APACHE OPENSSL CERTIFICATE, PHP MYSQL, HTACCESS WEB DIRECTORY with SQUID WITHOUT SSL AND with SSL SETUP

Learn | Teach Open Source Technologies

APACHE OPENSSL CERTIFICATE, PHP MYSQL, HTACCESS WEB DIRECTORY with SQUID WITHOUT SSL AND with SSL SETUP

APACHE+OPENSSL+CERTIFICATE+PHP+MYSQL+HTACCESS WEB DIRECTORY SQUID WITHOUT SSL AND SSL SETUP

vi /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=reverseproxy.node01

:wq!

 

vi /etc/hosts

### LOCAL SERVER NAME RESOULTION###

127.0.0.1 localhost.localdomain         localhost

192.168.254.154 reverseproxy.node01     reverseproxy

### DOMAINS SETTING ###

192.168.254.154                 www.homedomain.com

192.168.254.154                 www.sindh.com

192.168.254.154                 www.islam.edu

192.168.254.154                 www.abc.com

192.168.254.154                 www.zeeshan.com

192.168.254.154                 www.rhce.com

:wq!

 

yum install httpd php mysql mysql-server mod_ssl mod_auth_mysql mysql-devel

php-devel php php-common php-gd php-mcrypt php-mhash php-xml php-xmlrpc php-domxml php-gd php-mbstring php-mysql php-ncurses php-pear

 

yum install openssl openssl-devel mod_python python python-devel

yum -y groupinstall “Development Tools”

yum install wget mlocate links

 

mkdir download

cd download/

 

wget http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.5.tar.gz

service httpd start && chkconfig –level 35 httpd on

service mysqld start && chkconfig –level 35 mysqld on

 

/usr/bin/mysql_secure_installation

Set root password? [Y/n] y

New password: redhat

Re-enter new password: redhat

Password updated successfully!

Remove anonymous users? [Y/n] y

Disallow root login remotely? [Y/n] y

Remove test database and access to it? [Y/n] y

Reload privilege tables now? [Y/n] y

 

Verify HTTPD MYSQL IS RUNNING.

netstat -antp

service iptables stop

chkconfig –level 35 iptables off

 

We should Create Document Roots.

cd /var/www/

mkdir site1 site2 site3 site4 site5 site6

 

We should make index page for site1.

vi site1/index.html

<html>

<body>

<center>SITE1.HOMEDOMAIN.COM -of- 192.168.254.152 Default Apache Server</center>

</body>

</html>

:wq!

 

We should make index page for site2.

vi site2/index.html

html>

<body>

<center>SITE2.SINDH.COM -of- 192.168.254.152 Default Apache Server</center>

</body>

</html>

:wq!

 

We should make index page for site3.

vi site3/index.html

<html>

<body>

<center>SITE3.ISLAM.EDU -of- 192.168.254.152 Default Apache Server</center>

</body>

</html>

:wq!

 

We should make index page for site4.

vi site4/index.html

<html>

<body>

<center>SITE4.ABC.COM WEL COME ABC DOMAIN IS WORKING THIS IS MY FIRST PAGE</center>

</body>

</html>

:wq!

 

We should make index page for site5.

vi site5/index.html

 

<html>

<body>

<center>SITE5.ZEESHAN.COM IS WORKING THIS IS MY PERSONAL WEB SITE PLEASE DONT TRYING TO HACK</center>

 

Regards,

Powerd By Zeehshan Bhatti

SYSTEM ADMINISTRATOR

Arpatech PVT LTD.

 

</body>

</html>

:wq!

 

We should make index page for site6.

vi site6/index.html

 

html>

<body>

<center>WEL COME RED HAT CERTIFIED ENGINEER SITE IS COMING SOON!!!</center>

<center><b>Regards,

Powerd By Zeehshan Bhatti

SYSTEM ADMINISTRATOR

Arpatech PVT LTD.

</b></center>

</body>

</html>

:wq!

 

Verify PHP is running we create one test PHP Default Page.

vi /var/www/html/test.php

<?php phpinfo();

:wq!

 

Open Browser & Type <192.168.254.154/test.php

Nice PHP & MYSQL is Running Fine

 

Now we Configure Apache

vi /etc/httpd/conf/httpd.conf

Listen 81 #on line 136 we change by default Apache Port.

ServerTokens Prod #on line 44 we change by default OS.

