1. Setting Up Networking
  2. Configuring the Apache HTTP Web Service

5 Configuring the Apache HTTP Web Service

This chapter describes how to configure a basic HTTP server.

About the Apache HTTP Server

Oracle Linux provides the Apache HTTP Server, which is an open-source web server developed by the Apache Software Foundation. The Apache server hosts web content, and responds to requests for this content from web browsers such as Firefox.

Installing the Apache HTTP Server

To install the Apache HTTP server:

  1. Enter the following command: 

    sudo yum install httpd

  2. Start the server, and configure it to start after system reboots: 

    sudo apachectl start
sudo systemctl enable httpd

  3. Check for configuration errors: 

    sudo apachectl configtest
  4. Create firewall rules to allow access to the ports on which the HTTP server listens, for example: 
    sudo firewall-cmd --zone=zone --add-service=http
sudo firewall-cmd --permanent --zone=zone --add-service=http

Configuring the Apache HTTP Server

Note:

Any changes that you make to the configuration of the Apache HTTP server do not take effect until you restart the server: 

sudo apachectl restart

The main configuration file for the Apache HTTP server is /etc/httpd/conf/httpd.conf. You can modify the directives in this file to customize Apache for your environment.

The directives include:

Allow from client [client ...] | all

Specifies a list of clients that can access content or all to serve content to any client. The Order directive determines the order in which httpd evaluates Allow and Deny directives.

Deny from client [client ...] | all

Specifies a list of clients that cannot access content or all to disallow all clients. The Order directive determines the order in which httpd evaluates Allow and Deny directives.

DocumentRoot directory-path

The top level directory for Apache server content. The apache user requires read access to any files and read and execute access to the directory and any of its sub-directories. Do not place a slash at the end of the directory path.

For example: 

DocumentRoot /var/www/html

If you specify a different document root or link to content that is not under /var/www/html and SELinux is enabled in enforcing mode on your system, change the default file type of the directory hierarchy that contains the content to httpd_sys_content_t:

  1. Use the semanage command to define the default file type of the content directory as httpd_sys_content_t: 

    sudo /usr/sbin/semanage fcontext -a -t httpd_sys_content_t " content_dir (/.*)?"
  2. Use the restorecon command to apply the file type to the entire content directory hierarchy. 
    sudo /sbin/restorecon -R -v content_dir
ErrorLog filename | syslog[:facility]

If set to a file name, specifies the file, relative to ServerRoot, to which httpd sends error messages.

If set to syslog, specifies that httpd send errors to rsyslogd. A facility argument specifies the rsyslogd facility. The default facility is local7.

For example: 

ErrorLog logs/error_log
Listen [IP_address:]port

Accept incoming requests on the specified port or IP address and port combination. By default, the httpd server accepts requests on port 80 for all network interfaces. For a port number other than 80, HTTP requests to the server must include the port number.

For example: 

Listen 80
Listen 192.168.2.1:8080
LoadModule module path

The Apache HTTP server can load external modules (dynamic shared objects or DSOs) to extend its functionality. The module argument is the name of the DSO, and filename is the path name of the module relative to ServerRoot.

For example: 

LoadModule auth_basic_module modules/mod_auth_basic.so
Order deny,allow | allow,deny

Specifies the order in which httpd evaluates Allow and Deny directives.

For example, permit access only to clients from the mydom.com domain: 

Order deny,allow
Deny from all
Allow from .mydom.com

The following directives would not permit access by any client: 

Order allow,deny
Deny from all
Allow from .mydom.com
ServerName FQDN[:port]

Specifies the fully qualified domain name or IP address of the httpd server and an optional port on which the server listens. The FQDN must be resolvable to an IP address. If you do not specify a FQDN, the server performs a reverse-name lookup on the IP address. If you do not specify a port, the server uses the port corresponding to the incoming request.

For example: 

ServerName www.mydom.com:80
ServerRoot directory-path

The top of the directory hierarchy where the httpd server keeps its configuration, error, and log files. Do not place a slash at the end of the directory path.

For example: 

ServerRoot /etc/httpd
Timeout seconds

Specifies the number of seconds that httpd waits for network operations to finish before reporting a timeout error. The default value is 60 seconds.

UserDir directory-path ... | disabled [user ...] | enabled user ...

If set to disabled, disallows users identified by the space-separated user argument to publish content from their home directories. If no users are specified, all users are disallowed.

If set to enabled, allows users identified by the space-separated user argument to publish content from their home directories, provided that they are not specified as an argument to disabled.

directory-path is the name of a directory from which httpd publishes content. A relative path is assumed to be relative to a user’s home directory. If you specify more than one directory path, httpd tries each alternative in turn until find a web page. If directory-path is not defined, the default is ~/public_html. Do not place a slash at the end of the directory path.

For example: 

UserDir disabled root guest
UserDir enabled oracle alice
UserDir www http://www.mydom.com/

The root and guest users are disabled from content publishing. Assuming that ServerName is set to www.mydom.com, browsing http://www.example.com/~alice displays alice's web page, which must be located at ~alice/www or http://www.example.com/alice (that is, in the directory alice relative to ServerRoot).

Note:

You would usually change the settings in the <IfModule mod_userdir.c> container to allow users to publish user content.

For more information, see https://httpd.apache.org/docs/current/mod/directives.html.

Testing the Apache HTTP Server

To test that an Apache HTTP server is working:

  • From the local system, direct a browser on the local system to http://localhost.

