RHCE6 Preperation (8) - http, virtual host, http limited access

1, Implement a web server for the site http://serverX.example.com,then perform the following steps:
-- Download ftp://instructor.example.com/pub/rhce/server.html
-- Rename the downloaded file to index.html
-- Copy this index.html to DocumountRoot of your web server

-- Do NOT make any modifications to the content of index.html

Install the http,

yum install http*

start the service and make it auto start when booting,

service httpd startchkconfig httpd on

download the server.html to the DocumentRoot

cd /var/www/html/lftp 192.168.0.254

cd pub/rhceget server.html

rename it to index.html

mv server.html index.html

copy to the DocumentRoot,

cp index.html /var/www/html

Restore the default SELinux security context, 

restorecon –RvF *

restart the httpd service,

service httpd restart

Test it in the Firefox, input the server3.example.com, you will get the content of the index.html

or test from the instructor computer,

elinks server4.example.com

2, Extend your web server to include a virtual host for the site http://wwwX.example.com/,where X is your server number,then
perform the following steps:
-- Set the DocumentRoot to /var/http/virtual
-- Download ftp://instructor.example.com/pub/rhce/www.html
-- Rename the downloaded file to index.html
-- Place this index.html in the DocumentRoot of the virtual host
-- Do NOT make any modifications to the content of index.html
-- Ensure that harry is able to create content in /var/http/virtual
Note: The original web site http://serverX.example.com must still be accessable,DNS resolution for the hostname wwwX.example.com is already provided by the name server on instructor.example.com.

Create folder /var/http/virtual

mkdir –p /var/http/virtual

change the context value of /var/http and /var/http/virutal, one command change both,

chcon –Rt httpd_sys_content_t /var/http

can also use this command,

chcon -R -reference=/var/www/html/ /var/http/virtual

download the www.html from the instructor.example.com, 

lftp 192.168.0.254 > cd pub/rhce/ > get www.html

change the name to index.html and copy to /var/http/virtual,

mv www.html index.htmlcp index.html /var/http/virtual

modify the http configuration file, 

vim /etc/httpd/conf/httpd.conf

add the virtual host configuration, you can copy the template from the same document, 

<VirtualHost *:80>     DocumentRoot  /var/http/virtual     ServerName www3.example.com</VirtualHost>

the servername www3.example.com should be resolved by the DNS server at instructor.example.com

switch on the virtual host port, otherwise cannot work, at line 990, uncomments the line,

NameVirtualHost *:80

The virtual host will overlap and overwrite the original shared host,  so needs to add one additional virtual host to make the original host to continue to work and coexist with the virtual host, so the two virtual host can work independently without affection to each other.

<VirtualHost *:80>    DocumentRoot  /var/www/html    ServerName server3.example.com</VirtualHost>

Restart the httpd and make it auto start when boot

service httpd restartchkconfig httpd on

can test both address at Firefox, www3.example.com, server3.example.com

set the access condition of user harry to /var/http/virtual

setfacl -m u:harry:rwx /var/http/virtual

3, Create a directory /var/http/virtual/limited, Limit access to only local users, non-local user prohibited access

The folder /var/http/virtual/ is the same as the virtual host www3.example.com.

Create the folder limited,

cd /var/http/virtualmkdir limited

modify the configuration of /etc/httpd/conf/httpd.conf, in the configuration of the www3.example.com virtual host configuration,

vim /etc/httpd/conf/httpd.conf

<VirtualHost *:80>    DocumentRoot /var/http/virtual    ServerName www3.example.com<directory /var/http/virtual/limited>order deny,allowdeny from allallow from 192.168.0.</directory></VirtualHost>

from the configuration, the deny has lower priority than the allow, so allow IP segment of 192.168.0. will take effect. here cannot use the domain name, might not work.

another way to achieve the same result is to put the <directory> outside of the <VirtualHost>, 

make sure the root directory necessary parameters uncommented, 

<Directory "/var/www/html">    Options Indexes FollowSymlinks    AllowOverride None    Order allow,deny    Allow from all</Directory>

configure the additional Directory configuration,

<Directroy "/var/http/virtual/limited">    Options Indexes FollowSymlinks    Allow from 127.0.0.1 localhost server3.example.com 192.168.0.103    Deny from all</Directory>

test from the local server, input the address, www3.example.com/limited, can access, if in the Instructor computer, input the www3.example.com/limited, cannot access.

4, Configure the http service, needs to input the username and password to access the location, and the username is 'student', configure the /etc/httpd/conf/httpd.conf

vim /etc/httpd/conf/httpd.conf

modify the server3.example.com configuration as,

<VirtualHost *:80>    DocumentRoot /var/www/html    ServerName server3.example.com<directory /var/www/html/server2>authname userauthauthtype basicauthuserfile /etc/httpd/httpuserrequire user student</directory></VirtualHost>

add the student user to the http service 

htpasswd -cm /etc/httpd/httpuser student

test the result, at Firefox input the server3.example.com/server2, it will prompt out the interface to ask you to input the username and password, or you can copy one index.html file into the folder /var/www/html/server2/ and test again, after input the username and password, can access successful.