If not included as part of the initial Linux installation, install Apache webserver & dependencies. If you plan on running phpMyadmin and/or ReadingRecord via SSL/TLS (https), you'll also need the mod_ssl package & dependencies.
Once Apache is installed & running, you should be able to open a web browser and see the Apache 2 test page:
# Run script to set include_path php_value auto_prepend_file "/var/www/ReadingRecord/config/prepend.php"
The following are optional, but recommended, steps to help improve the security of your ReadingRecord server.
A minor (IMO) issue, but if your library is subject to regular security audits you may get dinged for it.
# http configuration <VirtualHost *:80> # Deny HTTP TRACE & TRACK methods. # See http://www.kb.cert.org/vuls/id/867593 RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] </VirtualHost>
[root@demo ~]# telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. TRACE / HTTP/1.0 HTTP/1.1 403 Forbidden Date: Thu, 04 Apr 2013 17:25:51 GMT Server: Apache/2.2.3 (CentOS) Accept-Ranges: bytes Content-Length: 5043 Connection: close [remainder of output snipped...]
[root@demo ~]# telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. TRACK / HTTP/1.0 HTTP/1.1 403 Forbidden Date: Thu, 04 Apr 2013 17:25:51 GMT Server: Apache/2.2.3 (CentOS) Accept-Ranges: bytes Content-Length: 5043 Connection: close [remainder of output snipped...]
If using SSL/TLS, redirect all http traffic to https.
# http configuration <VirtualHost *:80> # Deny HTTP TRACE & TRACK methods. # See http://www.kb.cert.org/vuls/id/867593 RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] # Redirect all traffic to https RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule .? https://%{SERVER_NAME}%{REQUEST_URI} [R,L] </VirtualHost>
[root@demo conf.d]# telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.1 302 Found Date: Thu, 04 Apr 2013 17:40:03 GMT Server: Apache/2.2.3 (CentOS) Location: https://demo.readingrecord.org/ Content-Length: 302 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://demo.readingrecord.org/">here</a>.</p> <hr> <address>Apache/2.2.3 (CentOS) Server at demo.readingrecord.org Port 80</address> </body></html> Connection closed by foreign host.
Unfortunately disabling these for HTTP does not also disable them for HTTPS.
# Deny HTTP TRACE & TRACK methods. # See http://www.kb.cert.org/vuls/id/867593 RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]
[root@demo ~]# openssl s_client -connect localhost:443 [SSL/TLS handshake output snipped...] TRACE / HTTP/1.0 HTTP/1.1 403 Forbidden Date: Thu, 04 Apr 2013 17:47:14 GMT Server: Apache/2.2.3 (CentOS) Accept-Ranges: bytes Content-Length: 5043 Connection: close [remainder of output snipped...]
[root@demo ~]# openssl s_client -connect localhost:443 [SSL/TLS handshake output snipped...] TRACK / HTTP/1.0 HTTP/1.1 403 Forbidden Date: Thu, 04 Apr 2013 17:47:14 GMT Server: Apache/2.2.3 (CentOS) Accept-Ranges: bytes Content-Length: 5043 Connection: close [remainder of output snipped...]
Previous: Install & Configure Linux | Next: Install & Configure MySQL