httpdのインストール前
apachectlコマンドとか、manのhttpdとかが無い。
httpdのインストール
お決まりのコマンドを撃つ。
#yum -y install httpd
インストールログ
[root@linux38 susa]# yum -y install httpd Loading "installonlyn" plugin Setting up Install Process Setting up repositories core [1/3] updates [2/3] extras [3/3] Reading repository metadata in from local files Parsing package install arguments Resolving Dependencies
-
- > Populating transaction set with selected packages. Please wait.
- > Downloading header for httpd to pack into transaction set.
- > Populating transaction set with selected packages. Please wait.
-
- > Running transaction check
- > Processing Dependency: httpd = 2.2.0-5.1.2 for package: httpd-manual
- > Processing Dependency: httpd = 0:2.2.0-5.1.2 for package: mod_ssl
- > Restarting Dependency Resolution with new changes.
- > Populating transaction set with selected packages. Please wait.
- > Downloading header for mod_ssl to pack into transaction set.
インストール後
関連ディレクトリも出来た。
[root@linux38 httpd]# pwd /etc/httpd [root@linux38 httpd]# ls -la 合計 12 drwxr-xr-x 4 root root 65 10月 22 15:26 . drwxr-xr-x 81 root root 8192 10月 22 14:55 .. drwxr-xr-x 2 root root 35 10月 22 15:26 conf drwxr-xr-x 2 root root 179 10月 22 15:27 conf.d lrwxrwxrwx 1 root root 19 10月 22 15:26 logs -> ../../var/log/httpd lrwxrwxrwx 1 root root 27 10月 22 15:26 modules -> ../../usr/lib/httpd/modules lrwxrwxrwx 1 root root 13 10月 22 15:26 run -> ../../var/run [root@linux38 httpd]# [root@linux38 www]# pwd /var/www [root@linux38 www]# ls -la 合計 24 drwxr-xr-x 8 root root 80 7月 27 00:13 . drwxr-xr-x 24 root root 4096 10月 10 23:25 .. drwxr-xr-x 2 root root 6 7月 27 00:13 cgi-bin drwxr-xr-x 3 root root 4096 10月 22 15:26 error drwxr-xr-x 2 root root 6 7月 27 00:13 html drwxr-xr-x 3 root root 8192 10月 22 15:26 icons drwxr-xr-x 14 root root 4096 10月 22 15:27 manual drwxr-xr-x 2 webalizer root 43 10月 10 23:01 usage [root@linux38 www]#
apachectrlコマンドも出来た。
[root@linux38 lib]# find / -name apachectl find: WARNING: Hard link count is wrong for /selinux: this may be a bug in your filesystem driver. Automatically turning on find's -noleaf option. Earlier results may have failed to include directories that should have been searched. /usr/sbin/apachectl
httpdコマンドも出来た。
[root@linux38 sbin]# pwd /usr/sbin [root@linux38 sbin]# ls -al http*
- rwxr-xr-x 1 root root 315248 7月 27 00:13 httpd
- rwxr-xr-x 1 root root 327704 7月 27 00:13 httpd.worker
httpdの起動listen
OS起動時にhttpdを自動起動するようにしていないので、こうやって手動起動します。
[root@linux38 etc]# cd init.d/ [root@linux38 init.d]# ./httpd start httpd を起動中: [ OK ]
起動の確認
[root@linux38 init.d]# netstat -a|more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:39680 *:* LISTEN tcp 0 0 *:rsync *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 localhost.localdomain:ipp *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:https *:* LISTEN tcp 0 52 linux38:ssh ::ffff:192.16:ms-sna-server ESTABLISHED udp 0 0 *:filenet-tms *:*
※ここはmoreじゃなくて、grepを使う場面だと思います。ただ、起動したてていろいろ見たかったのでmoreで見ました。
この行があればOK。
tcp 0 0 *:http *:* LISTEN
疎通確認
ローカルからの確認
サーバのローカルからtelnetで80ポート(httpdのlistenポート)に接続してhrmlをgetできたので、listenはOK。
[root@linux38 etc]# telnet 192.168.10.38 80 Trying 192.168.10.38... Connected to linux38 (192.168.10.38). Escape character is '^]'. GET /index.html HTTP/1.0 HTTP/1.1 200 OK Date: Mon, 23 Oct 2006 11:14:33 GMT Server: Apache/2.2.2 (Fedora) Last-Modified: Mon, 23 Oct 2006 10:37:54 GMT ETag: "689832-51-bdc6480" Accept-Ranges: bytes Content-Length: 81 Connection: close Content-Type: text/html; charset=UTF-8kari index.html Connection closed by foreign host.
