HP 5991-5565 manual Secure the Web Server Stack, Enabling Https Support in the Apache Http Server

Page 42

Secure the Web Server Stack

This section covers web server security.

Data Transportation—Secure Sockets Layer (SSL) is a widely used technology to protect data transfer. SSL enablement methods for both the Apache Web server and Tomcat Application server.

Application Authentication— Apache Web server provides a built-in authorization module to enable access protection. Alternatively, Symas CDS provides a directory service solution based on OpenLDAP, Berkeley DB, Cyrus SASL, and OpenSSL for more fine-grained authentication purposes. CDS is an integrated authentication and authorization-based security mechanism for enterprise applications managed and deployed in Apache httpd and Tomcat Web servers. The directory server can store credential information and application privileges about the users who are granted or forbidden access to specific resources. In addition to controlling access based on user identities, OpenLDAP can control access based on other attributes such as network address, transport, encryption strength, dynamic relationships, and so on (for example, sets). Some applications or web pages in specific applications in Apache Web server or Tomcat require access only by authenticated users. Symas CDS provides this authentication mechanism by storing user credentials in the directory server.

Enabling HTTPS Support in the Apache HTTP Server

The mod_ssl module provides an SSL implementation that allows web applications running within the Apache Web server to communicate securely with their respective clients. Communication can still occur over standard HTTP.

To enable HTTP over SSL (HTTPS), perform the following steps:

1.Run the shell script /usr/bin/gensslcert to create dummy ssl keys for mod_ssl.

This tool copies the /etc/apache2/ssl.crt/ca.crt file to /srv/www/htdocs/CA.crt and creates the following key files:

/etc/apache2/ssl.crt/ca.crt

/etc/apache2/ssl.key/server.key

/etc/apache2/ssl.crt/server.crt

/etc/apache2/ssl.csr/server.csr

2.Edit the /etc/sysconfig/apache2 file by adding ssl to the APACHE_MODULES definition and SSL to the APACHE_SERVER_FLAGS definition.

After completing the edits, the lines should look like the following:

APACHE_MODULES="... ssl ..." APACHE_SERVER_FLAGS="SSL"

3.Create an SSL virtual host configuration file by copying template file to perform the test:

# cp /etc/apache2/vhosts.d/vhost-ssl.template \ /etc/apache2/vhosts.d/vhost-ssl.conf

4.Restart Apache by entering the following:

# /etc/init.d/apache2 restart

42

Page 41 Page 43
Image 42
Page 41 Page 43
Contents HP Open Source Middleware Stacks Blueprint Copyright 2007 Hewlett-Packard Development Company, L.P Table of Contents Monitor Tomcat with OpenView Tomcat SPI Webalizer Usage Report Oracle Database TestPage List of Tables Page Executive Summary HP ServicesIntroduction Intended AudienceUserInput Typographic ConventionsHP Encourages Your Comments Feedback@fc.hp.comHP Open Source Web Server Middleware Stack Web Server Stack ArchitectureWeb Server Stack Architecture Installing and Verifying the Linux Distribution Installing the Linux DistributionRequired Packages and Installation Recommendations Verifying the Linux Distribution Installation YaST Software Selection and System TasksTomcat Configuring the Basic Apache Http ServerInstalling and Configuring Sun JDK on an HP Proliant System # /etc/init.d/apache2 start# ln -s /usr/java/jdk1.5.010 /usr/local/jdk For the alljava.sh file, add the following linesFor the alljava.csh file, add the following lines Following messages appear Installing and Configuring Tomcat# java -version # /usr/local/apache-tomcat/bin/startup.shIf necessary, stop Tomcat by entering the following command Advanced Apache Http Server FeaturesUsing the Apache Http Server Benchmarking Tool # /usr/local/apache-tomcat/bin/shutdown.shApachemodules definition should now look like the following You can correct the error by entering the followingApache Http Server Status and Information Restart the Apache Http Server for the changes take effectApache Server Status web page opens, as shown in Figure Apache Server Information web page opens, as shown in FigureApache Http Server Log # /etc/init.d/apache2 restart# webalizer Using Virtual Host Support For detailed information, see the Webalizer website atCreate the following file Using Apache Http Server URL Redirection Configure virtual hosting by creating a file namedOn the second server, create the following Html file Add the following line to the preceding file Using Apache Http Server Proxy FeaturesEdit the following configuration file Add the following lines to the preceding fileError Responses and Redirects Create the following Html fileUsing Per-User Web Directories Populate the preceding file with the following linesConfiguring the Apache and Tomcat Connector Integrating the Web Server Stack ComponentsInsert the following line below the DocumentRoot line Restart Apache by entering the following commandIf there are any errors, check the following log files Http//YOURHOSTNAME/jsp-examples# rpm -q php5 apache2-modphp5 Integrating the Apache Web Server and PHPIntegrating the Apache Web Server and Perl Create the following test fileConnecting Tomcat to a Database Integrating the Apache Web Server and PythonWeb page displays the following text Connecting Tomcat and MySQL # tar zxf mysql-connector-java-version.tar.gz# ps -efgrep mysqld # mysqladmin -u root -p create osmsdb# $CATALINAHOME/bin/startup.sh # /etc/init.d/mysql startHttp//YOURHOSTNAME8080/mysqltest.jsp Connecting Tomcat and OracleIf needed, start Tomcat by entering the following command Test page opens as shown in FigureTesting the Oracle Database Connectivity Obtaining and Installing the Oracle Jdbc DriverConfiguring the Oracle Server Creating an Oracle Data SourceHttp//YOURHOSTNAME8080/oracleTest.jsp Oracle Database TestConfiguring a Database Driver in Tomcat Connecting Tomcat to MySQL or Oracle Using HibernateInstalling Hibernate, Tomcat, and JDK # mysql -u root -p PasswordFor a MySQL database server Creating a Simple Application in Tomcat# sqlplus osmsusr/osmspass@osmsdbora For an Oracle database serverAsm.jar asm-attrs.jar antlr-2.7.6rc1.jar File HibernateSessionFactory.class is generated Preceding command creates a class file named This directory, create a Hibernate Pojo file namedVerifying the Simple Application Operation Http//YOURHOSTNAME8080/SimpleDemo/hibernate.jspSecure the Web Server Stack Enabling Https Support in the Apache Http ServerRestart Apache by entering the following Verify that the certificate is displayed as in Figure Apache Http Server AuthorizationApache default document root is Create the following test Html fileProtecting Apache Http Server Authorization with Symas CDS If the login fails, the following message appearsConfiguring Apache Http Server Services Protecting Tomcat Authorization with Symas CDS Html HeadHtml Head Monitor Tomcat with OpenView Tomcat SPI # $CATALINA/bin/shutdown.sh # $CATALINA/bin/startup.shSoftware Prerequisites and Reference Guides Tomcat SPI ComponentsTools PoliciesComplete these steps Complete these steps Appendix B Frequently Asked Questions # /sbin/SuSEfirewall2 stopAppendix C Vendor Information Reference Following are the contents of the hibernate.jsp file Appendix D Hibernate Test Application Source CodePage Appendix D Hibernate Test Application Source Code
Top Page Image Contents