ServerSignature Off #on line 44 we change by default On.

:wq!

/etc/init.d/httpd restart

Now we Configure Apache Virtual Host

vi /etc/httpd/conf.d/vhost80.conf

####VIRTUAL HOSTS#####

NameVirtualHost 192.168.254.154:80

<VirtualHost 192.168.254.154:80>

DocumentRoot /var/www/site1

ServerName www.homedomain.com

ErrorLog logs/homedomain.com-error_log

CustomLog logs/homedomain.com-access_log common

SSLEngine off

</VirtualHost>

 

<VirtualHost 192.168.254.154:80>

DocumentRoot /var/www/site2

ServerName www.sindh.com

ErrorLog logs/sindh.com-error_log

CustomLog logs/sindh.com-access_log common

SSLEngine off

</VirtualHost>

 

<VirtualHost 192.168.254.154:80>

DocumentRoot /var/www/site3

ServerName www.islam.edu

ErrorLog logs/islam.edu-error_log

CustomLog logs/islam.edu-access_log common

SSLEngine off

</VirtualHost>

 

[root@localhost www]# tail -f /var/log/httpd/homedomain.com-access_log

192.168.254.1 – – [07/Jun/2013:01:01:58 +0500] “GET /favicon.ico HTTP/1.1” 404 209

192.168.254.1 – – [07/Jun/2013:01:01:58 +0500] “GET /favicon.ico HTTP/1.1” 404 209

 

root@localhost www]# tail -f /var/log/httpd/sindh.com-access_log

192.168.254.1 – – [07/Jun/2013:01:04:12 +0500] “GET /favicon.ico HTTP/1.1” 404 209

192.168.254.1 – – [07/Jun/2013:01:04:13 +0500] “GET /favicon.ico HTTP/1.1” 404 209

 

[root@localhost www]# tail -f /var/log/httpd/islam.edu-access_log

192.168.254.1 – – [07/Jun/2013:01:04:26 +0500] “GET /favicon.ico HTTP/1.1” 404 209

192.168.254.1 – – [07/Jun/2013:01:04:27 +0500] “GET /favicon.ico HTTP/1.1” 404 209

 

That’s Great our all 3 There Sites Logs is Showing Sites are up and Running fine

 

We should configure SSL.conf for SSL VHOST Sites.

cd /etc/httpd/conf.d/

vi ssl.conf

Listen 220 #Please Change By default Port 443 into 220 for Reverse Proxy Setting

#<VirtualHost _default_:443> #Please you just comment the directive

 

#please Insert in the end of File Virtual Host as per you domains

###SSL CERTIFICATE BASED WEB SITES ###

###WWW.ABC.COM###

NameVirtualHost 192.168.254.154:220

<VirtualHost 192.168.254.154:220>

DocumentRoot /var/www/site4

ServerName www.abc.com

ErrorLog logs/abc.com-ssl_error_log

TransferLog logs/abc.com-ssl_access_log

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/abc.com.crt

SSLCertificateKeyFile /etc/pki/tls/certs/abc.com.key

</VirtualHost>

 

####WWW.ZEESHAN.COM VHOST###

<VirtualHost 192.168.254.154:220>

DocumentRoot /var/www/site5

ServerName www.zeeshan.com

ErrorLog logs/zeeshan.com_ssl-error_log

CustomLog logs/zeeshan.com_ssl-access_log common

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/zeeshan.com.crt

SSLCertificateKeyFile /etc/pki/tls/certs/zeeshan.com.key

</VirtualHost>

 

####WWW.RHCE.COM VHOST###

<VirtualHost 192.168.254.154:220>

DocumentRoot /var/www/site6

ServerName www.rhce.com

ErrorLog logs/rhce.com-error_log

CustomLog logs/rhce.com-access_log common

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/rhce.com.crt

SSLCertificateKeyFile /etc/pki/tls/certs/rhce.com.key

:wq!

 

Now we generate certificates.

cd /etc/pki/tls/certs/

make abc.com.key

 

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > abc.com.key

Generating RSA private key, 2048 bit long modulus

.+++

.+++

e is 65537 (0x10001)

Enter pass phrase:redhat #Please give password

Verifying – Enter pass phrase:redhat #Please again provide same password

openssl rsa -in abc.com.key -out abc.com.key

 

Enter pass phrase for abc.com.key:redhat #Please again provide same password

writing RSA key

 

make abc.com.csr

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key abc.com.key -out abc.com.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:PK

State or Province Name (full name) []:SINDH

Locality Name (eg, city) [Default City]:KARACHI

Organization Name (eg, company) [Default Company Ltd]:ABC PVT LTD.

