Difference between revisions of "Installing Apache webserver"

From rdkwiki
Jump to: navigation, search
m
Line 3: Line 3:
  
 
== Apache installation ==
 
== Apache installation ==
* '''sudo yum install httpd''' --> install httpd (Apache)
+
* '''yum install httpd''' --> install httpd (Apache)
 
* '''systemctl start httpd''' --> start Apache
 
* '''systemctl start httpd''' --> start Apache
 
* '''systemctl enable httpd''' --> enable Apache at boot
 
* '''systemctl enable httpd''' --> enable Apache at boot
Line 10: Line 10:
 
* '''mkdir /etc/httpd/sites-available''' --> create the folder where the vhost files will be saved
 
* '''mkdir /etc/httpd/sites-available''' --> create the folder where the vhost files will be saved
 
* '''mkdir /etc/httpd/sites-enabled''' --> create the folder where the vhost files will be linked to make them active
 
* '''mkdir /etc/httpd/sites-enabled''' --> create the folder where the vhost files will be linked to make them active
* '''sudo nano /etc/httpd/conf/httpd.conf''' --> change the Apache configuration
+
* '''nano /etc/httpd/conf/httpd.conf''' --> change the Apache configuration
 
  add '''IncludeOptional sites-enabled/*.conf''' to end of file
 
  add '''IncludeOptional sites-enabled/*.conf''' to end of file
  
 
repeat the steps below for each vhost that you want to create:
 
repeat the steps below for each vhost that you want to create:
  
* '''sudo nano /etc/httpd/sites-available/<host>.<domain>.<tld>.conf
+
* '''nano /etc/httpd/sites-available/<host>.<domain>.<tld>.conf
 
  <VirtualHost *:80>
 
  <VirtualHost *:80>
 
     ServerName <host>.<domain>.<tld>
 
     ServerName <host>.<domain>.<tld>
Line 21: Line 21:
 
     DocumentRoot /var/www/html/<subfolder>
 
     DocumentRoot /var/www/html/<subfolder>
 
  </VirtualHost>
 
  </VirtualHost>
* '''sudo ln -s /etc/httpd/sites-available/<host>.<domain>.<tld>.conf /etc/httpd/sites-enabled/<host>.<domain>.<tld>.conf''' --> make a symbolic link to activate a site.
+
* '''ln -s /etc/httpd/sites-available/<host>.<domain>.<tld>.conf /etc/httpd/sites-enabled/<host>.<domain>.<tld>.conf''' --> make a symbolic link to activate a site.
  
 
== Splitting Apache's "access_log" and "errorlog" for each vhost (optional) ==
 
== Splitting Apache's "access_log" and "errorlog" for each vhost (optional) ==
* '''sudo nano /etc/httpd/sites-enabled/<site>.conf  ''' --> edit vhost-file
+
* '''nano /etc/httpd/sites-enabled/<site>.conf  ''' --> edit vhost-file
 
   <VirtualHost *:80>
 
   <VirtualHost *:80>
 
     ServerName <host>.<domain>.<tld>
 
     ServerName <host>.<domain>.<tld>
Line 34: Line 34:
 
Repeat this step for each vhost. This way you will get seperate logs for each site.
 
Repeat this step for each vhost. This way you will get seperate logs for each site.
 
* '''apachectl configtest''' --> test new Apache configuration
 
* '''apachectl configtest''' --> test new Apache configuration
* '''sudo systemctl restart httpd''' --> restart the Apache webserver
+
* '''systemctl restart httpd''' --> restart the Apache webserver
  
 
== Hiding Apache version information ==
 
== Hiding Apache version information ==
* '''sudo nano /etc/httpd/conf/httpd.conf''' --> edit the Apache configuration
+
* '''nano /etc/httpd/conf/httpd.conf''' --> edit the Apache configuration
 
  add: '''ServerTokens Prod''' --> hides version info in response headers.
 
  add: '''ServerTokens Prod''' --> hides version info in response headers.
 
  add: '''ServerSignature Off''' --> hides version info on error pages.
 
  add: '''ServerSignature Off''' --> hides version info on error pages.
  
