[SOLVED]Getting a web server up and running

CarterCox · 2018-05-15 21:25:48

Ok so I don't have a registered domain so for now I'm just using my IP address to try and find the server. I followed this:

https://www.makeuseof.com/tag/build-lin … er-part-1/

So I installed apache, php and mariadb, then ran:

# mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
# mysql_secure_installation

Then I set up a static IP address using netctl (xxx.xxx.x.x).

I also enabled httpd.service.

Now when I go to http://localhost I get a document (blank.gif). However, I can't find the site with my other computer, by going to "http://xxx.xxx.x.x/srv/http".

Could this be a firewall problem? I am using UFW:

# ufw show status
To             Action       From
--              -------       ------
SSH           DENY        Anywhere
Anywhere   ALLOW      192.168.0.0/24
SSH (v6)    DENY        Anywhere (v6)

It's also important to note that I can ping my server by running

$ ping 192.168.1.250

I am a total noob here, I appreciate any help you can provice. Thanks a lot!

Edit: It does seem like a firewall issue. I disabled it and all is good. Does this mean I can't have a firewall in place with this settings?

Last edited by CarterCox (2018-05-15 22:54:42)

loqs · 2018-05-15 21:51:56

Why did you you change the address you were testing from requesting / to /srv/http for the remote test?
Looking at that firewall configuration it will not allow any connections from outside the private address range 192.168.0.0/24.

CarterCox · 2018-05-15 22:35:49

loqs wrote:

Why did you you change the address you were testing from requesting / to /srv/http for the remote test?
Looking at that firewall configuration it will not allow any connections from outside the private address range 192.168.0.0/24.

Yes you are right.

I didn't change it, apache does it automatically when enabling the httpd service.

Arch Wiki wrote:

By default, it will serve the directory /srv/http to anyone who visits your website.

Last edited by CarterCox (2018-05-15 22:36:08)

loqs · 2018-05-15 22:44:23

It will serve the directory /srv/http as / but you were trying to connect to http://xxx.xxx.x.x/srv/http which would map to /srv/http/srv/http
I take it you are not using ssh for remote management as you are explicitly blocking it with the firewall. You would need to open the http / https ports to whatever address you want apache to server to.

CarterCox · 2018-05-15 22:54:25

loqs wrote:

It will serve the directory /srv/http as / but you were trying to connect to http://xxx.xxx.x.x/srv/http which would map to /srv/http/srv/http
I take it you are not using ssh for remote management as you are explicitly blocking it with the firewall. You would need to open the http / https ports to whatever address you want apache to server to.

Yes I'm sorry. I actually disabled the firewall and just went to http://xxx.xxx.x.x and go to my site. I forgot to edit that part out.

The thread is technically solved. Thanks!

However, I should ask. What is a good policy for a web server firewall? Denying SSH is the best you can do?

loqs · 2018-05-15 23:03:12

If you do not use ssh I would not run the service. What is your objective by running a firewall?

CarterCox · 2018-05-16 00:16:40

loqs wrote:

If you do not use ssh I would not run the service. What is your objective by running a firewall?

To prevent unauthorized access I guess. Anyways there is no harm in it.

I found a good way to enable it:

# ufw default deny
# ufw allow WWW
# ufw enable

Everything works perfect. Thanks.

loqs · 2018-05-16 00:20:51

If the service is not running or is not using the IP protocol (eg setting mariadb to use unix domain sockets) then how does that not achieve the same result without a firewall?

CarterCox · 2018-05-16 00:22:16

loqs wrote:

If the service is not running or is not using the IP protocol (eg setting mariadb to use unix domain sockets) then how does that not achieve the same result without a firewall?

SSH is not the only thing I want to block. I just want to block everything that is not related to the server.

seth · 2018-05-16 05:45:24

@loqs, a firewall on the server can still protect against a compromised http owned process, eg. if an attacker manages to compromise, ... let's just say typo3 because that's reasonably the thing that's compromised all the time ..., to run it's only little spam sling or open a backdoor shell, it can still not exit on port 25/465/587 or outbound > 1024 w/o gaining root privs.

@Carter, it's obviously much better to run the firewall on a system in front of the pot. vulnerable one, also consider an IDS.

CarterCox · 2018-05-16 12:28:19

@Seth: I understand. For now I've been using it to test so I'm only allowing my phone's and computer's addresses. I'll consider it if I ever go online.

Thanks!

Arch Linux

#1 2018-05-15 21:25:48

[SOLVED]Getting a web server up and running

#2 2018-05-15 21:51:56

Re: [SOLVED]Getting a web server up and running

#3 2018-05-15 22:35:49

Re: [SOLVED]Getting a web server up and running

#4 2018-05-15 22:44:23

Re: [SOLVED]Getting a web server up and running

#5 2018-05-15 22:54:25

Re: [SOLVED]Getting a web server up and running

#6 2018-05-15 23:03:12

Re: [SOLVED]Getting a web server up and running

#7 2018-05-16 00:16:40

Re: [SOLVED]Getting a web server up and running

#8 2018-05-16 00:20:51

Re: [SOLVED]Getting a web server up and running

#9 2018-05-16 00:22:16

Re: [SOLVED]Getting a web server up and running

#10 2018-05-16 05:45:24

Re: [SOLVED]Getting a web server up and running

#11 2018-05-16 12:28:19

Re: [SOLVED]Getting a web server up and running

Board footer