Difference between revisions of "Installing Apache webserver"
From rdkwiki
m |
m |
||
Line 6: | Line 6: | ||
* '''systemctl start httpd''' --> start Apache | * '''systemctl start httpd''' --> start Apache | ||
* '''systemctl enable httpd''' --> enable Apache at boot | * '''systemctl enable httpd''' --> enable Apache at boot | ||
+ | |||
+ | == firewall configuration == | ||
+ | * '''firewall-cmd --permanent --allow-service=http''' --> allow http traffic through firewall | ||
+ | * '''firewall-cmd --permanent --allow-service=https''' --> allow https (ssl) traffic through firewall | ||
== Apache vhost configuration (optional) == | == Apache vhost configuration (optional) == |
Revision as of 18:27, 6 November 2016
Contents
- 1 Intro
- 2 Apache installation
- 3 firewall configuration
- 4 Apache vhost configuration (optional)
- 5 Splitting Apache's "access_log" and "errorlog" for each vhost (optional)
- 6 Hiding Apache version information (optional)
- 7 Hiding PHP version information (optional)
- 8 Enable XSS protection (Cross Site Scripting) (optional)
- 9 Securing your sites with certificates (optional)
Intro
The steps below will configure a working Apache web-server. The steps assume that you have a (fresh) CentOS 7 server running.
Apache installation
- yum install httpd --> install httpd (Apache)
- systemctl start httpd --> start Apache
- systemctl enable httpd --> enable Apache at boot
firewall configuration
- firewall-cmd --permanent --allow-service=http --> allow http traffic through firewall
- firewall-cmd --permanent --allow-service=https --> allow https (ssl) traffic through firewall
Apache vhost configuration (optional)
- mkdir /etc/httpd/sites-available --> create the folder where the vhost files will be saved
- mkdir /etc/httpd/sites-enabled --> create the folder where the vhost files will be linked to make them active
- nano /etc/httpd/conf/httpd.conf --> change the Apache configuration
add IncludeOptional sites-enabled/*.conf to end of file
repeat the steps below for each vhost that you want to create:
- nano /etc/httpd/sites-available/<host>.<domain>.<tld>.conf
<VirtualHost *:80> ServerName <host>.<domain>.<tld> ServerAlias <domain>.<tld> DocumentRoot /var/www/html/<subfolder> </VirtualHost>
- ln -s /etc/httpd/sites-available/<host>.<domain>.<tld>.conf /etc/httpd/sites-enabled/<host>.<domain>.<tld>.conf --> make a symbolic link to activate a site.
Splitting Apache's "access_log" and "errorlog" for each vhost (optional)
- nano /etc/httpd/sites-enabled/<site>.conf --> edit vhost-file
<VirtualHost *:80> ServerName <host>.<domain>.<tld> ServerAlias <domain>.<tld> DocumentRoot /var/www/html/<subfolder> add this line: ErrorLog /var/log/httpd/<sitename>_error.log add this line: CustomLog /var/log/httpd/<sitename>_access_log combined </VirtualHost>
Repeat this step for each vhost. This way you will get seperate logs for each site.
- apachectl configtest --> test new Apache configuration
- systemctl restart httpd --> restart the Apache webserver
Hiding Apache version information (optional)
- nano /etc/httpd/conf/httpd.conf --> edit the Apache configuration
add: ServerTokens Prod --> hides version info in response headers. add: ServerSignature Off --> hides version info on error pages.
Hiding PHP version information (optional)
- nano /etc/php.ini --> edit the PHP configuration
change: expose_php = off --> hides PHP version (default = on)
Enable XSS protection (Cross Site Scripting) (optional)
- nano /etc/httpd/conf/httpd.conf --> edit the Apache configuration
add: Header set X-XSS-Protection "1; mode=block" --> enable X-XSS protection
Securing your sites with certificates (optional)
You can secure your sites with certficates for free. I like Let's Encrypt. there's a wiki here: Let's Encrypt configuration