Apache
The apache webserver is often part of a LAMP stack.
L = Linux A = Apache M = Mysql/MariaDB P = PHP
Instead of Mysql you can use MariaDB. This had we already installed.
Installation
First we install de basic webserver.
# yum install httpd
Configuration
# cd /etc/httpd/ # ll drwxr-xr-x. 2 root root 37 18 nov 14:47 conf drwxr-xr-x. 2 root root 82 18 nov 14:47 conf.d drwxr-xr-x. 2 root root 146 18 nov 14:47 conf.modules.d lrwxrwxrwx. 1 root root 19 18 nov 14:47 logs -> ../../var/log/httpd lrwxrwxrwx. 1 root root 29 18 nov 14:47 modules -> ../../usr/lib64/httpd/modules lrwxrwxrwx. 1 root root 10 18 nov 14:47 run -> /run/httpd # ll conf -rw-r--r--. 1 root root 11753 30 sep 15:20 httpd.conf -rw-r--r--. 1 root root 130641 okt 18:52 magic
The configuration is put in the file http.conf.
httpd.conf
This is the main configuration file for the server.
Changes are listed below.
# cd conf # vi httpd.conf ServerAdmin root@example.com #DocumentRoot "/var/www/" #<Directory "/var/www"> #AllowOverride None ##Allow open access: #Require all granted #</Directory> #<Directory "/var/www/html"> # http://httpd.apache.org/docs/2.4/mod/core.html#options for more information. #Options Indexes FollowSymLinks #AllowOverride None #Require all granted #</Directory> ErrorLog "logs/error_log" #CustomLog "logs/access_log" combined #ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" #<Directory "/var/www/cgi-bin"> #AllowOverride None #Options None #Require all granted #</Directory> IncludeOptional conf.d/*.conf Include conf/default.conf IncludeOptional conf/vhosts.d/*.conf
Directory "/var/www/html" can be set in the vhost.conf files
Logfiles are set in the vhost.conf files.
TLS support
When we want https support for our websites we need to install mod_ssl.
# yum install mod_ssl
ssl.conf
# cd /etc/httpd/conf.d/ # vi ssl.conf
The <VirtualHost _default_:443> section must be changed with on each line starting a #.
We set the SSL options in the vhosts.conf file.
We can make some options global.
Add the code below in your vhosts.conf file if you want cgi-bin support for the website.
<Directory "/srv/www/vhosts/www.example.com/cgi-bin"> SSLOptions +StdEnvVars </Directory>The selinux con for ...../cgi-bin is: unconfined_u:object_r:httpd_sys_script_exec_t:s0
Checking TLS
Configure name-based virtual hosts
Defaulthost
The first host that is started is the default server and we do not want the production host to be boarded. This is the host that replies to all calls that are not handeld by vhosts.
There is no need for encryption if you doe not use TLS. If you have TLS vhosts you need the vhosts.con template.
# vi default.conf <VirtualHost *:80> ServerName server1.robkalmeijer.nl CustomLog /var/log/httpd/server1-access_log combined ErrorLog /var/log/httpd/server1-error_log DirectoryIndex index.html index.html.var index.php DocumentRoot /srv/www/default/httpsdocs <Directory "/srv/www/default/httpsdocs"> Options +Indexes AllowOverride All Require all granted </Directory> </VirtualHost>
Testing configfiles
# httpd -t
If there are errors in the configfiles correct them first.
Starting
# systemctl start httpd # systemctl enable httpd # systemctl status httpd
Firewall
# firewall-cmd --zone=public --permanent --add-service=http # firewall-cmd --zone=public --permanent --add-service=https # firewall-cmd --reload
SELinux
The default context is httpd_sys_content_t, which tells SELinux that the Apache process can only read files created in this directory.
If you need that a CMS can write to its files use httpd_sys_rw_content_t.
Settingup directories for the default server
# cd /srv # mkdir www # chcon -t httpd_sys_content_t: www/ # cd www # mkdir default # cd default # mkdir httpdocs # chown root:users httpdocs
Homepage default server
# cd /srv/www/default/httpdocs # vi index.html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl"> <head> <meta http-equiv="content-type" content="application/xhtml+xml; charset=iso-8859-1" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="author" content="Rob Kalmeijer" /> <title>Wrong URL</title> <link rel="stylesheet" href="/include/style.css" type="text/css" media="screen" /> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /> </head> <body> <div id="inhoud"> <h1>Enter a valid URL</h1> <p>You did enter a invalid URL, did not use a subdomain like www or used a IP address.</p> <p>If you have enterd a valid URL than the server is in maintenance and please try later.</p> </div> </body> </html>
Testing
We can now test if the server is working. Enter server1.example.com in the browser URL-address.
This command will display all of the host's network addresses, so you will get back a few IP addresses separated by spaces. You can try each in your web browser to see if they work.
# hostname -I
PHP
When the apache server works with the default server we can install php scripting.
Content Management Systems require PHP and mySQL/Mariadb.
See here.
Virtual hosts
After the default server and php setup we can begin with the virtual hosts. These are the real websites.
The defaulthost is not to be used for websites.
See vhosts.
Setting up a secure connection
After tested te domain is working as http you can install TLS.
You can use the free service from Let's Encrypt.
Lets start with Let's encrypt
Setting up a Tor-service
You can setup a tor (.onion) link to your website. You don't need a https link to it.
See tor.