• HyperText Transfer Protocol — протокол передачи гипертекста

• Uniform Resource Locator, URL — единообразный локатор (определитель местонахождения) ресурса

<схема>://<логин>:<пароль>@<хост>:<порт>/<URL‐путь>?<параметры>#<якорь>

• Настройка терминалов

# nc -C ya.ru 80

# telnet ya.ru 80

GET / HTTP/1.1
Host: ya.ru
Accept-Encoding: gzip, deflate

# cat /var/www/html/index.html

<HTML>
  <HEAD>
    <META HTTP-EQUIV="Refresh" CONTENT="4;URL=http://google.ru">
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=UTF-8">
  </HEAD>
  <BODY text="blue">
    <!--
      THis is comment
    -->
    <PRE>
text
  as
    is
    </PRE>
    <H1>Go to Google</H1>
    <A HREF=https://freebsd.org/>
    <IMG SRC=https://www.freebsd.org/logo/logo-full.png>
    </A> 
  </BODY>
</HTML>

• http://server.corpX.un/asterisk/

# mkdir /var/www/html/asterisk/

# cat /var/www/html/asterisk/index.html

<html>
<body>
  <h1>Enter phone number</h1>
  <form action=call.php>
    <input name=phone>
    <input value="Call me" type=submit>
  </form>
</body>
</html>

root@server:~# apt install apache2

[server:~] # pkg install apache24

[server:~] # sysrc apache24_enable=yes

[server:~] # service apache24 start

• Сервис Firewall CentOS

[root@server ~]# yum install httpd

[root@server ~]# systemctl status httpd

• Using Apache HTTP Server on Microsoft Windows
• XAMPP Apache + MariaDB + PHP + Perl

# cat /etc/apache2/sites-available/000-default.conf

...
        AddDefaultCharset utf-8
...

• How to Change Apache HTTP Port in Linux

• http://www.corpX.un/
• http://www.corpX.un/hosts

[server:~] # rm /usr/local/www/apache24/data/index.html

[server:~] # cp /etc/hosts /usr/local/www/apache24/data/

[server:~] # rcsdiff /usr/local/etc/apache24/httpd.conf
389c389

root@server:~# DOCROOT='/var/www/html'

root@server:~# rm $DOCROOT/index.html

root@server:~# cp /etc/hosts $DOCROOT

root@server:~# rcsdiff /etc/apache2/sites-available/default

root@server:~# rcsdiff /etc/apache2/sites-available/*default.conf
11c11

<     Options Indexes FollowSymLinks 
---
>     Options FollowSymLinks 

Alias /share "/usr/share/"

<Directory "/usr/share/">
  Options Indexes FollowSymLinks
  AllowOverride All
  Require all granted
  Allow from all
</Directory>

• http://www.corpX.un/share

[server:~] # cat /usr/local/etc/apache24/httpd.conf

...
Include etc/apache24/extra/httpd-manual.conf
...

http://www.corpX.un/manual/

root@server:~# cat /etc/apache2/sites-available/default

root@server:~# cat /etc/apache2/sites-available/*default.conf

...
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
#        Order deny,allow
#        Deny from all
#        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
... 

• http://www.corpX.un/doc

• http://server.corpX.un/~user1/

root@server:~# a2enmod userdir

root@server:~# service apache2 restart

ubuntu24# chmod 755 /home/user1

server# mkdir ~user1/public_html/

server# cat ~user1/public_html/index.html

<h1>Hello World from user1</h1>

server# chown -R user1 ~user1/public_html/

• http://user1.corpX.un/

root@server:~# cat /etc/apache2/sites-available/mail.conf

<VirtualHost *:80>
     ServerName mail.corpX.un
#    ServerAlias www.mail.corpX.un
     DocumentRoot /var/lib/roundcube
</VirtualHost>

root@server:~# a2ensite mail

root@server:~# apachectl -t

root@server:~# cat /etc/apache2/sites-available/user1.conf

<VirtualHost *:80>
     ServerName user1.corpX.un
#    ServerAlias www.user1.corpX.un
     DocumentRoot /home/user1/public_html
</VirtualHost>

root@server:~# a2ensite user1

root@server:~# apachectl -t

[server:~] # cat /usr/local/etc/apache24/extra/httpd-vhosts.conf

<VirtualHost *>
    DocumentRoot /usr/local/www/apache24/data/
</VirtualHost>

<VirtualHost *>
    ServerName user1.corpX.un
#    ServerAlias www.user1.corpX.un
    DocumentRoot /home/user1/public_html/
</VirtualHost>

