Basic Apache server configuration step by step

Basic Apache server configuration

Installing Apache When youre working with Apache, you need two packages. The first is httpd, which actually installs the Apache web server. The second is the mod_ssl package, which provides the ability to create secure websites. Step 1. Install the two required packages: # yum install y httpd mod_ssl Step 2. Verify that the packages were installed correctly: # rpm -qa | grep http httpd-2.2.15-5.el6.x86_64 httpd-tools-2.2.15-5.el6.x86_64 # rpm -qa | grep ssl mod_ssl-2.2.15-5.el6.x86_64 openssl-1.0.0-4.el6.x86_64 Step 3. With the packages installed, make sure that the service is set to start when the system boots: # chkconfig httpd on Step 4. Verify your changes: # chkconfig httpd --list httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off Open http main config file # vi /etc/httpd/conf/httpd.conf DocumentRoot /var/www/html Test the config file: # service httpd configtest Syntax OK # service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ]

Firewall and SELinux Configuration For your web server to become fully functional, you need to make some security Changes. First and foremost, the firewall needs to be opened on port 80.

Step 1. Use iptables to create the additional firewall rules: # iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT Step 2. Save the firewall rules you have just created: # service iptables save Saving firewall rules to /etc/sysconfig/iptables: [ OK ] Step 3. Then restart the iptables service: # service iptables restart iptables: Flushing firewall rules: iptables: Setting chains to policy ACCEPT: filter iptables: Unloading modules: iptables: Applying firewall rules:

[ OK ] [ OK ] [ OK ] [ OK ]

Some Changes required in SELinux You need to disable the SELinux service protection to be able to utilize basic web services. Step 1. Query for the Boolean value you need to change: # getsebool -a | grep httpd_dis httpd_disable_trans --> off Step 2. Disable the SELinux protection: # setsebool -P httpd_disable_trans=1 Step 3. Verify that the Boolean has changed: # getsebool -a | grep httpd_dis httpd_disable_trans --> on Create Web Directories Step 1. Create the customer web directories: # mkdir /var/www/site1 # mkdir /var/www/site2 Step 2. Check the current context of the files: # ls -Z /var/www drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgibin drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 error drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 icons drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 site1 drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 site2

You can change the context of the customer sites to match the default site (the html directory). Step 3. Use the chcon command to change the context of the user and domain: # chcon -Rvu system_u site1 changing security context of site1 # chcon -Rvu system_u site1 changing security context of site1 Step 4. You also could reference the default directory for a single command: # chcon --reference=html site2 This changes the site2 directory to match the html directorys SELinux context. Step 5. You can now check again and verify that all the context fields for the two customer site directories have been changed correctly: # ll -Z drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgibin drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 error drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 icons drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 site1 drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 site2 Now finally open browser and check your web site. http://yourlocalIP or http://127.0.0.1