Wednesday, May 12, 2021

How to install Red Hat JBoss Core Services Apache HTTP Server

 

About Red Hat JBoss Core Services

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

About JBoss Core Services Apache HTTP Server

Apache HTTP Server is used in multiple Red Hat JBoss middleware products, and previously Apache HTTP Server was distributed with each JBoss product. Starting from the following product versions, each product will instead use the JBoss Core Services distribution of Apache HTTP Server:

  • Red Hat JBoss Enterprise Application Platform (JBoss EAP) 7.0 and onwards.
  • Red Hat JBoss Web Server 3.1 and onwards.

IMPORTANT

The Apache HTTP Server distribution included as part of Red Hat Enterprise Linux is separate from the JBoss Core Services distribution of Apache HTTP Server.

Installing JBCS Apache HTTP Server on Linux

1.Download the binaries from the redhat site

2.upload the binaries to server

 scp -i awskeypair.pem jbcs-httpd24-httpd-2.4.37-RHEL7-x86_64 ec2-user@ec2-18-218-83-33.us-east-2.compute.amazonaws.com:/tmp

3.Connect to Server

 ssh -i awskeypair.pem ec2-user@ec2-18-218-83-33.us-east-2.compute.amazonaws.com

4.Extract the zip file and follow config file updates

unzip jbcs-httpd24-httpd-2.4.37-RHEL7-x86_64

Default home and reference in the files is /opt/rh/jbcs-httpd24/root/etc/httpd . We want to our own path . Ex /apache/web1a .So move the content of the extracted files to /apache/web1a

Just try to start [root@ip-172-31-14-154 sbin]# ./apachectl -k start

httpd: Could not open configuration file /opt/rh/jbcs-httpd24/root/etc/httpd/conf/httpd.conf: No such file or directory
[root@ip-172-31-14-154 sbin]# ./apachectl -f /apache/web1a/conf/httpd.conf -k start

httpd: Syntax error on line 56 of /apache/web1a/conf/httpd.conf: ServerRoot must be a valid directory

5.Update ServerRoot to /apache/web1a then try to start 

[root@ip-172-31-14-154 sbin]# ./apachectl -f /apache/web1a/conf/httpd.conf -k start
httpd: Syntax error on line 115 of /apache/web1a/conf/httpd.conf: Syntax error on line 2 of /apache/web1a/conf.modules.d/01-ldap.conf: Cannot load modules/mod_ldap.so into server: /apache/web1a/modules/../lib/libcrypto.so.1.1: version `OPENSSL_1_1_1b' not found (required by /usr/lib64/libk5crypto.so.3)
[root@ip-172-31-14-154 sbin]# 
Check if we can find the required file 
[root@ip-172-31-14-154 lib]# find / -name 'libk5crypto.so.3'
/usr/lib64/libk5crypto.so.3
[root@ip-172-31-14-154 lib]#

Create a soft line to point to the /usr/lib64/libk5crypto.so.3

[root@ip-172-31-14-154 lib]# ln -s /usr/lib64/libk5crypto.so.3 libcrypto.so.1.1
[root@ip-172-31-14-154 lib]# ls -ld libcrypto.so.1.1
lrwxrwxrwx. 1 root root 27 Jan  1 04:52 libcrypto.so.1.1 -> /usr/lib64/libk5crypto.so.3
[root@ip-172-31-14-154 lib]#
[root@ip-172-31-14-154 sbin]# ./apachectl -f /apache/web1a/conf/httpd.conf -k start
httpd: Syntax error on line 115 of /apache/web1a/conf/httpd.conf: Syntax error on line 1 of /apache/web1a/conf.modules.d/00-ssl.conf: Cannot load modules/mod_ssl.so into server: /apache/web1a/modules/../lib/libcrypto.so.1.1: version `OPENSSL_1_1_0' not found (required by /apache/web1a/modules/mod_ssl.so)
[root@ip-172-31-14-154 sbin]#