Organizational Unit Name (eg, section) []:IT DEPARTMENT

Common Name (eg, your name or your server’s hostname) []:www.abc.com

Email Address []:[email protected]

 

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:redhat

An optional company name []:

 

Please Verify Now Your Generated Certificate

openssl x509 -in abc.com.csr -out abc.com.crt -req -signkey abc.com.key -days 3650

 

Signature ok

subject=/C=PK/ST=SINDH/L=KARACHI/O=ABC PVT LTD./OU=IT DEPARTMENT/CN=www.abc.com/emailAddress=\x09\[email protected]

Getting Private key

 

chmod 400 abc.com.*

 

Now we generate zeeshan.com certificate

make zeeshan.com.key

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > zeeshan.com.key

Generating RSA private key, 2048 bit long modulus

…+++

…………………+++

e is 65537 (0x10001)

Enter pass phrase:redhat # Please set password

Verifying – Enter pass phrase:redhat #Same Password again.

openssl rsa -in zeeshan.com.key -out zeeshan.com.key

 

Enter pass phrase for zeeshan.com.key:redhat

writing RSA key

 

make zeeshan.com.csr

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key zeeshan.com.key -out zeeshan.com.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:PK

State or Province Name (full name) []:SINDH

Locality Name (eg, city) [Default City]:KARACHI

Organization Name (eg, company) [Default Company Ltd]:ZEESHAN PVT LTD.

Organizational Unit Name (eg, section) []:IP OPERATIONS

Common Name (eg, your name or your server’s hostname) []:www.zeeshan.com

Email Address []:[email protected]

 

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:REDHAT

 

openssl x509 -in zeeshan.com.csr -out zeeshan.com.crt -req -signkey zeeshan.com.key –

days 3650

 

Signature ok

subject=/C=PK/ST=SINDH/L=KARACHI/O=ZEESHAN PVT LTD./OU=IP OPERATIONS/CN=www.zeeshan.com/[email protected]

Getting Private key

 

chmod 400 zeeshan.com.*

 

Now we generate rhce.com certificate

make rhce.com.key

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > rhce.com.key

Generating RSA private key, 2048 bit long modulus

….+++

……+++

e is 65537 (0x10001)

Enter pass phrase:redhat # Please set password

Verifying – Enter pass phrase:redhat #Same Password again.

 

openssl rsa -in rhce.com.key -out rhce.com.key

 

Enter pass phrase for rhce.com.key:redhat

writing RSA key

 

make rhce.com.csr

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key rhce.com.key -out rhce.com.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:PK

State or Province Name (full name) []:SINDH

Locality Name (eg, city) [Default City]:KARACHI

Organization Name (eg, company) [Default Company Ltd]:RHCE PVT LTD PROMETRIC CENTER.

Organizational Unit Name (eg, section) []:IT DEPARTMENT

Common Name (eg, your name or your server’s hostname) []:www.rhce.com

Email Address []:[email protected]

 

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:redhat

An optional company name []:

 

openssl x509 -in rhce.com.csr -out rhce.com.crt -req -signkey rhce.com.key -days 3650

 

Signature ok

subject=/C=PK/ST=SINDH/L=KARACHI/O=RHCE PVT LTD PROMETRIC CENTER./OU=IT DEPARTMENT/CN=www.rhce.com/[email protected]

Getting Private key

 

chmod 400 rhce.com.*

 

Great All Certificates Successfully we generated!

