Search Engine

Loading

Sallar

Sallar
RedhatEnterpriseLinux Blog

Basic Apache server configuration step by step



Basic Apache server configuration

Installing Apache
When you’re working with Apache, you need two packages. The first is httpd, which actually installs the Apache web server. The second is the mod_ssl package, which provides the ability to create secure websites.
Step 1. Install the two required packages:
# yum install –y httpd mod_ssl
Step 2. Verify that the packages were installed correctly:
# rpm -qa | grep http
httpd-2.2.15-5.el6.x86_64
httpd-tools-2.2.15-5.el6.x86_64
# rpm -qa | grep ssl
mod_ssl-2.2.15-5.el6.x86_64
openssl-1.0.0-4.el6.x86_64
Step 3. With the packages installed, make sure that the service is set to start when the system boots:
# chkconfig httpd on
Step 4. Verify your changes:
                # chkconfig httpd --list
httpd  0:off 1:off  2:on  3:on  4:on  5:on 6:off


Open http main config file

# vi /etc/httpd/conf/httpd.conf

DocumentRoot “/var/www/html”
Test the config file:
# service httpd configtest
Syntax OK
# service httpd restart
Stopping httpd:                    [ OK ]
Starting httpd:                      [ OK ]



Firewall and SELinux Configuration
For your web server to become fully functional, you need to make some security Changes. First and foremost, the firewall needs to be opened on port 80.


Step 1. Use iptables to create the additional firewall rules:
# iptables -I INPUT  -p tcp -m tcp --dport 80 -j ACCEPT
Step 2. Save the firewall rules you have just created:
# service iptables save
Saving firewall rules to /etc/sysconfig/iptables:            [ OK ]

Step 3. Then restart the iptables service:
# service iptables restart
iptables: Flushing firewall rules:                                       [ OK ]
iptables: Setting chains to policy ACCEPT: filter             [ OK ]
iptables: Unloading modules:                                            [ OK ]
iptables: Applying firewall rules:                                      [ OK ]



Some Changes required in SELinux

You need to disable the SELinux service protection to be able to utilize basic web services.

Step 1. Query for the Boolean value you need to change:
# getsebool -a | grep httpd_dis
httpd_disable_trans --> off
Step 2. Disable the SELinux protection:
# setsebool -P httpd_disable_trans=1
Step 3. Verify that the Boolean has changed:
# getsebool -a | grep httpd_dis
httpd_disable_trans --> on

Create Web Directories

Step 1. Create the customer web directories:
# mkdir /var/www/site1
# mkdir /var/www/site2
Step 2. Check the current context of the files:
# ls -Z /var/www
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 error
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 icons
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 site1
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 site2


You can change the context of the customer sites to match the default site (the html directory).

Step 3. Use the chcon command to change the context of the user and domain:
# chcon -Rvu system_u site1
changing security context of ‘site1’
# chcon -Rvu system_u site1
changing security context of ‘site1

Step 4. You also could reference the default directory for a single command:
# chcon --reference=html site2

This changes the site2 directory to match the html directory’s SELinux context.
Step 5. You can now check again and verify that all the context fields for the two customer site directories have been changed correctly:
# ll -Z
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 error
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 icons
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 site1
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 site2

Now finally open browser and check your web site.
http://yourlocalIP or http://127.0.0.1



2 comments:

Anonymous said...

Please post similar ones..
step wise for vsftpd, and other parts as well

Thanks

Aniel Kgupta said...

.......

Post a Comment

Powered by Blogger.

Ads

 
Copyright © Redhat Enterprise linux. Original Concept and Design by My Blogger Themes
My name is Abdul Razaq but people call me Raziq. Here is my home page: www.redhatenterpriselinux.blogspot.com I live in Quetta, Pakistan and work as an IT-Engineer.