Linux, C++ and other Tortures

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, 11 December 2011

Apache on the Cloud

Posted on 03:05 by Unknown
I will explain step by step how to configure Apache within a Ubuntu server running in the Cloud. In my previous post I explained how to configure the Amazon Web Service in order to have an Ubuntu Server running 7x24. At the end of this tutorial we will have a public html page visible to everybody.

A. Connect into your remote instance and install Apache

ssh -i Ubuntu_10_04_32.pem ubuntu@ec2-46-137-60-179.eu-west-1.compute.amazonaws.com

sudo apt-get update

sudo apt-get install apache2 apache2-utils apache2-threaded-dev

Belive it or not you just created and publish a web page on the Internet. Open your favorite web browser and paste on the url the identifier of your cloud instance (You can find it in your connector command, in my case ec2-46-137-60-179.eu-west-1.compute.amazonaws.com)

Fig.1 Our public page


B. Configure Apache for ssh connection and authentication

Ok, that was pretty impressive, but what happens if you want to transmit and receive all the information encrypted, and actually what if I do not want everybody accessing to my web page. All this can be achieved by configuring apache. We will explain here the steps needed on Ubuntu, but if you are seriously thinking on developing web applications you should get some background on Apache. Here http://www.apache.org/dist/httpd/docs/ you can find the official apache documentation.

On the Ubuntu Server 10.04 the version of apache installed by default is the 2.2

ubuntu@ip-10-48-98-200:~$ apache2ctl -v
Server version: Apache/2.2.14 (Ubuntu)
Server built:   Nov  3 2011 03:31:27

So the file you are looking for is httpd-docs-2.2.14.en.pdf


That being said here you can find a set of commands that you will use in your daily life with Apache

sudo update-rc.d -f apache2 remove --> Prevent Apache autostart
sudo update-rc.d apache2 defaults   -->  Restore Apache autostart

sudo apache2ctl -k start --> Starts apache
sudo apache2ctl -k stops --> Stop apache
sudo apache2ctl restart --> Restart apache (Needed when you change a configuration file to be took into account)

a2dismod/a2enmod --> Disable/Enable module

a2dissite/a2ensite --> Disable/Enable site


B.1 Configure Apache for ssh connection

Enable the Apache ssl module, the default ssl site and restart Apache:

sudo a2enmod ssl
sudo a2ensite default-ssl
apache2ctl restart



By doing this you should be able to access to your web site via https. By default you are using a Non verified certificate so Firefox will warn you about this. Just add the exception and continue.



If you want to use your own certificates just follow these steps:

Create the directory where you want to store the certificate:

sudo mkdir /etc/apache2/ssl

Generate the certificate (You will have to enter several information that will be attached within the certificate):

sudo openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem

Generating a 1024 bit RSA private key
..............................................................++++++
..++++++
writing new private key to '/etc/apache2/ssl/apache.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:PACA
Locality Name (eg, city) []:Antibes
Organization Name (eg, company) [Internet Widgits Pty Ltd]:N/A
Organizational Unit Name (eg, section) []:N/A
Common Name (eg, YOUR name) []:Javier
Email Address []:jbravoc27@hotmail.com

Now you can find your own certificate under /etc/apache2/ssl:

ll  /etc/apache2/ssl
drwxr-xr-x 2 root root 4096 2011-12-11 12:08 ./
drwxr-xr-x 8 root root 4096 2011-12-11 12:07 ../
-rw-r--r-- 1 root root 2136 2011-12-11 12:09 apache.pem 


Finally we have to modify the Apache config file to indicate that it has to use the certificate that we just generated. This is done by editing the file:

/etc/apache2/sites-available/default-ssl

Remove these two lines:

SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

And include this line indicating the path to your certificate (Our certificate include the key itself, so is not needed to include the equivalent second line):

SSLCertificateFile /etc/apache2/ssl/apache.pem 

Once done restart apache:

sudo apache2ctl restart

You will have to add a new exception to Firefox:


If the button to accept is not enables (as it is my case) just clear all the recent history and try again:


The last thing we are going to do is to disable the 'Non-https' access, so everybody trying to access our site will have to do it using https. There is a more elegant solution that is redirecting the request from the 'Non-https' to 'https', again this can be done by manipulating the Apache config files, but this is out of the scope of this post.

