APACHE OPENSSL CERTIFICATE, PHP MYSQL, HTACCESS WEB DIRECTORY with SQUID WITHOUT SSL AND with SSL SETUP

APACHE OPENSSL CERTIFICATE, PHP MYSQL, HTACCESS WEB DIRECTORY with SQUID WITHOUT SSL AND with SSL SETUP

APACHE+OPENSSL+CERTIFICATE+PHP+MYSQL+HTACCESS WEB DIRECTORY SQUID WITHOUT SSL AND SSL SETUP

vi /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=reverseproxy.node01

:wq!

 

vi /etc/hosts

### LOCAL SERVER NAME RESOULTION###

127.0.0.1 localhost.localdomain         localhost

192.168.254.154 reverseproxy.node01     reverseproxy

### DOMAINS SETTING ###

192.168.254.154                 www.homedomain.com

192.168.254.154                 www.sindh.com

192.168.254.154                 www.islam.edu

192.168.254.154                 www.abc.com

192.168.254.154                 www.zeeshan.com

192.168.254.154                 www.rhce.com

:wq!

 

yum install httpd php mysql mysql-server mod_ssl mod_auth_mysql mysql-devel

php-devel php php-common php-gd php-mcrypt php-mhash php-xml php-xmlrpc php-domxml php-gd php-mbstring php-mysql php-ncurses php-pear

 

yum install openssl openssl-devel mod_python python python-devel

yum -y groupinstall “Development Tools”

yum install wget mlocate links

 

mkdir download

cd download/

 

wget http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.5.tar.gz

service httpd start && chkconfig –level 35 httpd on

service mysqld start && chkconfig –level 35 mysqld on

 

/usr/bin/mysql_secure_installation

Set root password? [Y/n] y

New password: redhat

Re-enter new password: redhat

Password updated successfully!

Remove anonymous users? [Y/n] y

Disallow root login remotely? [Y/n] y

Remove test database and access to it? [Y/n] y

Reload privilege tables now? [Y/n] y

 

Verify HTTPD MYSQL IS RUNNING.

netstat -antp

service iptables stop

chkconfig –level 35 iptables off

 

We should Create Document Roots.

cd /var/www/

mkdir site1 site2 site3 site4 site5 site6

 

We should make index page for site1.

vi site1/index.html

<html>

<body>

<center>SITE1.HOMEDOMAIN.COM -of- 192.168.254.152 Default Apache Server</center>

</body>

</html>

:wq!

 

We should make index page for site2.

vi site2/index.html

html>

<body>

<center>SITE2.SINDH.COM -of- 192.168.254.152 Default Apache Server</center>

</body>

</html>

:wq!

 

We should make index page for site3.

vi site3/index.html

<html>

<body>

<center>SITE3.ISLAM.EDU -of- 192.168.254.152 Default Apache Server</center>

</body>

</html>

:wq!

 

We should make index page for site4.

vi site4/index.html

<html>

<body>

<center>SITE4.ABC.COM WEL COME ABC DOMAIN IS WORKING THIS IS MY FIRST PAGE</center>

</body>

</html>

:wq!

 

We should make index page for site5.

vi site5/index.html

 

<html>

<body>

<center>SITE5.ZEESHAN.COM IS WORKING THIS IS MY PERSONAL WEB SITE PLEASE DONT TRYING TO HACK</center>

 

Regards,

Powerd By Zeehshan Bhatti

SYSTEM ADMINISTRATOR

Arpatech PVT LTD.

 

</body>

</html>

:wq!

 

We should make index page for site6.

vi site6/index.html

 

html>

<body>

<center>WEL COME RED HAT CERTIFIED ENGINEER SITE IS COMING SOON!!!</center>

<center><b>Regards,

Powerd By Zeehshan Bhatti

SYSTEM ADMINISTRATOR

Arpatech PVT LTD.

</b></center>

</body>

</html>

:wq!

 

Verify PHP is running we create one test PHP Default Page.

vi /var/www/html/test.php

<?php phpinfo();

:wq!

 

Open Browser & Type <192.168.254.154/test.php

Nice PHP & MYSQL is Running Fine

 

Now we Configure Apache

vi /etc/httpd/conf/httpd.conf

Listen 81 #on line 136 we change by default Apache Port.

ServerTokens Prod #on line 44 we change by default OS.

