Difference between revisions of "Installing Apache webserver"
From rdkwiki
(8 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
== Apache installation == | == Apache installation == | ||
− | * ''' | + | * '''yum install httpd''' --> install httpd (Apache) |
* '''systemctl start httpd''' --> start Apache | * '''systemctl start httpd''' --> start Apache | ||
* '''systemctl enable httpd''' --> enable Apache at boot | * '''systemctl enable httpd''' --> enable Apache at boot | ||
+ | |||
+ | == Firewall configuration == | ||
+ | * '''firewall-cmd --permanent --allow-service=http''' --> allow http traffic through firewall | ||
+ | * '''firewall-cmd --permanent --allow-service=https''' --> allow https (ssl) traffic through firewall | ||
+ | * '''firewall-cmd --reload''' --> reload firewall with new configuration | ||
== Apache vhost configuration (optional) == | == Apache vhost configuration (optional) == | ||
* '''mkdir /etc/httpd/sites-available''' --> create the folder where the vhost files will be saved | * '''mkdir /etc/httpd/sites-available''' --> create the folder where the vhost files will be saved | ||
* '''mkdir /etc/httpd/sites-enabled''' --> create the folder where the vhost files will be linked to make them active | * '''mkdir /etc/httpd/sites-enabled''' --> create the folder where the vhost files will be linked to make them active | ||
− | * ''' | + | * '''nano /etc/httpd/conf/httpd.conf''' --> change the Apache configuration |
add '''IncludeOptional sites-enabled/*.conf''' to end of file | add '''IncludeOptional sites-enabled/*.conf''' to end of file | ||
repeat the steps below for each vhost that you want to create: | repeat the steps below for each vhost that you want to create: | ||
− | * ''' | + | * '''nano /etc/httpd/sites-available/<host>.<domain>.<tld>.conf |
<VirtualHost *:80> | <VirtualHost *:80> | ||
ServerName <host>.<domain>.<tld> | ServerName <host>.<domain>.<tld> | ||
Line 21: | Line 26: | ||
DocumentRoot /var/www/html/<subfolder> | DocumentRoot /var/www/html/<subfolder> | ||
</VirtualHost> | </VirtualHost> | ||
− | * ''' | + | * '''ln -s /etc/httpd/sites-available/<host>.<domain>.<tld>.conf /etc/httpd/sites-enabled/<host>.<domain>.<tld>.conf''' --> make a symbolic link to activate a site. |
== Splitting Apache's "access_log" and "errorlog" for each vhost (optional) == | == Splitting Apache's "access_log" and "errorlog" for each vhost (optional) == | ||
− | * ''' | + | * '''nano /etc/httpd/sites-available/<site>.conf ''' --> edit vhost-file |
<VirtualHost *:80> | <VirtualHost *:80> | ||
ServerName <host>.<domain>.<tld> | ServerName <host>.<domain>.<tld> | ||
Line 34: | Line 39: | ||
Repeat this step for each vhost. This way you will get seperate logs for each site. | Repeat this step for each vhost. This way you will get seperate logs for each site. | ||
* '''apachectl configtest''' --> test new Apache configuration | * '''apachectl configtest''' --> test new Apache configuration | ||
− | * ''' | + | * '''systemctl restart httpd''' --> restart the Apache webserver |
− | == Hiding Apache version information == | + | == Hiding Apache version information (optional) == |
− | * ''' | + | * '''nano /etc/httpd/conf/httpd.conf''' --> edit the Apache configuration |
add: '''ServerTokens Prod''' --> hides version info in response headers. | add: '''ServerTokens Prod''' --> hides version info in response headers. | ||
add: '''ServerSignature Off''' --> hides version info on error pages. | add: '''ServerSignature Off''' --> hides version info on error pages. | ||
+ | |||
+ | == Hiding PHP version information (optional) == | ||
+ | * '''nano /etc/php.ini''' --> edit the PHP configuration | ||
+ | change: '''expose_php = off''' --> hides PHP version (default = on) | ||
+ | |||
