12/20/12 Apache Web Server Tutorial for Linux

1/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

Home Tutorials Forum Blog Advertising Links Contact About Search

Apache Web Server Tutorial for Linux

Written by Tony BhimaniPosted on August 2, 2006

Requirements*nix based Operating SystemApache HTTP Servermod_ssl Apache InterfacePHP Scripting Language

ContentsIntroductionInstalling Apache HTTP Web ServerInstalling mod_ssl for Secure Sockets Layer (SSL) SupportInstalling PHP for Dynamic Web PagesSetting Apache to Start on Bootup with chkconfigConfiguring Apache Server Settings (httpd.conf)Creating the Web Site Directory StructureCreating VirtualHost Configuration FilesStarting Apache and Viewing the Web SiteOther Things to Know for Using ApacheConclusion

Introduction

The Apache Web Server is one of the most popular open-source HTTP Servers that exists today. It's a powerful, secure, andfully featured web server that can be found hosting anything from personal web sites to corporate domains. If you have a DSLor Cable connection with a static IP then you can use the Apache web server to host your web site (as long as your ISPdoesn't have a problem with you running a server on their network). This tutorial will teach you how to set up your ownApache web server on Linux so you can host your own web sites either at home or work. You'll learn how to install the ApacheHTP Server with SSL and PHP support, use chkconfig to set Apache to auto-start on boot, edit the Apache httpd.confconfiguration file for your server settings, create a directory structure for your web site, create the VirtualHost configurationfile for your web site, start the Apache service, verify your site is working, go over the init script options, and finally show yousome additional options and settings for Apache such as graceful restarts, htaccess usage, user name and password directoryprotection, and custom error pages. The two things I won't be covering are setting up DNS for your domain and configuringyour firewall to open ports 80 and 443 for HTTP and SSL respectively, however you can read my Bind DNS tutorial andiptables firewall tutorial for information on how to do it. I'll be using CentOS 4.2 and Apache 2.x will be installed using yuminstead of source. Let's get started.

Installing Apache HTTP Web Server

We'll be using yum to download and install the Apache RPM's from the CentOS repository. Apache shouldn't be loaded on yourserver unless you selected it during the operating system installation process. If you know you have Apache installed then youcan skip this section, but if it's not or you're not sure then you should perform the following tests to see if the Apache webserver is on your system. To do this we'll use the which command to look for the httpd binary in the environment variablePATH.

which httpd

If you see something similar to the above image then the Apache binary doesn't seem to be found on the server. Our nextstep is to install Apache by using yum. Issue the next command.

yum install httpd

12/20/12 Apache Web Server Tutorial for Linux

2/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

Two RPM packages will be downloaded from the CentOS repository (httpd-2.0.52-22.ent.centos4.i386.rpm and httpd-suexec-2.0.52-22.ent.centos4.i386.rpm) and installed automatically. If everything goes well you should now have the Apache webserver on your system. You might also want to load the Apache documentation so you'll have the man pages available. This isoptional but highly recommended. Use yum again and download the Apache manual (yum install httpd-manual). Next we'lluse yum to install mod_ssl for Secure Sockets Layer (SSL) support.

Installing mod_ssl for Secure Sockets Layer (SSL) Support

Secure Sockets Layer, also known as SSL for short, provides encrypted commnications between hosts. SSL can be found in e-commerce web sites and any other site that requires sensitive information being transmitted protected from eavesdropping. Ina nutshell, the hosts negotiate a protocol they both can understand and then switch to secure communications. The datapassed back and forth between the hosts is encrypted with a 128-bit key (hence 128-bit SSL). In a typical SSL setup, the webserver has SSL support enabled and a certificate that verifies the company's identity. These certificates are initially generatedas Certificate Signing Requests (CSR) by the server's administrator. The CSR is then signed by a third party, a CertificateAuthority (CA), that validates the company's identity and makes the CSR into a full certificate. There are many CA's likeVeriSign, Thawte, GeoTrust, InstantSSL (aka The Comodo Group), FreeSSL, and many others that sign CSR's. Prices varyfrom company to company, but as long as they support the mainstream browsers you shouldn't run into any problems. Ifyou'd like to learn more about Secure Sockets Layer then you should check out the Wikipedia Transport Layer Security page.