Finally we can restart Apache web Service 

/etc/init.d/httpd restart

Stopping httpd:                                            [  OK  ]

Starting httpd:                                            [  OK  ]

Open Web Browser and type https://www.abc.com

tail -f /var/log/httpd/abc.com-ssl_access_log

192.168.254.1 – – [07/Jun/2013:18:24:40 +0500] “GET / HTTP/1.1” 200 114

192.168.254.1 – – [07/Jun/2013:18:24:41 +0500] “GET /favicon.ico HTTP/1.1” 404 209

Great www.abc.com is Running Fine and logs is showing

Open Web Browser and type https://www.zeeshan.com

tail -f /var/log/httpd/zeeshan.com_ssl-access_log

192.168.254.1 – – [07/Jun/2013:18:24:50 +0500] “GET / HTTP/1.1” 200 211

192.168.254.1 – – [07/Jun/2013:18:24:52 +0500] “GET /favicon.ico HTTP/1.1” 404 209

Great www.zeeshan.com is Running Fine and logs is showing

 

Open Web Browser and type https://www.rhce.com/

tail -f /var/log/httpd/rhce.com_ssl-access_log

192.168.254.1 – – [07/Jun/2013:18:31:54 +0500] “GET / HTTP/1.1” 200 209

192.168.254.1 – – [07/Jun/2013:18:31:55 +0500] “GET /favicon.ico HTTP/1.1” 404 209

Great www.rhce.com  is Running Fine and logs is showing

 

We configure .htaccss based Password Protected Web Directory in Apache.

cd /var/www/site2/

mkdir lock

htpasswd –c .htpasswd redhat

Adding password for username.New password:bhattipasswordRe-type new password:bhatti

 

vi /etc/httpd/conf/httpd.conf #Insert these lines in the end of file.

<Directory /var/www/site2/lock>

Options Indexes Includes FollowSymLinks MultiViews

AllowOverride AuthConfig

Order allow,deny

Allow from all

</Directory>

:wq!

Now we Start Squid Source package Installation.

cd root/download/

tar -xzvf squid-3.3.5.tar.gz

mv squid-3.3.5.tar.gz /tmp/

cd squid-3.3.5/

mkdir /opt/squid

 

./configure   –prefix=/opt/squid –enable-shared=yes   –enable-static=no   –enable-carp    –enable-storeio=aufs,ufs   –enable-removal-policies=heap,lru   –disable-icmp   –disable-delay-pools   –disable-esi   –enable-icap-client   –enable-useragent-log   –enable-referer-log   –disable-wccp   –enable-wccpv2   –disable-kill-parent-hack   –enable-snmp   –enable-cachemgr-hostname=localhost   –enable-arp-acl   –disable-htcp  –disable-forw-via-db   –enable-follow-x-forwarded-for   –enable-cache-digests    –disable-poll   –enable-epoll   –enable-linux-netfilter   –disable-ident-lookups   –enable-default-hostsfile=/etc/hosts    –with-default-user=squid   –with-large-files  –enable-mit=/usr   –with-logdir=/var/log/squid   –enable-http-violations   –enable-zph-qos   –with-filedescriptors=65536   –enable-gnuregex –enable-async-io=64 –with-aufs-threads=64  –with-pthreads –with-aio  –enable-default-err-languages=English –enable-err-languages=English –disable-hostname-checks –enable-underscores –enable-ssl ; make; make install && echo “SQUID SUCCESS” || echo “SQUID FAILED”

Great Compilation Not getting any Error it should successfully Done.

cd /opt/squid/etc/

vi squid.conf

 

http_port 3128 #Please Insert these lines bellow in this Directive.

 

http_port 80 accel defaultsite=www.homedomain.com vhost

http_port 80 accel defaultsite=www.sindh.com vhost

http_port 80 accel defaultsite=www.islam.edu vhost

 

https_port 443 accel cert=/etc/pki/tls/certs/abc.com.crt  key=/etc/pki/tls/certs/abc.com.key defaultsite=www.abc.com vhost

https_port 443 accel cert=/etc/pki/tls/certs/zeeshan.com.crt key=/etc/pki/tls/certs/zeeshan.com.key defaultsite=www.zeeshan.com vhost

https_port 443 accel cert=/etc/pki/tls/certs/rhce.com.crt key=/etc/pki/tls/certs/rhce.com.key defaultsite=www.rhce.com vhost

 

# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /opt/squid/var/cache/squid 100 16 256

 

# Leave coredumps in the first cache dir

coredump_dir /opt/squid/var/cache/squid

 

#Please Insert these lines in the end of File.

