Chapter 21. Managing Apache HTTP Services
The following topics are covered in this chapter:
The following RHCSA exam objectives are covered in this chapter:
No RHCSA exam objectives relate directly to Apache, but minimal Apache knowledge is required to master the SELinux-related objectives.
This is the only chapter in this book that discusses a subject that is not even listed in the RHCSA objectives. However, for a Red Hat server administrator, it is important to know how to deal with the Apache web service. In following chapters, you learn how to configure SELinux and installation servers. These are topics that are difficult to understand without knowing how to deal with the Apache web service. Also, in Chapter 11, “Working with Systemd,” you learned how to work with services in an RHEL 8 environment. Knowing how to configure a common service like the Apache web service will surely help doing so. That is why this chapter explains Apache web server basics.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 21-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and ‘Review Questions.’”
Table 21-1 “Do I Know This Already?” Section-to-Question Mapping
Foundation Topics Section |
Questions |
|---|---|
1–4 |
|
5–7 |
|
8–10 |
1. Which command installs the software packages that are needed to configure an Apache web server?
a. yum install httpd
b. yum install web-server
c. yum install apache
d. yum install apache2
2. What is the name of the main Apache configuration file?
a. /etc/httpd/conf/httpd.conf
b. /etc/httpd/httpd.conf
c. /etc/apache2/apache.conf
d. /etc/httpd/default-server.conf
3. Which parameter in the Apache configuration file is used to specify where Apache will serve its documents from?
a. ServerRoot
b. ServerDocuments
c. DocumentRoot
d. DocumentIndex
4. Which parameter in the main Apache configuration file defines the location where the Apache process looks for its configuration files?
a. ServerRoot
b. ServerDocuments
c. DocumentRoot
d. DocumentIndex
5. Which directory contains the main Apache configuration file?
a. /etc/httpd
b. /etc/htttpd/conf
c. /etc/httpd/conf.d
d. /etc/httpd/conf.modules.d
6. Which directory contains the configuration files for the different Apache modules?
a. /etc/httpd
b. /etc/htttpd/conf
c. /etc/httpd/conf.d
d. /etc/httpd/conf.modules.d
7. Which directory is used to drop configuration files that are installed from RPMs?
a. /etc/httpd
b. /etc/htttpd/conf
c. /etc/httpd/conf.d
d. /etc/httpd/conf.modules.d
8. Which virtual host type allows you to run multiple virtual hosts on the same IP address?
a. Name-based
b. IP-based
c. Configuration-based
d. Default
9. Which line is used to start the definition of a virtual host that listens on port 80 of all IP addresses on the current server?
a. <VirtualHost *:80>
b. <VirtualHost *>
c. <NameHost *:80
d. <NameHost *>
10. Which of the following statements about virtual hosts is not true?
a. When virtual hosts are offered through an httpd process, the default configuration no longer works.
b. The names of virtual hosts must be resolvable through /etc/hosts or DNS.
c. To use virtual hosts, the mod_virt package must be installed.
d. Virtual host configurations can be specified in httpd.conf.
Foundation Topics
Configuring a Basic Apache Server
Configuring a basic Apache server is not hard to do. It consists of a few easy steps:
Step 1. Install the required software.
Step 2. Identify the main configuration file.
Step 3. Create some web server content.
Installing the Required Software
The Apache server is provided through some different software packages. The basic package is httpd; this package contains everything that is needed for an operational but basic web server. There are some additional packages, as well. For a complete overview, you can use the yum search http command, and you can use yum module install httpd to install the base package and common additional modules.
Identifying the Main Configuration File
The configuration of the Apache web server goes through different configuration files. The section “Understanding Apache Configuration Files” later in this chapter provides an overview of the way these files are organized. The main Apache configuration file is /etc/httpd/conf/httpd.conf. In this section, many parameters are specified. The most important parameter to understand for setting up a basic web server is the DocumentRoot parameter. This parameter specifies the default location where the Apache web server looks for its contents.