You may be wondering where does mod_ssl fits into all of this? On Linux and Unix distributions, there is a software packagecalled OpenSSL that performs all the cryptography and mod_ssl is the Apache interface to OpenSSL. It's mod_ssl that makes itpossible for Apache to have SSL capability. We'll now install the mod_ssl RPM (mod_ssl-2.0.52-22.ent.centos4.i386.rpm) forApache using yum.

yum install mod_ssl

12/20/12 Apache Web Server Tutorial for Linux

3/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

mod_ssl should now be installed. If you didnt have OpenSSL installed then it should have been picked up as a dependency andwas installed as well. We have one more package to install and that's the PHP scripting language.

Installing PHP for Dynamic Web Pages

PHP is a scripting language for creating dynamic web pages. PHP allows you to include code in your web pages to beprocessed server-side and the resulting HTML is sent to the user's web browser. With PHP you can add database access, readand write files to the server's filesystem, generate dynamic graphics like graphs and security image codes, and create securitycontrol mechanisms for fencing off parts of your web site. PHP has many other uses and that's what makes it a powerful toolfor creating dynamic web pages.

If you're not a programmer or will only he hosting a static HTML web pages, then PHP won't be of any use to you. However, ifyou want to learn PHP then you should install the PHP modules for Apache. We'll use yum one last time to install PHP on ourserver. There are many PHP RPM modules, one being the actually binary and modules for Apache and the rest are supportfeatures for MySQL, XML, ODBC, and others to tie those subsystems into PHP. It's a good idea to install all the PHP modulessince you never know what you'll need now or in the future. Now we'll use yum to install PHP.

yum install php*

12/20/12 Apache Web Server Tutorial for Linux

4/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

As you can see above, we used a wildcard to tell yum to install anything starting with the word 'php'. On my server yumdownloaded and installed fifteen packages, however yours may be different depending on its configuration. Now that PHP isinstalled we can move on to setting the Apache service to automatically start on bootup or in the event of a reboot.

Setting Apache to Start on Bootup with chkconfig

The Apache web server will need to be set to autostart when the server boots. The Apache RPM didn't set this up for us sowe'll have to do it ourselves using chkconfig (Note: you can also use setup to turn on the Apache service). We're going tohave Apache start on run levels 2, 3, and 5.

chkconfig --level 235 httpd onchkconfig --list httpd

The second chkconfig command lists the run levels Apache is configured to start on. If you don't have X Windows installedthen you may want to omit run level 5 (Multi-User Mode - boot up in X Windows). To learn more about Linux Run Levels youmay want to check out this page on NetworkClue. Now that Apache is installed and set to start up we'll move on to configuringthe Apache web server by editing httpd.conf, the Apache server configuration file.

Configuring Apache Server Settings (httpd.conf)

Apache's main configuration file is called httpd.conf and is located in /etc/httpd/conf/. The default httpd.conf will work withoutany changes, however we want to customize Apache a little bit. Our main focus is to setup the use of Virtual Hosts so we canrun as many web sites as we want using a single IP address. Also, we want to simplify the management of our Virtual Hostswithout cluttering httpd.conf with our entries. Before we get to any of that we will first configure our Apache web server.

I will make the assumption that you have a single WAN based IP address. For this example I'm using 192.168.1.210 with ahostname of node2.centos (yes, it's a LAN IP but pretend it's WAN). You can use your IP or hostname from /etc/hosts, but Isuggest using your hostname because if you ever change IP's all you have to do is update /etc/hosts with the new address. Ifyou do use an IP then you'll have to change all instances of it in httpd.conf. If you don't know what your IP address is or never

set up /etc/hosts, you can find your address by using ifconfig (look at the number to the right of 'inet addr:').