リモートからの疎通
これがうまくいかなかったけど解決しました。
結局のところ原因1:iptablesがFireWallしてて、外からのアクセスを弾いてました。
顛末記
windowsからブラウザでhttp://192.168.10.38にアセクスしてもサーバが見つかりません。
teratermで192.168.10.38:80にコネクトしようとすると、しばらくconnecting・・・が続いたのち「Cannnot connect the host」と出て失敗する。
考えられる原因1
#iptables -L [root@linux38 etc]# iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 4039 301K RH-Firewall-1-INPUT all -- any any anywhere anywhere Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 RH-Firewall-1-INPUT all -- any any anywhere anywhere Chain OUTPUT (policy ACCEPT 3833 packets, 994K bytes) pkts bytes target prot opt in out source destination Chain RH-Firewall-1-INPUT (2 references) pkts bytes target prot opt in out source destination 48 3930 ACCEPT all -- lo any anywhere anywhere 0 0 ACCEPT icmp -- any any anywhere anywhere icmp any 0 0 ACCEPT ipv6-crypt-- any any anywhere anywhere 0 0 ACCEPT ipv6-auth-- any any anywhere anywhere 15 2216 ACCEPT udp -- any any anywhere 224.0.0.251 udp dpt:mdns 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:ipp 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ipp 3761 257K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 2 96 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh 213 37976 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
最終行のREJECTを削除してみる。
[root@linux38 etc]# iptables -D RH-Firewall-1-INPUT 10 [root@linux38 etc]# iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 4103 307K RH-Firewall-1-INPUT all -- any any anywhere anywhere Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 RH-Firewall-1-INPUT all -- any any anywhere anywhere Chain OUTPUT (policy ACCEPT 3883 packets, 1000K bytes) pkts bytes target prot opt in out source destination Chain RH-Firewall-1-INPUT (2 references) pkts bytes target prot opt in out source destination 48 3930 ACCEPT all -- lo any anywhere anywhere 0 0 ACCEPT icmp -- any any anywhere anywhere icmp any 0 0 ACCEPT ipv6-crypt-- any any anywhere anywhere 0 0 ACCEPT ipv6-auth-- any any anywhere anywhere 15 2216 ACCEPT udp -- any any anywhere 224.0.0.251 udp dpt:mdns 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:ipp 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ipp 3811 260K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 2 96 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
[root@linux38 conf]# /etc/init.d/iptables 使い方: /etc/init.d/iptables {start|stop|restart|condrestart|status|panic|save} [root@linux38 conf]# /etc/init.d/iptables restart ファイアウォールルールを適用中: [ OK ] チェインポリシーを ACCEPT に設定中filter [ OK ] iptables モジュールを取り外し中 [ OK ] iptables ファイアウォールルールを適用中: [ OK ] iptables モジュールを読み込み中ip_conntrack_netbios_ns [ OK ] [root@linux38 conf]#
この段階でも、まだ外部ブラウザからアクセスできません。ちょっと待て、REJECTが復活してる。REJECTの削除がきちんと保存されていない???
[root@linux38 conf]# iptables -L -v 1 78 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
/etc/init.d/iptablesは/etc/sysconfig/iptablesに書かれたルールを見てテーブルの初期設定をするので、/etc/sysconfig/iptablesを直接編集してやった。
[root@linux38 sysconfig]# pwd /etc/sysconfig [root@linux38 sysconfig]# ls -la iptables -rw------- 1 root root 802 10月 23 21:02 iptables
# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
windowsのブラウザからアクセスできた!!
考えられる原因2
xinetd関係
この周辺
#cd /etc/xinetd.d
考えられる原因3
/etc/hosts.allow, /etc/hosts.deny
全部OK、とういか制限無しにしている。
[root@linux38 etc]# more /etc/hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # #rsync: 127.0.0.1 #rsync: 192.168.10.37 #ALL: ALL
[root@linux38 etc]# more /etc/hosts.deny # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! #rsync: ALL #ALL: ALL
考えられる原因4
apacheのホスト認証
denyを書いていないので、全部OK。
#cd /etc/httpd/conf/httpd.conf# # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Order allow,deny Allow from all