Table of Contents
- Introduction
- Requirements
- Set up the Apache HTTP server
- Update the package repository
- Disable SELinux
- Allow Apache through the firewall
- Create a test page
- Test the Apache HTTP server
- Set up a secure Apache HTTPS server with SSL
- Install SSL
- Generate a self-signed certificate
- Set up the certificates
- Test the secure Apache HTTPS server
Introduction
The Apache web server is one of the most popular and powerful web servers in the world. It is also one of the most secure web servers available. This tutorial will explain how to install and configure a basic and secure Apache web server in CentOS 7.
Requirements
- A server running CentOS v. 7
- A desktop machine running Linux
- A static IP Address for your server
Set up the Apache HTTP server
This section will walk you through the process of preparing your server for Apache, setting up Apache, and testing the installation.
Update the package repository
Before installing Apache, it is a good idea to update the package repository. You can do this by running the following commands:
sudo yum update -y
sudo yum install httpd -y
Disable SELinux
By default SELinux is enabled in CentOS 7. It is recommended that you disable it first.
You can disable SELinux by editing the /etc/selinux/config
file:
sudo nano /etc/selinux/config
Change the line from SELINUX=enforcing
to SELINUX=disabled
SELINUX=disabled
Save and close the file, then restart your machine for the changes to take effect.
Allow Apache through the firewall
You will need to allow the default Apache port 80 (HTTP) and 443 (HTTPS) using FirewallD.
You can do this by running the following commands:
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
Reload the firewall service for the changes to take effect.
sudo firewall-cmd --reload
Create a test page
In CentOS7 the default Apache DocumentRoot path is /var/www/html/
. However, there is no index.html
file in this directory. You will need to create one.
sudo nano /var/www/html/index.html
Add the following content:
Restart the Apache service to reflect the changes:
sudo systemctl start httpd
You can configure the Apache service to start on boot by running the following command:
sudo systemctl enable httpd
Test the Apache HTTP server
To verify that the Apache web server is up and running, open your web browser and go to your server's IP Address with the url http://your.server.ip.address
.
You should see a default page like the one in the image below.
Set up a secure Apache HTTPS server with SSL
This section will walk you through setting up a secure HTTPS connection using SSL on Apache.
Install SSL
In order to secure Apache, you need to install SSL first.
You can install SSL using the following command:
sudo yum install mod_ssl openssl
Generate a self-signed certificate
First, you need to generate a private key ca.key
with 2048-bit encryption.
sudo openssl genrsa -out ca.key 2048
Then generate the certificate signing request cs.csr
using the following command.
sudo openssl req -new -key ca.key -out ca.csr
You will be prompted for information about the certificate.
Finally, generate a self-signed certificate ca.crt
of X509 type valid for 365 keys.
sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
After creating the certificate, you need to copy all of the certificate files to the necessary directories.
You can do this by running the following commands:
sudo cp ca.crt /etc/pki/tls/certs/
sudo cp ca.key /etc/pki/tls/private/
sudo cp ca.csr /etc/pki/tls/private/
Set up the certificates
All the certificates are ready. The next thing to do is to set up Apache to display the new certificates.
You can do this by editing the SSL config file:
sudo nano /etc/httpd/conf.d/ssl.conf
Find the section that begins with <VirtualHost _default_:443>
. Uncomment the DocumentRoot
and ServerName
line and replace example.com
with your server's IP address.
DocumentRoot "/var/www/html"
ServerName 192.168.1.42:443
Next, find the SSLCertificateFile
and SSLCertificateKeyFile
lines and update them with the new location of the certificates.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
After making these changes, restart Apache service for the changes to take effect.
sudo systemctl restart httpd
Test the secure Apache HTTPS server
To verify that the secure Apache HTTPS web server is working, open your web browser and go to your server's IP Address with the url https://your.server.ip.address
.
An error should appear on your browser and you must manually accept the certificate.
Once you add an exception to the browser's identity verification, you should see a test page for your newly-secure site.
how apache can read a file other than index.html on /var/www/html
You can use DirectoryIndex directive under Apache to set a default page other than index.html or index.php.
Disable SELinux, really? Rather than securing an Apache with SELinux?
Very nicely put article! Great UI for the website. Great blog!
Like it! Keep it up!
This tutorial turned a road to nowhere into a 10 minute exercise.
Amazing.
Thank you very much.
This is not working, I used redhat instance on AWS. What could be wrong: https://52.87.214.147/
The problem is not only are they quitting, but also that very few college students are majoring in education. Big teacher crisis coming and if you think they can be replaced by online courses that used to write my paper, I am not sure.
It is necessary that the form file name finishes with configuration. online assignment companies You can name the arrangement data as you like but the best method is to use the field name as the title of the virtual host arrangement line.