[server:~] # cat /usr/local/etc/apache24/httpd.conf

...
LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so
...
Include etc/apache24/extra/httpd-vhosts.conf
...

• List of methods used to redirect a web site using Apache

root@lan:~# cat /etc/apache2/sites-available/000-default.conf

#...
  Redirect permanent / https://www.corpX.un/
#... 

• How to hide Apache Version | Server Info | Signature | Header Information | Httpd Php Version

# cat /etc/apache2/conf-enabled/security.conf

...
ServerTokens Prod
...
ServerSignature Off
...

/etc/init.d/apache2 restart

# cat /usr/local/etc/apache24/extra/httpd-default.conf

...
ServerTokens Prod
...
ServerSignature Off
...

# cat /usr/local/etc/apache24/httpd.conf

...
Include etc/apache22/extra/httpd-default.conf
...

# /usr/local/etc/rc.d/apache24 restart

• Apache Module mod_include

# a2enmod include

# cat /etc/apache2/sites-available/000-default.conf

...
        <Directory /var/www/html/asterisk/>
             Options +Includes
             DirectoryIndex index.shtml
...
        </Directory>
...

# cat /var/www/html/asterisk/index.shtml

...
  <h1>Your ip address: <!--#echo var="REMOTE_ADDR" --><h1>
  <h1>Your login is: <!--#echo var="REMOTE_USER" --><h1>
<!--#if expr='-R "172.16.48.0/22"' -->
...
<!--#endif -->
...

• CGI — Основы Веб-программирования
• Dynamic Content with CGI
• CGI Environment Variables

root@server:~# a2enmod cgid

root@server:~# cd /usr/lib/cgi-bin/

[server:~] # cat /usr/local/etc/apache24/httpd.conf

...
LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
...
<IfModule mpm_prefork_module>
        LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
...

[server:~] # cd /usr/local/www/apache24/cgi-bin/

server# cat test-cgi

#!/bin/sh

echo Content-type: text/plain
echo

echo Hello $REMOTE_ADDR
echo You type: $QUERY_STRING

env

server# chmod 755 test-cgi

• http://server.corpX.un/cgi-bin/test-cgi
• http://server.corpX.un/cgi-bin/test-cgi?qwerty

[server:~] # rcsdiff /usr/local/etc/apache24/extra/httpd-userdir.conf
18c18,19
<     Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
---
>     Options ExecCGI MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
>     AddHandler cgi-script .cgi

root@server:~# rcsdiff /etc/apache2/sites-available/default
11c11,12
<               Options FollowSymLinks MultiViews
---
>               Options ExecCGI FollowSymLinks MultiViews
>               AddHandler cgi-script .cgi .pl

server# cd ~user1/public_html/

server# cat test.cgi

#!/bin/sh

echo Content-type: text/plain
echo

echo Hello $REMOTE_ADDR
echo You type: $QUERY_STRING

server# chmod +x test.cgi

• Язык программирования Perl Пример 6

• http://server.corpX.un/test.cgi
• http://server.corpX.un/hosts
• http://server.corpX.un/
• http://server.corpX.un/hello.pl?name=ivanov

# apachectl -t -D DUMP_MODULES

root@server:~# apt install libapache2-mod-php

root@server:~# ls /etc/apache2/mods-enabled/ | grep php
...

root@server:~# cd /var/www/html

[server:~] # pkg install mod_php56 php56

• Язык программирования PHP (Настройка)

[server:~] # cat /usr/local/etc/apache24/httpd.conf

...
LoadModule php5_module        libexec/apache2?/libphp5.so
...
<IfModule dir_module>
    DirectoryIndex index.html index.php
...
<IfModule mime_module>
    AddType application/x-httpd-php .php
...