We'll start with opening httpd.conf in the nano text editor, but before that you should make a copy of your existing httpd.conffile. If you encounter any problems you'll still have the original to fall back to.

cd /etc/httpd/confcp httpd.conf httpd.conf.oldnano httpd.conf

Apache's httpd.conf is filled with many helpful comments to tell you what each configuration directive does. Scroll down to line133 as shown in the picture below. FYI, if you ever want to know what line number you're on in nano, press CTRL-C and nanowill show you. We're looking for the line that says 'Listen 80'. We won't be changing this directive since we want Apache listenon all IP addresses set up on the server. I wanted to show you where to change it if you needed to bind Apache to only oneaddress.

12/20/12 Apache Web Server Tutorial for Linux

5/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

Move on down to line number 235 where it says 'ServerAdmin root@localhost'. The Apache ServerAdmin directive is for theadministrator's email address of the server. End users encountering any problems with the server would use this emailaddress to notify the sysadmin. Comment out the existing ServerAdmin line with a pound symbol and enter a new line belowwith your email address. For this example I used admin@node2.centos.

#ServerAdmin root@localhostServerAdmin admin@your-domain.com

Below the ServerAdmin directive is ServerName. The Apache ServerName directive is for Apache to identify itself which istypically the hostname of the server. You'll want to specify your hostname or IP address instead of a valid DNS nameespecially if you're hosting many web sites. There are some people that may disagree with this method but I think it's better tokeep all the generic information in httpd.conf and use specifics in the VirtualHost configuration files. Add a new blank linebelow the commented ServerName directive and add your hostname or IP. For this server I used my hostname node2.centos.

#ServerName new.host.name:80

12/20/12 Apache Web Server Tutorial for Linux

6/18

ServerName yourhostname

The next directive we'll edit is very close to the end of the file. Scroll all the way down to line number 1005 (tip: use the PageDown key on your keyboard) and look for '#NameVirtualHost *:80'. The NameVirtualHost directive tells Apache that we wantto use name-based virtual hosting, or in simpler terms, a bunch of web sites all using the same IP address. Virtual hosting ismade possible because when a web browser goes to a site, for example www.xenocafe.com, the web site address is passed aspart of the HTTP header (Host: www.xenocafe.com). This allows Apache to distinguish between different hosts sharing thesame IP address. Add a couple blank lines underneath '#NameVirtualHost *:80' and on the line right below putNameVirtualHost and your hostname or IP address followed by a :80. The ':80' means we're using name-based virtual hostingfor the HTTP protocol. SSL will be configured through VirtualHost configuration files due to its nature. You'll learn why when wecreate our virtual hosts. For this server I used my hostname node2.centos.

#NameVirtualHost *:80NameVirtualHost yourhostname:80

We're almost done. The last thing we need to do is create a default virtual host to respond to requests when someone vists ourIP address and not our domain name. You may or may not want to add this virtual host and it's totally up to you, but Ipersonally don't want anyone going directly to my IP address. I prefer they visit my web site by name only. A VirtualHostentry can have many directives which I'll explain later, but what you need to know for now is the example I provide respondsby IP address visits. At the very end of the file there is a line that instructs Apache to load any configuration files found in the/etc/httpd/conf/vhosts/ directory (which we'll create later). This is my way of keeping the virtual hosts separate fromhttpd.conf and most importantly, making hosts easier to manage.

<VirtualHost yourhostname:80>

ServerAdmin you@your-domain.com

ServerName your_ip_address

DocumentRoot /www

ErrorLog logs/error_log

CustomLog logs/access_log combined

</VirtualHost>

# include VirtualHosts config files

Include conf/vhosts/*.conf

12/20/12 Apache Web Server Tutorial for Linux

8/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

We're done editing httpd.conf. Let's save our changes (CTRL-O) and exit nano (CTRL-X). Now we'll move on to creating a website directory structure and user account for SSH access and S/FTP file uploads.

