5 Configuring the Apache HTTP Web Service
This chapter describes how to configure a basic HTTP server.
About the Apache HTTP Server
Oracle Linux provides the Apache HTTP Server, which is an open-source web server developed by the Apache Software Foundation. The Apache server hosts web content, and responds to requests for this content from web browsers such as Firefox.
Installing the Apache HTTP Server
To install the Apache HTTP server:
-
Enter the following command:
sudo yum install httpd
-
Start the server, and configure it to start after system reboots:
sudo apachectl start sudo systemctl enable httpd
-
Check for configuration errors:
sudo apachectl configtest
-
Create firewall rules to allow access to the ports on which the HTTP server listens, for example:
sudo firewall-cmd --zone=zone --add-service=http sudo firewall-cmd --permanent --zone=zone --add-service=http
Configuring the Apache HTTP Server
Note:
Any changes that you make to the configuration of the Apache HTTP server do not take effect until you restart the server:
sudo apachectl restart
The main configuration file for the Apache HTTP server is
/etc/httpd/conf/httpd.conf
. You can modify the
directives in this file to customize Apache for your environment.
The directives include:
-
Allow from client [client ...] | all
-
Specifies a list of clients that can access content or
all
to serve content to any client. TheOrder
directive determines the order in whichhttpd
evaluatesAllow
andDeny
directives. -
Deny from client [client ...] | all
-
Specifies a list of clients that cannot access content or
all
to disallow all clients. TheOrder
directive determines the order in whichhttpd
evaluatesAllow
andDeny
directives. -
DocumentRoot directory-path
-
The top level directory for Apache server content. The
apache
user requires read access to any files and read and execute access to the directory and any of its sub-directories. Do not place a slash at the end of the directory path.For example:
DocumentRoot /var/www/html
If you specify a different document root or link to content that is not under
/var/www/html
and SELinux is enabled in enforcing mode on your system, change the default file type of the directory hierarchy that contains the content tohttpd_sys_content_t
:-
Use the semanage command to define the default file type of the content directory as
httpd_sys_content_t
:sudo /usr/sbin/semanage fcontext -a -t httpd_sys_content_t " content_dir (/.*)?"
-
Use the restorecon command to apply the file type to the entire content directory hierarchy.
sudo /sbin/restorecon -R -v content_dir
-
-
ErrorLog filename | syslog[:facility]
-
If set to a file name, specifies the file, relative to
ServerRoot
, to whichhttpd
sends error messages.If set to
syslog
, specifies thathttpd
send errors torsyslogd
. A facility argument specifies thersyslogd
facility. The default facility islocal7
.For example:
ErrorLog logs/error_log
-
Listen [IP_address:]port
-
Accept incoming requests on the specified port or IP address and port combination. By default, the
httpd
server accepts requests on port 80 for all network interfaces. For a port number other than 80, HTTP requests to the server must include the port number.For example:
Listen 80 Listen 192.168.2.1:8080
-
LoadModule module path
-
The Apache HTTP server can load external modules (dynamic shared objects or DSOs) to extend its functionality. The module argument is the name of the DSO, and
filename
is the path name of the module relative toServerRoot
.For example:
LoadModule auth_basic_module modules/mod_auth_basic.so
-
Order deny,allow | allow,deny
-
Specifies the order in which
httpd
evaluates Allow and Deny directives.For example, permit access only to clients from the
mydom.com
domain:Order deny,allow Deny from all Allow from .mydom.com
The following directives would not permit access by any client:
Order allow,deny Deny from all Allow from .mydom.com
-
ServerName FQDN[:port]
-
Specifies the fully qualified domain name or IP address of the
httpd
server and an optional port on which the server listens. The FQDN must be resolvable to an IP address. If you do not specify a FQDN, the server performs a reverse-name lookup on the IP address. If you do not specify a port, the server uses the port corresponding to the incoming request.For example:
ServerName www.mydom.com:80
-
ServerRoot directory-path
-
The top of the directory hierarchy where the
httpd
server keeps its configuration, error, and log files. Do not place a slash at the end of the directory path.For example:
ServerRoot /etc/httpd
-
Timeout seconds
-
Specifies the number of seconds that
httpd
waits for network operations to finish before reporting a timeout error. The default value is 60 seconds. -
UserDir directory-path ... | disabled [user ...] | enabled user ...
-
If set to
disabled
, disallows users identified by the space-separated user argument to publish content from their home directories. If no users are specified, all users are disallowed.If set to
enabled
, allows users identified by the space-separated user argument to publish content from their home directories, provided that they are not specified as an argument todisabled
.directory-path is the name of a directory from which
httpd
publishes content. A relative path is assumed to be relative to a user’s home directory. If you specify more than one directory path,httpd
tries each alternative in turn until find a web page. If directory-path is not defined, the default is ~/public_html. Do not place a slash at the end of the directory path.For example:
UserDir disabled root guest UserDir enabled oracle alice UserDir www http://www.mydom.com/
The
root
andguest
users are disabled from content publishing. Assuming thatServerName
is set towww.mydom.com
, browsinghttp://www.example.com/~alice
displaysalice
's web page, which must be located at~alice/www
orhttp://www.example.com/alice
(that is, in the directoryalice
relative toServerRoot
).Note:
You would usually change the settings in the
<IfModule mod_userdir.c>
container to allow users to publish user content.
For more information, see https://httpd.apache.org/docs/current/mod/directives.html.