ServerSignature Off #on line 44 we change by default On.

:wq!

/etc/init.d/httpd restart

Now we Configure Apache Virtual Host

vi /etc/httpd/conf.d/vhost80.conf

####VIRTUAL HOSTS#####

NameVirtualHost 192.168.254.154:80

<VirtualHost 192.168.254.154:80>

DocumentRoot /var/www/site1

ServerName www.homedomain.com

ErrorLog logs/homedomain.com-error_log

CustomLog logs/homedomain.com-access_log common

SSLEngine off

</VirtualHost>

 

<VirtualHost 192.168.254.154:80>

DocumentRoot /var/www/site2

ServerName www.sindh.com

ErrorLog logs/sindh.com-error_log

CustomLog logs/sindh.com-access_log common

SSLEngine off

</VirtualHost>

 

<VirtualHost 192.168.254.154:80>

DocumentRoot /var/www/site3

ServerName www.islam.edu

ErrorLog logs/islam.edu-error_log

CustomLog logs/islam.edu-access_log common

SSLEngine off

</VirtualHost>

 

[root@localhost www]# tail -f /var/log/httpd/homedomain.com-access_log

192.168.254.1 – – [07/Jun/2013:01:01:58 +0500] “GET /favicon.ico HTTP/1.1” 404 209

192.168.254.1 – – [07/Jun/2013:01:01:58 +0500] “GET /favicon.ico HTTP/1.1” 404 209

 

root@localhost www]# tail -f /var/log/httpd/sindh.com-access_log

192.168.254.1 – – [07/Jun/2013:01:04:12 +0500] “GET /favicon.ico HTTP/1.1” 404 209

192.168.254.1 – – [07/Jun/2013:01:04:13 +0500] “GET /favicon.ico HTTP/1.1” 404 209

 

[root@localhost www]# tail -f /var/log/httpd/islam.edu-access_log

192.168.254.1 – – [07/Jun/2013:01:04:26 +0500] “GET /favicon.ico HTTP/1.1” 404 209

192.168.254.1 – – [07/Jun/2013:01:04:27 +0500] “GET /favicon.ico HTTP/1.1” 404 209

 

That’s Great our all 3 There Sites Logs is Showing Sites are up and Running fine

 

We should configure SSL.conf for SSL VHOST Sites.

cd /etc/httpd/conf.d/

vi ssl.conf

Listen 220 #Please Change By default Port 443 into 220 for Reverse Proxy Setting

#<VirtualHost _default_:443> #Please you just comment the directive

 

#please Insert in the end of File Virtual Host as per you domains

###SSL CERTIFICATE BASED WEB SITES ###

###WWW.ABC.COM###

NameVirtualHost 192.168.254.154:220

<VirtualHost 192.168.254.154:220>

DocumentRoot /var/www/site4

ServerName www.abc.com

ErrorLog logs/abc.com-ssl_error_log

TransferLog logs/abc.com-ssl_access_log

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/abc.com.crt

SSLCertificateKeyFile /etc/pki/tls/certs/abc.com.key

</VirtualHost>

 

####WWW.ZEESHAN.COM VHOST###

<VirtualHost 192.168.254.154:220>

DocumentRoot /var/www/site5

ServerName www.zeeshan.com

ErrorLog logs/zeeshan.com_ssl-error_log

CustomLog logs/zeeshan.com_ssl-access_log common

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/zeeshan.com.crt

SSLCertificateKeyFile /etc/pki/tls/certs/zeeshan.com.key

</VirtualHost>

 

####WWW.RHCE.COM VHOST###

<VirtualHost 192.168.254.154:220>

DocumentRoot /var/www/site6

ServerName www.rhce.com

ErrorLog logs/rhce.com-error_log

CustomLog logs/rhce.com-access_log common

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/rhce.com.crt

SSLCertificateKeyFile /etc/pki/tls/certs/rhce.com.key

:wq!

 

Now we generate certificates.

cd /etc/pki/tls/certs/

make abc.com.key

 

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > abc.com.key

Generating RSA private key, 2048 bit long modulus

.+++

.+++

e is 65537 (0x10001)

Enter pass phrase:redhat #Please give password

Verifying – Enter pass phrase:redhat #Please again provide same password

openssl rsa -in abc.com.key -out abc.com.key

 

Enter pass phrase for abc.com.key:redhat #Please again provide same password

writing RSA key

 

make abc.com.csr

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key abc.com.key -out abc.com.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:PK

State or Province Name (full name) []:SINDH

Locality Name (eg, city) [Default City]:KARACHI

Organization Name (eg, company) [Default Company Ltd]:ABC PVT LTD.

