Ansible Tutorial – Introduction and Lab Setup

Install and Configure Apache Server

 A. Install and Verify Apache Server

1. Install the Web Serverpackage group:

# yum groupinstall -y "Web Server"

2. Edit the /etc/hosts file and the ip address and fully qualified domain name of the server:

192.168.2.50 server.example.com

3. Optionally, Set the ServerName directive in /etc/httpd/conf/httpd.conf file. Activate at boot time and start the service:

# systemctl enable httpd # systemctl start httpd

4. Add the HTTP service to the firewall configuration and reload it:

# firewall-cmd --list-all # firewall-cmd --permanent --add-service=http Success # firewall-cmd --reload Success

If you plan to use the HTTPS protocol, the command should be # firewall-cmd –permanent –add-service=https

5. Check which ports this deamon is listening on:

$ ss -nutlp | grep -i http

Here it shows that our web server daemon is listening on port 80 and 443. A further check you can do is this:

# fuser -v -n tcp 80 # fuser -v -n tcp 443

6. Confirm that our client can connect to these ports:

# nc -v 10.0.5.10 80 Ncat: Version 6.40 ( http://nmap.org/ncat ) Ncat: Connected to 10.0.5.10:80. ^C # nc -v 10.0.5.10 443 Ncat: Version 6.40 ( http://nmap.org/ncat ) Ncat: Connected to 10.0.5.10:443. ^C

 

7. Test the Welcome Page. Open the browser and visit http://server.example.com. You will get the welcome page, even if you create an html page in /var/www/html. This is due to  IncludeOptional conf.d/*.confstatement at the end of the /etc/httpd/conf/httpd.conf file that instructs Apache to load the files finishing by *.conf located in the /etc/httpd/conf.d To display the content of the /var/www/html directory, you need to go to the /etc/httpd/conf.d directory and check the welcome.conf file.
8. Create /etc/httpd/conf.d/mywebserver.conf file:

<Directory /var/www/html> AllowOverride None Require all granted </Directory>

9. Install the httpd-manual package.

# yum install -y httpd-manual # elinks /usr/share/httpd/manual/howto/auth.html

 

B. Configure a Virtual Host.

Let’s assume your website is called vhost1.example.com.

1. Create /var/www/html/vhost1.example.com directory:

# cd /var/www/html # mkdir vhost1.example.com

2. Create an index.html file and assign the correct SELinux context:

# echo "This is vhost1 test." > vhost1.example.com/index.html # restorecon -R vhost1.example.com

3. Create the /etc/httpd/conf.d/vhosts.conf file and paste the following lines:

<VirtualHost *:80> ServerAdmin webmaster@vhost1.example.com DocumentRoot /var/www/html/vhost1.example.com ServerName vhost1.example.com ErrorLog logs/vhost1.example.com-error_log CustomLog logs/vhost1.example.com-access_log common </VirtualHost>

4. Optionaly, rename the /etc/httpd/conf.d/ssl.conf file, otherwise you get an additional non-working https virtual host displayed in the configuration.

# cd /etc/httpd/conf.d; mv ssl.conf ssl.conf2

5. Check the validity of the configuration:

# apachectl configtest Syntax OK

You can also type: # httpd -t

6. Restart the httpd service:

# apachectl restart

You can also use # systemctl restart httpd. For minor configuration changes, it is also possible to restart the Apache daemon without losing the current connections: # apachectl graceful

7. Check the virtual host(s) configuration:

# httpd -D DUMP_VHOSTS VirtualHost configuration: *:80                   is a NameVirtualHost         default server vhost1.example.com (/etc/httpd/conf.d/vhosts.conf:1)         port 80 namevhost vhost1.example.com (/etc/httpd/conf.d/vhosts.conf:1)         port 80 namevhost vhost1.example.com (/etc/httpd/conf.d/vhosts.conf:1)

8. Check the configuration:

# yum install -y elinks # elinks http://vhost1.example.com

C. Configure Apache access restrictions on directories.

1. Create a private directory, private, in /var/www/html

# cd /var/www/html # mkdir private # echo "This is Private Host test." > private/index.html # restorecon -R .

2. Host-based private directories: To only allow the test.example.com host (add the name/IP address in the /etc/hosts file if necessary) to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and paste the following lines at the end:

<Directory "/var/www/html/private"> AllowOverride None Options None Require host test.example.com </Directory>

3. Check the configuration file:

# apachectl configtest Syntax OK

4. User-based private directories: To only allow me to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conffile and paste the following lines at the end:

<Directory "/var/www/html/private"> AuthType Basic AuthName "Password protected area" AuthUserFile /etc/httpd/conf/passwd Require user me </Directory>

5. Check the configuration file:

# apachectl configtest Syntax OK

6. Create the passwd file and store me‘s password:

# htpasswd -c /etc/httpd/conf/passwd me # chmod 600 /etc/httpd/conf/passwd # chown apache:apache /etc/httpd/conf/passwd

The .htpasswd file can be used locally instead of the httpd.conf file.

7. Whatever the option chosen, restart the httpd service:

# systemctl restart httpd

8. Check the httpd service:

# yum install -y curl # curl -u user:password http://localhost

or

# yum install -y elinks # elinks http://localhost/private