Creating the Web Site Directory Structure

Our web site directory schema should be simple yet structured. The common approach would be to use /home as the root butwe won't be doing that. Our web site parent root will be /www and from within it create a directory for each domain we'll behosting. Within each domain directory there will be a set of common directories (html, html/cgi-bin, databases, and logs).Reading what I wrote doesn't make much sense so here it is visually. For this example and the rest of the tutorial, we'll say weacquired the domain your-domain.com and will be configuring our server for it.

/www (root for all hosted domains)

/www/your-domain (domain directory)

/www/your-domain/html (directory for your web site files)

/www/your-domain/html/cgi-bin (CGI directory for executing Perl scripts)

/www/your-domain/databases (databases for this web site stored on a per site basis)

/www/your-domain/logs (web site access and error logs are stored here)

The databases directory is optional. If you read my mapping mysql databases tutorial then you can migrate your databasesoutside the default /var/lib/mysql into the databases directory. This will allow you to store your databases on a per site basisin the web site's home directory.

Creating the Directory Root (one-time only)

We'll start creating our web site directory structure by making /www. Creating this directory is a one-time process and will behome to all our domains we're hosting (any domains we add will be stored in the /www directory).

mkdir /wwwchown root.root /www

12/20/12 Apache Web Server Tutorial for Linux

w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

chown root.root /www

After we create the directory we chown it to uid:root gid:root.

Creating Web Site Domain Directories

For each web site you're hosting you'll create a directory structure within the parent /www. The directory should be named thesame as the domain name with or without the TLD (.com, .net, etc). I'll let you decide which way you want your directories tobe named, but I tend to prefer them without the TLD. Now we'll create our domain's directories.

cd /wwwmkdir your-domaincd your-domainmkdir htmlmkdir html/cgi-binmkdir databasesmkdir logs

Now that the directory structure is created we'll need to add a system user that owns the directory base and can log in toupload files.

Adding a Linux User Account for the Web Site

The user account will be able to FTP or Secure FTP (SFTP) into the server to upload and download web site content files likeHTML, CGI scripts, and PHP pages. This user account will have ownership of the domain's directory base and be locked into it.The user name we'll assign will be the same as the domain name (your-domain) to make it easier to distinguish between it andthe other Linux accounts, however you can use any name you want for your account. One thing to keep in mind is when youcreate this account you'll have to make a choice whether this account will be granted SSH access. If you want to disallow SSHaccess then you'll need to change the shell to /sbin/nologin. SSH login attempts will fail when you use /sbin/nologin as theaccount's shell (valid login credentials will be accepted but the connection will be terminated). To create the web site systemaccount, use one of the following commands.

useradd -d /www/your-domain/ domain_useroruseradd -d /www/your-domain/ -s /sbin/nologin domain_user

The first command will set the account's home directory (-d path) to /www/your-domain and creates a new system accountwith the user name of domain_user (last parameter of the command). The shell will be set to the default, which is typically

12/20/12 Apache Web Server Tutorial for Linux

10/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

with the user name of domain_user (last parameter of the command). The shell will be set to the default, which is typically

bash unless you changed it. The second command is identical to the first except that the shell (-s shell) is set to /sbin/nologinto prevent SSH logins.

After the account has been created you'll need to set a password using the passwd command.

passwd domain_user[enter password][confirm password]

Now that the system account is ready we'll move on to changing the directory base ownership.

Changing Web Site Directory Ownership & Permissions

We've created the directories, added the account, the only thing left to do is change the ownership of the directories to thenew user account. Right now the directories are owned by root and if you were to try using FTP to upload some files you'd getthe dreaded Permission Denied error. To change ownership of the domain directory and all its subdirectories we'll use thechown command with the -R flag for recursive.

cd /wwwchown -R domain_user:domain_user your-domain

If you created the databases directory then you'll need to change the owner to the mysql user otherwise MySQL won't be ableto write to the database files. All directories, subdirectories, and files starting from databases should be owned by the mysqluser (or whatever user account you have the MySQL server running as).

cd your-domainchown -R mysql:mysql databases

11/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

That's it for creating our directory structure. If you have more domains to add then repeat the steps we went through exceptfor the first one of creating the /www directory root. Next we'll create the VirtualHost configuration files to let Apache know thedetails of our web site.

