Do you want to learn to make a website but don’t want to install http server on your host? In this guide I will show how to set up a guest OS and some popular tools for web servers.
virtualbox local network – see previous post
Table of content
- Step 0 – Install CentOS
- Step 1 – Installing the environment
- Step 2 – setting up network
- Step 3 – iptables
- Step 4 -apache
Without any doubt the most common http server is apache. What OS that is best to use it with is a bit more divided. In the Linux world the the most popular the free distros is probably CentOS. It’s based on RedHat Enterprise Linux which makes it a bit different from the Ubuntu clones we’ve used in the previous posts, and because we will make a web server we will not use any desktop environment. In matter fact to learn as much as possible we will install the minimum CentOS! Because we do it in a guest we can still use web browser in our host, something that is really nice when you need to ask google for help.
It might seem bothersome to have the server on a guest since you need to set up the VM environment properly to use network, but these days virtual servers is quite common: they use less power and you don’t have to turn your apartment into a storage room for computers.
Step 0 – Install CentOS
Download the iso from https://www.centos.org/download/. I use CentOS-7-x86_64-DVD-1503-01.iso in this guide.
CentOS will give you a warning if you don’t have more than one processor:
Important: In CentOS 7, single threaded, single CPU 64-bit physical systems are unsupported
During the installation do the following options:
Encrypt my data: enable.
NETWORK & HOST NAME
Make sure you turn your connection on.
Create a user called ‘admin’ with administration privilege. The installation on my machine was really resource heavy and lags a lot, I have never experienced it with other distros.
Step 1 – Installing the environment
If you have only used Ubuntu then you might wonder what yum is. It’s the package manager for RHEL (well, until recently when it switched to dnf). The basic usage is similar to apt-get.
We will only use console so we need a console based editor:
#yum install vim
Since we are going console mode it would be nice to multiplex. There are two options, tmux and screen . In this tutorial I will use screen.
The alternative is of course to use the different virtual consoles [ctrl alt F1 -F6], but you can do a lot of other nice things with screen so it is recommended.
#yum install screen
Now let’s change the default ssh port. In /etc/ssh/sshd_config find ‘#port 22’ and remove the ‘#’ and set the port to 50022:
Find PermitRootLogin and set it to no
Save and exit.
You will need to restart the ssh server for the changes to take effect:
#systemctl restart sshd
Go a head and try it if you want:
ssh: connection to host localhost port 22: Connection refused
$ssh root@localhost -p 50222
Permission denied, please try again
$ssh admin@localhost -p 50222
Step 2 – setting up network
We will open up one more guest. This guest needs a desktop environment since we will use a web browser. I will use a Xubuntu guest. Let’s call the CentOS guest C and the Xubuntu guest X.
First add both guest C and X to a local network like we did previous. Let C still have it’s NAT adapter, but remove the cable.
Get the ip of C:
Make sure we can ssh from X to C:
$ssh firstname.lastname@example.org -p 50022
ssh: connect to host 192.168.3.2 port 50022: No route to host
Strange, let’s see if we can ping C:
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
It seem as we can reach the host. The port seem to be closed. Something is blocking it, most likely a firewall.
Step 3 – iptables
Many Linux distros comes with a firewall/IP filter called iptables*. It’s a really complex and advanced module and I will only cover some basics in this tutorial. If you got some time check out this awesome tutorial.
Make sure your NAT adapter is unplugged for guest C. Now let’s turn of iptables:
#iptables -P INPUT ACCEPT
The first line allows all input (so make sure internet adapter is unplugged!). The second line flushes the table.
Retry to ssh from X to C.
It works. Now we need to add some real rules to iptables.
We want to allow ssh connections on port 50022, and since we will set up a web server we will also open port 80.
#iptables -P INPUT DROP
This line adds a policy to drop all incoming traffic.
We still want to accept http and ssh so we need to add some exceptions:
#iptables -A INPUT -p tcp –dport 50022 -j ACCEPT
#iptables -A INPUT -p tcp –dport 80 -j ACCEPT
Both this lines makes the firewall accept port 50022 and 80 for tcp traffic.
#iptables -P FORWARD DROP
Drop all forwarding
#iptables -P OUTPUT DROP
Allow all outgoing traffic
Lastly we will allow incoming traffic for already established or related traffic.
#iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
* CentOS 7 uses firewallD – but I still had to open the port in iptables.
Step 4 -apache
Now from guest X open the web browser and enter the ip address of C.
You should see the default test page.
It’s quite easy to create a web server on a virtual machine. Usually when you use a virtual machine for hosting you use the VM in a headless state and connect to it through ssh – there’s no point of having a GUI at all. This requires static IP and that the host forwards the traffic to the guest though. We will have a look in upcoming posts of some alternatives to connect to your virtual web server from the outside.