Linux palvelimena – Homework 5 – Apache

Week 5 – Apache

The fifth week had us install and configure the apache2 web server.

Course homepage: http://terokarvinen.com/2012/aikataulu-%E2%80%93-linux-palvelimena-ict4tn003-3-ja-ict4tn003-5-kevaalla-2012

Sources used:

http://www.linuxquestions.org/questions/linux-networking-3/turn-off-disable-php-for-some-virtual-hosts-in-apache-412577

http://httpstatus500.com

http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

Assignment

Create a name based virtual host.

Create three of them:
– One with PHP enabled
– One with PHP disabled
– One with a setting of your choosing (see apache2-doc)

Cause the following http status codes to appear in the log files:  200, 404, 403, 500. Analyze the lines containing them. (Bonus: 304).

Voluntary bonus: SSL/TLS in Apache. (Challenging bonus exercise: acquire a free, official certificate.)

Environment

Ubuntu 12.04 @ Virtualbox, username: antero, computer: VirtualBox

Creating name based virtual hosts

Time to get started.

Installing required packages

Let’s install Apache and PHP first.

antero@VirtualBox:~$ sudo apt-get install apache2
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap
Suggested packages:
  apache2-doc apache2-suexec apache2-suexec-custom
The following NEW packages will be installed:
  apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap
0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,817 kB of archives.
After this operation, 5,220 kB of additional disk space will be used.
Do you want to continue [Y/n]? y
...
Setting up apache2 (2.2.22-1ubuntu1) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
antero@VirtualBox:~$

Then to install PHP. I’ll just get the metapackage ‘php5’, which installs the required lib for apache2.

antero@VirtualBox:~$ sudo apt-get install php5
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  apache2-mpm-prefork libapache2-mod-php5 php5-cli php5-common
Suggested packages:
  php-pear php5-suhosin
The following packages will be REMOVED:
  apache2-mpm-worker
The following NEW packages will be installed:
  apache2-mpm-prefork libapache2-mod-php5 php5 php5-cli php5-common
0 upgraded, 5 newly installed, 1 to remove and 0 not upgraded.
Need to get 6,359 kB of archives.
After this operation, 17.3 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
...
Setting up php5 (5.3.10-1ubuntu3.4) ...
Setting up php5-cli (5.3.10-1ubuntu3.4) ...

Creating config file /etc/php5/cli/php.ini with new version
update-alternatives: using /usr/bin/php5 to provide /usr/bin/php (php) in auto mode.
antero@VirtualBox:~$

This might be an apt time to enable userdir and php5 in Apache.

antero@VirtualBox:~$ sudo a2enmod userdir
Enabling module userdir.
To activate the new configuration, you need to run:
  service apache2 restart
antero@VirtualBox:~$ sudo a2enmod php5
Module php5 already enabled
antero@VirtualBox:~$ sudo service apache2 restart
 * Restarting web server apache2                                                                                                              apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
 ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
                                                                                                                                       [ OK ]
antero@VirtualBox:~$

Preliminary steps

In order to create the virtual hosts, we need to do prepare a bit.

I’m going to create hosts called bansh.ee, haunt.er and marr.ow. I want them to point to localhost, I’ll add them to /etc/hosts, the result of which looks like this:

127.0.0.1       localhost
127.0.1.1       VirtualBox
127.0.0.1       bansh.ee
127.0.0.1       haunt.er
127.0.0.1       marr.ow

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

I’ll be creating their DocumentRoots to /home/antero/banshee, haunter and marrow. However, if we want php to work there, we’ll need to comment out some lines in /etc/apache2/mods-available/php5.conf, after which it’ll look like this:

<IfModule mod_php5.c>
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
    # To re-enable php in user directories comment the following lines
    # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
    # prevents .htaccess files from disabling it.
    #<IfModule mod_userdir.c>
    #    <Directory /home/*/public_html>
    #        php_admin_value engine Off
    #    </Directory>
    # </IfModule>
</IfModule>

