SSL and https

Confidentiality

Integrity

Authentication

 

Certification Authorities: VeriSign, Thawte

 

Configuration

ssl.conf

Does your system support SSL?

rpm -q OpenSSL

rpm -q mod_ssl

 

Certificates

Create a self-signed SSL Certificate.

Place it in the correct location.

Create a Key Pair.

Create a Certificate Signing Request (CSR).

 

Setting Up SSL to Create Certificates

Creating Your Own Certificates

Virtual Hosts

Name-Based vs. IP-Based Virtual Hosts

Virtual Host Examples:

Listen 80

NameVirtualHost 123.45.67.89

# These are name-based virtual hosts
<VirtualHost 123.45.67.89>
DocumentRoot /www/cars
ServerName www.cars.com
</VirtualHost>

<VirtualHost 123.45.67.89>
DocumentRoot /www/trucks
ServerName www.trucks.com
</VirtualHost>

<VirtualHost 123.45.67.89>
DocumentRoot /www/motorcycles
ServerName www.motorcycles.com
</VirtualHost>

# IP-based
<VirtualHost 123.45.67.90>
DocumentRoot /www/planes
ServerName www.planes.com
</VirtualHost>

<VirtualHost 123.45.67.91>
DocumentRoot /www/trains
ServerName www.trains.com
</VirtualHost>

 

Debugging: the httpd -S command

Assignment: Create a fake domain name and configure a virtual host container. Be sure to put a rudimentary index page in the configured location.

Test and correct as necessary until it works locally (from your own computer).

Now exchange domain names and map them in your Hosts configuration.

Test again. Can you find everyone’s web site?

Authentication and Access Control

Authentication, Authorization and Access Control

See Apache.org’s Authentication, Authorization and Access Control page (for the 2.0 version): http://httpd.apache.org/docs/2.0/howto/auth.html

Creation and location of the password file: the htpasswd utility

Assignment: Use htpasswd to create a password file.

Select a secure location.

Create the first user.

Create a subsequent user.

 

Configuring the server to request a password and authenticate the user:
Note that you can do this in a .htaccess file OR in a Directory container!

AuthType Basic
AuthName “Restricted_Realm_Name
AuthUserFile /usr/sbin/apache/passwd/passwords
Require user User_Name

Similarly, requiring group membership:

AuthType Basic
AuthName “Restricted_Realm_Name
AuthUserFile /usr/sbin/apache/passwd/passwords
AuthGroupFile /usr/sbin/apache/passwd/groups
Require group Group_Name

 

Allowing Authentication in Directory Containers: Just use the Directives above!

Allowing Authentication in .htaccess files:

AllowOverride AuthConfig

 

About .htaccess Files

Allow and Deny

Detailed Examples

Order

Satisfy

Require

Limit and LimitExcept

Assignment: Set up a secure directory using an .htaccess file.

First, require a user name and password.

Next, modify the configuration to allow only one host access without a password. Other users must be required to supply a password.

For the next iteration, require both.

Next, allow GET but deny POST.

Finally, eliminate support for .htaccess files, but secure one directory in the web filesystem.

 

More Resources

The Apache.org .htaccess Tutorial

A good article from ApacheWeek.com: Using User Authentication

Apache Configuration

The supplied template file

/etc/httpd/conf/httpd.conf

Syntax:

Directives (p. 37) httpd -L

AllowOverride

Sections (p. 38)

Directory and DirectoryMatch

Files and FilesMatch

Location and LocationMatch

Regular Expression ReferenceWildcards and Regular Expressions

IfDefine

IfModule

Limit and LimitExcept

VirtualHost

 

Options (p. 47 ff.)

 

Building and Testing New Configurations (p. 43)

The apachectl utility and httpd

man apachectl

man httpd

configtest

A Separate SSL Config File

Including Config Files and Including Directories

The apxs Utility: http://httpd.apache.org/docs/2.0/programs/apxs.html

 

Configuration Tools

Comanche: http://www.comanche.org/

The Red Hat/Fedora Apache Configuration Tool

WebMin: http://webmin.com/

 

NOTE that you must restart Apache if you make changes to its configuration file(s)!

 

Assignment: Download and install Webmin

See my “Packages and Signing” lecture for information on using keys and signatures when you download packages to install.

Apache

UNM Division of Continuing Education Course: Apache Web Server Management

Text: 

 

NOTE: Assignments and Instructions are shown in this bold blue text. Follow these instructions.

Please mark this page as your home page. We will be returning here frequently.

After we cover each chapter, you are responsible to study the chapter on your own.

 

What is Apache?

A file server that targets the browser

The Apache root

The web root

The Apache user

Content negotiation

Application server: C/C++, Java, VB, Perl, PHP, Python, Ruby, etc. …

The Apache philosophy

The Classic Version: 1.3

 

Documentation

The Apache web site: http://www.apache.org/

Their documentation: http://httpd.apache.org/docs/

Version 2.0: http://httpd.apache.org/docs/2.2/new_features_2_0.html

Version 2.2: http://httpd.apache.org/docs/2.2/new_features_2_2.html

Apache Administrator’s Handbook, supplied with this course
Page citations are indicated in blue italics: (p. 1)

 

The Role of the Registrar

What is DNS?

Apache will function on only IP

Resolution is needed for a true domain name

Logging: should you do reverse lookups? – DNS required

 

Installation

Installing on Windows

Assignment: Download and install Apache for Windows.

Installing via tarball

Assignment: Download and install the most current Apache tarball.

(See http://www.lamphowto.com/lampssl.htm for the goriest possible scenario.)

Installing via RPM

Assignment: Download and install the most current Apache RPM for Fedora 4.