100%
GRIMOIRE
GrimoireDindon CorpusSynthesis VolumesThe Foundation of Iron
FRENAR
RATIO
THE FOUNDATION OF IRON · COURSE MATERIAL · WEEK 24
◆◆◆
WEB SERVER
HTTP/HTTPS AND CERTIFICATES
Week 24 of 26 · Block 9 — Web & Database
8h theory · 27h practice
◆ WEEKLY LEARNING OBJECTIVES

1. Understand the HTTP/HTTPS protocol and web client-server architecture
2. Install and configure a web server (Apache or Nginx)
3. Host a simple site and resolve it via the Week 21 DNS
4. Set up HTTPS with a self-signed certificate
5. Configure virtual hosts to serve multiple sites on one server

◆◆◆
⚠ WARNING — SHELF LIFE OF VERSIONS REFERENCED HERE

Apache and Nginx are cited as reference web servers. Other solutions exist. Version numbers and configuration file locations vary between Linux distributions and versions. The instructor adapts to the environment actually available.

Amine RAITI · Infrastructure Architect & SRE
Public document · CC BY-NC-SA 4.0 · AI Powered by Amine
Opération Dindon
RATIO
COURSE OUTLINE · 8H
THEORY GUIDING THREAD
24.1 · HTTP/HTTPS protocol and web architecture3h
— HTTP: layer 7 protocol (OSI application layer, link with Week 17), request/response exchange, GET/POST methods, status codes
— HTTPS: HTTP with TLS encryption — content is encrypted, server identity verified by certificate
— Web client-server architecture: browser (client) ↔ web server (Apache/Nginx) ↔ application ↔ database (anticipated link with Week 25)
24.2 · SSL/TLS certificates2h
— Certificate role: proving server identity and establishing an encrypted channel
— Self-signed certificate (training) vs CA-signed certificate (production)
— Chain of trust: root CA → intermediate CA → server certificate
24.3 · Virtual Hosts2h
— Hosting multiple sites on the same server with different domain names
— Name-based Virtual Hosting: the server reads the HTTP Host header to decide which site to serve
— Link with DNS: each Virtual Host requires an A record in the Week 21 DNS zone
24.4 · Basic web server hardening1h
— Disable server version display in HTTP headers
— Restrict access to specific directories
— Access and error logs: where to find them and how to read them
RATIO
EXERCISE 1 · WEB SERVER INSTALLATION AND CONFIGURATION · 13H

Equipment: Linux VM (Week 8), DNS operational from Week 21.

(2h) Installing the web server, starting the service, verifying locally via a browser (http://localhost).
(2h) Creating a simple site (provided HTML page), configuring the default Virtual Host to serve it, adding an A record in the Week 21 DNS to resolve the site's name from another machine.
(3h) Setting up HTTPS: generating a self-signed certificate, configuring the HTTPS Virtual Host, testing the encrypted connection (accepting the self-signed certificate in the browser).
(3h) Creating a second Virtual Host for a second fictitious site on the same server, adding the second DNS record, verifying both sites are independently accessible.
(2h) Configuring automatic HTTP → HTTPS redirection, testing the redirect from a browser.
(1h) Exploring access and error logs, identifying a successful request and a 404 error.
SOLUTION — EXERCISE 1

DNS resolution check: from a client machine on the same network, resolve the site's name via the Week 21 DNS — the response must return the web server's IP address. Without this step, the browser cannot find the server by name.

Common Virtual Hosts mistake: forgetting to create a separate DNS record for each Virtual Host — both domain names must resolve to the same server IP, but each must have its own A record in the DNS zone.

RATIO
EXERCISE 2 · WEB SERVER HARDENING AND DIAGNOSIS · 14H

Equipment: the web server configured in Exercise 1, Wireshark.

(3h) Comparative HTTP vs HTTPS capture with Wireshark: observe that HTTP content is readable in clear text, HTTPS content is encrypted — concrete demonstration of the importance of HTTPS (link with Week 15 — security).
(3h) Web server hardening: disabling unused modules, restricting directory access by IP address, configuring HTTP security headers.
(4h) Deploying a simple web application (provided PHP app) on the server, preparing the database connection configuration for the database to be deployed in Week 25.
(2h) Diagnosing simulated web failures: 403 Forbidden (permissions), 502 Bad Gateway (application service unreachable), expired certificate — identify the cause in the logs and fix.
(2h) Documenting the deployed web server: Virtual Hosts, HTTPS, active modules, restrictions.
SOLUTION — EXERCISE 2

Error codes and their causes: 403 Forbidden = file or directory permissions prevent the web server from reading it (check UNIX permissions, link with Week 8); 502 Bad Gateway = the backend application service (PHP-FPM or equivalent) is not running or not listening on the right socket; expired certificate = recreate the self-signed certificate or extend its validity period.

◆ SUMMARY SHEET — WEEK 24 SELF-ASSESSMENT
1. I can explain how HTTP/HTTPS works and the GET/POST methods.
2. I can install and configure a web server (Apache or Nginx).
3. I can configure HTTPS with a self-signed certificate.
4. I can create multiple Virtual Hosts on the same server.
5. I can configure HTTP → HTTPS redirection.
6. I can read and interpret web server access and error logs.
7. I can diagnose common HTTP errors (403, 404, 502).
8. I can explain why HTTPS is necessary compared to plain HTTP.