mirror-tutorial mirror-tutorial-en.xml,1.14,1.15
Paul W. Frields (pfrields)
fedora-docs-commits at redhat.com
Wed Nov 9 23:42:05 UTC 2005
Author: pfrields
Update of /cvs/docs/mirror-tutorial
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9033
Modified Files:
mirror-tutorial-en.xml
Log Message:
Added security information from Stuart Ellis (#169584) with trivial edits
Index: mirror-tutorial-en.xml
===================================================================
RCS file: /cvs/docs/mirror-tutorial/mirror-tutorial-en.xml,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- mirror-tutorial-en.xml 17 Oct 2005 02:23:08 -0000 1.14
+++ mirror-tutorial-en.xml 9 Nov 2005 23:41:58 -0000 1.15
@@ -6,8 +6,8 @@
%FEDORA-ENTITIES-EN;
<!ENTITY BOOKNAME "mirror-tutorial">
-<!ENTITY BOOKVERSION "0.34">
-<!ENTITY BOOKDATE "2005-10-16">
+<!ENTITY BOOKVERSION "0.35">
+<!ENTITY BOOKDATE "2005-11-09">
<!ENTITY BOOKID "&BOOKNAME;-&BOOKVERSION; (&BOOKDATE;)"> <!-- change version of manual and date here -->
<!ENTITY BUG-NUM "130125">
@@ -182,6 +182,16 @@
</para>
</revdescription>
</revision>
+ <revision>
+ <revnumber>0.35</revnumber>
+ <date>2005-11-09</date>
+ <authorinitials>PaulWFrields</authorinitials>
+ <revdescription>
+ <para>
+ Added some security info and fixes (#169584).
+ </para>
+ </revdescription>
+ </revision>
</revhistory>
</articleinfo>
@@ -267,7 +277,8 @@
<title>Acknowledgements</title>
<para>
Karsten Wade provided editorial services and kept the style
- crisp and consistent.
+ crisp and consistent. Stuart Ellis provided some additional
+ security-related information.
</para>
</section>
</section>
@@ -993,82 +1004,159 @@
<title>Server Configuration</title>
<para>
- This section gives guidance on setting up a HTTP (Web) server that
- provides installation and update mirror services.
+ This section describes how to set up a HTTP (Web) server to
+ support &FED; installation and software management applications.
</para>
- <section id="sn-setting-up-apache">
- <title>Setting Up Apache</title>
+ <section id="sn-installing-apache">
+ <title>Installing The Apache Web Server</title>
+ <para>
+ &FC; provides the Apache server in the
+ <filename>httpd</filename> package. The
+ <filename>httpd</filename> package is included on &FED; systems
+ installed with the <guilabel>Server</guilabel> installation
+ type. You may have installed it later in order to run websites
+ or Web applications. &FEX; also offers alternative HTTP servers,
+ which are beyond the scope of this document.
+ </para>
+ <para>
+ To install the <filename>httpd</filename> package, if you have
+ not already done so, use the following command:
+ </para>
+
+<screen>
+<userinput>su -c 'yum install httpd'</userinput>
+</screen>
<para>
- The HTTP service, provided by the Apache server in the
- <filename>httpd</filename> package, is the easiest service to
- configure. You can also use Apache to offer post-installation
- functions such as updates or installing additional packages. To
- install the <filename>httpd</filename> package, if you have not
- already done so, use the following command:
+ Enter the password for the
+ <systemitem class="username">root</systemitem> account when
+ prompted.
+ </para>
+ <para>
+ To start the service, use the following command:
</para>
<screen>
-<userinput>su - -c "yum install httpd"</userinput>
+<userinput>su -c '/sbin/service httpd start'</userinput>
</screen>
<para>
- Next, create a configuration file
- <filename>/etc/httpd/conf.d/mirror.conf</filename> for your
- mirror files. The following listing is an example:
+ Enter the password for the
+ <systemitem class="username">root</systemitem> account when
+ prompted.
+ </para>
+ <para>
+ To enable this service to load automatically at boot time, use
+ the following command:
</para>
- <example>
- <title>Apache 2.x configuration file for installation
- mirror</title>
+<screen>
+<userinput>su -c '/sbin/chkconfig --level 345 httpd on'</userinput>
+</screen>
+
+ <para>
+ Enter the password for the
+ <systemitem class="username">root</systemitem> account when
+ prompted.
