In this exercise, you will introduce yourself to some basic features of Apache web server and its plugins. Take into account that from now on you'll have to do extensive self-research to be able to successfully complete the assignments.

1. Preparation

You will need only one machine of your choice to complete this assignment. Ensure that you have Apache 2 installed. The modules for serving user directory contents, rewriting URLs and setting up SSL should come with Apache by default.

Shut down any other web servers that you might be running on your virtual machine.

Set up SSH port forwarding for HTTP and HTTPS so that you can test the server on your local machine (localhost) with your favourite web browser.

Example: ssh -L 8080:localhost:80 user@myserver.fi

1.1	In the example above "8080:localhost:80" where is the 'localhost' resolved?	0.5p
1.2	Where is the port '8080' usable? What's the idea?	0.5p
1.3	How is it possible to do multiple port forwards with a single SSH connection?	0.5p

2. Serve a web page using Node.js

Install nodejs from package manager and create a HTTP application helloworld.js listening on port 8080 that serves a web page with a text "Hello world!".

The web pages served by Node.js are written in javascript, but you do not actually need to know how to write it, because there's plenty of hello world examples on the internet.

The purpose of this assignment is to familiarize yourself with the increasingly popular and simple method of serving web applications using Node.js.

2.1	Provide a working web page with the text "Hello World!"	3p
2.2	Explain the contents of the helloworld.js javascript file	1p
2.3	What does it mean that Node.js is event driven? What are the advantages in such approach?	2p

3. Configuring SSL

Start by creating a 2048-bit key for the server. Then create a certificate that matches to the key. Configure Apache to use this certificate for HTTPS traffic. Set up again another SSH port forwarding to test HTTPS using loopback.

Note: Taking a shortcut with CA.pl is not accepted, you need to understand the process! Only a few commands are needed, though. Also, do not use a private key with a passphrase, because it messes up the VM boot scripts (you can't reboot your VM).

3.1	Provide and explain your solution.	1p
3.2	What information can a certificate include? What is necessary for it to work in the context of a web server?	1p
3.3	What do PKI and requesting a certificate mean?	1p

4. Enforcing HTTPS

Create a subdirectory called "secure_secrets" to public_html directory of your user. Use the userdir module to serve public_html from users' home directories.

Enforce access to this directory with HTTPS by using mod_rewrite and .htaccess, so that apache forwards "http://localhost/~user/secure_secrets" to "https://localhost/~user/secure_secrets". Please note that this is a bit more complicated to test with the ssh forwarding, so just test it locally with lynx or netcat at the virtual machine. If your demo requires, you may hard-code your port numbers to the forwarding rules.

4.1	Provide and explain your solution.	2p
4.2	What is HSTS?	1p
4.3	When to use .htaccess? In contrast, when not to use it?	1p

5. Install nginx as a reverse proxy

Next, you are going to serve both Apache and Node.js hello world from another computer using nginx as a reverse proxy.

Install nginx on a different machine that you previously installed the web servers, for example lab3. Configure it to act as a gateway to both Apache and Node.js the following way:

HTTP requests to http://lab3/apache are directed to Apache server listening on port 80 and requests to http://lab3/node to Node.js server at 8080.

5.1	Provide a working solution serving both web applications from nginx.	3p
5.2	Explain the contents of the nginx configuration file.	1p
5.3	What is usually the primary purpose of an nginx server?	1p

6. Finishing your work

When finishing your work, please remember to backup your related files from the lab computers to a safe place (e.g. your home directory in Niksula or the Computer Center). The course does not provide any back up service for the virtual machines. If you report problems regarding your machines to the course personnel, note that they may get completely reset with all running configurations cleared.