Another important configuration parameter is the ServerRoot. This defines the default directory where Apache will look for its configuration files. By default, the /etc/httpd directory is used for this purpose, but alternative directories can be used as well. Many other configuration files are referenced in the httpd.conf file, a portion of which is shown in Example 21-1. The use of additional configuration files makes it easy for applications to install snap-in files that will be included by the Apache server from RPM packages. The names of all these configuration files are relative to the ServerRoot /etc/httpd.
Example 21-1 Partial Contents of the /etc/httpd/conf/httpd.conf Configuration File
[root@localhost ~]# grep -v '#' /etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%
{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%
{User-Agent}i" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
Creating Web Server Content
After identifying the web server DocumentRoot, you know all you need to know to configure a basic web server. The Apache web server by default looks for a file with the name index.html and will present the contents of that document to clients using a browser to access the web server. It suffices to configure this file with very basic contents; just a line like “Welcome to my web server” will do.
To test the web server, you can launch a browser. The Firefox browser is installed by default on all graphical installations of RHEL 8. If your server does not run a graphical interface, use yum install curl to work with Apache from the command line.
In Exercise 21-1, you learn how to set up a basic Apache web server—nothing fancy, just enough to get you going and test web server functionality.
Exercise 21-1 Setting Up a Basic Web Server
Type yum module install httpd. This installs the httpd package and some of the most commonly used additional packages as well.
Open the main Apache configuration file with an editor, and look up the line that starts with DocumentRoot. This identifies the location where the Apache server will look for the contents it will service. Confirm that it is set to /var/www/html.
In the directory /var/www/html, create a file with the name index.html. In this file, type “Welcome to my web server”.
To start and enable the web server, type systemctl enable --now httpd. This starts the web server and makes sure that it starts automatically after restarting the server. Use systemctl status httpd to check that the web server is up and running. In Example 21-2 you can see what the result of this command should look like.
Type yum install curl to install the elinks text-based browser. Type curl http://localhost to connect to the web server and verify it is working.
Example 21-2 Verifying the Availability of the Apache Web Server with systemctl status
[root@localhost ~]# systemctl status httpd
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled;
vendor preset: disabled)
Active: active (running) since Fri 2019-07-05 03:06:02 EDT; 2s ago
Docs: man:httpd.service(8)
Main PID: 4540 (httpd)
Status: "Started, listening on: port 443, port 80"
Tasks: 213 (limit: 11222)
Memory: 24.2M
CGroup: /system.slice/httpd.service
⊢4540 /usr/sbin/httpd -DFOREGROUND
⊢4542 /usr/sbin/httpd -DFOREGROUND
⊢4543 /usr/sbin/httpd -DFOREGROUND
⊢4544 /usr/sbin/httpd -DFOREGROUND
4545 /usr/sbin/httpd -DFOREGROUND
Jul 05 03:06:02 localhost.localdomain systemd[1]: Starting The Apache
HTTP Server...
Jul 05 03:06:02 localhost.localdomain httpd[4540]: AH00558: httpd:
Could not reliably determine the server'>
Jul 05 03:06:02 localhost.localdomain httpd[4540]: Server configured,
listening on: port 443, port 80
Jul 05 03:06:02 localhost.localdomain systemd[1]: Started The Apache
HTTP Server.
Understanding Apache Configuration Files
A default installation of the Apache web server creates a relatively complex configuration tree in the /etc/httpd directory. Example 21-3 shows the default contents of this directory. The contents of this directory may differ on your server if additional software has been installed. Apache is modular, and upon installation of additional Apache modules, different configuration files might be installed here.
Example 21-3 Default Contents of the /etc/httpd Directory
[root@server1 httpd]# ls -l total 8 drwxr-xr-x. 2 root root 35 Feb 23 03:12 conf drwxr-xr-x. 2 root root 4096 Feb 25 12:41 conf.d drwxr-xr-x. 2 root root 4096 Feb 25 12:41 conf.modules.d lrwxrwxrwx. 1 root root 19 Feb 17 13:26 logs -> ../../var/log/httpd lrwxrwxrwx. 1 root root 29 Feb 17 13:26 modules -> ../../usr/lib64/ httpd/modules lrwxrwxrwx. 1 root root 10 Feb 17 13:26 run -> /run/httpd
The first thing you notice is the presence of three symbolic links to logs, modules, and a run directory. These are created to allow Apache to be started in a chroot environment.
