. You should see a log in page. Sign in using your login credentials on vm01vm02.
*You will need to open ports on your firewall to allow connections to the webserver, and port forwarding on the host.
729
edits

Navigation menu