niedziela, 23 grudnia 2007

CentOS 5.0 - Home Server Tutorial - part 2

Last time I created local lan but I have server! Not router but server and every real sever has its http instance. In this part I'll describe how to create your own http/https server with virtual hosts, how to create self-sined ssl certificates and couple other things. We will use standard apache server version 2.2. It is default version on Centos 5.o and it can do whatever you want.

I belive that you know basics of apache configuration and you can claryfy diference between http and https. I advise you to restart httpd server after configuration steps. It prevents of makeing stupid mistakes at the beginning.

Let's start. How? I hope you know. Installation of httpd, of course.

1. Simple site

#yum install httpd

After this you will have fresh installation of apache 2.2 server. To start it type:

#/etc/init.d/httpd start

or

#service httpd start

Now, if you'll point your browser to http://localhost/ you'll see default centos/apache site. But it wasn't our aim. Create file for your http site. For testing purposes create file index.html containing:

<html>
<head>
<title>Default page</title>
</head>
<body>
My test page.
</body>
</html>

Put this file to /var/www/html/ directory and reload your browser. Yupi! That's it.

2. VIRTUAL DOMAIN AND SSL CERTIFICATES

In fact that is still not what I wanted. I bought two domains and they point to my public IP address. Let's call them examle1.com and example2.com. Now both domains shows the same - blithe 'My test page.' site. I'd like situation when on different domains will be difarent sites. More over I'd like to have different sites displayed via http:// and https:// protocols.

At the beginning I have to install ssl extension for httpd server.

#yum install mod_ssl

After restarting httpd you can point your browser (if there is no firawall) to https://localhost/. The same as previous site should appear. The browser will ask you to accept site certificate. If you will check this certificate you will notice that there are fields like 'SomeOrganisation'. We don't want them.

To create your own self-signed ssl certificate use this page. It describes very well how to do it. I changed directory when a put needed files to /etc/httpd/conf/.

OK. Now I have server.crt and server.key files and I can create my https virtual domain. But at first edit /etc/httpd/conf.d/ssl.conf file and remove part begginig with to the end of file. Now edit /etc/httpd/conf/httpd.conf file and add three lines to the end of file:

NameVirtualHost *:80
NameVirtualHost *:443
Include sites/*.site

Last line means that, in this moment, apache will include files from /etc/httpd/sites which ends with '.site'. But there is no such a directory. Create it! It is god practise to have each virtual domain configured in separate file. You will not get lost after couple of reconfigurations. Here I paste those four configuration files. Change them in your own way.

# cat example1.com.site
<VirtualHost *:80>
DocumentRoot /var/www/example1.com

ServerName http://example1.com

ErrorLog logs/example1.com.error.log

TransferLog logs/example1.com.transfer.log

CustomLog logs/example1.com.access.log common

<Directory /var/www/example1.com/>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>
</VirtualHost>

# cat example1.com.https.site
<VirtualHost *:443>
DocumentRoot /var/www/example1.com.https

ServerName https://example1.com

ErrorLog logs/example1.com.https.error.log

TransferLog logs/example1.com.https.transfer.log

CustomLog logs/example1.com.https.access.log common

SSLEngine On

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /etc/httpd/conf/server.crt

SSLCertificateKeyFile /etc/httpd/conf/server.key

<Directory /var/www/example1.com.https/>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>
</VirtualHost>

and two others just with example2.com instead of example1.com. As you can see those files points apache server to directories /var/www/example*. You have to create them and put there simple files to check if every domain and protocol displays diferent thing. To do so, insert different text between tags in those files.

Now you can fill your sites. Sever should be now able to handle http/https requests.

I hope I didn't miss any part of configuration because I've done those steps last month but I didn't have enough time to put them to this blog.