T-110.5102 Laboratory Works in Networking and Security (5-10 cr)
Lab B2: Web server
Description of the exercise
In this exercise, you will introduce yourself to some basic features of Apache web server and its plugins. In addition to that you will set up an nginx server as a reverse proxy and try out Node.js for serving a web page. Take into account that from now on you'll have to do extensive self-research to be able to successfully complete the assignments.
You will need all three virtual machines to complete this assignment. The final web server will look like the image below.
1. Apache2
Install Apache2 on lab2. The modules for serving user directory contents, rewriting URLs and setting up SSL should come with Apache2 by default.
Set up SSH port forwarding for HTTP and HTTPS so that you can test the server on your local machine (localhost) with your favourite web browser.
Example: ssh -L 8080:localhost:80 user@myserver.fi
Hint: You will need to forward multiple hops to reach lab2 from the internet.
You will also need to allow HTTP and HTTPS in the default security group of your OpenStack project.
| 1.1 | Allow HTTP and HTTPS in the default security group that is used by your virtual machine instances. | 1p |
| 1.2 | Serve a default web page using Apache2 | 1p |
| 1.3 | Show that the web page can be loaded on local browser (your machine or Niksula) using SSH port forwarding to OpenStack environment. | 1p |
2. Serve a web page using Node.js
Install nodejs on lab3 from package manager and create a HTTP application helloworld.js listening on port 8080 that serves a web page with a text "Hello world!".
The web pages served by Node.js are written in javascript, but you do not actually need to know how to write it, because there's plenty of hello world examples on the internet.
The purpose of this assignment is to familiarize yourself with the increasingly popular and simple method of serving web applications using Node.js.
| 2.1 | Provide a working web page with the text "Hello World!" | 3p |
| 2.2 | Explain the contents of the helloworld.js javascript file | 1p |
| 2.3 | What does it mean that Node.js is event driven? What are the advantages in such approach? | 2p |
3. Configuring SSL
On lab2 create a 2048-bit key for the Apache2 server. Then create a certificate that matches to the key. Configure Apache2 to use this certificate for HTTPS traffic. Set up again SSH port forwarding to test HTTPS using your local browser (if it is not active already).
Note: Taking a shortcut with CA.pl is not accepted, you need to understand the process! Only a few commands are needed, though.
| 3.1 | Provide and explain your solution. | 1p |
| 3.2 | What information can a certificate include? What is necessary for it to work in the context of a web server? | 1p |
| 3.3 | What do PKI and requesting a certificate mean? | 1p |
4. Enforcing HTTPS
Create a subdirectory called "secure_secrets" to public_html directory of your user. Use the userdir module to serve public_html from users' home directories.
| 4.1 | Provide and explain your solution. | 2p |
| 4.2 | What is HSTS? | 1p |
| 4.3 | When to use .htaccess? In contrast, when not to use it? | 1p |
5. Install nginx as a reverse proxy
Next, you are going to serve both Apache2 and Node.js hello world from lab1 using nginx as a reverse proxy.
Install nginx on lab1 and configure it to act as a gateway to both Apache2 at lab2 and Node.js at lab3 the following way:
HTTP requests to http://lab1/apache are directed to Apache2 server listening on lab2:80 and requests to http://lab1/node to Node.js server on lab3:8080.
| 5.1 | Provide a working solution serving both web applications from nginx. | 3p |
| 5.2 | Explain the contents of the nginx configuration file. | 1p |
| 5.3 | What is usually the primary purpose of an nginx server? | 1p |
6. Finishing your work
When finishing your work, please remember to backup your related files from the lab computers to a safe place (e.g. your home directory in Niksula or the Computer Center). The course does not provide any back up service for the virtual machines.