Installing Apache webserver

From rdkwiki
Jump to: navigation, search


The steps below will configure a working Apache web-server. The steps assume that you have a (fresh) CentOS 7 server running.

Apache installation

  • yum install httpd --> install httpd (Apache)
  • systemctl start httpd --> start Apache
  • systemctl enable httpd --> enable Apache at boot

Firewall configuration

  • firewall-cmd --permanent --allow-service=http --> allow http traffic through firewall
  • firewall-cmd --permanent --allow-service=https --> allow https (ssl) traffic through firewall
  • firewall-cmd --reload --> reload firewall with new configuration

Apache vhost configuration (optional)

  • mkdir /etc/httpd/sites-available --> create the folder where the vhost files will be saved
  • mkdir /etc/httpd/sites-enabled --> create the folder where the vhost files will be linked to make them active
  • nano /etc/httpd/conf/httpd.conf --> change the Apache configuration
add IncludeOptional sites-enabled/*.conf to end of file

repeat the steps below for each vhost that you want to create:

  • nano /etc/httpd/sites-available/<host>.<domain>.<tld>.conf
<VirtualHost *:80>
    ServerName <host>.<domain>.<tld>
    ServerAlias <domain>.<tld>  
    DocumentRoot /var/www/html/<subfolder>
  • ln -s /etc/httpd/sites-available/<host>.<domain>.<tld>.conf /etc/httpd/sites-enabled/<host>.<domain>.<tld>.conf --> make a symbolic link to activate a site.

Splitting Apache's "access_log" and "errorlog" for each vhost (optional)

  • nano /etc/httpd/sites-available/<site>.conf --> edit vhost-file
 <VirtualHost *:80>
   ServerName <host>.<domain>.<tld>
   ServerAlias <domain>.<tld>
   DocumentRoot /var/www/html/<subfolder>
   add this line: ErrorLog /var/log/httpd/<sitename>_error.log
   add this line: CustomLog /var/log/httpd/<sitename>_access_log combined

Repeat this step for each vhost. This way you will get seperate logs for each site.

  • apachectl configtest --> test new Apache configuration
  • systemctl restart httpd --> restart the Apache webserver

Hiding Apache version information (optional)

  • nano /etc/httpd/conf/httpd.conf --> edit the Apache configuration
add: ServerTokens Prod --> hides version info in response headers.
add: ServerSignature Off --> hides version info on error pages.

Hiding PHP version information (optional)

  • nano /etc/php.ini --> edit the PHP configuration
change: expose_php = off --> hides PHP version (default = on)

Enable XSS protection (Cross Site Scripting) (optional)

  • nano /etc/httpd/conf/httpd.conf --> edit the Apache configuration
add: Header set X-XSS-Protection "1; mode=block" --> enable X-XSS protection

Securing your sites with certificates (optional)

You can secure your sites with certficates for free. I like Let's Encrypt. there's a wiki here: Let's Encrypt configuration