Virtualbox – Web Server ABC

Do you want to learn to make a website but don’t want to install http server on your host? In this guide I will show how to set up a guest OS and some popular tools for web servers.

Requirements:
virtualbox local network – see previous post

Time:
60 min

Table of content

Introduction


Without any doubt the most common http server is apache. What OS that is best to use it with is a bit more divided. In the Linux world the the most popular the free distros is probably CentOS. It’s based on RedHat Enterprise Linux which makes it a bit different from the Ubuntu clones we’ve used in the previous posts, and because we will make a web server we will not use any desktop environment. In matter fact to learn as much as possible we will install the minimum CentOS! Because we do it in a guest we can still use web browser in our host, something that is really nice when you need to ask google for help.
It might seem bothersome to have the server on a guest since you need to set up the VM environment properly to use network, but these days virtual servers is quite common: they use less power and you don’t have to turn your apartment into a storage room for computers.

Step 0 – Install CentOS


Download the iso from https://www.centos.org/download/. I use CentOS-7-x86_64-DVD-1503-01.iso in this guide.

CentOS will give you a warning if you don’t have more than one processor:
Important: In CentOS 7, single threaded, single CPU 64-bit physical systems are unsupported

During the installation do the following options:

INSTALLATION DESTINATION
Encrypt my data:  enable.

SOFTWARE SELECTION
Minimal install

NETWORK & HOST NAME
Make sure you turn your connection on.

Create a user called ‘admin’ with administration privilege. The installation on my machine was really resource heavy and lags a lot, I have never experienced it with other distros.

Step 1 – Installing the environment


First thing is to update the system.
#yum update
#yum upgrade

If you have only used Ubuntu then you might wonder what yum is. It’s the package manager for RHEL (well, until recently when it switched to dnf). The basic usage is similar to apt-get.

We will only use console so we need a console based editor:
#yum install vim

Since we are going console mode it would be nice to multiplex. There are two options, tmux and screen . In this tutorial I will use screen.
The alternative is of course to use the different virtual consoles [ctrl alt F1 -F6], but you can do a lot of other nice things with screen so it is recommended.
#yum install screen
$screen

Now let’s change the default ssh port. In /etc/ssh/sshd_config find ‘#port 22’ and remove the ‘#’ and set the port to 50022:
port 50022

Find PermitRootLogin and set it to no
PermitRootLogin no

Save and exit.
You will need to restart the ssh server for the changes to take effect:
#systemctl restart sshd

Go a head and try it if you want:
$ssh admin@localhost
ssh: connection to host localhost port 22: Connection refused
$ssh root@localhost -p 50222
Permission denied, please try again
$ssh admin@localhost -p 50222

Step 2 – setting up network


We will open up one more guest. This guest needs a desktop environment since we will use a web browser. I will use a Xubuntu guest. Let’s call the CentOS guest C and the Xubuntu guest X.
First add both guest C and X to a local network like we did previous. Let C still have it’s NAT adapter, but remove the cable.

webserver_networki
Get the ip of C:
$ip addr
192.168.3.2

Make sure we can ssh from X to C:
$ssh admin@192.168.3.2 -p 50022
ssh: connect to host 192.168.3.2 port 50022: No route to host

Strange, let’s see if we can ping C:
$ping 192.168.3.2
4 packets transmitted, 4 received, 0% packet loss, time 3005ms

It seem as we can reach the host. The port seem to be closed. Something is blocking it, most likely a firewall.

Step 3 – iptables


Many Linux distros comes with a firewall/IP filter called iptables*. It’s a really complex and advanced module and I will only cover some basics in this tutorial. If you got some time check out this awesome tutorial.

Make sure your NAT adapter is unplugged for guest C. Now let’s turn of iptables:
#iptables -P INPUT ACCEPT
#iptables -F

The first line allows all input (so make sure internet adapter is unplugged!). The second line flushes the table.

Retry to ssh from X to C.
It works. Now we need to add some real rules to iptables.
We want to allow ssh connections on port 50022, and since we will set up a web server we will also open port 80.

#iptables -P INPUT DROP
This line adds a policy to drop all incoming traffic.
We still want to accept http and ssh so we need to add some exceptions:
#iptables -A INPUT -p tcp –dport 50022 -j ACCEPT
#iptables -A INPUT -p tcp –dport 80 -j ACCEPT
Both this lines makes the firewall accept port 50022 and 80 for tcp traffic.

#iptables -P FORWARD DROP
Drop all forwarding
#iptables -P OUTPUT DROP
Allow all outgoing traffic

Lastly we will allow incoming traffic for already established or related traffic.
#iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

* CentOS 7 uses firewallD – but I still had to open the port in iptables.

Step 4 -apache


Connect your adapter to internet again and install apache:
#yum install httpd
Then start the service:
#systemctl start httpd.service

Now from guest X open the web browser and enter the ip address of C.
You should see the default test page.

connected

 

Conclusion


It’s quite easy to create a web server on a virtual machine. Usually when you use a virtual machine for hosting you use the VM in a headless state and connect to it through ssh – there’s no point of having a GUI at all. This requires static IP and that the host forwards the traffic to the guest though. We will have a look in upcoming posts of some alternatives to connect to your virtual web server from the outside.

Leave a Reply

Your email address will not be published. Required fields are marked *