Creating VirtualHost Configuration Files

A VirtualHost configuration file tells Apache the specifics about your web site. It contains information like what IP and portnumber your site runs on, the server name and any aliases, the local filesystem path (or document root) of your web pages,location of your cgi-bin, file names and paths of your access and error logs, custom error documents for HTTP errors like 404File Not Found, and can have many other items. For every web site you want Apache to host you must create a virtual hostconfiguration. You've already gotten a taste of a virtual host config when we added the default VirtualHost for handling IPaddress requests in httpd.conf, so what we're going to be doing now is nothing new. I'm now going to show you an easy wayof managing all your virtual hosts.

The VirtualHost Configuration File Directory (/etc/httpd/conf/vhosts)

When I first learned Linux from a friend some years ago, he showed me how to configure Apache so I could set up my webserver. I looked at his httpd.conf and he had all his virtual hosts in there, so I figured there was nothing unusual about that asI'm sure there are many people that did the same thing. He hosted a lot of domains for friends, his business, and his ownstuff, and I noticed that trying to locate a web site in his massive httpd.conf file was nothing short of a headache. Although Ididn't doubt his knowledge of Apache I kept thinking there had to be an easier way of managing virtual hosts. Through readingthe online Apache Web Server documentation I came across the Include directive.

The Include directive, much like in C/C++, PHP, and other languages, allows you to insert the contents of another file into thecalling file. However, in the case of Apache, the contents of a single file or of several files located in a directory that match theInclude statement would be included. If you remember when we were editing httpd.conf, at the very end we added the line'Include conf/vhosts/*.conf'. That line tells Apache to look in /etc/httpd/conf/vhosts for any *.conf files and include theircontents as part of httpd.conf. This allows us to separate out our VirtualHost definitions as their own unique files, on a perdomain basis, from the main httpd.conf file. This makes administration easy for several reasons. Finding a virtual host is easybecause all you do is look in the vhosts directory for its file, disabling a domain is as simple as renaming the file so it doesn'tend in .conf, and adding new domains is accomplished by creating a new virtual host file (copy an exisiting file and edit thechanges). Include makes virtual host management a piece of cake.

We'll now create the /etc/httpd/conf/vhosts directory (this is a one-time process).

cd /etc/httpd/confmkdir vhostscd vhosts

We can start creating VirtualHost configuration files now. I'll show you how to create one for the HTTP protocol as well as onefor Secure Sockets Layer (SSL).

Creating a HTTP Virtual Host

When creating virtual host config files we should use a good naming convention that's as descriptive as possible. What's

worked for me is the format of host.domain.tld.port.conf or in simple terms your-domain.com.80.conf. You may have noticed Iexcluded host from the file name. When you visit a domain such as redhat.com, or www.redhat.com, they most likely take youto the same web site, so www as a host can be excluded. The only time I use host as part of the file name is when I amadding a subdomain such as forum.example.com or blog.example.com and so forth. Let's create the HTTP virtual host file.

nano your-domain.com.80.conf

Type in or copy/paste the configuration data below. Be sure to replace yourhostname with your system's hostname or IPaddress, ServerAdmin with your email address, ServerName and ServerAlias with your real domain name, and your-domainwith the directory name you created earlier for your web site. When you're done, save your changes (CTRL-O) and exit nano(CTRL-X).

<VirtualHost yourhostname:80>

ServerAdmin admin@your-domain.com

ServerName your-domain.com

12/20/12 Apache Web Server Tutorial for Linux

12/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

ServerName your-domain.com

ServerAlias www.your-domain.com

DocumentRoot /www/your-domain/html

ScriptAlias /cgi-bin/ /www/your-domain/html/cgi-bin/

ErrorLog /www/your-domain/logs/error_log

CustomLog /www/your-domain/logs/access_log combined

</VirtualHost>

I'll clarify what each line does in the virtual host configuration file between the <VirtualHost></VirtualHost> tags.

ServerAdmin is used to specify the server administrator's email address. User's will see this address on servergenerated error pages.