Might as well create the sites’ directories now:

antero@VirtualBox:~$ mkdir banshee
antero@VirtualBox:~$ mkdir haunter
antero@VirtualBox:~$ mkdir marrow
antero@VirtualBox:~$ ls
banshee  Desktop  Documents  Downloads  examples.desktop  haunter  marrow  Music  Pictures  Public  Templates  Videos
antero@VirtualBox:~$

I’ll create an index.html (which might later be renamed to index.php) into each directory, with the site’s name as the content. Then we’ll create the sites’ files in /etc/apache2/sites-available. Result:

antero@VirtualBox:/etc/apache2/sites-available$ cat haunter
<VirtualHost *:80> 
        ServerName haunt.er
        ServerAlias www.haunt.er
        DocumentRoot /home/antero/haunter
</VirtualHost>

antero@VirtualBox:/etc/apache2/sites-available$ cat banshee
<VirtualHost *:80> 
        ServerName bansh.ee
        ServerAlias www.bansh.ee
        DocumentRoot /home/antero/banshee
</VirtualHost>

antero@VirtualBox:/etc/apache2/sites-available$ cat marrow
<VirtualHost *:80> 
        ServerName marr.ow
        ServerAlias www.marr.ow
        DocumentRoot /home/antero/banshee
</VirtualHost>

antero@VirtualBox:/etc/apache2/sites-available$

Let’s use a2ensite to enable the freshly created sites. Note how we use apache2 restart instead of reload.

antero@VirtualBox:/etc/apache2/sites-available$ sudo a2ensite banshee
Enabling site banshee.
To activate the new configuration, you need to run:
  service apache2 reload
antero@VirtualBox:/etc/apache2/sites-available$ sudo service apache2 restart
 * Restarting web server apache2                                                                                                              apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
 ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
                                                                                                                                       [ OK ]
antero@VirtualBox:/etc/apache2/sites-available$

Navigating to http://bansh.ee with Firefox brings up the index.html in /home/antero/banshee. Success!

Also, I made a mistake earlier. Marrow’s DocumentRoot pointed to /banshee. It’s fixed now.

PHP

Now, let’s see if PHP works. I’ll create an index.php (as opposed to renaming the previously created index.html) in /home/antero/banshee. Its contents:

antero@VirtualBox:~/banshee$ cat index.php 
<!doctype html>
<html>
<head>
<title>Banshee's php page</title>
<meta charset="utf-8" />
</head>
<body>

Testing php!

<?php
phpinfo();
?>

Let’s navigate to http://bansh.ee/index.php with Firefox. Result:

Excellent! Now, this means that PHP works for each of our three sites. What if I want to disable PHP on bansh.ee? We add “php_value engine off” in /etc/apache2/sites-available/banshee. Source: http://www.linuxquestions.org/questions/linux-networking-3/turn-off-disable-php-for-some-virtual-hosts-in-apache-412577/

Let’s restart apache2 and try navigating to index.php again. Nope, doesn’t work anymore. Here’s a screenshot:

We’ll want to make sure that PHP still works for haunt.er and marr.ow, so let’s just copy the index.php to their respective directories:

antero@VirtualBox:~/banshee$ cp index.php ../haunter
antero@VirtualBox:~/banshee$ cp index.php ../marrow

PHP still works for the two other sites. Notice that the page title is still from banshee’s index.php due to me not having changed the contents of the file.

Custom setting

Time to try a setting of my choice. I’ll set marrow’s errorlog to /home/antero/marrow/err0r_log (I dislike leetspeak, but it’s very distinctive and thus fitting for this exercise):

<VirtualHost *:80>
        ServerName marr.ow
        ServerAlias www.marr.ow
        DocumentRoot /home/antero/marrow
        ErrorLog /home/antero/marrow/err0r_log
</VirtualHost>

Now, let’s navigate to some non-existent marr.ow urls: http://marr.ow/lalaa and http://marr.ow/lalaa.html. Not found, eh? Did our errorlog setting work?

antero@VirtualBox:~/marrow$ cat err0r_log 
[Mon Sep 24 12:28:11 2012] [error] [client 127.0.0.1] File does not exist: /home/antero/marrow/lalaa
[Mon Sep 24 12:28:18 2012] [error] [client 127.0.0.1] File does not exist: /home/antero/marrow/lalaa.html
antero@VirtualBox:~/marrow$ 

It certainly did.

