Apache HTTP Server: Difference between revisions

Revision as of 13:21, 2 May 2014

The Apache HTTP Server is the main web server worldwide

Installation

$ su root
$ yum install httpd

If you want SSL support install also openssl and mod_ssl

$ yum install openssl mod_ssl

Enable start on boot

$ systemctl enable httpd

Create self signed certificate

Install crypto-utils

$ yum install crypto-utils

Use genkey to create a certificate for a new hostname

$ genkey hostname

If your server already has a valid certificate and you want to replace use this to set a different serial number so that clients notice the change in certificate and update to the new one without failing

$ openssl req -x509 -new -set_serial number -key hostname.key -out hostname.crt

Install a certificate

If your certificate was generated in another computer move the certificate and the key file to the correct folder

$ mv key_file.key /etc/pki/tls/private/hostname.key
$ mv certificate.crt /etc/pki/tls/certs/hostname.crt

Modify default settings

If you want the default VirtualHost to use a certificate, open /etc/httpd/conf.d/ssl.conf and edit this lines

SSLCertificateFile /etc/pki/tls/certs/hostname.crt
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key

Settings for individual virtual hosts

If you want a specific virtualhost to use a certificate open that host configuration file, usually /etc/httpd/conf.d/hostname.conf, and paste this lines between <VirtualHost hostname:port> and </VirtualHost>

SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/hostname.crt
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key

Configuration

Configuration files are stored under /etc/httpd/conf.d/ and /etc/httpd/conf/httpd.conf is the main configuration file

Opening ports

This exposes your computer to the Internet and potential attackers. Secure your installation properly before exposing your server to the Internet.

Apache uses port 80 for plain http connections and port 443 for SSL connections by default. To make this service available from other computers or the Internet your have to allow Apache through the firewall like this

For plain http connections

$ firewall-cmd --permanent --add-service=http

For SSL connections

$ firewall-cmd --permanent --add-service=https

Disable test page

To disable the test page comment out all the lines in this file /etc/httpd/conf.d/welcome.conf

Links

Fedora Documentation, Setting Up an SSL Server

@@ Line 29: / Line 29: @@
 ==== Modify default settings ====
-If you want to install the certificate as default open /etc/httpd/conf.d/ssl.conf and edit this lines
+If you want the default VirtualHost to use a certificate, open /etc/httpd/conf.d/ssl.conf and edit this lines
 <pre>SSLCertificateFile /etc/pki/tls/certs/hostname.crt
 SSLCertificateKeyFile /etc/pki/tls/private/hostname.key</pre>
-==== Settings for specific hosts====
+==== Settings for individual virtual hosts====
-If you want to install the certificate only for a specific host open that host configuration file, usually <code>/etc/httpd/conf.d/hostname.conf</code>, and paste this lines between <VirtualHost hostname:port> and </VirtualHost>
+If you want a specific virtualhost to use a certificate open that host configuration file, usually <code>/etc/httpd/conf.d/hostname.conf</code>, and paste this lines between <VirtualHost hostname:port> and </VirtualHost>
-<pre>SSLCertificateFile /etc/pki/tls/certs/hostname.crt
+<pre>SSLEngine on
+SSLCertificateFile /etc/pki/tls/certs/hostname.crt
 SSLCertificateKeyFile /etc/pki/tls/private/hostname.key</pre>
-If you want that an specific hosts doesn't use SSL, paste this line between <VirtualHost hostname:port> and </VirtualHost> in that host configuration file
-<pre> SSLEngine off</pre>
 == Configuration ==

Search