A chroot environment provides a fake root directory. This is a directory in the file system that is presented as the root directory for the process that is running in the chroot environment. This is done for security reasons: Processes that are running in a chroot environment can access files in that chroot environment only, which decreases the risk of security incidents occurring when intruders manage to get a login shell using the web server identity and try walking through the file system to do unauthorized things.
The main configuration files for the Apache web server are in the /etc/httpd/conf directory. To start, there is the httpd.conf file, which contains the most important configuration parameters. Apart from that, there is a file with the name magic. This file is used by the browser to interpret how the contents of the web server should be displayed. It makes sure that the web server content is shown correctly in different browsers.
The /etc/httpd/conf.d directory contains files that are included in the Apache configuration. Adding files is done by the line Include conf.d/*.conf in the httpd.conf file. This directory can be used by RPMs that include Apache snap-in files. As is the case for the ServerRoot, this approach makes it possible to add configuration files that define the different web pages without changing the contents of the /etc/httpd/conf/httpd.conf file.
The last configuration directory is /etc/httpd/conf.modules.d. Apache is a modular web server. Therefore, the functionality of the Apache web server can easily be extended by adding additional modules that enable many different features. If modules are used, they can use their own module-specific configuration files, which will be dropped in the /etc/httpd/conf.modules.d directory. Again, the purpose of this approach is to keep the configuration in /etc/httpd/conf.d/httpd.conf as clean as possible and to make sure that module-specific configuration is not overwritten if the Apache generic configuration is updated.
Creating Apache Virtual Hosts
Many companies host more than one website. Fortunately, it is not necessary to install a new Apache server for every website that you want to run. Apache can be configured to work with virtual hosts. A virtual host is a distinct Apache configuration file or section that is created for a unique hostname. When working with virtual hosts, the procedure to access the host is roughly like the following:
The client starts a session to a specific virtual host, normally by starting a browser and entering the URL to the website the client wants to use.
DNS helps resolve the IP address of the virtual host, which is the IP address of the Apache server that can host different virtual hosts.
The Apache process receives requests for all the virtual hosts it is hosting.
The Apache process reads the HTTP header of each request to analyze which virtual host this request needs to be forwarded to.
Apache reads the specific virtual host configuration file to find which document root is used by this specific virtual host.
The request is forwarded to the appropriate contents file in that specific document root.
When working with virtual hosts, there are a few things to be aware of:
If your Apache server is configured for virtual hosts, all servers it is hosting should be handled by virtual hosts. To create a catch-all entry for all HTTP requests that are directed to this host but that do not have a specific virtual host file, you can create a virtual host for _default_:80. If you don’t do that, packages that successfully arrive on your server via DNS name resolution but don’t find a matching virtual host are sent to the virtual host whose configuration the Apache process finds first. That leads to unpredicted results.
Name-based virtual hosting is the most common solution. In this solution, virtual hosts use different names but the same IP address.
IP-based virtual hosts are less common but are required if the name of a web server must be resolved to a unique IP address. IP-based virtual hosts do require several IP addresses on the same machine and are common in configurations where the Apache server uses TLS to secure connections.
Configuring virtual hosts is not an RHCSA objective, but it is useful to know how to configure them as a Linux administrator. Therefore, Exercise 21-2 walks you through the procedure.
Exercise 21-2 Configuring Apache Virtual Hosts
In this exercise, you create two virtual hosts. To set up virtual hosts, you first set up name resolution, after which you create the virtual hosts’ configuration. Because SELinux has not been discussed yet, you temporarily switch off SELinux.