Organizational Unit Name (eg, section) []:IT DEPARTMENT

Common Name (eg, your name or your server’s hostname) []:www.abc.com

Email Address []:[email protected]

 

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:redhat

An optional company name []:

 

Please Verify Now Your Generated Certificate

openssl x509 -in abc.com.csr -out abc.com.crt -req -signkey abc.com.key -days 3650

 

Signature ok

subject=/C=PK/ST=SINDH/L=KARACHI/O=ABC PVT LTD./OU=IT DEPARTMENT/CN=www.abc.com/emailAddress=\x09\[email protected]

Getting Private key

 

chmod 400 abc.com.*

 

Now we generate zeeshan.com certificate

make zeeshan.com.key

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > zeeshan.com.key

Generating RSA private key, 2048 bit long modulus

…+++

…………………+++

e is 65537 (0x10001)

Enter pass phrase:redhat # Please set password

Verifying – Enter pass phrase:redhat #Same Password again.

openssl rsa -in zeeshan.com.key -out zeeshan.com.key

 

Enter pass phrase for zeeshan.com.key:redhat

writing RSA key

 

make zeeshan.com.csr

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key zeeshan.com.key -out zeeshan.com.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:PK

State or Province Name (full name) []:SINDH

Locality Name (eg, city) [Default City]:KARACHI

Organization Name (eg, company) [Default Company Ltd]:ZEESHAN PVT LTD.

Organizational Unit Name (eg, section) []:IP OPERATIONS

Common Name (eg, your name or your server’s hostname) []:www.zeeshan.com

Email Address []:[email protected]

 

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:REDHAT

 

openssl x509 -in zeeshan.com.csr -out zeeshan.com.crt -req -signkey zeeshan.com.key –

days 3650

 

Signature ok

subject=/C=PK/ST=SINDH/L=KARACHI/O=ZEESHAN PVT LTD./OU=IP OPERATIONS/CN=www.zeeshan.com/[email protected]

Getting Private key

 

chmod 400 zeeshan.com.*

 

Now we generate rhce.com certificate

make rhce.com.key

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > rhce.com.key

Generating RSA private key, 2048 bit long modulus

….+++

……+++

e is 65537 (0x10001)

Enter pass phrase:redhat # Please set password

Verifying – Enter pass phrase:redhat #Same Password again.

 

openssl rsa -in rhce.com.key -out rhce.com.key

 

Enter pass phrase for rhce.com.key:redhat

writing RSA key

 

make rhce.com.csr

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key rhce.com.key -out rhce.com.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:PK

State or Province Name (full name) []:SINDH

Locality Name (eg, city) [Default City]:KARACHI

Organization Name (eg, company) [Default Company Ltd]:RHCE PVT LTD PROMETRIC CENTER.

Organizational Unit Name (eg, section) []:IT DEPARTMENT

Common Name (eg, your name or your server’s hostname) []:www.rhce.com

Email Address []:[email protected]

 

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:redhat

An optional company name []:

 

openssl x509 -in rhce.com.csr -out rhce.com.crt -req -signkey rhce.com.key -days 3650

 

Signature ok

subject=/C=PK/ST=SINDH/L=KARACHI/O=RHCE PVT LTD PROMETRIC CENTER./OU=IT DEPARTMENT/CN=www.rhce.com/[email protected]

Getting Private key

 

chmod 400 rhce.com.*

 

Great All Certificates Successfully we generated!

Finally we can restart Apache web Service 

/etc/init.d/httpd restart

Stopping httpd:                                            [  OK  ]

Starting httpd:                                            [  OK  ]

Open Web Browser and type https://www.abc.com

tail -f /var/log/httpd/abc.com-ssl_access_log

192.168.254.1 – – [07/Jun/2013:18:24:40 +0500] “GET / HTTP/1.1” 200 114

192.168.254.1 – – [07/Jun/2013:18:24:41 +0500] “GET /favicon.ico HTTP/1.1” 404 209

