Configuring Linux Web Services using Apache httpd
The most commonly used web server in the world today is Apache—and with good reason. Built with security in mind, Apache is a solid and stable web server that has been around for years. The module design allows for scalability and ease of use.
Apache can also be used to host multiple websites at a single time through the use of its virtual hosts feature. There is also an option to use the SSL protocol, making websites safe and secure. This secure base provides a platform for developers to use when writing secure code for banks, retail sites, and so on.
Task 1: Installing Apache Webserver Packages
When you’re working with Apache, you need two packages.
-> The first is httpd, which actually installs the Apache web server.
-> The second is the mod_ssl package, which provides the ability to create secure websites
Step 1. Install the two required packages:
# yum install –y httpd mod_ssl
Step 2. Verify that the packages were installed correctly:
# rpm -qa | grep http
# rpm -qa | grep ssl
Step 3. With the packages installed, make sure that the service is set to start when the system boots:
# chkconfig httpd on
Step 4. Verify your changes:
# chkconfig httpd –list
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Task 2: Configuring the Web Server
Now that the web server is installed, we can shift our attention to the config files and directories. During the installation, a directory (/var/www) is created with a set of subdirectories. This directory tree is the place where you store your websites.
There are also a few config files to look at:
- /etc/httpd/conf/httpd.conf Main config file
- /var/log/httpd Log file directory for the web server
- /usr/lib64/httpd/modules Modules for Apache
The main config file for Apache is completely usable right out of the box, which is great if you’d like to just get up and running. You should spend some time looking through the main config file because it provides many options and good documentation in the comments. The top of the config file is grouped into three sections.
Below are the comments sectionfrom the /etc/httpd/conf/httpd.conf file:
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the ‘global environment’).
# 2. Directives that define the parameters of the ‘main’ or ‘default’ server,
# which responds to requests that aren’t handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
Below are some important directives that we might be interested to configure to setup as basic webserver:
- ServerRoot Defines where the config files are held
- Timeout Specifies the time before a request times out (120 seconds is the default)
- Listen Indicates the port number to listen on (default is 80)
- User Identifies the user to run the web server as
- Group Identifies the group to run the web server as
- LoadModule Defines a module to load when the web server starts
- DocumentRoot Defines where the website files are located
- ServerName Defines a server name or IP address and port number
Let’s start by defining the location of a website on the file system. By default, it is located in the /var/www/html directory, although this can be changed if you’d like.
In the main config file, you see a section denoted by the Directory option.
Section of /etc/httpd/conf/httpd.conf:
Options Indexes FollowSymLinks
Allow from all
The options defined within this section apply specifically to the website and directory structure, as defined by the Directory option. For the preceding example, this means the site located in the /var/www/html directory. If you want to change the directory where your site is located, you need to change the DocumentRoot option as well as the Directory option. The default option is
There is also a way to have multiple sites using virtual hosts, as you see later. When your config file is completely set up the way you want it, you can use the httpd service options to test your config file. Using the configtest argument, the service parses the main config file for any errors and reports back if something is found. It is always a good idea to check your config file before trying to use it because it will prevent the server from starting if it contains any errors.
Test the config file:
# service httpd configtest
There is also another cool option that the httpd service has (many services have it, but it is more useful here). Normally, for a service to use a new config file, it requires that the service is restarted. This restart process actually stops the service from running before starting it over again.
Normally, this isn’t a big deal, but when hundreds of people are hitting your site, can you afford to have even a two-second outage? To circumvent this issue, you can use the reload argument, which allows the main config file to be reread without the actual service being brought down.
This is why it is important to test your config files first.
To restart the httpd service, use the following command:
# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
To only reload the service and reread the config file, use this command instead:
# service httpd reload
Reloading httpd: [ OK ]
One other option to keep in mind is the graceful parameter. It restarts the web server, allowing it to read the new config file changes without disconnecting any currently connected clients. The only downfall here is that the currently active connections use the old config file until they terminate their connection and reconnect.
You can use it as follows:
# service httpd graceful
Task 3 : Firewall and SELinux Configuration for apache webserver
For your web server to become fully functional, you need to make some security changes. First and foremost, the firewall needs to be opened on port 80.
Step 1. Use iptables to create the additional firewall rules:
# iptables -I INPUT 5 -p tcp -m tcp –dport 80 -j ACCEPT
Step 2. Save the firewall rules you have just created:
# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Step 3. Then restart the iptables service:
# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
Additionally, you need to look at SELinux protection for the web server.