How to configure an Apache web server
Image by: You as a Machine. Modified by Rikki Endsley. CC BY-SA 2.0.
Note: This article was originally published on Opensource.com in 2018 and updated there in 2021 with Fedora 33 and Apache 2.4.46. As of this update, my server uses Fedora 39 and Apache 2.4.58.
I have hosted my own websites for many years now. Since switching from OS/2 to Linux more than 25 years ago, I have used Apache as my web server software. Apache is solid, well-known, and quite easy to configure for a basic installation. It is not really that much more difficult to configure Apache to support a more complex setup, such as multiple websites.
Installation and configuration of the Apache web server and configuring the firewall need to be performed as root. Using a browser to view the results of this work should be done as a non-root user. (I use the user student on my virtual host.)
A little history
Developed by Rob McCool (yes, really) at the National Center for Supercomputing Applications, it was the most common HTTP server on the Internet in 1995. As of 2023, it is still used by just over 30% of known web servers.
Although the name may seem strange, it’s easily explained. Some of the webmasters that were using it had created many of their own plug-in extensions and bug fixes because further development had stalled. Some of those people collaborated to add those extensions and fixes to the original code in the form of patches. There were many of those patches, so it was quite natural for the webmaster hackers to call it “a patchy web server.”
Installation
If you use a different distribution your commands and the locations and content of the configuration files may be different. However, the few configuration lines you need to modify are the same regardless of distribution.
The Apache web server software is easy to install. With one command, you can install Apache plus all necessary dependencies:
# dnf install httpdAll the configuration files for Apache are located in /etc/httpd/conf and /etc/httpd/conf.d. The data for websites you’ll run with Apache is located in /var/www by default, but you can change that if you want by editing the configuration files.
Configuring HTTPD
The primary Apache configuration file is /etc/httpd/conf/httpd.conf and contains a lot of configuration statements that don’t need to be changed for a basic installation. You only need to make a few changes to this file to get a basic website up and running. The file is very large, so rather than clutter this article with a lot of unnecessary stuff, I will show only those directives that you need to change.
First, take a bit of time and browse through the httpd.conf file to familiarize yourself with it. One of the things I like about Red Hat versions of most configuration files is the number of comments that describe the various sections and configuration directives in the files. The httpd.conf file is no exception, as it is quite well commented. Use these comments to understand what the file is configuring.
The first item to change is the Listen statement, which defines the IP address and port on which Apache is to listen for page requests. For now, you just need to make this website available to the local machine, so use the localhost address. The line should look like this when you finish:
Listen 127.0.0.1:80With this directive set to the IP address of the localhost, Apache will listen only for connections from the local host. If you want the web server to listen for connections from remote hosts, you would use the host’s external IP address.
The DocumentRoot directive specifies the location of the HTML files that make up the pages of the website. That line does not need to be changed because it already points to the standard location. The line should look like this:
DocumentRoot "/var/www/html"The Apache installation RPM creates the /var/www directory tree. If you wanted to change the location where the website files are stored, this configuration item is used to do that. For example, you might want to use a different name for the www subdirectory to make the identification of the website more explicit. That might look like this:
DocumentRoot "/var/mywebsite/html"These are the only Apache configuration changes needed to create a simple website. For this little exercise, only one change was made to the httpd.conf file—the Listen directive. Everything else is already configured to produce a working web server.
Configuring the firewall
One change is needed to our firewall. Port 80 is the default HTTP port and must be open to enable requests to our website to pass through the firewall.
The Linux kernel contains the Linux firewall which is implemented using a series of netfilter kernel modules. There are several tools available for users to write and manage the firewall rules used by netfilter. Iptables was the first interface and nftables is the current user interface provided by the netfilter project.
Other projects, such as firewalld which is part of the systemd galaxy of tools, also provides methods for managing firewall rules.
If using iptables as my firewall user interface on my server, I change /etc/sysconfig/iptables to add a statement that allows HTTP protocol. The entire file looks like this otherwise default configuration.
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMITThe line I added is the fourth from the bottom, which allows incoming traffic on port 80. Now I reload the altered iptables configuration:
# cd /etc/sysconfig/ ; iptables-restore iptablesWhen using firewalld, you can add new rules with the following two commands. This first one open the port 80 with protocol tcp in the public zone of the runtime environment. This makes the assumption that the public zone is not the default. To open port 80 in the default zone, you can omit the zone argument. This change is only effective until firewalld is restarted so it’s not persistent through reboots.
# firewall-cmd --zone=public --add-port=80/tcpTo make this change permanent so it is persistent through reboots and other firewalld restarts, use the --permanent argument as shown here.
