8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | 21c | 23ai | Misc | PL/SQL | SQL | RAC | WebLogic | Linux
Home » Articles » Linux » Here
Linux HTTP and FTP Server Configuration
This article describes the configuration of default HTTP and FTP servers on Linux, with specific reference to the information needed for the RHCSA EX200 certification exam. A separate articles will cover the information required for HTTP server portion of the RHCE EX300 exam.
Remember, the exams are hands-on, so it doesn't matter which method you use to achieve the result, so long as the end product is correct.
Related articles.
- Linux HTTP Server Configuration (RHCE)
- Apache Tomcat Installation on Linux
- Apache : Reverse Proxy Configuration
- Apache Monitoring using mod_status (server-status)
HTTP Server
The requirement for the RHCSA exam is very simple. For a more detailed discussion of the HTTP server read the article here.
Issue the following command to install the HTTP server.
# yum install httpd
Make sure the "/etc/hosts" file contains references for the loopback address and the hostname.
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 192.168.122.89 rhce1.localdomain rhce1
Turn on the HTTP server and make sure it starts automatically on reboot.
# service httpd start # chkconfig httpd on
The HTTP server is now installed and running. The HTTP configuration files are located under the "/etc/httpd" directory, with the main configuration file being the "/etc/httpd/conf/httpd.conf" file. The default document root is "/var/www/html". Any files or directories below this point will be visible using a browser once you configure the firewall.
You need to punch a hole in the firewall for port 80 to make sure the HTTP server can be accessed from the network. There are several ways to do this:
- The "Firewall Configuration" dialog from the menu (System > Administration > Firewall) or initiated from the command line by running the
system-config-firewall
command. On the "Trusted Services" section, scroll down the list and check the "WWW (HTTP)" option, then click the "Apply" button. - The text-based "Firewall Configuration" utility (
system-config-firewall-tui
). This is the text-based version of the above dialog. - Using the
iptables
service directly, as described here. In this case we could need the following entry.
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
This is all you need to know for the RHCSA exam. The RHCE exam covers the HTTP server in more depth, as described here.
FTP Server
This section covers the File Transport Protocol (FTP) information needed for both the RHCSA and RHCE exams.
FTP Server : Installation
Issue the following command to install the FTP server.
# yum install vsftpd
Turn on the FTP server and make sure it starts automatically on reboot.
# service vsftpd start # chkconfig vsftpd on
The FTP server is now installed and running. The FTP configuration files are located under the "/etc/vsftpd" directory, specifically the "/etc/vsftpd/vsftpd.conf" file. The default directory for anonymous connections is "/var/ftp". Changes to the "/etc/vsftpd/vsftpd.conf" file have to be followed by a reload or a restart of the httpd service.
# service vsftpd reload # # OR # service vsftpd restart
FTP Server : Firewall
You need to punch a hole in the firewall for port 21 to make sure the FTP server can be accessed from the network. There are several ways to do this:
- The "Firewall Configuration" dialog from the menu (System > Administration > Firewall) or initiated from the command line by running the
system-config-firewall
command. On the "Trusted Services" section, scroll down the list and check the "FTP" option, then click the "Apply" button. - The text-based "Firewall Configuration" utility (
system-config-firewall-tui
). This is the text-based version of the above dialog. - Using the
iptables
service directly, as described here. In this case we could need the following entry.
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
FTP Server : SELinux
If you are using SELinux, you will need to consider the following points.
The SELinux booleans associated with the vsftpd
service are displayed using the getsebool
command.
# getsebool -a | grep ftpd allow_ftpd_anon_write --> off allow_ftpd_full_access --> off allow_ftpd_use_cifs --> off allow_ftpd_use_nfs --> off ftpd_connect_db --> off ftpd_use_passive_mode --> off #
The setsebool
command is used to set a specific boolean value.
# setsebool ftpd_use_passive_mode on # setsebool ftpd_use_passive_mode off
The public_content_t
context should be assigned to all public content.
# semanage fcontext -a -t public_content_t "/var/ftp(/.*)?" # restorecon -F -R -v /var/ftp
You can check the current context setting on files and directories using the "ls -alZ" command.
More information on SELinux can be found here.
FTP Server : Security
By default the FTP installation allows anonymous access, which is potentially dangerous. This is fine for the RHCSA exam, but on real servers you would probably want to disable anonymous access. To do this, edit the "/etc/vsftpd/vsftpd.conf" file, setting the "anonymous_enable" entry as follows.
anonymous_enable=NO local_enable=YES
The "local_enable" options indicates that local user accounts can be used for authentication.
Restart or reload the FTP service for the changes to take effect.
# service vsftpd reload
The RHCE exam has a requirement for configuring an anonymous-only download FTP server. This can be done by setting the following values in the "/etc/vsftpd/vsftpd.conf" file, then restarting the service.
anonymous_enable=YES anon_upload_enable=NO local_enable=NO
Controlling access from specific servers can be done using the Linux firewall, as described here.
For more information see:
- Linux HTTP Server Configuration (RHCE)
- RHEL6 : Managing Confined Services : File Transfer Protocol (FTP)
- vsftpd.conf
- RHEL6 Documentation
- Linux man pages
- RHCSA and RHCE
- Apache Tomcat Installation on Linux
- Apache : Reverse Proxy Configuration
- Apache Monitoring using mod_status (server-status)
Hope this helps. Regards Tim...