Apache HTTP is a general purpose web server, designed to achieve a balance between flexibility, portability and performance. Apache HTTP has a modular architecture which allows to extend the basic functionality by selecting a set of modules: these modules are compiled as Dynamic Shared Objects (DSO) and they may be enabled/disabled using the LoadModule directive.
Apache HTTP can serve static and dynamic (mod_php, mod_python, mod_ruby, mod_perl) content, is cross-platform (UNIX, GNU/Linux, BSD, Windows), compatible with HTTP / 1.1 and https protocol. Other features are: implementation of virtual hosts, url rewriting (mod_rewrite), different types of authentication (basic, digest, dbm, dbd, ldap), compressed content (mod_deflate, mod_gzip).
# yum -y install httpd
Start the web server
# systemctl start httpd
Check if the server is running
# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: active (running) since mié 2016-06-01 17:07:42 EDT; 7min ago ...
Restart the web server
# systemctl restart httpd
# systemctl reload httpd
Stop the web server
# systemctl stop httpd
Check if the web server starts automatically
# systemctl is-enabled httpd disabled
Start the web server together with the operating system
This will prevent start the service manually after restarting the operating system.
# systemctl enable httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
Edit the configuration file
# vim /etc/httpd/conf/httpd.conf
Some directives to improve security and performance
Options -Indexes -ExecCGI -Includes FollowSymLinks
# no htaccess por defecto
ServerSignature: Add a footnote to documents generated by the server (error messages, directory listings, modinfo) a generated message can be:
Apache/2.4.6 (CentOS) PHP/5.4.16 Server at 192.168.0.6 Port 80
The reason why you would want to enable such a footer line is that in a chain of proxies, the user often has no possibility to tell which of the chained servers actually produced a returned error message.
SeverTokens: When set to Full this directive sends in response headers information about installed modules, the web server and operating system, an example of a message when the value is Full.
Apache/2.4.6 (CentOS) PHP/5.4.16
Then is advisable to set its value to ProductOnly in order to give the least amount of information possible, in this case it would be:
HostnameLookups: This directive enables DNS lookups so that host names can be logged. On value is often useful if you have your own statistical system and want to know where the visits came from but a better option is to set this directive Off and use: freegeoip.net or logresolve.
If the value is set to Double then web server does two queries, the first one: a reverse DNS query to find out the client IP address and the second one: a normal DNS query in order to double check the client IP address which at least one must match the original IP address. Only use this value if users are authenticated directly against the web server and you want to add another level of security.
In general terms this directive should be in Off due the web server will have a better performance and can serve more requests per second.
Options: Controls which server features are available in a particular directory. In the above example we have the following configuration
* -Indexes: Do not list the contents of any directory if the web server does not find the file set in DirectoryIndex directive.
* -ExecCGI: Execution of CGI scripts using mod_cgi is not allowed.
* -Includes: Server Side Include is not allowed, to know more check: Server Side Includes, Apache httpd Tutorial: Introduction to Server Side Includes, Server-Side Includes (SSI) Injection
* FollowSymLinks: The server will follow symbolic links in this directory.
AllowOverride: Sets the directives that are allowed in .htaccess files in our example we no allow .htacces by default, of course this configuraction can be overridden by VirtualHost and Directory configuration. Note that if you enable .htaccess globally the web server will try to find the .htaccess file for each directory, for example, if your VirtualHost is pointing out to /var/www/dir1 and it has the following directory structure:
/var/www/dir1/ └── dir2 └── dir3
And you do a request that reach the dir3 then the server will try to find the .htacess file in all dirs as shown bellow
/var/www/dir1/.htaccess └── dir2/.htaccess └── dir3/.htaccess
In the case of RewriteRule directives, in .htaccess context these regular expressions must be re-compiled with every request to the directory, whereas in main server configuration context they are compiled once and cached. Also from the point of view of security .htaccess introduces some risks due a third party can overwrite a server configuration on which you will not have control.
It is a good practice to disable the .htaccess file whenever you have access to the main server config but if you need to enable it, for certain reasons, then do not forget to put these lines on the server config:
<Files ".ht*"> Require all denied </Files>
The above configuration will deny any attempt to view the contents of the .htaccess and .htpasswd files.
My final recommendation is: enable .htaccess as long as you know why you are doing, where you are doing and the consequences that you can face.
Set directive NameVirtualHost
The web server listen on all available interfaces and port 80
The web server listen on specific interface/IP and port 80
DirectoryIndex index.html index.php
Note the AllowOverride directive which enables the .htaccess file, for more information see: AllowOverride.
The DirectoryIndex directive sets what files will be served by default (index.html, index.php) avoiding you add index.php or index.html at the end of every url.
The DocumentRoot directive sets the directory from which httpd will serve files.
The ServerAlias is useful if you have more than one url pointing the same site, for example internationalized sites.
www.mydomain.com and www.mydomain.es are domain entries that must first be added to the DNS server.