# firewall-cmd --permanent --zone=public --add-port=80/tcpCreate an index.html file
The index.html file is the default file a web server will serve up when you access the website using just the domain name and not a specific HTML file name. In the /var/www/html directory, create a file with the name index.html. Add the content Hello World. You do not need to add any HTML markup to make this work. The sole job of the web server is to serve up a stream of text data, and the server has no idea what the date is or how to render it. It simply transmits the data stream to the requesting host.
After saving the file, set the ownership to apache.apache.
[root@testvm1 html]# chown apache.apache index.htmlStart Apache
Apache is very easy to start. Current versions of Fedora use systemd. Run the following commands to start it and then to check the status of the server:
[root@testvm1 ~]# systemctl start httpd
[root@testvm1 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2018-02-08 13:18:54 EST; 5s ago
Docs: man:httpd.service(8)
Main PID: 27107 (httpd)
Status: "Processing requests..."
Tasks: 213 (limit: 4915)
CGroup: /system.slice/httpd.service
├─27107 /usr/sbin/httpd -DFOREGROUND
├─27108 /usr/sbin/httpd -DFOREGROUND
├─27109 /usr/sbin/httpd -DFOREGROUND
├─27110 /usr/sbin/httpd -DFOREGROUND
└─27111 /usr/sbin/httpd -DFOREGROUND
Feb 08 13:18:54 testvm1 systemd[1]: Starting The Apache HTTP Server...
Feb 08 13:18:54 testvm1 systemd[1]: Started The Apache HTTP Server.The commands may be different on your server. On Linux systems that use SystemV start scripts, the commands would be:
[root@testvm1 ~]# service httpd start
Starting httpd: [Fri Feb 09 08:18:07 2018] [ OK ]
[root@testvm1 ~]# service httpd status
httpd (pid 14649) is running...If you have a web browser like Firefox or Chrome on your host, you can use the URL localhost on the URL line of the browser to display your web page, simple as it is. You could also use a text mode web browser like Lynx to view the web page. First, install Lynx (if it is not already installed):
[root@testvm1 ~]# dnf -y install lynxThen use this command to display the web page:
[root@testvm1 ~]# lynx localhostThe result looks like this in my terminal session. I have deleted a lot of the empty space on the page:
Hello World
<snip>
Commands: Use arrow keys to move, '?' for help, 'q' to quit, '<-' to go back.
Arrow keys: Up and Down to move. Right to follow a link; Left to go back.
H)elp O)ptions P)rint G)o M)ain screen Q)uit /=search [delete]=history listNext, edit your index.html file and add a bit of HTML markup so it looks like this:
<h1>Hello World</h1>Now refresh the browser. For Lynx, use the key combination Ctrl+R. The results look just a bit different. The text is in color, which is how Lynx displays headings if your terminal supports color, and it is now centered. In a GUI browser the text would be in a large font.
Hello World
<snip>
Commands: Use arrow keys to move, '?' for help, 'q' to quit, '<-' to go back.
Arrow keys: Up and Down to move. Right to follow a link; Left to go back.
H)elp O)ptions P)rint G)o M)ain screen Q)uit /=search [delete]=history listParting thoughts
As you can see from this exercise, it is easy to set up an Apache web server. The specifics will vary depending upon your distribution and the version of Apache supplied by that distribution. In my environment, this was a pretty trivial exercise.
You can find documentation, support, security information, mailing lists, downloads, and more at the Apache HTTP Server Project.
More Stories
Seven Linux commands just for fun
Linux was developed by fun-loving people who created an array of fun and even comical commands. Try playing around with these yourself when you want a smile.
Extend the life of your Linux SSD drive with fstrim
SSDs have benefits like silent and cooler operation and a faster interface spec, compared to their elder spinning ancestors. Of course, new technology brings with it new methods of maintenance and management. SSDs have a feature to reclaim unused blocks on the device.
NetworkManager on Linux: #3 — How I migrated to NetworkManager Connection Files for configuration
Interface configuration files may not be supported in Fedora much longer, but migrating to NetworkManager is easier than you might think.
An introduction to GRUB2 configuration for your Linux machine
Learn how the GRUB boot loader works to prepare your system and launch your operating system kernel.
NetworkManager on Linux: #2 — A sysadmin’s guide to network interface configuration files
Simplify the complex world of interface configuration files with this handy tutorial.
A Linux networking guide to CIDR notation and configuration
One of the key concepts in network routing that any Linux professional should be familiar with is network notation. CIDR stands for Classless-Inter Domain Routing; it defines a notation methodology for network addressing that is used to specify the network portion of an IP address.