Installing Apache webserver
From rdkwiki
Contents
- 1 Intro
- 2 Apache installation
- 3 Apache vhost configuration (optional)
- 4 Splitting Apache's "access_log" and "errorlog" for each vhost (optional)
- 5 Hiding Apache version information
- 6 Hiding PHP version information
- 7 Enable XSS protection (Cross Site scripting)
- 8 Securing your sites with certificates (optional)
Intro
The steps below will configure a working Apache web-server. The steps assume that you have a (fresh) CentOS 7 server running.
Apache installation
- sudo yum install httpd --> install httpd (Apache)
- systemctl start httpd --> start Apache
- systemctl enable httpd --> enable Apache at boot
Apache vhost configuration (optional)
- mkdir /etc/httpd/sites-available --> create the folder where the vhost files will be saved
- mkdir /etc/httpd/sites-enabled --> create the folder where the vhost files will be linked to make them active
- sudo nano /etc/httpd/conf/httpd.conf --> change the Apache configuration
add IncludeOptional sites-enabled/*.conf to end of file
repeat the steps below for each vhost that you want to create:
- sudo nano /etc/httpd/sites-available/<host>.<domain>.<tld>.conf
<VirtualHost *:80> ServerName <host>.<domain>.<tld> ServerAlias <domain>.<tld> DocumentRoot /var/www/html/<subfolder> </VirtualHost>
- sudo ln -s /etc/httpd/sites-available/<host>.<domain>.<tld>.conf /etc/httpd/sites-enabled/<host>.<domain>.<tld>.conf --> make a symbolic link to activate a site.
Splitting Apache's "access_log" and "errorlog" for each vhost (optional)
- sudo nano /etc/httpd/sites-enabled/<site>.conf --> edit vhost-file
<VirtualHost *:80> ServerName <host>.<domain>.<tld> ServerAlias <domain>.<tld> DocumentRoot /var/www/html/<subfolder> add this line: ErrorLog /var/log/httpd/<sitename>_error.log add this line: CustomLog /var/log/httpd/<sitename>_access_log combined </VirtualHost>
Repeat this step for each vhost. This way you will get seperate logs for each site.
- apachectl configtest --> test new Apache configuration
- sudo systemctl restart httpd --> restart the Apache webserver
Hiding Apache version information
- sudo nano /etc/httpd/conf/httpd.conf --> edit the Apache configuration
add: ServerTokens Prod --> hides version info in response headers. add: ServerSignature Off --> hides version info on error pages.
Hiding PHP version information
- sudo nano /etc/php.ini --> edit the PHP configuration
change: expose_php = off --> hides PHP version (default = on)
Enable XSS protection (Cross Site scripting)
- sudo nano /etc/httpd/conf/httpd.conf --> edit the Apache configuration
add: Header set X-XSS-Protection "1; mode=block" --> enable X-XSS protection
Securing your sites with certificates (optional)
You can secure your sites with certficates for free. I like Let's Encrypt. there's a wiki here: Let's Encrypt configuration