To disable the 'Non-http' access just type:

sudo a2dissite 000-default
sudo apache2ctl restart

Now if you try to access to your site without https, (ec2-46-137-60-179.eu-west-1.compute.amazonaws.com) you will receive a nice 'Not Found' mozilla error.

If you want to avoid apache warning when restarting the server, just comment or remove the following lines in the config file /etc/apache2/ports.conf:

NameVirtualHost *:80
Listen 80


B. Enabling Authentication


Now that we have set up a secure conversation by using ssl, we can ask our users for a password and control the access to our site.

The first thing we have to do is create a folder and a file where we are going to store all our users ans its associated password:

sudo mkdir /etc/apache2/passwd
sudo touch /etc/apache2/passwd/passwords

Now we create an user using the apache tool htpasswd

sudo htpasswd -c /etc/apache2/passwd/passwords javier 

You will be asked to introduce your password:

New password:
Re-type new password:
Adding password for user javier

If you have a look to the password file you will see that a new line with the user 'javier' and an encrypted password has been created:

cat /etc/apache2/passwd/passwords
javier:UIkS/YN9TzvSM

Now we just need to configure apache to ask for a password when an user is trying to access to our site.

Open the configuration file:

/etc/apache2/sites-available/default-ssl default

And modify the following section:

        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

by:

        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                AuthType Basic
                AuthName "Password Required"
                AuthUserFile /etc/apache2/passwd/passwords
                Require valid-user
        </Directory>

and restart Apache again:

sudo apache2ctl restart

Now when you try to access to your site you will be asked to introduce an user and a password (You might need to clear the Firefox history to avoid the browser cache):


And that's all folks!! You have configured (well you have mostly used the default configuration) a secure conversation plus authentication for your web site. This is the basic security access protection for an enormous amount of web sites out there on the Internet.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Mercurial with Apache... on the Cloud!!
    And here we go with our third tutorial explaining how to deploy and enjoy applications 'In the cloud'. This time we will take advant...
  • Cross Compiling and Cross Debugging C++ with Eclipse from Debian Squeeze x64 to Debian Squeeze ARM (Raspberry Pi)
    1. Introduction I have received yesterday my Raspberry Pi ( http://www.raspberrypi.org/ )  unit.  Fig 1. Raspberry Pi connected After comple...
  • Shared Libraries with Eclipse
    Hello there! So here we go with another tutorial, this time explaining how to develop shared libraries using Eclipse-CDT as IDE. If you are...
  • Unit Testing with CppUnit and Eclipse
    As I already mentioned in one of my previous posts, CppUnit is a powerful framework that allows us to automatize the unit testing execution....
  • Communicating with RaspBerry via GSoap Web Services
    According to wikipedia "A Web service is a method of communication between two electronic devices over the Web (Internet)." I wou...
  • Shared Libraries with Eclipse on 86_64 (64 bits) systems
    If you followed my previous post  http://linuxtortures.blogspot.com/2012/02/shared-libraries-with-eclipse.html where I explained how to deve...
  • Configuring Ubuntu on my new HP G62-a55SF
    As usual, after the Operative System installation, there are some drivers to configure and some programs and features to install. Comparing ...
  • Using C++ Libraries from Python
    It's been a while since my last post but here I am back with a very interesting post about Wrapping C++ libraries to be used in python. ...
  • Image processing with OpenCV
    Hi again!! Following the format of my previous posts I will try to show step by step how to install and configure the OpenCV libraries, one ...
  • Continuous Integration with Jenkins, Mercurial and CppUnit on C++
    Hello again!! Today I am going to talk about Jenkins, an open source tool that enables the continuous integration and delivery for our proje...

Blog Archive

  • ►  2012 (9)
    • ►  December (1)
    • ►  July (1)
    • ►  June (1)
    • ►  April (2)
    • ►  March (3)
    • ►  February (1)
  • ▼  2011 (7)
    • ▼  December (5)
      • Trac
      • MySQL on the Cloud
      • Mercurial with Apache... on the Cloud!!
      • Apache on the Cloud
      • Ubuntu on the Cloud
    • ►  January (2)
  • ►  2010 (3)
    • ►  December (3)
Powered by Blogger.

About Me

Unknown
View my complete profile