[server:~] # service apache24 restart

[server:~] # cd /usr/local/www/apache24/data/

http://www.apachefriends.org/en/xampp.html

http://windows.php.net/download/

• Модуль Apache только в много поточной версии
• Версия Apache должна совпадать

C:\>notepad++ Apache22\conf\httpd.conf

...
LoadModule php5_module C:\php\php5apache2_2.dll
...
<IfModule dir_module>
    DirectoryIndex index.html index.php
...
<IfModule mime_module>
    AddType application/x-httpd-php .php
...

• Язык программирования PHP (Настройка)

• Пример WEB скрипта (Использование phpinfo)

• Letsencrypt Certbot
• SSLCertificateChainFile is now obsolete, and any intermediate certificates are supposed to be included in the server certificate file

# a2enmod ssl

# cat /etc/apache2/sites-available/default-ssl*

...
       SSLCertificateFile    /root/www.crt
       SSLCertificateKeyFile /root/www.key
...
       # SSLProtocol All -SSLv2 -SSLv3
...

# a2ensite default-ssl

# service apache2 restart

# a2enmod rewrite

# cat /etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
...
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
...

# service apache2 restart

# cat /usr/local/etc/apache24/httpd.conf

...
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
...
LoadModule ssl_module libexec/apache24/mod_ssl.so
...
Include etc/apache24/extra/httpd-ssl.conf
...

# cat /usr/local/etc/apache24/extra/httpd-ssl.conf

...
ServerName www.corpX.un:443
ServerAdmin noc@corpX.un
...
#SSLProtocol All -SSLv2 -SSLv3
...
SSLCertificateFile "/root/www.crt"
...
SSLCertificateKeyFile "/root/www.key"
...

• Upgrading to 2.4 from 2.2

root@server:~# cat /etc/apache2/sites-available/000-default*

...
        <Directory /var/www/html>
                #Order Deny,Allow
                #Deny from all
                #Allow from 192.168.X.0/24
                #Allow from 127.0.0.1
                Require ip 127.0.0.1 192.168.X.0/24
        </Directory>

...

[server:~] # cat /usr/local/etc/apache24/httpd.conf

...
DocumentRoot "/usr/local/www/apache24/data"
<Directory "/usr/local/www/apache24/data">
        Order Deny,Allow
        Deny from all
        Allow from 192.168.X.0/24
        Allow from 127.0.0.1
...

# touch /etc/http_passwd

# htpasswd /etc/http_passwd user1
New password: password1
...

# htpasswd /etc/http_passwd 401
New password: password1
...

# cat /etc/http_passwd
...

# cat /etc/http_group

group1: user1 user2

# htpasswd -D /etc/http_passwd user1

root@server:~# cat /etc/apache2/sites-available/000-default.conf

...
        <Directory /var/www/html/phoneconf>
#            AllowOverride AuthConfig

#            AuthType Basic
#            AuthName "Require Auth"
#            AuthUserFile /etc/http_passwd
#            Require valid-user
#            Require user user1 user2
#            AuthGroupFile /etc/http_group
#            Require group group1
        </Directory>
...

[server:~] # cat /usr/local/etc/apache24/extra/httpd-vhosts.conf

...
    <Directory /usr/local/www/apache24/data/asterisk>
#            AllowOverride AuthConfig

#            AuthType Basic
#            AuthName "Require Auth"
#            AuthUserFile /etc/http_passwd
#            Require valid-user
#            Require user user1 user2
#            AuthGroupFile /etc/http_group
#            Require group group1
    </Directory>
...