ServerName is the name of the server or DNS name. Apache will match this name against the HTTP host headersent by the user's browser. If it's a match then this is the configuration data used to process the request.

ServerAlias is identical to ServerName except ServerName is used once and ServerAlias can be used manytimes. If your web site will respond to more than one DNS name, make sure you use one ServerName directiveand all other names are specified using ServerAlias. DNS names can be separated by commas for a singleServerAlias directive (ServerAlias dns_name1,dns_name2,dns_name3) or you can use many ServerAlias directivesfor each DNS name placed on a line each their own.

DocumentRoot defines the file system path to where the web page files are located. This is the same directorywhere you will place your HTML, PHP, and image files. For our setup, this is the /www/your-domain/html directory.

ScriptAlias defines the directory for executing cgi scripts, commonly known as cgi-bin. It takes two parameterswith the first being the cgi-bin directory from your web site root path and the second being the full physicaldirectory path on the filesystem. You can have as many cgi-cin directories as you need and they don't need to becalled cgi-bin.

ErrorLog defines the file to log any errors Apache encounters. Errors can include PHP script failures and files thatdon't exist.

CustomLog defines the file to log any requests to the server. Requests include accessing pages, images, andother files like robots.txt. The second parameter sets the log entry format. We use the combined format since it isused by many Web Server Log Analysis scripts like Awstats.

You should read the online Apache 2.0 documentation for more information on these directives as well as other Apache webserver features.

Creating a SSL Virtual Host

When we installed mod_ssl, a file called ssl.conf was written to /etc/httpd/conf.d that contains basic SSL configurationinformation. We're going to use this as our template for adding a SSL based virtual host. What we'll do is make a copy of it toour vhosts directory and remove the non-website specific information since it should only be loaded once by Apache. This non-website specific information pertains to loading the mod_ssl Apache module among other things while everything else in the

file relates to configuring the SSL web site (what we're interested in).

Let's make a copy of ssl.conf to the vhosts directory which you should still be in (cd /etc/httpd/conf/vhosts). Following thesame format for our virtual host config files (host.domain.tld.port.conf) as before, we will be naming our SSL virtual host fileas your-domain.com.443.conf. The port number for SSL is 443 so we'll use that as opposed to port 80 when we created theHTTP VirtualHost. After that we'l open the config file in nano so we can begin editing it.

cp /etc/httpd/conf.d/ssl.conf ./your-domain.com.443.confnano your-domain.com.443.conf

12/20/12 Apache Web Server Tutorial for Linux

13/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

Now comes the fun part. We need to delete a good portion of this file starting from the top and all the way down to the partthat says '### SSL Virtual Host Context' (roughly 83 lines total). Instead of using the DEL key, you can use CTRL-K to cut thetext line by line in nano. Starting from the top of the file, remove the lines of text until you reach the blank line above '###SSL Virtual Host Context'. Your file should look like the image below when you're done.

12/20/12 Apache Web Server Tutorial for Linux

14/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

Next we'll edit the default web site specific directives to mold them to our web site. They're actually the same directives weused when creating our HTTP virtual host, so you can see how easy this will be. I should point out that we have been using ourhostname for the VirtualHost tag, but in the case of SSL I'd advise against unless you want to set up each host and theirbinding IP address in /etc/hosts (it's a good idea if you have many IP's). Secure Sockets Layer doesn't work at the Applicationlayer of the OSI model like HTTP does, so the Host part of the HTTP header doesn't apply. So in regards to name-based virtualhosting with SSL, it's non-existent. Replace '_default_' with your IP address when editing your-domain.com.443.conf. Thesame rules apply as before with ServerName, ServerAlias, and the your-domain directory.

Here is a stripped down version of our SSL VirtualHost file minus the comments.

