Configuring Linux Web Services using

Apache httpd
The most commonly used web server in the world today is Apacheand with good reason. Built with
security in mind, Apache is a solid and stable web server that has been around for years. The module design
allows for scalability and ease of use.
Apache can also be used to host multiple websites at a single time through the use of its virtual hosts feature.
There is also an option to use the SSL protocol, making websites safe and secure. This secure base provides a
platform for developers to use when writing secure code for banks, retail sites, and so on.

Task 1: Installing Apache Webserver

Packages
When youre working with Apache, you need two packages.
-> The first is httpd, which actually installs the Apache web server.
-> The second is the mod_ssl package, which provides the ability to create secure websites
Step 1. Install the two required packages:
# yum install y httpd mod_ssl
Step 2. Verify that the packages were installed correctly:
# rpm -qa | grep http
httpd-2.2.15-5.el6.x86_64
httpd-tools-2.2.15-5.el6.x86_64
# rpm -qa | grep ssl
mod_ssl-2.2.15-5.el6.x86_64
openssl-1.0.0-4.el6.x86_64
Step 3. With the packages installed, make sure that the service is set to start when the system boots:
# chkconfig httpd on
Step 4. Verify your changes:
# chkconfig httpd list
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Task 2: Configuring the Web Server

Now that the web server is installed, we can shift our attention to the config files and directories. During the
installation, a directory (/var/www) is created with a set of subdirectories. This directory tree is the place
where you store your websites.
There are also a few config files to look at:

/etc/httpd/conf/httpd.conf
/var/log/httpd
/usr/lib64/httpd/modules

Main config file

Log file directory for the web server
Modules for Apache

The main config file for Apache is completely usable right out of the box, which is great if youd like to just
get up and running. You should spend some time looking through the main config file because it provides
many options and good documentation in the comments. The top of the config file is grouped into three
sections.
Below are the comments sectionfrom the /etc/httpd/conf/httpd.conf file:
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the global environment).
# 2. Directives that define the parameters of the main or default server,
# which responds to requests that arent handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
Below are some important directives that we might be interested to configure to setup as basic webserver:

ServerRoot Defines where the config files are held

Timeout
Specifies the time before a request times out (120 seconds is the default)
Listen
Indicates the port number to listen on (default is 80)
User
Identifies the user to run the web server as
Group
Identifies the group to run the web server as
LoadModule
Defines a module to load when the web server starts
DocumentRoot Defines where the website files are located
ServerName
Defines a server name or IP address and port number

Lets start by defining the location of a website on the file system. By default, it is located in the
/var/www/html directory, although this can be changed if youd like.
In the main config file, you see a section denoted by the Directory option.
Section of /etc/httpd/conf/httpd.conf:
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
The options defined within this section apply specifically to the website and directory structure, as defined
by the Directory option. For the preceding example, this means the site located in the /var/www/html
directory. If you want to change the directory where your site is located, you need to change the
DocumentRoot option as well as the Directory option. The default option is

DocumentRoot /var/www/html
There is also a way to have multiple sites using virtual hosts, as you see later. When your config file is
completely set up the way you want it, you can use the httpd service options to test your config file. Using the
configtest argument, the service parses the main config file for any errors and reports back if something is
found. It is always a good idea to check your config file before trying to use it because it will prevent the
server from starting if it contains any errors.
Test the config file:
# service httpd configtest
Syntax OK
There is also another cool option that the httpd service has (many services have it, but it is more useful here).
Normally, for a service to use a new config file, it requires that the service is restarted. This restart process
actually stops the service from running before starting it over again.
Normally, this isnt a big deal, but when hundreds of people are hitting your site, can you afford to have even
a two-second outage? To circumvent this issue, you can use the reload argument, which allows the main
config file to be reread without the actual service being brought down.
This is why it is important to test your config files first.
To restart the httpd service, use the following command:

# service httpd restart

Stopping httpd: [ OK ]
Starting httpd: [ OK ]
To only reload the service and reread the config file, use this command instead:
# service httpd reload
Reloading httpd: [ OK ]
One other option to keep in mind is the graceful parameter. It restarts the web server, allowing it to read the
new config file changes without disconnecting any currently connected clients. The only downfall here is
that the currently active connections use the old config file until they terminate their connection and
reconnect.
You can use it as follows:
# service httpd graceful

Task 3 : Firewall and SELinux

Configuration for apache webserver
For your web server to become fully functional, you need to make some security changes. First and foremost,
the firewall needs to be opened on port 80.
Step 1. Use iptables to create the additional firewall rules:

# iptables -I INPUT 5 -p tcp -m tcp dport 80 -j ACCEPT

Step 2. Save the firewall rules you have just created:

# service iptables save

Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Step 3. Then restart the iptables service:

# service
iptables:
iptables:
iptables:
iptables:

iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading modules: [ OK ]
Applying firewall rules: [ OK ]

Additionally, you need to look at SELinux protection for the web server.