http configuration

http configuration

Question : how to configure http in Linux centos 6 , rhel 6

Question : step by step http configuration in Linux cento6 , rhel6

Question : step by step http https configuration in Linux cento6 , rhel6

IP  -

Hostname -

OS  - CentOS 6

PORT http - 80, https - 443

Apache is a freely available Web server that is distributed under an "open source" license. It s Supports all major distribution such as windows, Linux , Solaris and Mac operating system.

Some important directories are listed below

  • " /etc/httpd -
      Main Apache root configuration directory.

  • " /etc/httpd/conf.d -
      Additional Apache configuration files provided by third party software

  • " /etc/httpd/conf/httpd.conf -
      Main Configuration file.

  • " /var/lib/httpd/modules -
      Configuration files for additional modules.( SymLink to /etc/httpd/modules)

  • " /etc/log/httpd -
      Contains log files ( SymLink to /etc/httpd/logs)

  • " /var/www -
      Main web document root directory.

Required Package Installaction by yum or rpm

# yum install http*

Restart service & on for every boot.

# service httpd restart
# checkconfig httpd on

Test your server : http://your_IP_address.  or http://your _hostname.

Veryfiy service status

# service httpd status

Create Virtual Hosts :

Run several websites on the same server called a virtual hosting . Virtual hosts can be "IP-based", meaning that you have a different IP address for every web site, or "name-based", meaning that you have multiple names running on each IP address.

(*) you can set ip address of your server 

NameVirtualHost  *:80

Create a directory for contant of website , any name as you wish

# mkdir /var/www/html/

Create a index file under directory

# vi /var/www/html/

Create new virtual host file under additional configuration.

# vi /etc/httpd/conf.d/lokesh.conf
Go to insert mode & type following lines
     DocumentRoot /var/www/html/
     ErrorLog logs/
     CustomLog logs/ common

Basic Configureation of HTTP is done now restart service , before restart service we Chack all configuration is ok or not ( check syntax error )

Check syntax error & Restart Service

# service httpd configtest
# service httpd restart

Part 2 ## HTTPs Configuration

Required  Package  & Installaction by yum or rpm command

# yum install  openssl
# yum install mod_ssl  Or mod_nss  ( only one of them)

Setting Up an SSL Server:
Secure Sockets Layer (SSL) is a cryptographic protocol that allows a server and a client to communicate securely. Along with its extended and improved version called Transport Layer Security (TLS), it ensures both privacy and data integrity. The Apache HTTP Server in combination with mod_ssl, a module that uses the OpenSSL toolkit to provide the SSL/TLS support, is commonly referred to as the SSL server. Red Hat Enterprise Linux also supports the use of Mozilla NSS as the TLS implementation. Support for Mozilla NSS is provided by the mod_nss module.
Enabling and Disabling SSL and TLS in  " mod_ssl "

# vi /etc/httpd/conf.d/ssl.conf

Edit the SSLProtocol line as follows

Verify that all occurrences of the SSLProtocol directive have been changed as follows

#grep SSLProtocol /etc/httpd/conf.d/ssl.conf

# service httpd restart

Testing the Status of SSL and TLS Protocols

# openssl s_client -connect localhost:443 -ssl3

Output something like this

Check Listen in  : etc/httpd/conf.d/ssl.conf always enable with 443 port

Listen: 443

Generating a New Key and Certificate

#yum install crypto-utils

To run the utility:

# genkey <hostname>
# genkey

Review the target locations in which the key and certificate will be stored

Next & Using the up and down arrow keys, select a suitable key size

Generate CSR  = Yes   

encrypt the private key = check & hit enter

set private key passphrase =  choose pass & next

Enter your certificate detail

Next & Finish

Second Method For Generateing a key -:

Generate a self-signed certificate

Generate private key

#openssl genrsa -out ca.key 2048
here ca.key is a key name & 2048 is key size.

Generate CSR

#openssl req -new -key ca.key -out ca.csr

Generate Self Signed Key

#openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Copy the files to the correct locations

#cp ca.crt /etc/pki/tls/certs
#cp ca.key /etc/pki/tls/private/ca.key
#cp ca.csr /etc/pki/tls/private/ca.csr

Note - If you have moved the files and not copied them, you can use the following command to correct the SELinux contexts on those files, as the correct context definitions for /etc/pki/* come with the bundled SELinux policy.
# restorecon -RvF /etc/pki

Then we need to update the Apache SSL configuration file and add your certs file

# vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf

Now Create Virtual Hosts for our HTTPs with same process of http.

Create Directory :

# mkdir /var/www/html/

Create a index file under directory

# vi /var/www/html/

Create new virtual host file under additional configuration.

# vi /etc/httpd/conf.d/khandwa.lokesh.conf

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/html>
        AllowOverride All
       < /Directory>
        DocumentRoot /var/www/html
        ErrorLog logs/
       CustomLog logs/ common

Restart Service

#Service httpd restart
#Chkconfig httpd on

Access secure web server on blow link

Next Post »