<VirtualHost yourip:443>

DocumentRoot "/www/your-domain/html"

ServerName your-domain.com

ServerAlias www.your-domain.com

ScriptAlias /cgi-bin/ /www/your-domain/html/cgi-bin/

ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

LogLevel warn

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</Files>

<Directory "/var/www/cgi-bin">

SSLOptions +StdEnvVars

</Directory>

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

This configuration uses mod_ssl's default SSL certificate and private key for encrypted communications. It's not signed by atrusted authority nor does it have your personal or company credentials. Your web browser will complain about the certificateand throw up a dialog box when you visit your web site (unless you instruct the browser to save the certificate). If you're

12/20/12 Apache Web Server Tutorial for Linux

15/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

and throw up a dialog box when you visit your web site (unless you instruct the browser to save the certificate). If you'rethinking about doing e-commerce then you'll need to invest in a real SSL certificate because nothing kills a customer'sconfidence level like a warning screen while making a purchase online. What you would do is generate your Certificate SigningRequest (CSR) on your server and then send the data to a Certificate Authority (CA) like Verisign. Once you pay the fees andprove your identity, they'll sign your certificate to make it legitimate and then you can replace the values of SSLCertificateFileand SSLCertificateKeyFile with your files (in the case of Comodo SSL, you'd have to set the SSLCACertificateFile directive withtheir Bundle Certificate file as well). On the other hand, if you're setting up SSL for your own personal use or for an intranet atwork, self-signed SSL certificates work just fine. There is no difference between legitimate and self-signed certs except for theCA taking your money and stamping it with their sign of approval. The encryption protection is the same either way.

Save your changes (CTRL-O) to your-domain.com.443.conf and exit nano (CTRL-X). I don't have a tutorial up for generatingSSL certificates using OpenSSL, but I will soon. You can check Google for a site that details those instructions or wait for mineto be posted. Also, you should read up on the Apache SSL/TLS Encryption documention for more information about thedirectives and virtual host configurations for Apache SSL.

Starting Apache and Viewing the Web Site

Apache is set up, our directories have been created, and the VirtualHost config files are done, now is the time to start theApache web server and see if everything worked. It's taken us a long time to get here and if all goes well then Apache shouldstart without any errors and your HTTP and SSL web sites should be available.

service httpd start

If Apache failed to start for you, you should double check httpd.conf, your directories, and your virtual host configs for anytypos or syntax mistakes. Apache can be cryptic at times when errors occur. You can verify virtual host files using httpd -S(or for older an older Apache version use httpd -t -D DUMP_VHOSTS). In the next section I'll show you some tips fortracking down Apache errors.

httpd -S

With the Apache web server running you should have already opened ports 80 and 443 on your firewall so you can connect toApache with a web browser to view your web site. Open up your favorite browser and navigate to your site. You should get thedefault CentOS Apache 2 Test Page unless you have already logged in and uploaded your content via S/FTP.

12/20/12 Apache Web Server Tutorial for Linux

16/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

Standard HTTP works so how about our SSL version of the web site? Change the http:// to https:// in the address bar of yourbrowser. You should be prompted by the security dialog I mentioned before. This is just a warning about your self-signed SSLcertificate not being trusted by your browser.

12/20/12

17/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

Click OK in FireFox or Yes in Internet Explorer to continue to the secure web site.

As you can see up in the FireFox address bar, there is a little yellow padlock icon that informs us that we are on a secure website. All communications with this site will be 128-bit encrypted. At this time you may want to log in to your web site via SecureFTP (SFTP) or regular FTP to upload your web site files to the html directory using the system account you created earlier.You're done! You've successfully configured the Apache web server on Linux.

Other Things to Know for Using Apache

Here are some common questions that users new to the Apache HTTP Server may ask (well, the questions I could think of atthe time).

How can I restart Apache so that it sees the changes I made to httpd.conf and/or virtual hosts?The Apache init script (/etc/init.d/httpd) accepts a number of options, four of the important ones being start, stop, restart, andgraceful.

start tells the init script to start the Apache process and spawns the child processes.

stop tells the init script to terminate the Apache's running process and in turn kills off the child processes. Anyexisting connections to the server will be terminated.

restart tells the init script to stop the Apache process and start it back up. Any changes to httpd.conf or virtualhosts will be read back in. Any existing connections will be terminated, so if users are in the middle of a downloadthe transfers will stop.

graceful tells the init script to alert Apache to reload httpd.conf and virtual hosts. Existing connections will not beterminated but changes won't be noticed until a new connection is established (pulling up another page or file fromthe server). Requests are handled by Apache child workers.