+ | == Enable XSS protection (Cross Site Scripting) (optional) == | ||
+ | * '''nano /etc/httpd/conf/httpd.conf''' --> edit the Apache configuration | ||
+ | add: '''Header set X-XSS-Protection "1; mode=block"''' --> enable X-XSS protection | ||
== Securing your sites with certificates (optional) == | == Securing your sites with certificates (optional) == | ||
You can secure your sites with certficates for free. I like Let's Encrypt. there's a wiki here: [[Let's Encrypt configuration]] | You can secure your sites with certficates for free. I like Let's Encrypt. there's a wiki here: [[Let's Encrypt configuration]] |
Latest revision as of 07:26, 13 February 2018
Contents
- 1 Intro
- 2 Apache installation
- 3 Firewall configuration
- 4 Apache vhost configuration (optional)
- 5 Splitting Apache's "access_log" and "errorlog" for each vhost (optional)
- 6 Hiding Apache version information (optional)
- 7 Hiding PHP version information (optional)
- 8 Enable XSS protection (Cross Site Scripting) (optional)
- 9 Securing your sites with certificates (optional)
Intro
The steps below will configure a working Apache web-server. The steps assume that you have a (fresh) CentOS 7 server running.
Apache installation
- yum install httpd --> install httpd (Apache)
- systemctl start httpd --> start Apache
- systemctl enable httpd --> enable Apache at boot
Firewall configuration
- firewall-cmd --permanent --allow-service=http --> allow http traffic through firewall
- firewall-cmd --permanent --allow-service=https --> allow https (ssl) traffic through firewall
- firewall-cmd --reload --> reload firewall with new configuration
Apache vhost configuration (optional)
- mkdir /etc/httpd/sites-available --> create the folder where the vhost files will be saved
- mkdir /etc/httpd/sites-enabled --> create the folder where the vhost files will be linked to make them active
- nano /etc/httpd/conf/httpd.conf --> change the Apache configuration
add IncludeOptional sites-enabled/*.conf to end of file
repeat the steps below for each vhost that you want to create:
- nano /etc/httpd/sites-available/<host>.<domain>.<tld>.conf
<VirtualHost *:80> ServerName <host>.<domain>.<tld> ServerAlias <domain>.<tld> DocumentRoot /var/www/html/<subfolder> </VirtualHost>
- ln -s /etc/httpd/sites-available/<host>.<domain>.<tld>.conf /etc/httpd/sites-enabled/<host>.<domain>.<tld>.conf --> make a symbolic link to activate a site.
Splitting Apache's "access_log" and "errorlog" for each vhost (optional)
- nano /etc/httpd/sites-available/<site>.conf --> edit vhost-file
<VirtualHost *:80> ServerName <host>.<domain>.<tld> ServerAlias <domain>.<tld> DocumentRoot /var/www/html/<subfolder> add this line: ErrorLog /var/log/httpd/<sitename>_error.log add this line: CustomLog /var/log/httpd/<sitename>_access_log combined </VirtualHost>
Repeat this step for each vhost. This way you will get seperate logs for each site.
- apachectl configtest --> test new Apache configuration
- systemctl restart httpd --> restart the Apache webserver
Hiding Apache version information (optional)
- nano /etc/httpd/conf/httpd.conf --> edit the Apache configuration
add: ServerTokens Prod --> hides version info in response headers. add: ServerSignature Off --> hides version info on error pages.
Hiding PHP version information (optional)
- nano /etc/php.ini --> edit the PHP configuration
change: expose_php = off --> hides PHP version (default = on)
Enable XSS protection (Cross Site Scripting) (optional)
- nano /etc/httpd/conf/httpd.conf --> edit the Apache configuration
add: Header set X-XSS-Protection "1; mode=block" --> enable X-XSS protection
Securing your sites with certificates (optional)
You can secure your sites with certficates for free. I like Let's Encrypt. there's a wiki here: Let's Encrypt configuration