Lab Questions

1. 

In this first lab, you'll install and configure Apache to start and run automatically the next time you boot your computer. You'll also configure the default Mozilla Web browser home page as the default home page for the local computer.

1. 

First, make sure the Apache Web server is installed. If an rpm -q httpd command tells you that it is missing, you haven't installed the Web Server package group. The most efficient way to do so is with the Red Hat Package Management utility, only accessible through the Linux GUI.

To configure Apache to start, you'll want to run the apachectl start command. To make sure it starts the next time you boot your computer, you'll want to run the chkconfig --level 35 httpd on command.

Once Apache is installed, you should be able to access it by opening a browser and navigating to http://localhost. You can see in the default Apache configuration file that the DocumentRoot is located in /var/www/html. The default Mozilla home page is located at /usr/share/doc/HTML/index.html. You can copy that index.html file to the /var/www/html directory, and test the result by navigating once again to http://localhost. If you did not copy the other files associated with the default Mozilla home page, you'll be missing some icons.

2. 

In this second lab, you'll configure two Web sites on the local Apache server. Call them big.example.big and small.example.small. Don't forget to create the directories that you need, as well as set up these Web sites on your DNS server or /etc/hosts file. Make sure your Web sites are accessible to users from remote computers on your network. Add an appropriate index.html file to the DocumentRoot for each Web site. Simple Web pages, such as a single line of text, are acceptable.

2. 

This lab requires that you create two virtual hosts in the main Apache configuration file, /etc/httpd/conf/httpd.conf. To do so, you should do the following:

1. Set the NameVirtualHost directive to the IP address and port (80) serving your intended network audience.

2. Add a VirtualHost container with the same IP address.

3. Assign the ServerAdmin to the e-mail address of this Web site's administrator.

4. Configure a unique DocumentRoot directory.

5. Set the first ServerName to big.example.big.

6. Add ErrorLog and CustomLog directives, and set them to unique filenames in the /etc/httpd/logs directory. With the default ServerRoot, you can use a relative logs directory, such as:

   ErrorLog logs/big.example.big-error_log

7. Make sure to close the VirtualHost container.

8. Repeat the process for the second Web site, making sure to set the second ServerName to small.example.small.

9. Close and save the httpd.conf file with your changes.

10. Create any new directories that you configured with the DocumentRoot directives.

11. Create index.html text files in each directory defined by your new DocumentRoot directives. Don't worry about HTML code; a text file is fine for the purpose of this lab.

12. Make sure these domain names are configured in your DNS server or in /etc/hosts. For example, you could add the following lines to /etc/hosts:

    192.168.30.2 big.example.big 192.168.30.2 small.example.small

13. Disable any firewall on your computer. Alternatively, you can use the Security Level Configuration tool (redhat-config-securitylevel) utility to allow HTTP data through your firewall; see Chapter 10 for more information on this process.

14. Finally, make sure to run the apachectl restart command to reread the httpd.conf configuration file, so Apache reads your changes.

15. Now you can test the result in the browser of your choice. If it works, the big.example.big and small.example.small domain names should direct you to the index.html files that you created for each Web site.

3. 

Continuing on with Apache, now configure secure versions for each of your two Web sites. Make sure that there are appropriate directories available for each secure Web site.

3. 

The basics of this lab are straightforward. You'll need to repeat the same basic steps as you performed in Part 2; you're just editing the /etc/httpd/conf.d/ssl.conf configuration file. However, there are a few things to be concerned about:

• Make sure that the top VirtualHost directive points to the IP address that you're using for your Web server.

• Set up the DocumentRoot in a directory different from a regular Web server.

• Configure the ErrorLog and CustomLog separately; it can help to associate it with the name of the secure Web site.

Continuing on with Apache, now configure secure versions for each of your two Web sites. Make sure that there are appropriate directories available for each secure Web site.

4. 

Set up a Squid proxy server on your computer. Set up access to your LAN on the 10.11.12.0/255.255.255.0 network. Assign appropriate values to acl, http_access, and visible_hostname. Set up the cache directories for Squid. Make sure it starts now and automatically the next time you reboot your computer.

4. 