Great www.abc.com is Running Fine and logs is showing

Open Web Browser and type https://www.zeeshan.com

tail -f /var/log/httpd/zeeshan.com_ssl-access_log

192.168.254.1 – – [07/Jun/2013:18:24:50 +0500] “GET / HTTP/1.1” 200 211

192.168.254.1 – – [07/Jun/2013:18:24:52 +0500] “GET /favicon.ico HTTP/1.1” 404 209

Great www.zeeshan.com is Running Fine and logs is showing

 

Open Web Browser and type https://www.rhce.com/

tail -f /var/log/httpd/rhce.com_ssl-access_log

192.168.254.1 – – [07/Jun/2013:18:31:54 +0500] “GET / HTTP/1.1” 200 209

192.168.254.1 – – [07/Jun/2013:18:31:55 +0500] “GET /favicon.ico HTTP/1.1” 404 209

Great www.rhce.com  is Running Fine and logs is showing

 

We configure .htaccss based Password Protected Web Directory in Apache.

cd /var/www/site2/

mkdir lock

htpasswd –c .htpasswd redhat

Adding password for username.New password:bhattipasswordRe-type new password:bhatti

 

vi /etc/httpd/conf/httpd.conf #Insert these lines in the end of file.

<Directory /var/www/site2/lock>

Options Indexes Includes FollowSymLinks MultiViews

AllowOverride AuthConfig

Order allow,deny

Allow from all

</Directory>

:wq!

Now we Start Squid Source package Installation.

cd root/download/

tar -xzvf squid-3.3.5.tar.gz

mv squid-3.3.5.tar.gz /tmp/

cd squid-3.3.5/

mkdir /opt/squid

 

./configure   –prefix=/opt/squid –enable-shared=yes   –enable-static=no   –enable-carp    –enable-storeio=aufs,ufs   –enable-removal-policies=heap,lru   –disable-icmp   –disable-delay-pools   –disable-esi   –enable-icap-client   –enable-useragent-log   –enable-referer-log   –disable-wccp   –enable-wccpv2   –disable-kill-parent-hack   –enable-snmp   –enable-cachemgr-hostname=localhost   –enable-arp-acl   –disable-htcp  –disable-forw-via-db   –enable-follow-x-forwarded-for   –enable-cache-digests    –disable-poll   –enable-epoll   –enable-linux-netfilter   –disable-ident-lookups   –enable-default-hostsfile=/etc/hosts    –with-default-user=squid   –with-large-files  –enable-mit=/usr   –with-logdir=/var/log/squid   –enable-http-violations   –enable-zph-qos   –with-filedescriptors=65536   –enable-gnuregex –enable-async-io=64 –with-aufs-threads=64  –with-pthreads –with-aio  –enable-default-err-languages=English –enable-err-languages=English –disable-hostname-checks –enable-underscores –enable-ssl ; make; make install && echo “SQUID SUCCESS” || echo “SQUID FAILED”

Great Compilation Not getting any Error it should successfully Done.

cd /opt/squid/etc/

vi squid.conf

 

http_port 3128 #Please Insert these lines bellow in this Directive.

 

http_port 80 accel defaultsite=www.homedomain.com vhost

http_port 80 accel defaultsite=www.sindh.com vhost

http_port 80 accel defaultsite=www.islam.edu vhost

 

https_port 443 accel cert=/etc/pki/tls/certs/abc.com.crt  key=/etc/pki/tls/certs/abc.com.key defaultsite=www.abc.com vhost

https_port 443 accel cert=/etc/pki/tls/certs/zeeshan.com.crt key=/etc/pki/tls/certs/zeeshan.com.key defaultsite=www.zeeshan.com vhost

https_port 443 accel cert=/etc/pki/tls/certs/rhce.com.crt key=/etc/pki/tls/certs/rhce.com.key defaultsite=www.rhce.com vhost

 

# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /opt/squid/var/cache/squid 100 16 256

 

# Leave coredumps in the first cache dir

coredump_dir /opt/squid/var/cache/squid

 

#Please Insert these lines in the end of File.

