Web Service Management
Define web management.Its Principle
Getting ready
$ vagrant up
$ vagrant ssh
How to do it
From the man pages httpd, it Apache Hypertext Transfer Protocol Server.
Install/Configuring a web server
$ sudo yum install httpd
$ sudo systemctl enable httpd
$ sudo systemctl start httpd
$ sudo firewall-cmd --permanent --add-service=http
success
$ sudo firewall-cmd --reload
success
$ sudo vim /etc/httpd/conf.d/myweb.conf
<VirtualHost *:80>
ServerAdmin centos7server.com
DocumentRoot /var/www/html
</VirtualHost>
<Directory /var/www/html>
AllowOverride None
Require all granted
</Directory>
$ sudo systemctl restart httpd
$ curl http://centos7server.com
This is My First web
$ curl http://192.168.56.101
This is My First web
Configuring a Web Modified**
$ sudo mkdir /var/www/html/private
$ sudo vim /etc/httpd/conf.d/myweb.conf
<Directory /var/www/html/private>
Order deny,allow
Allow from 192.168.56.101
</Directory>
$ sudo systemctl restart httpd
$ curl http://centos7server.com
This is modification web
Configuring and TroubleShooting Virtual Host**
$ sudo mkdir -p /usr/local/vhost
$ sudo vim /etc/httpd/conf.d/myweb.conf
<VirtualHost *:80>
ServerAdmin vhost.com
DocumentRoot /usr/local/vhost
</VirtualHost>
<Directory /usr/local/vhost>
AllowOverride None
Require all granted
</Directory>
$ sudo systemctl restart httpd
$ curl http://vhost.com
This is my virtualHost
Configuring Web Security
Install security
$ sudo yum install mod_ssl
$ sudo firewall--cmd --add-service=https --permanent
success
or
$ sudo firewall--cmd --add-port=443 --permanent
success
Now configure ssl
$ sudo vim /etc/httpd/conf.d/ssl.conf
Listen 443 https
<VirtualHost _default_:443>
ServerName 192.168.101:443
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/pki/tls/certs/my.crt
SSLCertificateKeyFile /etc/pki/tls/certs/my.key
#SSLCertificateChainFile /etc/pki/tls/certs/my-chaintest.crt
</VirtualHost>
Create certificate and key
$ sudo cd /etc/pki/tls/certs
$ sudo make my.key
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > my.key
Generating RSA private key, 2048 bit long modulus
........................................+++
.....................................................+++
e is 65537 (0x10001)
Enter pass phrase:
140657062766496:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:869:You must type in 4 to 8191 characters
Enter pass phrase:
Verifying - Enter pass phrase:
140657062766496:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:869:You must type in 4 to 8191 characters
Enter pass phrase:
Verifying - Enter pass phrase:
$ sudo openssl rsa -in my.key -out my.key
Enter pass phrase for my.key:
writing RSA key
$ ls
ca-bundle.crt localhost.crt Makefile renew-dummy-cert
ca-bundle.trust.crt make-dummy-cert my.key
[root@localhost certs]# make my.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key my.key -out my.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:91
State or Province Name (full name) []:^Cmake: *** wait: No child processes. Stop.
make: *** Waiting for unfinished jobs....
make: *** wait: No child processes. Stop.
$ sudo make my.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key my.key -out my.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:bangalore
Locality Name (eg, city) [Default City]:bangalore
Organization Name (eg, company) [Default Company Ltd]:CYTPL
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:192.168.56.101
Email Address []:cloudyuga.guru
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
$ sudo openssl x509 -in my.csr -out my.crt -req -signkey my.key -days 3650
Signature ok
subject=/C=IN/ST=bangalore/L=bangalore/O=cypt/OU=it/CN=192.168.56.101/[email protected]
Getting Private key
$ ls
ca-bundle.crt localhost.crt Makefile my.csr renew-dummy-cert
ca-bundle.trust.crt make-dummy-cert my.crt my.key
$ sudo chmod 400 my.*
$ sudo systemctl restart httpd
curl http://centos7server.com
Integrate Dynamic web Content
Install mod_wsgi
$ sudo yum install mod_wsgi
$ sudo firewall-cmd --permanent –add-port=8962/tcp
$ sudo firewall-cmd –reload
$ sudo vim /etc/httpd/conf/httpd.conf
Listen 8962
:wq
$ sudo vim /etc/httpd/conf.d/myweb.conf
<VirtualHost *:8962>
ServerName myapp.com
WSGIScriptAlias / /usr/local/vhost/myapp.py
</VirtualHost>
:wq
$ sudo systemctl restart httpd.service
$ curl http://myapp:8962
Now create wsgi file
$ sudo /usr/local/vhost/myapp.py
def application (environ, start_response):
status = '200 OK'
html = '<html> \ n' \
'<Body> \ n' \
'<Div style = "width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> \ n' \
'This page Test Succesfully \ n' \
'</ Div> \ n' \
'</ Body> \ n' \
'</ Html> \ n'
response_header = [( 'Content-type', 'text / html')]
start_response (status, response_header)
return [html]
:wq
Database Connectivity