Unseren Apache-Webserver installieren wir einfach mit Hilfe von YUM.
# yum install httpd httpd-tools -y
Was uns das Paket httpd alles mitbringt, zeigt uns der Aufruf von:
# rpm -qil httpd
Name : httpd Relocations: (not relocatable) Version : 2.2.15 Vendor: CentOS Release : 5.el6.centos Build Date: Do 07 Jul 2011 12:28:56 CEST Install Date: Fr 09 Sep 2011 20:16:28 CEST Build Host: c6b6.bsys.dev.centos.org Group : System Environment/Daemons Source RPM: httpd-2.2.15-5.el6.centos.src.rpm Size : 2886013 License: ASL 2.0 Signature : RSA/8, Do 07 Jul 2011 13:50:23 CEST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. /etc/httpd /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.d/README /etc/httpd/conf.d/welcome.conf /etc/httpd/conf/httpd.conf /etc/httpd/conf/magic /etc/httpd/logs /etc/httpd/modules /etc/httpd/run /etc/logrotate.d/httpd /etc/rc.d/init.d/httpd /etc/sysconfig/httpd /usr/lib/httpd /usr/lib/httpd/modules /usr/lib/httpd/modules/mod_actions.so /usr/lib/httpd/modules/mod_alias.so /usr/lib/httpd/modules/mod_asis.so /usr/lib/httpd/modules/mod_auth_basic.so /usr/lib/httpd/modules/mod_auth_digest.so /usr/lib/httpd/modules/mod_authn_alias.so /usr/lib/httpd/modules/mod_authn_anon.so /usr/lib/httpd/modules/mod_authn_dbd.so /usr/lib/httpd/modules/mod_authn_dbm.so /usr/lib/httpd/modules/mod_authn_default.so /usr/lib/httpd/modules/mod_authn_file.so /usr/lib/httpd/modules/mod_authnz_ldap.so /usr/lib/httpd/modules/mod_authz_dbm.so /usr/lib/httpd/modules/mod_authz_default.so /usr/lib/httpd/modules/mod_authz_groupfile.so /usr/lib/httpd/modules/mod_authz_host.so /usr/lib/httpd/modules/mod_authz_owner.so /usr/lib/httpd/modules/mod_authz_user.so /usr/lib/httpd/modules/mod_autoindex.so /usr/lib/httpd/modules/mod_cache.so /usr/lib/httpd/modules/mod_cern_meta.so /usr/lib/httpd/modules/mod_cgi.so /usr/lib/httpd/modules/mod_cgid.so /usr/lib/httpd/modules/mod_dav.so /usr/lib/httpd/modules/mod_dav_fs.so /usr/lib/httpd/modules/mod_dbd.so /usr/lib/httpd/modules/mod_deflate.so /usr/lib/httpd/modules/mod_dir.so /usr/lib/httpd/modules/mod_disk_cache.so /usr/lib/httpd/modules/mod_dumpio.so /usr/lib/httpd/modules/mod_env.so /usr/lib/httpd/modules/mod_expires.so /usr/lib/httpd/modules/mod_ext_filter.so /usr/lib/httpd/modules/mod_filter.so /usr/lib/httpd/modules/mod_headers.so /usr/lib/httpd/modules/mod_ident.so /usr/lib/httpd/modules/mod_include.so /usr/lib/httpd/modules/mod_info.so /usr/lib/httpd/modules/mod_ldap.so /usr/lib/httpd/modules/mod_log_config.so /usr/lib/httpd/modules/mod_log_forensic.so /usr/lib/httpd/modules/mod_logio.so /usr/lib/httpd/modules/mod_mime.so /usr/lib/httpd/modules/mod_mime_magic.so /usr/lib/httpd/modules/mod_negotiation.so /usr/lib/httpd/modules/mod_proxy.so /usr/lib/httpd/modules/mod_proxy_ajp.so /usr/lib/httpd/modules/mod_proxy_balancer.so /usr/lib/httpd/modules/mod_proxy_connect.so /usr/lib/httpd/modules/mod_proxy_ftp.so /usr/lib/httpd/modules/mod_proxy_http.so /usr/lib/httpd/modules/mod_proxy_scgi.so /usr/lib/httpd/modules/mod_reqtimeout.so /usr/lib/httpd/modules/mod_rewrite.so /usr/lib/httpd/modules/mod_setenvif.so /usr/lib/httpd/modules/mod_speling.so /usr/lib/httpd/modules/mod_status.so /usr/lib/httpd/modules/mod_substitute.so /usr/lib/httpd/modules/mod_suexec.so /usr/lib/httpd/modules/mod_unique_id.so /usr/lib/httpd/modules/mod_userdir.so /usr/lib/httpd/modules/mod_usertrack.so /usr/lib/httpd/modules/mod_version.so /usr/lib/httpd/modules/mod_vhost_alias.so /usr/sbin/apachectl /usr/sbin/htcacheclean /usr/sbin/httpd /usr/sbin/httpd.event /usr/sbin/httpd.worker /usr/sbin/httxt2dbm /usr/sbin/rotatelogs /usr/sbin/suexec /usr/share/doc/httpd-2.2.15 /usr/share/doc/httpd-2.2.15/ABOUT_APACHE /usr/share/doc/httpd-2.2.15/CHANGES /usr/share/doc/httpd-2.2.15/LICENSE /usr/share/doc/httpd-2.2.15/NOTICE /usr/share/doc/httpd-2.2.15/README /usr/share/doc/httpd-2.2.15/VERSIONING /usr/share/man/man8/apachectl.8.gz /usr/share/man/man8/htcacheclean.8.gz /usr/share/man/man8/httpd.8.gz /usr/share/man/man8/rotatelogs.8.gz /usr/share/man/man8/suexec.8.gz /var/cache/mod_proxy /var/lib/dav /var/log/httpd /var/run/httpd /var/www /var/www/cgi-bin /var/www/error /var/www/error/HTTP_BAD_GATEWAY.html.var /var/www/error/HTTP_BAD_REQUEST.html.var /var/www/error/HTTP_FORBIDDEN.html.var /var/www/error/HTTP_GONE.html.var /var/www/error/HTTP_INTERNAL_SERVER_ERROR.html.var /var/www/error/HTTP_LENGTH_REQUIRED.html.var /var/www/error/HTTP_METHOD_NOT_ALLOWED.html.var /var/www/error/HTTP_NOT_FOUND.html.var /var/www/error/HTTP_NOT_IMPLEMENTED.html.var /var/www/error/HTTP_PRECONDITION_FAILED.html.var /var/www/error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var /var/www/error/HTTP_REQUEST_TIME_OUT.html.var /var/www/error/HTTP_REQUEST_URI_TOO_LARGE.html.var /var/www/error/HTTP_SERVICE_UNAVAILABLE.html.var /var/www/error/HTTP_UNAUTHORIZED.html.var /var/www/error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var /var/www/error/HTTP_VARIANT_ALSO_VARIES.html.var /var/www/error/README /var/www/error/contact.html.var /var/www/error/include /var/www/error/include/bottom.html /var/www/error/include/spacer.html /var/www/error/include/top.html /var/www/error/noindex.html /var/www/html /var/www/icons /var/www/icons/README /var/www/icons/README.html /var/www/icons/a.gif /var/www/icons/a.png /var/www/icons/alert.black.gif /var/www/icons/alert.black.png /var/www/icons/alert.red.gif /var/www/icons/alert.red.png /var/www/icons/apache_pb.gif /var/www/icons/apache_pb.png /var/www/icons/apache_pb2.gif /var/www/icons/apache_pb2.png /var/www/icons/apache_pb2_ani.gif /var/www/icons/back.gif /var/www/icons/back.png /var/www/icons/ball.gray.gif /var/www/icons/ball.gray.png /var/www/icons/ball.red.gif /var/www/icons/ball.red.png /var/www/icons/binary.gif /var/www/icons/binary.png /var/www/icons/binhex.gif /var/www/icons/binhex.png /var/www/icons/blank.gif /var/www/icons/blank.png /var/www/icons/bomb.gif /var/www/icons/bomb.png /var/www/icons/box1.gif /var/www/icons/box1.png /var/www/icons/box2.gif /var/www/icons/box2.png /var/www/icons/broken.gif /var/www/icons/broken.png /var/www/icons/burst.gif /var/www/icons/burst.png /var/www/icons/c.gif /var/www/icons/c.png /var/www/icons/comp.blue.gif /var/www/icons/comp.blue.png /var/www/icons/comp.gray.gif /var/www/icons/comp.gray.png /var/www/icons/compressed.gif /var/www/icons/compressed.png /var/www/icons/continued.gif /var/www/icons/continued.png /var/www/icons/dir.gif /var/www/icons/dir.png /var/www/icons/diskimg.gif /var/www/icons/diskimg.png /var/www/icons/down.gif /var/www/icons/down.png /var/www/icons/dvi.gif /var/www/icons/dvi.png /var/www/icons/f.gif /var/www/icons/f.png /var/www/icons/folder.gif /var/www/icons/folder.open.gif /var/www/icons/folder.open.png /var/www/icons/folder.png /var/www/icons/folder.sec.gif /var/www/icons/folder.sec.png /var/www/icons/forward.gif /var/www/icons/forward.png /var/www/icons/generic.gif /var/www/icons/generic.png /var/www/icons/generic.red.gif /var/www/icons/generic.red.png /var/www/icons/generic.sec.gif /var/www/icons/generic.sec.png /var/www/icons/hand.right.gif /var/www/icons/hand.right.png /var/www/icons/hand.up.gif /var/www/icons/hand.up.png /var/www/icons/icon.sheet.gif /var/www/icons/icon.sheet.png /var/www/icons/image1.gif /var/www/icons/image1.png /var/www/icons/image2.gif /var/www/icons/image2.png /var/www/icons/image3.gif /var/www/icons/image3.png /var/www/icons/index.gif /var/www/icons/index.png /var/www/icons/layout.gif /var/www/icons/layout.png /var/www/icons/left.gif /var/www/icons/left.png /var/www/icons/link.gif /var/www/icons/link.png /var/www/icons/movie.gif /var/www/icons/movie.png /var/www/icons/p.gif /var/www/icons/p.png /var/www/icons/patch.gif /var/www/icons/patch.png /var/www/icons/pdf.gif /var/www/icons/pdf.png /var/www/icons/pie0.gif /var/www/icons/pie0.png /var/www/icons/pie1.gif /var/www/icons/pie1.png /var/www/icons/pie2.gif /var/www/icons/pie2.png /var/www/icons/pie3.gif /var/www/icons/pie3.png /var/www/icons/pie4.gif /var/www/icons/pie4.png /var/www/icons/pie5.gif /var/www/icons/pie5.png /var/www/icons/pie6.gif /var/www/icons/pie6.png /var/www/icons/pie7.gif /var/www/icons/pie7.png /var/www/icons/pie8.gif /var/www/icons/pie8.png /var/www/icons/portal.gif /var/www/icons/portal.png /var/www/icons/poweredby.png /var/www/icons/ps.gif /var/www/icons/ps.png /var/www/icons/quill.gif /var/www/icons/quill.png /var/www/icons/right.gif /var/www/icons/right.png /var/www/icons/screw1.gif /var/www/icons/screw1.png /var/www/icons/screw2.gif /var/www/icons/screw2.png /var/www/icons/script.gif /var/www/icons/script.png /var/www/icons/small /var/www/icons/small/back.gif /var/www/icons/small/back.png /var/www/icons/small/binary.gif /var/www/icons/small/binary.png /var/www/icons/small/binhex.gif /var/www/icons/small/binhex.png /var/www/icons/small/blank.gif /var/www/icons/small/blank.png /var/www/icons/small/broken.gif /var/www/icons/small/broken.png /var/www/icons/small/burst.gif /var/www/icons/small/burst.png /var/www/icons/small/comp1.gif /var/www/icons/small/comp1.png /var/www/icons/small/comp2.gif /var/www/icons/small/comp2.png /var/www/icons/small/compressed.gif /var/www/icons/small/compressed.png /var/www/icons/small/continued.gif /var/www/icons/small/continued.png /var/www/icons/small/dir.gif /var/www/icons/small/dir.png /var/www/icons/small/dir2.gif /var/www/icons/small/dir2.png /var/www/icons/small/doc.gif /var/www/icons/small/doc.png /var/www/icons/small/forward.gif /var/www/icons/small/forward.png /var/www/icons/small/generic.gif /var/www/icons/small/generic.png /var/www/icons/small/generic2.gif /var/www/icons/small/generic2.png /var/www/icons/small/generic3.gif /var/www/icons/small/generic3.png /var/www/icons/small/image.gif /var/www/icons/small/image.png /var/www/icons/small/image2.gif /var/www/icons/small/image2.png /var/www/icons/small/index.gif /var/www/icons/small/index.png /var/www/icons/small/key.gif /var/www/icons/small/key.png /var/www/icons/small/movie.gif /var/www/icons/small/movie.png /var/www/icons/small/patch.gif /var/www/icons/small/patch.png /var/www/icons/small/ps.gif /var/www/icons/small/ps.png /var/www/icons/small/rainbow.gif /var/www/icons/small/rainbow.png /var/www/icons/small/sound.gif /var/www/icons/small/sound.png /var/www/icons/small/sound2.gif /var/www/icons/small/sound2.png /var/www/icons/small/tar.gif /var/www/icons/small/tar.png /var/www/icons/small/text.gif /var/www/icons/small/text.png /var/www/icons/small/transfer.gif /var/www/icons/small/transfer.png /var/www/icons/small/unknown.gif /var/www/icons/small/unknown.png /var/www/icons/small/uu.gif /var/www/icons/small/uu.png /var/www/icons/sound1.gif /var/www/icons/sound1.png /var/www/icons/sound2.gif /var/www/icons/sound2.png /var/www/icons/sphere1.gif /var/www/icons/sphere1.png /var/www/icons/sphere2.gif /var/www/icons/sphere2.png /var/www/icons/tar.gif /var/www/icons/tar.png /var/www/icons/tex.gif /var/www/icons/tex.png /var/www/icons/text.gif /var/www/icons/text.png /var/www/icons/transfer.gif /var/www/icons/transfer.png /var/www/icons/unknown.gif /var/www/icons/unknown.png /var/www/icons/up.gif /var/www/icons/up.png /var/www/icons/uu.gif /var/www/icons/uu.png /var/www/icons/uuencoded.gif /var/www/icons/uuencoded.png /var/www/icons/world1.gif /var/www/icons/world1.png /var/www/icons/world2.gif /var/www/icons/world2.png
Diverse Tools rund um den Apache-Server werden uns im RPM httpd-tools mitgeliefert, dessen Inhakt wir uns mit dem folgenden Aufruf anzeigen lassen können.
# rpm -qil httpd-tools
Name : httpd-tools Relocations: (not relocatable) Version : 2.2.15 Vendor: CentOS Release : 5.el6.centos Build Date: Do 07 Jul 2011 12:28:56 CEST Install Date: Fr 09 Sep 2011 20:16:26 CEST Build Host: c6b6.bsys.dev.centos.org Group : System Environment/Daemons Source RPM: httpd-2.2.15-5.el6.centos.src.rpm Size : 131365 License: ASL 2.0 Signature : RSA/8, Do 07 Jul 2011 13:50:22 CEST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://httpd.apache.org/ Summary : Tools for use with the Apache HTTP Server Description : The httpd-tools package contains tools which can be used with the Apache HTTP Server. /usr/bin/ab /usr/bin/htdbm /usr/bin/htdigest /usr/bin/htpasswd /usr/bin/logresolve /usr/share/doc/httpd-tools-2.2.15 /usr/share/doc/httpd-tools-2.2.15/LICENSE /usr/share/man/man1/ab.1.gz /usr/share/man/man1/htdbm.1.gz /usr/share/man/man1/htdigest.1.gz /usr/share/man/man1/htpasswd.1.gz /usr/share/man/man1/logresolve.1.gz
Damit nun auf unserem Web-Server auch Anfragen auf Port 80 auch zugelassen werden, passen wir noch die iptables-Filterregeln auf unserem System an.
Wir überprüfen also erst einmal die Paketfiltereinstellungen
# iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)
Für den Squid-Proxyserver, der auf Port 3128 lauschen wird, tragen wir also eine passende Regel in der Konfigurationsdatei des Paketfilters iptables ein.
# vim /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT # Django : 2011-11-16 htpp für Apache Webserver freigeschaltet -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Anschließend aktivieren wir die neue Regel, indem wir den Service iptables einmal durchstarten.
# service iptables restart
iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
Eine erneute Abfrage der Paketfilterregeln zeigt uns nun die neue Einstellung.
# iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
Nach erfolgter Installation der beiden Grundpakete können wir unseren Webserver das erste mal anstarten:
# service httpd start
Im Verzeichnis /var/log/httpd/ finden wir zwei Logfiles:
Damit der Server bei einem Systemstart des Rechner auch automatisch mitgestartet wird, aktivieren wir gleich noch das Startupscript im Verzeichnis /etc/init.d/
# chkconfig httpd on
Bei Bedarf können wir auch abfragen ob die Verlinkungen zum automatischen Systemstart passend gesetzt wurden.
# chkconfig --list | grep httpd
httpd 0:Aus 1:Aus 2:Ein 3:Ein 4:Ein 5:Ein 6:Aus