  • From a remote system, direct a browser to http:// followed by the value of the ServerName directive specified in the configuration file (/etc/httpd/conf/httpd.conf).

If the browser displays the Apache 2 Test Page, the server is working correctly.

To test that the server can deliver content, create an HTML file named index.html in the directory specified by the DocumentRoot directive (by default, /var/www/html). After reloading the page, the browser should display this HTML file instead of the Apache 2 Test Page.

Configuring Apache Containers

Apache containers are special directives that group other directives, often to create separate web directory hierarchies with different characteristics. A container is delimited by the XML-style tags <type> and </type>, where type is the container type.

The following are examples of container types:

<Directory directory-path>

Applies the contained directives to directories under directory-path. The following example applies the Deny, Allow, and AllowOverride directives to all files and directories under /var/www/html/sandbox. 

<Directory /var/www/html/sandbox>
  Deny from all
  Allow from 192.168.2.
  AllowOverride All
</Directory>

The AllowOverride directive is only used in Directory containers and specifies which classes of directives are allowed in .htaccess files. (.htaccess configuration files typically contain user authentication directives for a web directory.) The directive classes control such aspects as authorization, client access, and directory indexing. You can specify the argument All to permit all classes of directives in .htaccess files, a space-separated list of directive classes to permit only those classes, or None to make the server ignore .htaccess files altogether.

Note:

If SELinux is enabled on the system, you must change the default file type if the file system hierarchy specified by <Directory> is not under /var/www/html.

<IfModule [!]module>

Applies directives if the specified module has been loaded, or, when the exclamation point (!) is specified, if the module has not been loaded.

The following example disallows user-published content if mod_userdir.c has been loaded: 

<IfModule mod_userdir.c>
  UserDir disabled
</IfModule>
<Limit method ...>

Places limits on the specified HTTP methods (such as GET, OPTIONS, POST, and PUT) for use with a Uniform Resource Identifier (URI).

The following example limits systems in mydom.com to using only the GET and PUT methods to perform HTTP downloads and uploads: 

<Limit GET PUT>
  Order deny,allow
  Deny from all
  Allow from .example.com
</Limit>

Systems outside mydom.com cannot use GET and PUT with the URI.

<LimitExcept method ...>

Places limits on all except the specified HTTP methods for use with a Uniform Resource Identifier (URI).

The following example disallows any system from using any method other than GET and POST: 

<LimitExcept GET POST>
  Order deny,allow
  Deny from all
</Limit>
VirtualHost IP_address:port ...

Specifies a group of directives that define a container for a virtual host. See Configuring Apache Virtual Hosts.

About Nested Containers

The following example illustrates how you can nest containers, using <Limit> and <LimitExcept> containers to permit GET, POST, and OPTIONS to be used with user directories under /home/*/public_html. 

<Directory /home/*/public_html>
  AllowOverride FileInfo AuthConfig Limit
  Options MultiViews Indexes SymLinksIfOwnerMatch \
  IncludesNoExec
  <Limit GET POST OPTIONS>
    Order allow,deny
    Allow from all
  </Limit>
  <LimitExcept GET POST OPTIONS>
    Order deny,allow
    Deny from all
  </LimitExcept>
</Directory>

In the example, the AllowOverride directive specifies the following directive classes:

AuthConfig

Permits the use of the authorization directives.

FileInfo

Permits the use of directives that control document types.

Limit

Permits the use of directives that control host access.

The Options directive controls the features of the server for the directory hierarchy, for example:

FollowSymLinks

Follow symbolic links under the directory hierarchy.

Includes

Permits server-side includes.

IncludesNoExec

Prevents the server from running #exec cmd and #exec cgi server-side includes.

Indexes

Generates a web directory listing if the DirectoryIndex directive is not set.

MultiViews

Allows the server to determine the file to use that best matches the client's requirements based on the MIME type when several versions of the file exist with different extensions.

SymLinksIfOwnerMatch

Allows the server to follow a symbolic link if the file or directory being pointed to has the same owner as the symbolic link.

For more information, see https://httpd.apache.org/docs/current/mod/directives.html.

Configuring Apache Virtual Hosts

The Apache HTTP server supports virtual hosts, meaning that it can respond to requests that are directed to multiple IP addresses or host names that correspond to the same host machine. You can configure each virtual host to provide different content and to behave differently.

You can configure virtual hosts in two ways:

  • IP-based Virtual Hosts (host-by-IP)

    Each virtual host has its own combination of IP address and port. The server responds to the IP address with which the host name resolves. Host-by-IP is needed to server HTTPS requests because of restrictions in the SSL (Secure Sockets Layer) protocol.

  • Name-based Virtual Hosts (host-by-name)

    All virtual hosts share a common IP address. Apache responds to the request by mapping the host name in the request to ServerName and ServerAlias directives for the virtual host in the configuration file.

To configure a virtual host, you use the <VirtualHost hostname> container. You must also divide all served content between the virtual hosts that you configure.

The following example shows a simple name-based configuration for two virtual hosts: 

NameVirtualHost *:80

<VirtualHost *:80>
  ServerName websvr1.mydom.com
  ServerAlias www.mydom-1.com
  DocumentRoot /var/www/http/websvr1
  ErrorLog websvr1.error_log
</VirtualHost>

<VirtualHost *:80>
  ServerName websvr2.mydom.com
  ServerAlias www.mydom-2.com
  DocumentRoot /var/www/http/sebsvr2
  ErrorLog websvr2.error_log
</VirtualHost>

For more information, see https://httpd.apache.org/docs/2.2/vhosts/.