 
== Hiding PHP version information ==
 
== Hiding PHP version information ==
* '''sudo nano /etc/php.ini''' --> edit the PHP configuration
+
* '''nano /etc/php.ini''' --> edit the PHP configuration
 
  change: '''expose_php = off''' --> hides PHP version (default = on)
 
  change: '''expose_php = off''' --> hides PHP version (default = on)
  
 
== Enable XSS protection (Cross Site Scripting) ==
 
== Enable XSS protection (Cross Site Scripting) ==
* '''sudo nano /etc/httpd/conf/httpd.conf''' --> edit the Apache configuration
+
* '''nano /etc/httpd/conf/httpd.conf''' --> edit the Apache configuration
 
  add: '''Header set X-XSS-Protection "1; mode=block"''' --> enable X-XSS protection
 
  add: '''Header set X-XSS-Protection "1; mode=block"''' --> enable X-XSS protection
  
 
== Securing your sites with certificates (optional) ==
 
== Securing your sites with certificates (optional) ==
 
You can secure your sites with certficates for free. I like Let's Encrypt. there's a wiki here: [[Let's Encrypt configuration]]
 
You can secure your sites with certficates for free. I like Let's Encrypt. there's a wiki here: [[Let's Encrypt configuration]]

Revision as of 08:07, 31 October 2016

Intro

The steps below will configure a working Apache web-server. The steps assume that you have a (fresh) CentOS 7 server running.

Apache installation

  • yum install httpd --> install httpd (Apache)
  • systemctl start httpd --> start Apache
  • systemctl enable httpd --> enable Apache at boot

Apache vhost configuration (optional)

  • mkdir /etc/httpd/sites-available --> create the folder where the vhost files will be saved
  • mkdir /etc/httpd/sites-enabled --> create the folder where the vhost files will be linked to make them active
  • nano /etc/httpd/conf/httpd.conf --> change the Apache configuration
add IncludeOptional sites-enabled/*.conf to end of file

repeat the steps below for each vhost that you want to create:

  • nano /etc/httpd/sites-available/<host>.<domain>.<tld>.conf
<VirtualHost *:80>
    ServerName <host>.<domain>.<tld>
    ServerAlias <domain>.<tld>  
    DocumentRoot /var/www/html/<subfolder>
</VirtualHost>
  • ln -s /etc/httpd/sites-available/<host>.<domain>.<tld>.conf /etc/httpd/sites-enabled/<host>.<domain>.<tld>.conf --> make a symbolic link to activate a site.

Splitting Apache's "access_log" and "errorlog" for each vhost (optional)

  • nano /etc/httpd/sites-enabled/<site>.conf --> edit vhost-file
 <VirtualHost *:80>
   ServerName <host>.<domain>.<tld>
   ServerAlias <domain>.<tld>
   DocumentRoot /var/www/html/<subfolder>
   add this line: ErrorLog /var/log/httpd/<sitename>_error.log
   add this line: CustomLog /var/log/httpd/<sitename>_access_log combined
 </VirtualHost>

Repeat this step for each vhost. This way you will get seperate logs for each site.

  • apachectl configtest --> test new Apache configuration
  • systemctl restart httpd --> restart the Apache webserver

Hiding Apache version information

  • nano /etc/httpd/conf/httpd.conf --> edit the Apache configuration
add: ServerTokens Prod --> hides version info in response headers.
add: ServerSignature Off --> hides version info on error pages.

Hiding PHP version information

  • nano /etc/php.ini --> edit the PHP configuration
change: expose_php = off --> hides PHP version (default = on)

Enable XSS protection (Cross Site Scripting)

  • nano /etc/httpd/conf/httpd.conf --> edit the Apache configuration
add: Header set X-XSS-Protection "1; mode=block" --> enable X-XSS protection

Securing your sites with certificates (optional)

You can secure your sites with certficates for free. I like Let's Encrypt. there's a wiki here: Let's Encrypt configuration

Retrieved from "http://wiki.rdksoft.nl/index.php?title=Installing_Apache_webserver&oldid=352"