# cat asterisk/.htaccess

AuthType Basic
AuthName "Require Auth"
AuthUserFile /etc/http_passwd
Require user 401 402

• Client certificates with apache
• Интерактивное подключение по ssl

# cat /etc/apache2/sites-available/default-ssl*

...
       DocumentRoot /var/www/html
       <Directory /var/www/html/>
#               SSLRequire %{SSL_CLIENT_S_DN_CN}  in {"user1","user2"}
#               SSLRequire %{SSL_CLIENT_S_DN_OU}  eq "group1"
       </Directory> 
...
       SSLCertificateFile /root/www.crt
       SSLCertificateKeyFile /root/www.key
...
       SSLCACertificateFile /root/ca.crt
...
       #SSLCARevocationFile /root/ca.crl
...
       SSLVerifyClient require 
... 

# cat /usr/local/etc/apache24/extra/httpd-ssl.conf

...
<Directory "/usr/local/www/apache24/data">
#               SSLRequire %{SSL_CLIENT_S_DN_CN}  in {"user1","user2"}
#               SSLRequire %{SSL_CLIENT_S_DN_OU}  eq "group1"
</Directory>
...
SSLCertificateFile "/root/www.crt"
...
SSLCertificateKeyFile "/root/www.key"
...
SSLCACertificateFile "/root/ca.crt"
...
#SSLCARevocationFile "/root/ca.crl"
...
SSLVerifyClient require
...

• Kerberos Moduse for Apache
• echnical Analysis: Apache with mod_auth_kerb and Windows Server
• Регистрация принципала: Kerberos GSSAPI аутентификация

# apt-get install libapache2-mod-auth-kerb

# cat /etc/apache2/sites-available/default

...
        <Directory />
                AuthType Kerberos
                KrbMethodK5Passwd off
                KrbMethodNegotiate on
                Require valid-user
...

# pkg_add -r mod_auth_kerb2

или

# cd /usr/ports/www/mod_auth_kerb2/

# make configure

# cat work/mod_auth_kerb-5.4/Makefile

...
#KRB5_LDFLAGS = -L/usr/lib -lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lroken -lcrypt
KRB5_LDFLAGS = -L/usr/lib -lgssapi_krb5 -lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lroken -lcrypt

# make install clean

# cat /usr/local/etc/apache22/httpd.conf

...
LoadModule auth_kerb_module    modules/mod_auth_kerb.so
...
<Directory />
    AuthType Kerberos
    KrbMethodK5Passwd off
    KrbMethodNegotiate on
    Require valid-user
...

http://grolmsnet.de/kerbtut/firefox.html

• https://github.com/zmartzone/mod_auth_openidc/wiki/GitLab-OAuth2
• Сервер OpenID из GitLab
• Сервис Keycloak

• Using apache2 mod_auth_openidc module with Keycloak (OpenID Connect)

gate# apt install libapache2-mod-auth-openidc

# cat /etc/apache2/conf-available/serve-cgi-bin.conf

...
        <IfDefine ENABLE_USR_LIB_CGI_BIN>

                ## GitLab
                OIDCSSLValidateServer Off
                OIDCProviderMetadataURL https://server.corpX.un/.well-known/openid-configuration
                OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi
                OIDCClientID e...............................................4         #Application ID
                OIDCClientSecret 7.................................................4   #Secret
                OIDCCryptoPassphrase anystring

                ## Keycloak
                OIDCSSLValidateServer Off
                OIDCProviderMetadataURL https://keycloak.corpX.un/realms/corpX/.well-known/openid-configuration
                OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi
                #OIDCClientID test-cgi
                OIDCClientID any-client
                OIDCCryptoPassphrase anystring
...
                        #Require all granted
                        AuthType openid-connect
                        Require valid-user
...

# a2enmod auth_openidc

Проверка: http://gate.corpX.un/cgi-bin/test-cgi/    !!! Последний / обязательно !!!

• How To Configure WebDAV Access with Apache on Ubuntu 14.04
• webdav: a directory per-user

# a2enmod dav

# a2enmod dav_fs

# mkdir /var/www/share
# chown www-data /var/www/share

# cat /etc/apache2/sites-available/000-default.conf

...
Alias /share /var/www/share

<Directory /var/www/share>
    Options Indexes
    DAV On
    Order allow,deny
    allow from all
</Directory>
...

