Lab 6

Web-Server Configurations

1. Configure Apache2 Web-server for Virtual host:

a) Create the directory structures

The first step that we are going to take is to make a directory structure that will hold the
site data that we will be serving to visitors.
Our document root (the top-level directory that Apache looks at to find content to
serve) will be set to individual directories under the /var/www directory. We will
create a directory here for both of the virtual hosts we plan on making.
Within each of these directories, we will create a public_html folder that will hold our
actual files. This gives us some flexibility in our hosting.
For instance, for our sites, we're going to make our directories like this:
sudo mkdir -p /var/www/test.net/public_html
sudo mkdir -p /var/www/test.com/public_html

b) Grant Permissions
Now we have the directory structure for our files, but they are owned by our root user. If we
want our regular user to be able to modify files in our web directories, we can change the
ownership by doing this:

sudo chown -R $USER:$USER /var/www/test.net/public_html

sudo chown -R $USER:$USER /var/www/test.com/public_html

The $USER variable will take the value of the user you are currently logged in as when you
press "ENTER". By doing this, our regular user now owns the public_html subdirectories
where we will be storing our content.
We should also modify our permissions a little bit to ensure that read access is permitted to the
general web directory and all of the files and folders it contains so that pages can be served
correctly:
sudo chmod -R 755 /var/www

Your web server should now have the permissions it needs to serve content, and your user
should be able to create content within the necessary folders.

c) Create Demo Pages for Each Virtual Host

We have our directory structure in place. Let's create some content to serve.
We're just going for a demonstration, so our pages will be very simple. We're just going to make
an index.html page for each site.

Page 1
Let's start with test.net. We can open up an index.html file in our editor by typing:
nano /var/www/test.net/public_html/index.html

In this file, create a simple HTML document that indicates the site it is connected to. My file
looks like this:

<html>
<head>
<title>Welcome to test.net!</title>
</head>
<body>
<h1>Success! The test.net virtual host is working!</h1>
</body>
</html>

Save and close the file when you are finished.

We can copy this file to use as the basis for our second site by typing:
cp /var/www/test.net/public_html/index.html /var/www/test.com/public_html/index.html

We can then open the file and modify the relevant pieces of information:
nano /var/www/test.com/public_html/index.html

<html>
<head>
<title>Welcome to Test.com!</title>
</head>
<body>
<h1>Success! The test.com virtual host is working!</h1>
</body>
</html>

Save and close this file as well. You now have the pages necessary to test the virtual host
configuration.

d) Create New Virtual Host Files

Virtual host files are the files that specify the actual configuration of our virtual hosts and
dictate how the Apache web server will respond to various domain requests.
Apache comes with a default virtual host file called 000-default.conf that we can use as
a jumping off point. We are going to copy it over to create a virtual host file for each of our
domains.
We will start with one domain, configure it, copy it for our second domain, and then make the
few further adjustments needed. The default Ubuntu configuration requires that each virtual
host file end in .conf.

e) Create the First Virtual Host File

Page 2
Start by copying the file for the first domain:

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/test.net.conf

Open the new file in your editor with root privileges:

sudo nano /etc/apache2/sites-available/test.net.conf

ServerAdmin [email protected]
ServerName test.net
ServerAlias www.test.net
DocumentRoot /var/www/test.net/public_html

Repeat (e) to create the configuration file for the virtual host file for test.com.

f) Enable the New Virtual Host Files:

Now that we have created our virtual host files, we must enable them. Apache includes some
tools that allow us to do this.
We can use the a2ensite tool to enable each of our sites like this:
sudo a2ensite test.net.conf
sudo a2ensite test.com.conf

When you are finished, you need to restart Apache to make these changes take effect:
sudo service apache2 restart

g) Test your Results

Test your Results
http://test.net
http://test.com

Page 3
2. Set Up Password Authentication with Apache

a) Install the Apache Utilities Package

In order to create the file that will store the passwords needed to access our restricted content,
we will use a utility called htpasswd. This is found in the apache2-utils package within
the Ubuntu repositories.
Update the local package cache and install the package by typing this command. We will take
this opportunity to also grab the Apache2 server in case it is not yet installed on the server:
sudo apt-get update
sudo apt-get install apache2-utils

b) Create the Password File

We now have access to the htpasswd command. We can use this to create a password file that
Apache can use to authenticate users. We will create a hidden file for this purpose called
.htpasswd within our /etc/apache2 configuration directory.
The first time we use this utility, we need to add the -c option to create the specified file. We
specify a username (sammy in this example) at the end of the command to create a new entry
within the file:
sudo htpasswd -c /etc/apache2/.htpasswd sammy

You will be asked to supply and confirm a password for the user.
Leave out the -c argument for any additional users you wish to add:
sudo htpasswd /etc/apache2/.htpasswd another_user

If we view the contents of the file, we can see the username and the encrypted password for
each record:
cat /etc/apache2/.htpasswd
c) Configure Apache Password Authentication

Now that we have a file with our users and passwords in a format that Apache can read, we need
to configure Apache to check this file before serving our protected content. We can do this in
two different ways.
The first option is to edit the Apache configuration and add our password protection to the
virtual host file. This will generally give better performance because it avoids the expense of
reading distributed configuration files. If you have this option, this method is recommended.

Page 4
If you do not have the ability to modify the virtual host file (or if you are already using
.htaccess files for other purposes), you can restrict access using an.htaccessfile. Apache
uses.htaccess` files in order to allow certain configuration items to be set within a file in a
content directory. The disadvantage is that Apache has to re-read these files on every request
that involves the directory, which can impact performance.
Configuring Access Control within the Virtual Host Definition
Begin by opening up the virtual host file that you wish to add a restriction to. For our example,
we'll be using the 000-default.conf file that holds the default virtual host installed through
Ubuntu's apache package:
sudo nano /etc/apache2/sites-enabled/000-default.conf

Inside, with the comments stripped, the file should look similar to this:
/etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Authentication is done on a per-directory basis. To set up authentication, you will need to target
the directory you wish to restrict with a <Directory ___> block.

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory "/var/www/html">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
</VirtualHost>

Save and close the file when you are finished. Restart Apache to implement your password
policy:
sudo service apache2 restart

Page 5