🌐 🇵🇱 Polski · 🇬🇧 EN
The most widely used network service in the world for hosting websites is Apache. Apache is a robust and stable web server. Its capabilities also include the use of the SSL protocol for creating secure websites.
INSTALLING THE APACHE SERVER
Step 1 - Installing the server package
yum install -y httpd mod_ssl
Step 2 - Verifying the installation
[root@RHEL01 vsftpd]# rpm -qa | grep http
httpd-2.2.15-15.el6.i686
httpd-tools-2.2.15-15.el6.i686
Step 3 - Setting the service to start automatically with the system
# chkconfig httpd on
Step 4 - Verifying the changes
[root@RHEL01 vsftpd]# chkconfig httpd --list
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
CONFIGURING THE APACHE SERVER
Once the server is installed, you can proceed to configure the files and directories. There are three important locations related to the Apache server:
/etc/httpd/conf/httpd.conf - main configuration file
/var/log/httpd - Logs related to the web server
/usr/lib64/httpd/modules - Apache server modules
The main configuration file contains a multitude of options, and it is worth taking a moment to familiarize yourself with it and learn how to use it. It is divided into 3 relevant sections and includes comments.
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the ‘global environment’).
# 2. Directives that define the parameters of the ‘main’ or ‘default’ server,
# which responds to requests that aren’t handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
A few options regarding global settings
ServerRoot - Defines where the configuration files are located
Timeout - Sets the time after which the connection is terminated
Listen - Sets the default listening port (80 by default)
User - Sets the user under which the server is started
Group - Identifies the server user group
LoadModule - Defines the modules loaded at startup
The following options are already set, but it is worth knowing what they mean:
DocumentRoot - Location of website files
ServerName - Server name, IP address, and port number settings
By default, the location of website files is the directory:
/var/www/html
This can also be changed in the configuration file by finding the entry:
<Directory “/var/www/html”>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
This option defines the storage location for website files and its default structure. If you decide to change this setting, you must apply the change:
DocumentRoot “/var/www/html”
To find out if the configuration file settings are correct, you can run the command:
# service httpd configtest
Syntax OK
To restart the service, run the command:
# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
If you want to reload new website files
# service httpd reload
Reloading httpd: [ OK ]
FIREWALL AND SELINUX CONFIGURATION FOR APACHE
For the web server to be fully functional, you must make changes to the system security. First, you need to open traffic on port 80.
Step 1 - Opening traffic for port 80 in iptables
iptables -I INPUT 5 -p tcp -m tcp --dport 80 -j ACCEPT
Step 2 - Saving iptables settings
[root@RHEL01 vsftpd]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[OK]
Step 3 - Restarting the iptables service
[root@RHEL01 vsftpd]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
iptables: Loading additional modules: nf_conntrack_ftp [ OK ]
Now let's look at the SELinux settings for the Apache service:
httpd_can_network_relay - Allows relaying
httpd_can_network_connect_db - Enables connection to databases
httpd_use_gpg - Allows the use of gpg in the gpg-web domain
httpd_enable_cgi - CGI support
httpd_use_cifs - Allows CIF access
allow_httpd_mod_auth_pam - Allows the use of mod_auth-pam
allow_httpd_anon_write - Allows modification of public files
httpd_enables_homedirs - Allows reading of home directories by httpd
allow_httpd_sys_scripts_anon_write - Allows Apache scripts to write in the public directory
http_dbus_avahi - Allows communication with avahi and dbus services
httpd_unified - Enables handle to all file content.
If you have dealt with iptables and SELinux, you can see how it all works
Step 1 - Let's create website directories
# mkdir /var/www/site1
# mkdir /var/www/site2
Step 2 - Checking the current file context
# ls -Z /var/www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 error
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 icons
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 site1
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 site2
Step 3 - Changing the context for users and domain
[root@RHEL01 www]# chcon -Rvu system_u site1
changing security context of `site1'
[root@RHEL01 www]# chcon -Rvu system_u site2
changing security context of `site2'
Step 4 - verifying changes
# ls -Z /var/www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 error
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 icons
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 site1
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 site2
Comments