Manualshelf

HP Open Source Middleware Stacks Blueprints: LAMP Architecture on HP ProLiant BladeSystem Servers on SLES

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU
17181920212223242526
6. Verify that Python works by opening a browser and navigating to the following website:
http://<YOUR_HOSTNAME>/test.py
The web page displays the following text:
MySQL version:5.0.26
If there are errors, check the following log files:
/var/log/httpd/error_log
/var/log/httpd/access_log
Secure the Web Server Stack
This section covers web server security.
Data Transportation—Secure Sockets Layer (SSL) is a widely used technology to protect
data transfer. It provides secure communications by encrypting the data on public or private
networks.
Application Authentication Apache Web server provides a built-in authorization module
to enable access protection. Alternatively, Symas CDS provides a directory service solution
based on OpenLDAP, Berkeley DB, Cyrus SASL, and OpenSSL for more fine-grained
authentication purposes. CDS is an integrated authentication and authorization-based
security mechanism for enterprise applications managed and deployed in Apache Web
servers. The directory server can store credential information and application privileges
about the users who are granted or forbidden access to specific resources. In addition to
controlling access based on user identities, OpenLDAP can control access based on other
attributes such as network address, transport, encryption strength, dynamic relationships,
and so on (for example, sets). Some applications or web pages in specific applications in
Apache Web server require access only by authenticated users. Symas CDS provides this
authentication mechanism by storing user credentials in the directory server.
Enabling HTTPS Support in the Apache Web Server
The mod_ssl module provides an SSL implementation that allows web applications running
within the Apache Web server to communicate securely with their respective clients.
Communication can still occur over standard HTTP.
To enable HTTP over SSL (HTTPS), perform the following steps:
1. Run the shell script /usr/bin/gensslcert to create dummy ssl keys for mod_ssl.
This tool copies the /etc/apache2/ssl.crt/ca.crt file to /srv/www/htdocs/CA.crt
and creates the following key files:
/etc/apache2/ssl.crt/ca.crt
/etc/apache2/ssl.key/server.key
/etc/apache2/ssl.crt/server.crt
/etc/apache2/ssl.csr/server.csr
2. Edit the /etc/sysconfig/apache2 file by adding ssl to the APACHE_MODULES definition
and SSL to the APACHE_SERVER_FLAGS definition. After completing the edits, the lines
should look like the following:
APACHE_MODULES="... ssl ..."
APACHE_SERVER_FLAGS="SSL"
3. Create an SSL virtual host configuration file by copying template file to perform the test:
# cp /etc/apache2/vhosts.d/vhost-ssl.template
/etc/apache2/vhosts.d/vhost-ssl.conf
22