AWS
Quick guide on aws for beginners Understanding network concepts in aws How to achieve CI/CD in aws CI/CD in aws managed resources with Jenkins Push Image to aws ECR Using GitHub Actions Setup an EventBridge Rule in aws How ECS & ECR works in aws EKS with Fargate Profile Launch EKS using eksctl in aws Container insight for EKS-Fargate in cloudwatch Deploy aws resources with CloudFormation AWS secrets scanning by GitHub Setup Site to Site VPN Connection in AWS
AZURE
Gateways in Azure Understanding network concepts in Azure Ingress in Azure Kubernetes Service
GCP
Architecting hybrid infrastructure with Anthos

ANSIBLE
Ansible a configuration management tool Runbook Automation tool for playbooks
DOCKER
Docker a containerization Tool Networking in Docker Multi-stage build in Docker what is docker-compose All about Docker swarm
GITHUB
CLI instruction to work with GitHub Integrating Jenkins with GitHub Push Image to ECR Using GitHub Actions
JENKINS
Jenkins a continuous integration tool Acheive CI/CD using Jenkins in AWS Configuring weblogic deployer plugin in Jenkins
KUBERNETES
Kubernetes an orchestration framework Launch kubernetes cluster in Different ways Debugging your kubernetes cluster Certificates renewal of kubernetes cluster Deploying application on Kubernetes cluster api versions to use in manifest file RBACs in Kubernetes Health check of containers in Kubernetes Rancher a cluster management platform Understanding ISTIO as a service mesh
TERRAFORM
Deploying IaC using Terraform Terraform module EKS cluster using Terraform

APACHE
Things to know in Apache How to Configure Apache-httpd Server Setup httpd as os-service on OL8 SiteMinder and its Integration with WebServer Apache SSL Installation Instructions NO_RESOURCES Errors in APACHE with WLS
WEBLOGIC
Installing WebLogic 12.1.3 without GUI WebLogic Server as a managed Azure service WLS domain extension to include JRF template All about OPatch in WLS How to define WorkManager in Weblogic Some known Weblogic exceptions Different OutOfMemory issues Some known Weblogic exceptions Play with WLST Persistent store in WLS Configuration of NodeManager

JAVA
JAVA_OPTIONS Study on JAVA_HEAP Native OOM in Java Heap Types of Threads Various Java-options to use in Java apps How to run Java Flight Recorder dbping a java-weblogic utility
SSL
When & why to use SSL certificates SSLv3 to TLS1.* SHA2 on Oracle https Server Weblogic SSL Renewal Steps
CHEATSHEETs
Linux Cheatsheet Linux Log parsing cheetsheet SSL Cheatsheet MySQL Cheatsheet PostgreSQL Cheatsheet WebLogic Cheatsheet Python Cheatsheet Kubernetes Cheatsheet Terraform Cheatsheet Hashicorp-vault Cheatsheet GCP Cheatsheet
OTHER
All about Messaging Queue small guide on Python WLSDM monitoring agent in WLS Register driver for MSSqlServer Understanding YAML

07 July 2020

Setup httpd as os-service on OL8.x

This article will help you to setup Apache httpd as an OS service on OL8.x releases

NOTE - should be run using sudo/root privileges.
STEP 1 - Verify Package 

before you install httpd as an OS service - confirm if it is already installed in your server by running any command as below
$ systemctl status httpd or ​​​​​​​rpm -qi httpd
​​​​​​​if the system is unable to find the service, proceed to the next step
  

STEP 2 - Install httpd

$ yum install httpd
this will install the latest package available from the server repository - at the time of writing this article 2.4.37 is the latest offering by Oracle in OL8.x

upon successful installation, you should able to see the httpd package available now.

STEP 3 - verify package post-installation 

$ systemctl status httpd
the above confirms the package is installed now, however at default the service is inctive and disabled

STEP 4 - Start the service

$ systemctl start httpd
$ systemctl status httpd
this shows apache is up and running now, check the process by running the regular ps command
$ ps -ef  | grep httpd
the conf file of this package can be found under - /etc/httpd/conf

verify the newly installed apache by running the following commands
$ httpd -v
$ rpm -qi httpd
Additionally, you can set this apache instance as an auto boot-up service post VM reboot by running the following command -
$ sudo chkconfig httpd on


How to configure 2nd Instance of Apache in the same server

Copy the whole httpd configure directory "/etc/httpd" to "/etc/httpd1"
$ cp -fr /etc/httpd /etc/httpd1
Modify the httpd directives which may be a conflict if running multiple instances at the same time in file "/etc/httpd1/conf/httpd.conf"
ServerRoot
Listen
PidFile
ErrorLog
CustomLog

For example, we changed as following in "/etc/httpd1/conf/httpd.conf" for 2nd Instance

ServerRoot /etc/httpd1
Listen 8080
PidFile run/httpd1.pid
ErrorLog logs/httpd1_error_log
CustomLog logs/httpd1_access_log combined
Start Apaches
$ httpd -f /etc/httpd1/conf/httpd1.conf -k start
$ httpd -f /etc/httpd/conf/httpd1.conf -k start

How to configure SSL module

install the mod_ssl module by running the following command -

$ yum -y install mod_ssl
it will install the required module and place it under 
/usr/lib64/httpd/modules/mod_ssl.so
load this module in /etc/httpd/conf/httpd.conf as -
LoadModule ssl_module modules/mod_ssl.so
configuration requires certificates and start the httpd service as usual

How to install a Signed Certificate into Apache Instance

Generate CSR, that will generate server.key & server.csr
​​​​​​​
$ openssl req -new -newkey rsa:4096 -nodes -keyout server.key -out server.csr
Get CSR signed by an authorized CA

Copy the server/end-entity certificate provided by CA into a server.crt file Update the certificate & key file into ssl.conf & comment the default self-signed certificate.
$ vi /etc/httpd/conf.d/ssl.conf

#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile "/etc/httpd/ssl/server.crt"

#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificatekeyFile "/etc/httpd/ssl/server.key"
restart your httpd service

You should be able to access index.html on HTTPS now.


In case of a self-signed certificate

Configure the SSL module as mentioned above and add port 443 in the following lines in /etc/httpd/conf/httpd.conf and restart the Apache.

Listen 80
Listen 443

ServerName 10.20.30.40:80
ServerName 10.20.30.40:443

Please note that with the self-signed certificate, you will get a warning while testing on https://$hostname:443/ because self-signed certificate is the problem, the browser could not trust the server due to its certificate signed by itself but not by a trusted certificate authority (CA).​​​
​​​​
​​​​​​​Known Issue -

After enabling mod_wl_24.so for the WebLogic proxy you might see the following issue while starting the httpd service -

cannot load modules/mod_wl_24.so into server: libdms2.so: cannot open shared object file:

How to fix

Since systemctl by default does not load LD_LIBRARY_PATH so you need to manually configure it.
$ vi /usr/lib/systemd/system/httpd.service

Under [Service] add the following line -

LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/lib64

Reload system daemon

$ systemctl daemon-reload​​​​​​​

Now copy only the missing modules or libs from /usr/lib64/httpd/modules/ to /usr/lib64/

Ex -
cp -rp /usr/lib64/httpd/modules/libonssys.so  /usr/lib64/
cp -rp /usr/lib64/httpd/modules/libonsssl.so  /usr/lib64/
cp -rp /usr/lib64/httpd/modules/libdms2.so    /usr/lib64/

restart httpd
$ systemctl start httpd
Labels:

No comments:

Post a Comment