Grundinstallation Apache Webserver
Unseren Apache-Webserver installieren wir einfach mit Hilfe von YUM.
# yum install httpd httpd-tools -y
Paketinhalte
httpd
Was uns das Paket httpd alles mitbringt, zeigt uns der Aufruf von:
# rpm -qil httpd
Name : httpd Relocations: (not relocatable) Version : 2.2.15 Vendor: CentOS Release : 5.el6.centos Build Date: Do 07 Jul 2011 12:28:56 CEST Install Date: Fr 09 Sep 2011 20:16:28 CEST Build Host: c6b6.bsys.dev.centos.org Group : System Environment/Daemons Source RPM: httpd-2.2.15-5.el6.centos.src.rpm Size : 2886013 License: ASL 2.0 Signature : RSA/8, Do 07 Jul 2011 13:50:23 CEST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. /etc/httpd /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.d/README /etc/httpd/conf.d/welcome.conf /etc/httpd/conf/httpd.conf /etc/httpd/conf/magic /etc/httpd/logs /etc/httpd/modules /etc/httpd/run /etc/logrotate.d/httpd /etc/rc.d/init.d/httpd /etc/sysconfig/httpd /usr/lib/httpd /usr/lib/httpd/modules /usr/lib/httpd/modules/mod_actions.so /usr/lib/httpd/modules/mod_alias.so /usr/lib/httpd/modules/mod_asis.so /usr/lib/httpd/modules/mod_auth_basic.so /usr/lib/httpd/modules/mod_auth_digest.so /usr/lib/httpd/modules/mod_authn_alias.so /usr/lib/httpd/modules/mod_authn_anon.so /usr/lib/httpd/modules/mod_authn_dbd.so /usr/lib/httpd/modules/mod_authn_dbm.so /usr/lib/httpd/modules/mod_authn_default.so /usr/lib/httpd/modules/mod_authn_file.so /usr/lib/httpd/modules/mod_authnz_ldap.so /usr/lib/httpd/modules/mod_authz_dbm.so /usr/lib/httpd/modules/mod_authz_default.so /usr/lib/httpd/modules/mod_authz_groupfile.so /usr/lib/httpd/modules/mod_authz_host.so /usr/lib/httpd/modules/mod_authz_owner.so /usr/lib/httpd/modules/mod_authz_user.so /usr/lib/httpd/modules/mod_autoindex.so /usr/lib/httpd/modules/mod_cache.so /usr/lib/httpd/modules/mod_cern_meta.so /usr/lib/httpd/modules/mod_cgi.so /usr/lib/httpd/modules/mod_cgid.so /usr/lib/httpd/modules/mod_dav.so /usr/lib/httpd/modules/mod_dav_fs.so /usr/lib/httpd/modules/mod_dbd.so /usr/lib/httpd/modules/mod_deflate.so /usr/lib/httpd/modules/mod_dir.so /usr/lib/httpd/modules/mod_disk_cache.so /usr/lib/httpd/modules/mod_dumpio.so /usr/lib/httpd/modules/mod_env.so /usr/lib/httpd/modules/mod_expires.so /usr/lib/httpd/modules/mod_ext_filter.so /usr/lib/httpd/modules/mod_filter.so /usr/lib/httpd/modules/mod_headers.so /usr/lib/httpd/modules/mod_ident.so /usr/lib/httpd/modules/mod_include.so /usr/lib/httpd/modules/mod_info.so /usr/lib/httpd/modules/mod_ldap.so /usr/lib/httpd/modules/mod_log_config.so /usr/lib/httpd/modules/mod_log_forensic.so /usr/lib/httpd/modules/mod_logio.so /usr/lib/httpd/modules/mod_mime.so /usr/lib/httpd/modules/mod_mime_magic.so /usr/lib/httpd/modules/mod_negotiation.so /usr/lib/httpd/modules/mod_proxy.so /usr/lib/httpd/modules/mod_proxy_ajp.so /usr/lib/httpd/modules/mod_proxy_balancer.so /usr/lib/httpd/modules/mod_proxy_connect.so /usr/lib/httpd/modules/mod_proxy_ftp.so /usr/lib/httpd/modules/mod_proxy_http.so /usr/lib/httpd/modules/mod_proxy_scgi.so /usr/lib/httpd/modules/mod_reqtimeout.so /usr/lib/httpd/modules/mod_rewrite.so /usr/lib/httpd/modules/mod_setenvif.so /usr/lib/httpd/modules/mod_speling.so /usr/lib/httpd/modules/mod_status.so /usr/lib/httpd/modules/mod_substitute.so /usr/lib/httpd/modules/mod_suexec.so /usr/lib/httpd/modules/mod_unique_id.so /usr/lib/httpd/modules/mod_userdir.so /usr/lib/httpd/modules/mod_usertrack.so /usr/lib/httpd/modules/mod_version.so /usr/lib/httpd/modules/mod_vhost_alias.so /usr/sbin/apachectl /usr/sbin/htcacheclean /usr/sbin/httpd /usr/sbin/httpd.event /usr/sbin/httpd.worker /usr/sbin/httxt2dbm /usr/sbin/rotatelogs /usr/sbin/suexec /usr/share/doc/httpd-2.2.15 /usr/share/doc/httpd-2.2.15/ABOUT_APACHE /usr/share/doc/httpd-2.2.15/CHANGES /usr/share/doc/httpd-2.2.15/LICENSE /usr/share/doc/httpd-2.2.15/NOTICE /usr/share/doc/httpd-2.2.15/README /usr/share/doc/httpd-2.2.15/VERSIONING /usr/share/man/man8/apachectl.8.gz /usr/share/man/man8/htcacheclean.8.gz /usr/share/man/man8/httpd.8.gz /usr/share/man/man8/rotatelogs.8.gz /usr/share/man/man8/suexec.8.gz /var/cache/mod_proxy /var/lib/dav /var/log/httpd /var/run/httpd /var/www /var/www/cgi-bin /var/www/error /var/www/error/HTTP_BAD_GATEWAY.html.var /var/www/error/HTTP_BAD_REQUEST.html.var /var/www/error/HTTP_FORBIDDEN.html.var /var/www/error/HTTP_GONE.html.var /var/www/error/HTTP_INTERNAL_SERVER_ERROR.html.var /var/www/error/HTTP_LENGTH_REQUIRED.html.var /var/www/error/HTTP_METHOD_NOT_ALLOWED.html.var /var/www/error/HTTP_NOT_FOUND.html.var /var/www/error/HTTP_NOT_IMPLEMENTED.html.var /var/www/error/HTTP_PRECONDITION_FAILED.html.var /var/www/error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var /var/www/error/HTTP_REQUEST_TIME_OUT.html.var /var/www/error/HTTP_REQUEST_URI_TOO_LARGE.html.var /var/www/error/HTTP_SERVICE_UNAVAILABLE.html.var /var/www/error/HTTP_UNAUTHORIZED.html.var /var/www/error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var /var/www/error/HTTP_VARIANT_ALSO_VARIES.html.var /var/www/error/README /var/www/error/contact.html.var /var/www/error/include /var/www/error/include/bottom.html /var/www/error/include/spacer.html /var/www/error/include/top.html /var/www/error/noindex.html /var/www/html /var/www/icons /var/www/icons/README /var/www/icons/README.html /var/www/icons/a.gif /var/www/icons/a.png /var/www/icons/alert.black.gif /var/www/icons/alert.black.png /var/www/icons/alert.red.gif /var/www/icons/alert.red.png /var/www/icons/apache_pb.gif /var/www/icons/apache_pb.png /var/www/icons/apache_pb2.gif /var/www/icons/apache_pb2.png /var/www/icons/apache_pb2_ani.gif /var/www/icons/back.gif /var/www/icons/back.png /var/www/icons/ball.gray.gif /var/www/icons/ball.gray.png /var/www/icons/ball.red.gif /var/www/icons/ball.red.png /var/www/icons/binary.gif /var/www/icons/binary.png /var/www/icons/binhex.gif /var/www/icons/binhex.png /var/www/icons/blank.gif /var/www/icons/blank.png /var/www/icons/bomb.gif /var/www/icons/bomb.png /var/www/icons/box1.gif /var/www/icons/box1.png /var/www/icons/box2.gif /var/www/icons/box2.png /var/www/icons/broken.gif /var/www/icons/broken.png /var/www/icons/burst.gif /var/www/icons/burst.png /var/www/icons/c.gif /var/www/icons/c.png /var/www/icons/comp.blue.gif /var/www/icons/comp.blue.png /var/www/icons/comp.gray.gif /var/www/icons/comp.gray.png /var/www/icons/compressed.gif /var/www/icons/compressed.png /var/www/icons/continued.gif /var/www/icons/continued.png /var/www/icons/dir.gif /var/www/icons/dir.png /var/www/icons/diskimg.gif /var/www/icons/diskimg.png /var/www/icons/down.gif /var/www/icons/down.png /var/www/icons/dvi.gif /var/www/icons/dvi.png /var/www/icons/f.gif /var/www/icons/f.png /var/www/icons/folder.gif /var/www/icons/folder.open.gif /var/www/icons/folder.open.png /var/www/icons/folder.png /var/www/icons/folder.sec.gif /var/www/icons/folder.sec.png /var/www/icons/forward.gif /var/www/icons/forward.png /var/www/icons/generic.gif /var/www/icons/generic.png /var/www/icons/generic.red.gif /var/www/icons/generic.red.png /var/www/icons/generic.sec.gif /var/www/icons/generic.sec.png /var/www/icons/hand.right.gif /var/www/icons/hand.right.png /var/www/icons/hand.up.gif /var/www/icons/hand.up.png /var/www/icons/icon.sheet.gif /var/www/icons/icon.sheet.png /var/www/icons/image1.gif /var/www/icons/image1.png /var/www/icons/image2.gif /var/www/icons/image2.png /var/www/icons/image3.gif /var/www/icons/image3.png /var/www/icons/index.gif /var/www/icons/index.png /var/www/icons/layout.gif /var/www/icons/layout.png /var/www/icons/left.gif /var/www/icons/left.png /var/www/icons/link.gif /var/www/icons/link.png /var/www/icons/movie.gif /var/www/icons/movie.png /var/www/icons/p.gif /var/www/icons/p.png /var/www/icons/patch.gif /var/www/icons/patch.png /var/www/icons/pdf.gif /var/www/icons/pdf.png /var/www/icons/pie0.gif /var/www/icons/pie0.png /var/www/icons/pie1.gif /var/www/icons/pie1.png /var/www/icons/pie2.gif /var/www/icons/pie2.png /var/www/icons/pie3.gif /var/www/icons/pie3.png /var/www/icons/pie4.gif /var/www/icons/pie4.png /var/www/icons/pie5.gif /var/www/icons/pie5.png /var/www/icons/pie6.gif /var/www/icons/pie6.png /var/www/icons/pie7.gif /var/www/icons/pie7.png /var/www/icons/pie8.gif /var/www/icons/pie8.png /var/www/icons/portal.gif /var/www/icons/portal.png /var/www/icons/poweredby.png /var/www/icons/ps.gif /var/www/icons/ps.png /var/www/icons/quill.gif /var/www/icons/quill.png /var/www/icons/right.gif /var/www/icons/right.png /var/www/icons/screw1.gif /var/www/icons/screw1.png /var/www/icons/screw2.gif /var/www/icons/screw2.png /var/www/icons/script.gif /var/www/icons/script.png /var/www/icons/small /var/www/icons/small/back.gif /var/www/icons/small/back.png /var/www/icons/small/binary.gif /var/www/icons/small/binary.png /var/www/icons/small/binhex.gif /var/www/icons/small/binhex.png /var/www/icons/small/blank.gif /var/www/icons/small/blank.png /var/www/icons/small/broken.gif /var/www/icons/small/broken.png /var/www/icons/small/burst.gif /var/www/icons/small/burst.png /var/www/icons/small/comp1.gif /var/www/icons/small/comp1.png /var/www/icons/small/comp2.gif /var/www/icons/small/comp2.png /var/www/icons/small/compressed.gif /var/www/icons/small/compressed.png /var/www/icons/small/continued.gif /var/www/icons/small/continued.png /var/www/icons/small/dir.gif /var/www/icons/small/dir.png /var/www/icons/small/dir2.gif /var/www/icons/small/dir2.png /var/www/icons/small/doc.gif /var/www/icons/small/doc.png /var/www/icons/small/forward.gif /var/www/icons/small/forward.png /var/www/icons/small/generic.gif /var/www/icons/small/generic.png /var/www/icons/small/generic2.gif /var/www/icons/small/generic2.png /var/www/icons/small/generic3.gif /var/www/icons/small/generic3.png /var/www/icons/small/image.gif /var/www/icons/small/image.png /var/www/icons/small/image2.gif /var/www/icons/small/image2.png /var/www/icons/small/index.gif /var/www/icons/small/index.png /var/www/icons/small/key.gif /var/www/icons/small/key.png /var/www/icons/small/movie.gif /var/www/icons/small/movie.png /var/www/icons/small/patch.gif /var/www/icons/small/patch.png /var/www/icons/small/ps.gif /var/www/icons/small/ps.png /var/www/icons/small/rainbow.gif /var/www/icons/small/rainbow.png /var/www/icons/small/sound.gif /var/www/icons/small/sound.png /var/www/icons/small/sound2.gif /var/www/icons/small/sound2.png /var/www/icons/small/tar.gif /var/www/icons/small/tar.png /var/www/icons/small/text.gif /var/www/icons/small/text.png /var/www/icons/small/transfer.gif /var/www/icons/small/transfer.png /var/www/icons/small/unknown.gif /var/www/icons/small/unknown.png /var/www/icons/small/uu.gif /var/www/icons/small/uu.png /var/www/icons/sound1.gif /var/www/icons/sound1.png /var/www/icons/sound2.gif /var/www/icons/sound2.png /var/www/icons/sphere1.gif /var/www/icons/sphere1.png /var/www/icons/sphere2.gif /var/www/icons/sphere2.png /var/www/icons/tar.gif /var/www/icons/tar.png /var/www/icons/tex.gif /var/www/icons/tex.png /var/www/icons/text.gif /var/www/icons/text.png /var/www/icons/transfer.gif /var/www/icons/transfer.png /var/www/icons/unknown.gif /var/www/icons/unknown.png /var/www/icons/up.gif /var/www/icons/up.png /var/www/icons/uu.gif /var/www/icons/uu.png /var/www/icons/uuencoded.gif /var/www/icons/uuencoded.png /var/www/icons/world1.gif /var/www/icons/world1.png /var/www/icons/world2.gif /var/www/icons/world2.png
httpd-tools
Diverse Tools rund um den Apache-Server werden uns im RPM httpd-tools mitgeliefert, dessen Inhakt wir uns mit dem folgenden Aufruf anzeigen lassen können.
# rpm -qil httpd-tools
Name : httpd-tools Relocations: (not relocatable) Version : 2.2.15 Vendor: CentOS Release : 5.el6.centos Build Date: Do 07 Jul 2011 12:28:56 CEST Install Date: Fr 09 Sep 2011 20:16:26 CEST Build Host: c6b6.bsys.dev.centos.org Group : System Environment/Daemons Source RPM: httpd-2.2.15-5.el6.centos.src.rpm Size : 131365 License: ASL 2.0 Signature : RSA/8, Do 07 Jul 2011 13:50:22 CEST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://httpd.apache.org/ Summary : Tools for use with the Apache HTTP Server Description : The httpd-tools package contains tools which can be used with the Apache HTTP Server. /usr/bin/ab /usr/bin/htdbm /usr/bin/htdigest /usr/bin/htpasswd /usr/bin/logresolve /usr/share/doc/httpd-tools-2.2.15 /usr/share/doc/httpd-tools-2.2.15/LICENSE /usr/share/man/man1/ab.1.gz /usr/share/man/man1/htdbm.1.gz /usr/share/man/man1/htdigest.1.gz /usr/share/man/man1/htpasswd.1.gz /usr/share/man/man1/logresolve.1.gz
Konfiguration
Paketfilter anpassen
Damit nun auf unserem Web-Server auch Anfragen auf Port 80 auch zugelassen werden, passen wir noch die iptables-Filterregeln auf unserem System an.
Wir überprüfen also erst einmal die Paketfiltereinstellungen
# iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)
Für den Squid-Proxyserver, der auf Port 3128 lauschen wird, tragen wir also eine passende Regel in der Konfigurationsdatei des Paketfilters iptables ein.
# vim /etc/sysconfig/iptables
- /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT # Django : 2011-11-16 htpp für Apache Webserver freigeschaltet -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Anschließend aktivieren wir die neue Regel, indem wir den Service iptables einmal durchstarten.
# service iptables restart
iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
Eine erneute Abfrage der Paketfilterregeln zeigt uns nun die neue Einstellung.
# iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
Programmstart
manueller Systemstart
Nach erfolgter Installation der beiden Grundpakete können wir unseren Webserver das erste mal anstarten:
# service httpd start
Im Verzeichnis /var/log/httpd/ finden wir zwei Logfiles:
- access.log Hier werden die Zugriffe geloggt.
- error.log Im Fehlerfall finden wir in dieser Logdatei meist wertvolle Hinweise über weitere
automatischer Systemstart
Damit der Server bei einem Systemstart des Rechner auch automatisch mitgestartet wird, aktivieren wir gleich noch das Startupscript im Verzeichnis /etc/init.d/
# chkconfig httpd on
Bei Bedarf können wir auch abfragen ob die Verlinkungen zum automatischen Systemstart passend gesetzt wurden.
# chkconfig --list | grep httpd
httpd 0:Aus 1:Aus 2:Ein 3:Ein 4:Ein 5:Ein 6:Aus
127.0.0.1