Note
I later tell you that you should never switch off SELinux. For once, I make an exception to this important security rule. To focus on what needs to be done on the Apache web server, it is easier to focus just on Apache and not to configure SELinux as well.
On both server1 and server2, open the file /etc/hosts with an editor and add two lines that make it possible to resolve the names of the virtual host you are going to create to the IP address of the virtual machine:
192.168.4.210 server1.example.com server1 192.168.4.220 server2.example.com server2 192.168.4.210 account.example.com account 192.168.4.210 sales.example.com sales
On server1, open a root shell and add the following to the /etc/httpd/conf/httpd.conf file. (You can leave all other settings as they are.)
<Directory/www/docs> Require all granted AllowOverride None </Directory>On server1, open a root shell and create a configuration file with the name account.example.com.conf in the directory /etc/httpd/conf.d. Give this file the following content:
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /www/docs/account.example.com ServerName account.example.com ErrorLog logs/account.example.com-error_log CustomLog logs/account.example.com-access_log common </VirtualHost>Close the configuration file, and from the root shell type mkdir -p /www/docs/account.example.com.
Create a file with the name index.html in the account document root, and make sure its contents read “Welcome to account.”
Temporarily switch off SELinux using setenforce 0.
Use systemctl restart httpd to restart the Apache web server.
Use curl http://account.example.com. You should now see the account welcome page. (You may have to install elinks, using yum install -y curl.)
Back on the root shell, copy the /etc/httpd/conf.d/account.example.com.conf file to a file with the name /etc/httpd/conf.d/sales.example.com.conf.
Open the sales.example.com.conf file in vi, and use the vi command :%s/account/sales/g. This should replace all instances of “account” with the “sales.”
Create the /www/docs/sales.example.com document root, and create a file index.html in it, containing the text “Welcome to the sales server.”
Restart httpd and verify that both the account and the sales servers are accessible.
Summary
In this chapter, you learned about Apache basics. The information in this chapter helps you configure a basic Apache web server, which helps testing advanced topics like firewall configuration or SELinux configuration that are covered in subsequent chapters.
Exam Preparation Tasks
As mentioned in the section “How to Use This Book” in the Introduction, you have several choices for exam preparation: the end-of-chapter labs; the memory tables in Appendix B; Chapter 26, “Final Preparation”; and the practice exams.
Review All Key Topics
Review the most important topics in the chapter, noted with the Key Topic icon in the outer margin of the page. Table 21-2 lists a reference of these key topics and the page number on which each is found.
Table 21-2 Key Topics for Chapter 21
Key Topic Element |
Description |
Page |
|---|---|---|
Paragraph |
chroot explanation |
|
List |
Virtual host explanation |
Define Key Terms
Define the following key terms from this chapter and check your answers in the glossary:
Review Questions
The questions that follow are meant to help you test your knowledge of concepts and terminology and the breadth of your knowledge. You can find the answers to these questions in Appendix A.
1. Which yum group contains many useful Apache packages?
2. How do you enable the httpd service to be started automatically when booting?
3. What is the default location where RPMs can drop plug-in configuration files that should be considered by the Apache server?
4. Which command enables you to test a web server from a server that does not offer a graphical interface?
5. What is the name of the default Apache configuration file?
6. Which directory is used as the default Apache document root?
7. Which file does the Apache process look for by default in the document root?
8. Which command enables you to see whether the Apache web server is currently running?
9. Which location is preferable for storing virtual host configuration files?
10. Names of configuration files and directories in the main Apache configuration file are relative to the ServerRoot. To which directory is the ServerRoot set by default?
End-of-Chapter Lab
In this end-of-chapter lab, you install and configure a basic Apache web server.
Lab 21.1
1. Install the required packages that allow you to run a basic web server. Make sure that the web server process is started automatically when your server reboots. Do not use a virtual server.
2. Use curl to make sure the web server presents a default page showing “Welcome to my web server.”
3. Type yum install httpd-manual to install the Apache documentation.
4. Use a browser to test access to the /manual web page on your server.