There are two ways of using these options. You can use the init script or the service command. To use the init script, enter this

12/20/12 Apache Web Server Tutorial for Linux

18/18w w w .xenocafe.com/tutorials/linux/centos/apache_w eb_server/index.php

There are two ways of using these options. You can use the init script or the service command. To use the init script, enter thison the prompt /etc/init.d/httpd option, such as to restart the Apache server use /etc/init.d/httpd restart from thecommand line. To use the service command, which is what I showed when we started the Apache service, it's service httpdoption, such as to do a graceful restart use service httpd graceful from the command line.

Apache won't start. It keeps saying FAILED when I try and start the service. What can I do to fix it?This is probably one of the most difficult tasks to do since sometimes Apache doesn't give an error or it's too cryptic when itdoes. Errors usually occur when something has changed, either there is a problem with httpd.conf or your virtual hosts. One ofmy friends enountered an Apache failure and it turned out to be one of its modules got deleted somehow. So the best courseof action is to make a copy of your httpd.conf and virtual hosts before you ever change them. If you mess them up you canalways replace the old copy to get Apache back up and running.

To try and troubleshoot Apache failures, you should take a look in syslog (tail -n 100 /var/log/messages).See if there are any messages from the httpd process, and if so, does it give you an idea of what may be wrong?I've been able to track down errors by doing this one thing. Get the error and look for it on Google. It's unlikelyyou're the first person to experience it.

If it's a config file error, you can test your httpd.conf and virtual hosts with httpd -S (or on older Apache versionsuse httpd -t -D DUMP_VHOSTS). If there is a problem with your files, Apache will tell you when you run the test.

Another useful hint is to try starting Apache in debug mode using httpd -e debug and see what it prints to thescreen. If there is an error it should be shown to you. Once again, if you see the error, use Google to find ananswer.

If all else fails, there is trial and error. Move your httpd.conf and virtual host files to another directory and reinstallthe Apache RPM's. Once Apache is back up with default settings, start making changes to the new httpd.conf andvirtual hosts from the old files. Each time you make a change, save your changes and restart Apache. Like I said,it's trial and error and you may be able to track down the problem.

Can I use Active Server Pages (ASP) or ColdFusion (CFML) with Apache on Linux?Why would you want to? Those are weak and useless languages (my opinion of course). You should use PHP instead, however,if you have the need to use them, there are ports from third party companies that let you use those languages with Apache onLinux. For Active Server Pages, Sun Microsystems has a product called Sun ONE Active Server Pages (a former ChiliSoftproduct) that let's you use ASP on Linux. They have a free trial version you can download and try out. ColdFusion is no longera Macromedia product and is now maintained by Adobe Systems. You can download a free trial version after you register foran account.

[more to be added]

Conclusion

I think I may have went overboard with all the information in this Apache tutorial because it took me four days off and on toprepare this document. I tried to be as thorough as possible but I realize I may have missed some of the little things like inthe Q&A section above. Nevertheless, you now have the skills to configure Apache from the ground up from editing httpd.conf,creating a structured web site directory schema, and adding HTTP and SSL virtual hosts. You also learned a little bit aboutSecure Sockets Layer and SSL web server certificates. In case you didn't know, if you run into problems or ever need anyhelp you can always post your questions to the Linux category of the forum and I will try and respond to them as as possible.

How would you rate the usefulness of this content?

Poor1 2 3 4 5 6 7 8 9

Outstanding

Optional: Tell us why you rated the content this way.

Characters remaining: 1024

Submit

Average rating: 2.30 out of 9.

1 2 3 4 5 6 7 8 9

12223 people have rated this content.

This page has been viewed 193,416 times

Copyright © 2004-2012 XenoCafe. All Rights Reserved.