Testing the Apache HTTP Server
To test that an Apache HTTP server is working:
-
From the local system, direct a browser on the local system to
http://localhost
. -
From a remote system, direct a browser to
http://
followed by the value of theServerName
directive specified in the configuration file (/etc/httpd/conf/httpd.conf
).
If the browser displays the Apache 2 Test Page, the server is working correctly.
To test that the server can deliver content, create an HTML file
named index.html
in the directory specified by
the DocumentRoot
directive (by default,
/var/www/html
). After reloading the page, the
browser should display this HTML file instead of the Apache 2 Test
Page.
Configuring Apache Containers
Apache containers are special directives that group other
directives, often to create separate web directory hierarchies
with different characteristics. A container is delimited by the
XML-style tags
<type>
and
</type>
, where
type is the container type.
The following are examples of container types:
-
<Directory directory-path>
-
Applies the contained directives to directories under directory-path. The following example applies the
Deny
,Allow
, andAllowOverride
directives to all files and directories under/var/www/html/sandbox
.<Directory /var/www/html/sandbox> Deny from all Allow from 192.168.2. AllowOverride All </Directory>
The
AllowOverride
directive is only used inDirectory
containers and specifies which classes of directives are allowed in.htaccess
files. (.htaccess
configuration files typically contain user authentication directives for a web directory.) The directive classes control such aspects as authorization, client access, and directory indexing. You can specify the argumentAll
to permit all classes of directives in.htaccess
files, a space-separated list of directive classes to permit only those classes, orNone
to make the server ignore.htaccess
files altogether.Note:
If SELinux is enabled on the system, you must change the default file type if the file system hierarchy specified by
<Directory>
is not under/var/www/html
. -
<IfModule [!]module>
-
Applies directives if the specified module has been loaded, or, when the exclamation point (
!
) is specified, if the module has not been loaded.The following example disallows user-published content if
mod_userdir.c
has been loaded:<IfModule mod_userdir.c> UserDir disabled </IfModule>
-
<Limit method ...>
-
Places limits on the specified HTTP methods (such as GET, OPTIONS, POST, and PUT) for use with a Uniform Resource Identifier (URI).
The following example limits systems in
mydom.com
to using only theGET
andPUT
methods to perform HTTP downloads and uploads:<Limit GET PUT> Order deny,allow Deny from all Allow from .example.com </Limit>
Systems outside
mydom.com
cannot useGET
andPUT
with the URI. -
<LimitExcept method ...>
-
Places limits on all except the specified HTTP methods for use with a Uniform Resource Identifier (URI).
The following example disallows any system from using any method other than
GET
andPOST
:<LimitExcept GET POST> Order deny,allow Deny from all </Limit>
-
VirtualHost IP_address:port ...
-
Specifies a group of directives that define a container for a virtual host. See Configuring Apache Virtual Hosts.
About Nested Containers
The following example illustrates how you can nest containers,
using <Limit>
and
<LimitExcept>
containers to permit
GET
, POST
, and
OPTIONS
to be used with user directories
under /home/*/public_html
.
<Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch \ IncludesNoExec <Limit GET POST OPTIONS> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS> Order deny,allow Deny from all </LimitExcept> </Directory>
In the example, the AllowOverride
directive
specifies the following directive classes:
-
AuthConfig
-
Permits the use of the authorization directives.
-
FileInfo
-
Permits the use of directives that control document types.
-
Limit
-
Permits the use of directives that control host access.
The Options
directive controls the features
of the server for the directory hierarchy, for example:
-
FollowSymLinks
-
Follow symbolic links under the directory hierarchy.
-
Includes
-
Permits server-side includes.
-
IncludesNoExec
-
Prevents the server from running
#exec cmd
and#exec cgi
server-side includes. -
Indexes
-
Generates a web directory listing if the
DirectoryIndex
directive is not set. -
MultiViews
-
Allows the server to determine the file to use that best matches the client's requirements based on the MIME type when several versions of the file exist with different extensions.
-
SymLinksIfOwnerMatch
-
Allows the server to follow a symbolic link if the file or directory being pointed to has the same owner as the symbolic link.
For more information, see https://httpd.apache.org/docs/current/mod/directives.html.
Configuring Apache Virtual Hosts
The Apache HTTP server supports virtual hosts, meaning that it can respond to requests that are directed to multiple IP addresses or host names that correspond to the same host machine. You can configure each virtual host to provide different content and to behave differently.
You can configure virtual hosts in two ways:
-
IP-based Virtual Hosts (host-by-IP)
Each virtual host has its own combination of IP address and port. The server responds to the IP address with which the host name resolves. Host-by-IP is needed to server HTTPS requests because of restrictions in the SSL (Secure Sockets Layer) protocol.
-
Name-based Virtual Hosts (host-by-name)
All virtual hosts share a common IP address. Apache responds to the request by mapping the host name in the request to
ServerName
andServerAlias
directives for the virtual host in the configuration file.
To configure a virtual host, you use the <VirtualHost
hostname>
container. You must
also divide all served content between the virtual hosts that you
configure.
The following example shows a simple name-based configuration for two virtual hosts:
NameVirtualHost *:80 <VirtualHost *:80> ServerName websvr1.mydom.com ServerAlias www.mydom-1.com DocumentRoot /var/www/http/websvr1 ErrorLog websvr1.error_log </VirtualHost> <VirtualHost *:80> ServerName websvr2.mydom.com ServerAlias www.mydom-2.com DocumentRoot /var/www/http/sebsvr2 ErrorLog websvr2.error_log </VirtualHost>
For more information, see https://httpd.apache.org/docs/2.2/vhosts/.