+ </para>
+ <para>
+ The default firewall configuration for &FED; blocks access from
+ remote systems. To enable other systems to connect to your HTTP
+ service, use the
+ <application>system-config-securitylevel</application> utility:
+ </para>
+ <procedure>
+ <step>
+ <para>
+ Choose <menuchoice> <guimenu>Desktop</guimenu>
+ <guisubmenu>System Settings</guisubmenu>
+ <guimenuitem>Security Level</guimenuitem> </menuchoice>.
+ </para>
+ </step>
+ <step>
+ <para>
+ Enter the password for the
+ <systemitem class="username">root</systemitem> account when
+ prompted.
+ </para>
+ </step>
+ <step>
+ <para>
+ Select <guilabel>WWW (HTTP)</guilabel> from the list of
+ services.
+ </para>
+ </step>
+ <step>
+ <para>
+ When prompted, select <guilabel>Yes</guilabel> to update the
+ firewall configuration.
+ </para>
+ </step>
+ </procedure>
+ </section>
+ <section id="sn-configuring-apache">
+ <title>Configuring The Apache Web Server</title>
+ <para>
+ To enable HTTP access to the files in your mirror directory,
+ create the configuration file
+ <filename>/etc/httpd/conf.d/mirror.conf</filename>. The
+ following listing is an example:
+ </para>
+ <example>
+ <title>Apache 2.x configuration file for &FED; mirror</title>
<screen>
-<computeroutput><![CDATA[# The name at which the installation tree will be shared,
+<computeroutput><![CDATA[# The name at which the mirror will be shared,
# followed by the name of the root directory of that tree.
Alias /mirror /var/www/mirror
-# Share options for the installation tree.
+# Share options for the mirror.
# Only allow connections from localhost and
# IP addresses which start with 192.168.1
-
-<Directory /var/www/mirror>
- AllowOverride None
- Order Deny,Allow
- Deny from all
- Allow from 127.0.0.1 192.168.1
- Options Indexes
-</Directory>]]></computeroutput>
+ <Directory /var/www/mirror>
+ AllowOverride None
+ Order Deny,Allow
+ Deny from all
+ Allow from 127.0.0.1 192.168.1
+ Options Indexes
+ </Directory>]]></computeroutput>
</screen>
</example>
-
<para>
- To start the <command>httpd</command> service, use the following
- command:
+ You must use root privileges to create or copy files in the
+ directory <filename>/etc/httpd/conf.d/</filename>.
</para>
-
-<screen>
-<userinput>/sbin/service httpd start</userinput>
-</screen>
-
<para>
- To enable that server by default at boot time, use the following
- command:
+ To update an active <command>httpd</command> service with a new
+ configuration, use the following command:
</para>
<screen>
-<userinput>chkconfig httpd on</userinput>
+<userinput>/sbin/service httpd reload</userinput>
</screen>
<para>
- Your clients may now visit any area of your mirror by using the
- URL
- http://<replaceable>server.mydomain.org</replaceable>/mirror/<replaceable>path</replaceable>.
+ Enter the password for the
+ <systemitem class="username">root</systemitem> account when
+ prompted.
</para>
-
- </section>
-
+ <para>
+ Your clients may now visit any area of your mirror by using the
+ URL
+ http://<replaceable>server.mydomain.org</replaceable>/mirror/<replaceable>path</replaceable>.
+ </para>
+ <note>
+ <title>Apache and &SEL;</title>
+ <para>
+ The default &SEL; configuration for &FED; permits Apache to
+ use files in the <filename>/var/www/</filename> directory. If
+ you build your mirror in another directory, you may need to
+ modify the &SEL; policy.
+ </para>
+ </note>
+ </section>
<section id="sn-solving-dependencies">
<title>Solving Dependencies</title>
<para>
@@ -1097,7 +1185,7 @@
<para>
The Yellow Dog Updater Modified, or
<emphasis>yum</emphasis><indexterm> <primary>yum</primary>
- </indexterm>, is a Python-based system for computing and solving
+ </indexterm>, is a Python-based system for computing and solving
RPM dependencies. A <command>yum</command> client retrieves a
cache of headers from its repository server, as well as a list
of available RPM packages and their exact locations on the
@@ -1246,7 +1334,7 @@
<listitem>
<para>
Official updates to the distribution; for example,
- <filename>/var/mirror/fedora/linux/core/updates/&FCVER;/</filename>.
+ <filename>/var/www/mirror/fedora/linux/core/updates/&FCVER;/</filename>.
Once again, for <command>yum-arch</command> use
<command>-l</command> and/or <command>-s</command> if
appropriate.
More information about the docs-commits
mailing list