Try Setting LD_LIBRARY_PATH to the location where openssl is installed to avoid above error 

export LD_LIBRARY_PATH="/usr/lib64"
[root@ip-172-31-14-154 sbin]# ./apachectl -f /apache/web1a/conf/httpd.conf -k start
httpd: Syntax error on line 115 of /apache/web1a/conf/httpd.conf: Syntax error on line 1 of /apache/web1a/conf.modules.d/10-mod_security.conf: Cannot load modules/mod_security2.so into server: liblua-5.1.so: cannot open shared object file: No such file or directory
[root@ip-172-31-14-154 sbin]#

comment LoadModule mod_security2.so  in /apache/web1a/conf.modules.d/10-mod_security.conf

[root@ip-172-31-14-154 sbin]# ./apachectl -f /apache/web1a/conf/httpd.conf -k start

Now no error on the command prompt but apache didnt start . look at the error_log

[Fri Jan 01 06:08:19.576328 2021] [core:notice] [pid 63015] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[Fri Jan 01 06:08:19.577417 2021] [mime:error] [pid 63015] (2)No such file or directory: AH01597: could not open mime types config file /etc/mime.types.
AH00016: Configuration Failed
[Fri Jan 01 06:09:22.223355 2021] [core:notice] [pid 63025] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[Fri Jan 01 06:09:22.223689 2021] [mime:error] [pid 63025] (2)No such file or directory: AH01597: could not open mime types config file /etc/mime.types.
AH00016: Configuration Failed
There are pre-requirement packages1 for JWS. Among the required packages, the error is because of mailcap package which contain /etc/mime.types.

Therefore, install mailcap to avoid this issue:

# yum install -y mailcap

once mailcap is installed then try to start 

[root@ip-172-31-14-154 sbin]# ./apachectl -f /apache/web1a/conf/httpd.conf -k start
[root@ip-172-31-14-154 sbin]# 
[root@ip-172-31-14-154 sbin]# 
[root@ip-172-31-14-154 sbin]# ps -ef |grep httpd
root       61957   61885  0 04:38 pts/0    00:00:00 vi /apache/web1a/conf/httpd.conf
root       62948   61885  0 05:58 pts/0    00:00:00 vi /apache/web1a/conf/httpd.conf
root       63051       1  0 06:11 ?        00:00:00 ./httpd -f /apache/web1a/conf/httpd.conf -k start
apache     63053   63051  0 06:11 ?        00:00:00 ./httpd -f /apache/web1a/conf/httpd.conf -k start
apache     63054   63051  0 06:11 ?        00:00:00 ./httpd -f /apache/web1a/conf/httpd.conf -k start
apache     63055   63051  0 06:11 ?        00:00:00 ./httpd -f /apache/web1a/conf/httpd.conf -k start
apache     63056   63051  0 06:11 ?        00:00:00 ./httpd -f /apache/web1a/conf/httpd.conf -k start
apache     63057   63051  0 06:11 ?        00:00:00 ./httpd -f /apache/web1a/conf/httpd.conf -k start
apache     63058   63051  0 06:11 ?        00:00:00 ./httpd -f /apache/web1a/conf/httpd.conf -k start
apache     63059   63051  0 06:11 ?        00:00:00 ./httpd -f /apache/web1a/conf/httpd.conf -k start
apache     63060   63051  0 06:11 ?        00:00:00 ./httpd -f /apache/web1a/conf/httpd.conf -k start
root       63070   61885  0 06:11 pts/0    00:00:00 grep --color=auto httpd
[root@ip-172-31-14-154 sbin]# netstat -tnpl |grep 80
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN      63051/./httpd       
[root@ip-172-31-14-154 sbin]#

updated listen to Listen ip-172-31-14-154.us-east-2.compute.internal:80 and restarted .Now i am able to access page .

Now in the latest version default index.xml is not availble in /www/html .I just coped from ./www/noindex/index.html . in Prod environment remove this file.

Create apache group and user so that we can use it for maintaining services instead of using root 

Creating an Apache User
Login as the root user:
1.Run below command to create group
# groupadd -g 48 -r apache
3. Run the following command to create the apache user in the apache user group:
# /usr/sbin/useradd -c "Apache" -u 48 -g apache -s /sbin/nologin -r apache
4.# chown -R apache:apache /apache/web1a
5. Veriy permission with ls -lrt

Certificate configuration for Http Server .

