stevepedwards.com/DebianAdmin linux mint IT admin tips info

Apache2 Webserver Install on Mint Quianna

I am using PuTTY on Win7 to SSH into a new install of Mint to see if anything major has changed with Apache2 since the example install on my old page here:

http://www.stevepedwards.com/Apache2_Info.html

I assume I can paste most of the old commands straight in, with possible minor changes, so let's see...

First install Apache2:

apt-get install apache2


Check if the web services are running by Nmapping the local host:

nmap 127.0.0.1


Port 80 is open! This means the default test page should be viewable over my net in a browser, using the full http prefix http://iomegamint so the browser broadcasts for port 80 locally, rather than checks google:


If you have never installed Apache before, you may want to read about it, so check the docs suggested in the Default Page as shown:

vi /usr/share/doc/apache2/README.Debian.gz


Note there is an issue with SSL and MS Internet Explorer that requires a workaround in the above text! If you are going to run a production Apache server you need to fix whatever this is, as unfortunately, there are still a lot of poor folk who are stuck with IE due to work policies, or just don't know better...remember the grc.com investigation into large company proxy server spoofing for private data logging, using false SSL certificates on my webpage Apache link? This means that a green SSL lock bar will show in the browser address AS IF you are directly connected and traffic encrypted to the site you THINK you are seeing when you are not exactly. Some mobile phone companies were also caught at this "man in the middle" false proxy behaviour.

***************************************************************************

"Apache2 Webserver Info...and if you want to know how Webpage Security technology (should!) work - unless Microsoft and others are forging false Certificates for the NSA et al (what a surprise - see GRC.com on Cert fingerprinting) as usual, then get this powerpoint from the Open University:

ISCW_Cryptography_and_VPNs"


***************************************************************************

As I have a folder of my old online web pages, and have copied it to the Mint root directory, I can alter the Apache config file to point to that location, as it already contains the index.html main page, similar to my Website page at www.stevepedwards.com.

The default conf file and contents is found in /etc:


vi /etc/apache2/sites-enabled/000-default.conf


Make a backup of this file somewhere safe in case you mess it up editing e.g.

cp –v /etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/000-default.conf.bak

NOTE this file no longer has basic "Directory" nesting and commands examples in it as the last time I did this in about 2008 – you have to know what to type in, so you need to read the documentation. As I am being lazy and already know what to put in from before, that will work, I'm going to copy that info without getting into their meanings, security implications or functions, in this article. That's for later maybe.

Edit this 000 file to suit your setup once you have researched it, or just get it up and running for now as I'm doing – in my case, postmaster name, website directory location (/www) etc:


Save the file and restart apache:


To see if you get your index page, refresh the browser page with F5



OK, seems not – this version (and maybe the older 2009 Apache2 – I can't remember) seems to have gone down the current "secure default install" route that much software and equipment does now as stated above, so that an Admin has to knowingly change it before use, and hopefully – knowing why..!

I'll follow some steps from my original webpage How To for password secured web server access:

Create an empty password file where you like:

vi /etc/apache2/pwd

Save this empty file then run:

htpasswd -c /etc/apache2/pwd uname


OK, get apache2-utils in first, then re-run htpasswd:



You may want to research what a SALT, SHA and MD5 hashes are...

http://en.wikipedia.org/wiki/Salt_(cryptography)


http://en.wikipedia.org/wiki/MD5


http://en.wikipedia.org/wiki/Secure_Hash_Algorithm


http://en.wikipedia.org/wiki/Web_application_security

"Because many users re-use passwords for multiple sites, the use of a salt is an important component of overall web application security."


See also:

http://en.wikipedia.org/wiki/Content_Security_Policy

The content of the pwd file is now:


Now you can see the user name text against its hash above.

Now restart apache again and see if it allows access:


To fix the warning above, you need to set a ServerName in /etc/apache2/apache2.conf, say at the start of the first uncommented line:

vi /etc/apache2/apache2.conf

# Global configuration
#
ServerName dell531
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept

apachectl configtest
Syntax OK

/etc/init.d/apache2 restart
* Restarting web server apache2 [ OK ]

OK – check for access again...

No –still not enough done – need more conf file definitions added – from my original article, the following directives have to be added to the DEFAULT-SITE conf file also, nested correctly in or outside Directory Tags:

vi /etc/apache2/sites-available/000-default.conf

Note: the info just changed in the SITES-ENABLED folder has been added to this file automatically too:


Restart and try access again:



Enter your credentials and you are in!


Now go and read the Apache docs, and the Wiki links above.

Comments are closed.

Post Navigation