#######################################################################

######SQUID SERVER AS REVERS PROXY FOR APACHE WEB SERVER FOR PORT 81###

#######################################################################

cache_peer 192.168.254.154 parent 81 0 no-query originserver login=PASS name=saturn

 

#####################################################################

###SQUID SERVER AS REVERS PROXY FOR APACHE WEB SERVER FOR PORT 220###

#####################################################################

cache_peer 192.168.254.154 parent 220 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=zeeshan

 

####################################################

### ACL’s FOR APACHE WEB SERVER VHSOT FOR PORT 81###

####################################################

acl saturn_users dstdomain www.homedomain.com

acl saturn_users dstdomain www.sindh.com

acl saturn_users dstdomain www.islam.edu

 

#####################################################

### ACL’s FOR APACHE WEB SERVER VHSOT FOR PORT 220###

#####################################################

acl zee dstdomain www.abc.com

acl zee dstdomain www.zeeshan.com

acl zee dstdomain www.rhce.com

 

 

#################################

### HTTP ACCESS ALLOW FOR ACLS###

#################################

http_access allow saturn_users

http_access allow zee

 

#############################

###CACHE PEER ALLOW RULES####

#############################

cache_peer_access saturn allow saturn_users

cache_peer_access zeeshan allow zee

 

###########################

###CACHE PEER DENY RULES###

###########################

cache_peer_access saturn deny all

cache_peer_access zeeshan deny all

visible_hostname reverseproxy.node01

 

:wq!

 

chown squid:squid var/ -R

./sbin/squid –z

./sbin/squid –

 

ps aux | grep squid

root      1692  0.0  0.7  15264  3936 ?        Ss   22:12   0:00 ./squid

squid     1694  3.4  3.3  45344 17352 ?        S    22:12   0:00 (squid-1)

squid     1695  0.0  0.1   3632   976 ?        S    22:12   0:00 (logfile-daemon) /var/log/squid/access.log

squid     1696  0.0  0.1   3480   888 ?        S    22:12   0:00 (unlinkd)

root      1698  0.0  0.1   4356   748 pts/0    S+   22:12   0:00 grep squid

 

Great Squid is Started & Log and Process is Showing Squid is running as Normal Condition.

 

/sbin/service httpd restart

Stopping httpd:                                            [FAILED]  OHHHHHHHHHHHHHHHH

Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:220

(13)Permission denied: make_sock: could not bind to address 0.0.0.0:220

no listening sockets available, shutting down

Unable to open logs

 

Resolution of this Error

vi /etc/selinux/config

SELINUX=disabled

:wq!

 

setenforce 0

 

 

 

netstat -antp

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name

tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1304/mysqld

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1166/sshd

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1407/master

tcp        0     52 192.168.254.154:22          192.168.254.1:34160         ESTABLISHED 1477/sshd

tcp        0      0 :::80                       :::*                        LISTEN      1694/(squid-1)     

tcp        0      0 :::81                       :::*                        LISTEN      1661/httpd         

tcp        0      0 :::22                       :::*                        LISTEN      1166/sshd

tcp        0      0 :::3128                     :::*                        LISTEN      1694/(squid-1)     

tcp        0      0 :::443                      :::*                        LISTEN      1694/(squid-1)     

tcp        0      0 :::220                      :::*                        LISTEN      1661/httpd

 

tail  -f /var/log/squid/access.log

1370625428.239    135 192.168.254.1 TCP_MISS/304 289 GET http://www.homedomain.com/ – FIRSTUP_PARENT/192.168.254.154 –

1370625428.417      2 192.168.254.1 TCP_MISS/404 614 GET http://www.homedomain.com/favicon.ico – FIRSTUP_PARENT/192.168.254.154 text/html

That’s Great www.homedomain.com is running Fine!

tail -f /var/log/httpd/homedomain.com-access_log

192.168.254.154 – – [07/Jun/2013:22:17:08 +0500] “GET /squid-internal-periodic/store_digest HTTP/1.1” 404 315

192.168.254.154 – – [07/Jun/2013:22:17:08 +0500] “GET / HTTP/1.1” 304 –

192.168.254.154 – – [07/Jun/2013:22:17:08 +0500] “GET /favicon.ico HTTP/1.1” 404 293

That’s Great www.homedomain.com is running Fine!

 

tail  -f /var/log/squid/access.log

1370625559.985     98 192.168.254.1 TCP_MISS/200 522 GET https://www.abc.com/ – FIRSTUP_PARENT/192.168.254.154 text/html

1370625560.145     30 192.168.254.1 TCP_MISS/404 608 GET https://www.abc.com/favicon.ico – FIRSTUP_PARENT/192.168.254.154 text/html

That’s Great https:\\www.abc.com is running Fine!