HTTP Status codes

Let’s see if we can generate the called-for errors 200, 403, 404 and 500. We just did 404, so that leaves 200, 403 and 500. Let’s wikipedia up what those status codes mean:

200 OK
Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request the response will contain an entity describing or containing the result of the action

403 Forbidden
The request was a valid request, but the server is refusing to respond to it.[2] Unlike a 401 Unauthorized response, authenticating will make no difference.[2] On servers where authentication is required, this commonly means that the provided credentials were successfully authenticated but that the credentials still do not grant the client permission to access the resource (e.g. a recognized user attempting to access restricted content).

500 Internal Server Error
A generic error message, given when no more specific message is suitable.

Source: http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

I except 200 to be fairly easy to produce.In fact, it’s probably already present because of previous page loads. Let’s take a look at /var/log/apache2/other_vhosts_access.log:

bansh.ee:80 127.0.0.1 - - [24/Sep/2012:11:32:43 +0300] "GET / HTTP/1.1" 200 363 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/201$

The line tells the host, port and ip, time of access, method (GET), status code, browser info and OS info. That’s another one down. 403 and 500 remain. Let’s see if we get 403 if we remove all permissions for marrow’s index.html, restart apache2 (and empty Firefox’s cache):

antero@VirtualBox:~/marrow$ chmod a-rwx index.html
antero@VirtualBox:~/marrow$ sudo service apache2 restart
 * Restarting web server apache2                                                                                                              
 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
 ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
                                                                                                                                       [ OK ]

Well, navigating to http://marr.ow does now yield a Forbidden page, like so:

Let’s take a look at err0r_log this time:

antero@VirtualBox:~/marrow$ cat err0r_log 
[Mon Sep 24 12:28:11 2012] [error] [client 127.0.0.1] File does not exist: /home/antero/marrow/lalaa
[Mon Sep 24 12:28:18 2012] [error] [client 127.0.0.1] File does not exist: /home/antero/marrow/lalaa.html
[Mon Sep 24 12:50:59 2012] [error] [client 127.0.0.1] (13)Permission denied: file permissions deny server access: /home/antero/marrow/index.html

The browser does display a 403 Forbidden page as well. Let’s try another method. We’ll create /home/antero/haunter/.htaccess, whose contents look like this:

antero@VirtualBox:~/haunter$ cat .htaccess 
deny from all
antero@VirtualBox:~/haunter$

It causes http://haunt.er to display the 403 Forbidden page. Let’s see if we can find a reference to 403 in the logs. /var/log/apache2/other_vhosts_access.log contains:

haunt.er:80 127.0.0.1 - - [24/Sep/2012:13:00:22 +0300] "GET / HTTP/1.1" 403 492 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/201$

Yes. That leaves us with code 500. Code 500 seems to be more of a “something’s wrong” type of error code. So, let’s break something. How about inserting a mishmash of garbled data into haunt.er’s .htaccess file? Source: http://httpstatus500.com/

antero@VirtualBox:~/haunter$ cat .htaccess 
asdasgdernherhysetrh sftrnsrom all
antero@VirtualBox:~/haunter$

Navigating to http://haunt.er results in:

which counts as a success for the purposes of this exercise. Also, /var/log/apache2/other_vhosts_access.log now contains the line:

haunt.er:80 127.0.0.1 - - [24/Sep/2012:13:09:34 +0300] "GET / HTTP/1.1" 500 632 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/201$

That’s all the error codes down. Breaking apache2 isn’t that easy, which is nice.

 

Advertisements

About a1100320

IT student, musician, gamer. Beep boop.
This entry was posted in Linux palvelimena ICT4TN003-4. Bookmark the permalink.

One Response to Linux palvelimena – Homework 5 – Apache

  1. Pingback: Viikko 3 – Apachen virtuaalipalvelin « Lauri & Linux = love?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s