First, Squid is automatically installed when you install the Web server package group. To configure a Squid proxy server for your network, you'll need to configure /etc/squid/squid.conf. Assume the name of your computer is myproxy, and you're arbitrarily assigning mylan as the name for your LAN. If your network IP address is not 10.11.12.0, substitute accordingly. In this file, you'll need to add the following lines:

visible_hostname=myproxy acl mylan src 10.11.12.0/255.255.255.0 http_access allow mylan

Next, you'll need to set up the Squid directories with the following command:

# squid -z

Finally, to configure Squid to start, you'll want to run the service squid start command. To make sure it starts the next time you boot your computer, you'll want to run the chkconfig --level 35 squid on command.

But you'll also need to activate proxy server access in client applications such as Web browsers. Remember that you can do so by pointing your browsers to port 3128.

5. 

Configure an FTP server for your computer. Make sure to allow only anonymous access. Don't allow anonymous users to upload to your server. Enable messages when users access your /var/ftp and /var/ftp/pub directories. Add an appropriate one-line message to each directory. Test the result, preferably from a remote computer. Make sure to start the vsFTP server now, and see that it starts automatically the next time you reboot your computer.

5. 

The vsFTP server is part of a one-RPM package group. So if you have not installed this server during the installation process, the quickest thing to do is to connect to your installation source (CD or network), and install it from that location. For example, if the source is mounted on /mnt/source, you'd install it with the following command:

# rpm --Uvh /mnt/source/RedHat/RPMS/vsftpd-1.2.0-4.i386.rpm

This also installs configuration files in the /etc and /etc/vsftpd directories. The main configuration file is /etc/vsftpd/vsftpd.conf. Based on the RHEL 3 default version of this file, you can make the following changes. To allow only anonymous access, comment out the following line:

local_enable=yes

Anonymous users are already prevented from uploading files to your server. You could enable it by activating the anon_upload_enable=yes command. By default, messages are already enabled for directory access on an FTP server, courtesy of the following command:

dirmessage_enable=yes

Actually configuring a message is a matter of creating a text file, and saving it as .message in the desired directories, /var/ftp, and /var/ftp/pub. You could add a simple line such as 'root directory for the FTP server' or 'main download directory.'

Finally, to configure the Red Hat FTP server to start, you'll want to run the service vsftpd start command. To make sure it starts the next time you boot your computer, you'll want to run the chkconfig --level 35 vsftpd on command.

6. 

Set up a sendmail mail server for your network. First, make sure to disable local-only access in the /etc/mail/sendmail.mc file. Add your network to the /etc/mail/access file. Test the result, preferably from a remote computer on your network. Configure Mozilla to read your e-mail. You can set it up to read e-mail without downloading it from the server (even if it's a POP3 server). Make sure to start the sendmail server now, and see that it starts automatically the next time you reboot your computer.

6. 

The sendmail mail server is part of the Mail Server package group. It is automatically installed when you install RHEL 3. You could install related packages using the Package Management utility, or you could install the sendmail-cf RPM package.

To disable local-only access in the /etc/mail/sendmail.mc file, comment out the following line. Unlike most Linux configuration files, you'll want to add a dnl at the start of this line:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

The dnl at the end of the line does not affect the command to its left. Next, you'll want to enable support through /etc/mail/access. If you want to support your LAN with this server, and its network address is 10.11.12.0, you'd add the following command line to /etc/mail/access:

10.11.12             RELAY

You can test the result from the e-mail client of your choice. It's easiest to use a client such as Mozilla. Netscape users should find this browser to be familiar; it uses the Netscape code, which has been released under an open source-style license. If you're not familiar with Mozilla, you can open it by clicking on the globe icon adjacent to the Main Menu icon in the lower-left corner of the desktop. Once Mozilla is open, click Window | Mail & Newsgroups to open the Mozilla mail management utility. If this is the first time you've opened the Mozilla mail management utility, the Account Wizard prompts you to add the information associated with your e-mail account. Otherwise, click the Add Account button.

You'll need to know the name of your incoming mail server, whether it conforms to the POP3 or IMAP4 protocols, and the name (and password) of your account. You presumably already know the name of the outgoing mail server, the name of the computer with the sendmail server that you just configured.