#######################################################################

######SQUID SERVER AS REVERS PROXY FOR APACHE WEB SERVER FOR PORT 81###

#######################################################################

cache_peer 192.168.254.154 parent 81 0 no-query originserver login=PASS name=saturn

 

#####################################################################

###SQUID SERVER AS REVERS PROXY FOR APACHE WEB SERVER FOR PORT 220###

#####################################################################

cache_peer 192.168.254.154 parent 220 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=zeeshan

 

####################################################

### ACL’s FOR APACHE WEB SERVER VHSOT FOR PORT 81###

####################################################

acl saturn_users dstdomain www.homedomain.com

acl saturn_users dstdomain www.sindh.com

acl saturn_users dstdomain www.islam.edu

 

#####################################################

### ACL’s FOR APACHE WEB SERVER VHSOT FOR PORT 220###

#####################################################

acl zee dstdomain www.abc.com

acl zee dstdomain www.zeeshan.com

acl zee dstdomain www.rhce.com

 

 

#################################

### HTTP ACCESS ALLOW FOR ACLS###

#################################

http_access allow saturn_users

http_access allow zee

 

#############################

###CACHE PEER ALLOW RULES####

#############################

cache_peer_access saturn allow saturn_users

cache_peer_access zeeshan allow zee

 

###########################

###CACHE PEER DENY RULES###

###########################

cache_peer_access saturn deny all

cache_peer_access zeeshan deny all

visible_hostname reverseproxy.node01

 

:wq!

 

chown squid:squid var/ -R

./sbin/squid –z

./sbin/squid –

 

ps aux | grep squid

root      1692  0.0  0.7  15264  3936 ?        Ss   22:12   0:00 ./squid

squid     1694  3.4  3.3  45344 17352 ?        S    22:12   0:00 (squid-1)

squid     1695  0.0  0.1   3632   976 ?        S    22:12   0:00 (logfile-daemon) /var/log/squid/access.log

squid     1696  0.0  0.1   3480   888 ?        S    22:12   0:00 (unlinkd)

root      1698  0.0  0.1   4356   748 pts/0    S+   22:12   0:00 grep squid

 

Great Squid is Started & Log and Process is Showing Squid is running as Normal Condition.

 

/sbin/service httpd restart

Stopping httpd:                                            [FAILED]  OHHHHHHHHHHHHHHHH

Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:220

(13)Permission denied: make_sock: could not bind to address 0.0.0.0:220

no listening sockets available, shutting down

Unable to open logs

 

Resolution of this Error

vi /etc/selinux/config

SELINUX=disabled

:wq!

 

setenforce 0

 

 

 

netstat -antp

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name

tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1304/mysqld

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1166/sshd

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1407/master

tcp        0     52 192.168.254.154:22          192.168.254.1:34160         ESTABLISHED 1477/sshd

tcp        0      0 :::80                       :::*                        LISTEN      1694/(squid-1)     

tcp        0      0 :::81                       :::*                        LISTEN      1661/httpd         

tcp        0      0 :::22                       :::*                        LISTEN      1166/sshd

tcp        0      0 :::3128                     :::*                        LISTEN      1694/(squid-1)     

tcp        0      0 :::443                      :::*                        LISTEN      1694/(squid-1)     

tcp        0      0 :::220                      :::*                        LISTEN      1661/httpd

 

tail  -f /var/log/squid/access.log

1370625428.239    135 192.168.254.1 TCP_MISS/304 289 GET http://www.homedomain.com/ – FIRSTUP_PARENT/192.168.254.154 –

1370625428.417      2 192.168.254.1 TCP_MISS/404 614 GET http://www.homedomain.com/favicon.ico – FIRSTUP_PARENT/192.168.254.154 text/html

That’s Great www.homedomain.com is running Fine!

tail -f /var/log/httpd/homedomain.com-access_log

192.168.254.154 – – [07/Jun/2013:22:17:08 +0500] “GET /squid-internal-periodic/store_digest HTTP/1.1” 404 315

192.168.254.154 – – [07/Jun/2013:22:17:08 +0500] “GET / HTTP/1.1” 304 –

192.168.254.154 – – [07/Jun/2013:22:17:08 +0500] “GET /favicon.ico HTTP/1.1” 404 293

That’s Great www.homedomain.com is running Fine!

 

tail  -f /var/log/squid/access.log

1370625559.985     98 192.168.254.1 TCP_MISS/200 522 GET https://www.abc.com/ – FIRSTUP_PARENT/192.168.254.154 text/html

1370625560.145     30 192.168.254.1 TCP_MISS/404 608 GET https://www.abc.com/favicon.ico – FIRSTUP_PARENT/192.168.254.154 text/html

That’s Great https:\\www.abc.com is running Fine!