To start the Apache server, run: su -c "systemctl start httpd.

service" To test the correct operation of the Apache server, point the web browser to htt p://localhost. If the browser displays Fedora Test Page, the Apache is installed correctly. To configure the Apache server to start at the boot time, run: su -c "systemctl enable httpd.service" Configuring Apache web server There are a few characteristic directories that contain files needed for proper operation of the Apache web server: /etc/httpd:: The location of Apache configuration files, referred to as ServerRo ot. /usr/lib/httpd/modules:: The location of various Apache modules, loaded on deman d from the main configuration file. /var/www/html:: Default location for storing web site content, referred to as Do cumentRoot. /var/log/httpd:: The location of the Apache log files. The main Apache configuration file is /etc/httpd/conf/httpd.conf. At the minimum , there are only two directives in this file that need to be specified to enable Apache to serve the content over the Internet, The name to which server respond s and the location of the web site content on the system. To serve the web conte nt for www.example.com, these two entries are: ServerName www.example.com:80 DocumentRoot "/var/www/html" Reload the configuration file for these changes to take effect: su -c "systemctl reload httpd.service" Note.png This configuration assumes that www.example.com resolves correctly in DNS and th at the content for the web site is in the /var/www/html, the default DocumentRoo t in Fedora." /etc/httpd/conf/httpd.conf file includes instructions for almost all of the conf iguration options in the form of comments, ie. the lines beginning with # charac ter. This feature makes the configuration file very long and does not allow quic k changes to it. However, the Include directive within a file provides a way for splitting the configuration file into smaller, more manageable sections. The li ne: Include conf.d/*.conf causes the httpd daemon to read all *.conf files placed in the /etc/httpd/conf.d directory, in addition to to a main configuration file, during start up process . The common use of conf.d/*.conf files is to have separate configuration files for various Apache extensions or virtual hosts. /etc/httpd/conf/httpd.conf includes numerous options for configuring the Apache web server. Other notable options are: Performance tuning: MaxClients limits the number of allowed simultaneous connections to the server a nd works together with the ServerLimit option. KeepAlive allows for a number of concurrent HTTP requests over a single TCP conn

ection. TimeOut instructs the httpd daemon when to stop responding if it is under heavy load. Warning (medium size).png Apache performance tuning is the art of managing the trade-off against the benef it. It requires good understanding of the server's capabilities and seldom impro ves by including arbitrary parameters. Log configuration: ErrorLog points to the location where the server's errors are logged. LogLevel sets the verbosity of the ErrorLog entries. CustomLog points to the location where the requests are logged. Idea.png The Apache web server logs the requests and errors to /var/log/httpd/access_log and /var/log/httpd/error_log by default. Other configuration options: AddLanguage associates files with certain extension to certain languages. Useful when the web server serves pages in multiple languages. LoadModule loads dynamically shared objects. ScriptAlias specifies the location of CGI scripts. ServerAdmin specifies who is the server administrator. AddHandler maps scripts to script handlers, such as .cgi, .php, etc. Note.png Refer to the Apache documentation in the Additional Information section for the extensive list of the Apache configuration options and their usage. Virtual Hosts The Apache web server has the ability to serve the content for multiple sites fr om the single server through the concept of Virtual Hosts. Virtual hosts can be configured in two ways: IP based Virtual Hosts: Each virtual host has its own IP address and port combination. Required for serving HTTPS requests, due to restrictions in the SSL protocol. Name based Virtual Hosts: All virtual hosts share the common IP address. The Apache web server responds to the request by mapping the host header in the request to ServerName and ServerAlias directives in the particular virtual host' s configuration file. The example of the simple name based virtual hosts configuration: # global configuration options NameVirtualHost *:80 <VirtualHost *:80> ServerName localhost </VirtualHost> <VirtualHost *:80> ServerName example.com ServerAlias www.example.com DocumentRoot /var/www/virtual/example.com/html </VirtualHost> <VirtualHost *:80> ServerName foobar.com ServerAlias www.foobar.com DocumentRoot /var/www/virtual/foobar.com/html </VirtualHost> The order in which the virtual hosts are listed is significant to the extent tha t the Apache will always serve the content from the first listed virtual host in case the request was made for the site that is resolvable in DNS but not define d as a ServerName or a ServerAlias.

Idea.png Once the first VirtualHost is defined, all of the content served by Apache must also be moved into virtual hosts. Security Considerations Apache File Security By default, the httpd daemon runs as the user and group apache. Therefore, all f iles that the httpd needs to access to operate properly must be accessible by us er apache. The safe way to accomplish this is to set the ownership on all of the files to another user and allow read-only access to all other users. For exampl e, to allow read-only access to www.foobar.com content, so it can be served over the Internet, run the following: su -c "/bin/chown -R root:root /var/www/virtual/foobar.com" su -c "/bin/chmod 755 /var/www/virtual/foobar.com /var/www/virtual/foobar.com/ht ml" su -c "/bin/chmod 644 /var/www/virtual/foobar.com/html/*" In case the content should be readable by the Apache and nobody else, the good p ractice is to change the group ownership to group apache and deny access to othe rs. User-level ownership on files should be granted to the apache user only if the w eb server is expected to modify the files, for example, through the use of CGI s cripts. Apache Access Controls To control the access to the content served by the Apache web server, use the Or der, Deny, and Allow directives, within the Directory container directive. To al low access to the content of www.foobar.com: <Directory /var/www/virtual/foobar.com/html> Order deny,allow </Directory> The Order directive controls the behavior of how the access to the content is ev aluated and sets the default precedence if Allow and Deny directives are not def ined: Order deny,allow defaults to "allow access" Order allow,deny defaults to "deny access" The latter value always overrides the former. For example, to allow access to al l hosts on the 192.168.1 subnet and deny the host with the 192.168.1.66 IP addre ss, add these options: <Directory /var/www/virtual/foobar.com/html/priv> Order allow,deny Allow from 192.168.1. Deny from 192.168.1.66 </Directory> SELinux Notes The best way to avoid SELinux errors while running Apache is to store the Apache related files in the default system locations. If this is not possible, the sol ution is to change the SELinux context on non-standard directories, using defaul t ones as a reference: su -c "/usr/bin/chcon -R --reference=/etc/httpd/conf /path/to/new/conf" or su -c "/usr/bin/chcon -R --reference=/var/www/html /path/to/site/content"