Change the port from 80 to 5443

Generate Key and CSR ,Self signed certificate to configure in apache 

[root@ip-172-31-14-154 ssl]# openssl req -out sslcert.csr -newkey rsa:2048 -sha256 -nodes -keyout private.key -config san.conf
Generating a RSA private key
.....................................................+++++
....................................................................................................................+++++
writing new private key to 'private.key'
-----
[root@ip-172-31-14-154 ssl]# 



[root@ip-172-31-14-154 ssl]# ls -lrt
total 12
-rw-r--r--. 1 root root  303 Jan  1 07:05 san.conf
-rw-------. 1 root root 1704 Jan  1 07:05 private.key
-rw-r--r--. 1 root root 1033 Jan  1 07:05 sslcert.csr
[root@ip-172-31-14-154 ssl]# 
Generate a Self-Signed Certificate

Use this method if you want to use HTTPS (HTTP over TLS) to secure your Apache HTTP or Nginx web server, and you do not require that your certificate is signed by a CA.
This command creates a 2048-bit private key (domain.key) and a self-signed certificate (domain.crt) from scratch:

openssl req -newkey rsa:2048 -nodes -keyout private.key -x509 -days 365 -out httpd.crt
Generate a Self-Signed Certificate from an Existing Private Key
Use this method if you already have a private key that you would like to generate a self-signed certificate with it.
This command creates a self-signed certificate (domain.crt) from an existing private key (domain.key):

openssl req -key private.key -new -x509 -days 365 -out httpd.crt
Listen ip-172-31-14-154.us-east-2.compute.internal:5443

#IncludeOptional conf.d/*.conf
<VirtualHost *:5443>
ServerName hostname
SSLEngine On
SSLProxyVerify none
SSLProtocol -all +TLSv1.2
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile /apache/web1a/ssl/httpd.crt
SSLCertificateKeyFile /apache/web1a/ssl/private.key
SSLCACertificateFile /apache/web1a/ssl/httpd_ca.crt
</VirtualHost>

vi /etc/passwd file and remove /sbin/nologin and add /bin/bash so that we can switch to apache id from root

create start and stop scripts for Http Server 

[apache@ip-172-31-14-154 sbin]$ cat start.sh 
#!/bin/bash
export LD_LIBRARY_PATH="/usr/lib64"
cd /apache/web1a/sbin && ./apachectl -f /apache/web1a/conf/httpd.conf -k start
if [ $? -eq 0 ] ; then 
  echo " Web1a started successfully "
 else 
  echo "verify the error_log for error's "
fi
[apache@ip-172-31-14-154 sbin]$ ./start.sh 
 Web1a started successfully 
[apache@ip-172-31-14-154 sbin]$ nestat -tnpl |grep 5443
-bash: nestat: command not found
[apache@ip-172-31-14-154 sbin]$ netstat -tnpl |grep 5443
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 172.31.14.154:5443      0.0.0.0:*               LISTEN      63444/./httpd       
[apache@ip-172-31-14-154 sbin]$ 
[apache@ip-172-31-14-154 sbin]$ cat stop.sh 
#!/bin/bash
export LD_LIBRARY_PATH="/usr/lib64"
cd /apache/web1a/sbin && ./apachectl -f /apache/web1a/conf/httpd.conf -k stop
if [ $? -eq 0 ] ; then 
  echo " Web1a stopped successfully "
 else 
  echo "verify the error_log for error's "
fi
[apache@ip-172-31-14-154 sbin]$ ./stop.sh 
 Web1a stopped successfully 
[apache@ip-172-31-14-154 sbin]$
[apache@ip-172-31-14-154 sbin]$ netstat -tnpl |grep 5443
(No info could be read for "-p": geteuid()=48 but you should be root.)
[apache@ip-172-31-14-154 sbin]$

Hope this helps to setup Jboss HTTP Server .

at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Featured

Weblogic Domain Migration

 In this blog we will see domain re-configuration which will be done as part of Weblogic migration from lower version to higher version [ Ex...