# service apache2 restart

• https://mail.bmstu.ru:9100/~val/Mastering%20NGINX%20RUS.pdf
• NGINX перенаправления proxy_redirect и redirect

gate# apt install nginx

gate# cat /etc/nginx/sites-available/user1

server {
        listen 80;
        server_name server.corpX.un corpX.un;
        location / {
                proxy_pass http://server.corpX.un/~user1/;
        }
}

# ln -s /etc/nginx/sites-available/user1 /etc/nginx/sites-enabled/user1

# service nginx configtest
# tail /var/log/nginx/error.log
  или
# nginx -t #-c /etc/nginx/nginx.conf
  или
# nginx -T

# service nginx restart

# tail -f /var/log/nginx/access.log -f /var/log/nginx/error.log

gate.isp.un$ wget -O - -q http://server.corpX.un

# cat /etc/nginx/sites-available/myapp1

    upstream myapp1 {
        server server.corpX.un;
        server server2.corpX.un;
    }

    server {
        listen 80;
        server_name server.corpX.un corpX.un;

        location / {
            proxy_pass http://myapp1;
        }
    }

• Подключение, тестирование, применение и мониторинг конфигурации

# host mail
# host webd
# host www
# host autoconfig
# host corpX.un

... has address 192.168.X.10

root@server# cat /var/opt/gitlab/nginx/conf/corpX.conf

#    upstream app {
#        server 172.18.0.1;
#        server 172.18.0.2;
#        server 172.18.0.3;
#    }
    server {
        listen 80;
        server_name webd.corpX.un;

        location / {
            proxy_pass http://192.168.49.2:30111/;
#            proxy_pass http://app;
        }
    }
    server {
        listen 80;
        server_name mail.corpX.un;
        return 301 http://server.corpX.un:81/mail;
#        return 301 http://gate.corpX.un:81/mail;
    }
    server {
        listen 80;
        server_name corpX.un www.corpX.un;

        location / {
            proxy_pass http://server.corpX.un:81/;
        }
    }
#    server {
#        listen 80;
#        server_name autoconfig.corpX.un;
#        location / {
#            proxy_pass http://gate.corpX.un:81/;
#        }
#    }

# cat /etc/gitlab/gitlab.rb

...
nginx['custom_nginx_config'] = "include /var/opt/gitlab/nginx/conf/corpX.conf;"
...

• Проверка конфигурации и перезапуск

root@server# less /var/opt/gitlab/nginx/conf/nginx.conf

...
  include /var/opt/gitlab/nginx/conf/corpX.conf;
}

root@server# /opt/gitlab/embedded/sbin/nginx -p /var/opt/gitlab/nginx -t

root@server# gitlab-ctl restart nginx

gate1# cat /etc/nginx/sites-available/gowebd

    server {
        listen 80;
        server_name gowebd.corpX.un;
        return 301 https://gowebd.corpX.un$request_uri;
    }

    server {
        listen 443 ssl;
        server_name gowebd.corpX.un;
        ssl_certificate /root/gowebd.crt;
        ssl_certificate_key /root/gowebd.key;

        location / {
#            proxy_pass http://192.168.X.10:8000;
#            proxy_pass http://192.168.100+X.10:NNNNN;
#            proxy_pass http://192.168.X.64;

#            proxy_set_header Host            $host;
#            proxy_set_header X-Forwarded-For $remote_addr;

#            proxy_set_header X-Forwarded-Proto $scheme;
#            proxy_set_header X-Forwarded-Port $server_port;
        }
    }

• Подключение, тестирование, применение и мониторинг конфигурации

• Сервис INETD

• Нагрузочное тестирование

• wrk - a HTTP benchmarking tool

• Install Vegeta on Ubuntu 20.04
• github/tsenart/vegeta/releases
• https://val.bmstu.ru/unix/WWW/vegeta_12.11.0_linux_amd64.tar.gz

external-host# curl http://192.168.13.10:8000

external-host# echo "GET http://192.168.13.10:8000" | vegeta attack -duration=20s -rate=100 | vegeta report

server# tail -f /var/log/syslog