Verified and Tested 02/04/2021

Introduction

This tutorial will show you how to configure a basic configuration (conf) file for Apache on CentOS 7 and create a website. For example, this will show where you can change the web path of your websites, how to assign a public IP to a website, how to enable extensions, and how to allow your site to pick up pages like .php for an index.

Prerequisites

A server running CentOS 7 has either Apache 2.2 or LAMP already installed. For information on Apache or LAMP installation, please see this walk-through here.

Configure Apache Basic Configuration

So the first thing to realize is that your configuration file is located in “/etc/httpd/conf/httpd.conf” by default. The httpd.conf will be making most of the changes for websites without an SSL. Look for the SSL configuration lower in the tutorial for websites with an SSL. Before making any changes to the configuration, let’s go through and ensure that everything appears how we’d like it to for the base configuration of Apache.

Go ahead and open /etc/httpd/conf/httpd.conf into a text editor of your choice. What you will want to do first is a search for the “Listen” field. This setting binds Apache to the port/IP you specify for websites. By default, your conf should state:

Listen 80

This means that Apache is listening (binding) on all your IPs on the server on port 80. Now let’s say you have an additional IP and want ONLY that IP for websites. What you will need to do is change the Listen line to look like:

Listen x.x.x.x:80

Where “x.x.x.x” is the IP, you want the websites to run on. Why is this viable? Say you have multiple IPs on your server, but you want to limit what each IP does on your system. This allows you to confine all basic (non-SSL) HTTP processes onto being handled on one IP. If you have multiple IPs (but not all IPs!) that you want Apache to bind to, you only need to add more “Listen x.x.x.x:80” lines for each IP.

Also, you can change the port “80” to another port if you’d like. This is useful if you have port redirects in place or have a particular IP that needs to have Apache listening on a different port. By default, all browsers use port 80 to browse and pull up web pages. Unless you have a reason to change this, it’s best to leave the port at “80”.

For now, we will keep this field the default of “Listen 80”.

 

Let’s now look at the following field you’d want to edit named “ServerAdmin.” ServerAdmin is simply the email address Apache will email if there is a problem. By default, it appears like below:

ServerAdmin root@localhost

If you want to receive notifications regarding Apache/httpd, put your email address there. If you don’t, you can either leave it how it is or put a “#” in front of the line to comment it out.

 

The following line we want to look at is pretty close after “ServerAdmin,” it’s called “ServerName.” ServerName is just how it sounds. It’s the name for the server to identify itself. Say you want server.yourdomain.tld to resolve to an http page. What you would do is set ServerName to something like:

ServerName server.yourdomain.tld:80

If you do not have a domain or subdomain that you want to use for the ServerName, you can set this to be your IP like:

ServerName x.x.x.x:80

Where x.x.x.x is your IP address.

If you specified a Listen IP, you would also want to use that IP here.

For both of these options, if you customize the Listen port, you will need to apply that value here instead of “80” as well.

 

By default, ServerName is commented out. You will want to remove the “#” in front of the line to put the value into play. No matter what you put here, you need to add either a subdomain or an IP address. If you do not, any type of server-generated redirection you do on the server will not take effect.

 

These are the main fields you will want to edit for a base configuration before adding anything additional. It confirms that Apache is running on the port and IPs you want. There are other configuration options available, of course, and each field has a block of text explaining what it is used for, but unless you have reason to edit these, it is best to leave them at their default values. To have the changes take effect, exit, save the conf file, and run:

systemctl restart httpd

Once restarted, all changes will take effect. We can now proceed to make a new configuration file for a website.

Website configuration time!

In our example here, we will be using VirtualHosts. What is a VirtualHost? It allows the IP address specified as a VirtualHost to host multiple websites on it! Super helpful if you have more than one site on your server. It also allows you to customize the fields of where to pull the site, what kind of permissions it’s granted in terms of overwriting default values, and so forth.

So how do we set this up? The first thing to tell Apache what IP and port will be a VirtualHost. To do this, at the end of your Apache conf file, add:

NameVirtualHost x.x.x.x:80

Where x.x.x.x is the IP address, you will have sites pulling on, and 80 is the port you have specified, each from the basic configuration above. If you have no additional IP addresses and have Apache running off your server and it’s main IP, put your primary IP address here.

We have two options on how to proceed here. 1) We can keep all our VirtualHosts located in the Apache configuration file (httpd.conf) or 2) We can break sites into their own files. What you do is up to you. If you don’t have many sites, option 1 is perfectly fine. If you are planning to have a lot of websites, you may wish to consider option 2. Either way will work with the VirtualHost conf block, but this is how you will enable option 2. At the end of your httpd.conf, put:

Include /path/to/site/confs

And save and exit the file. “/path/to/site/confs” is your path where you will be putting all your website configuration files. With option 2 you will now want to make a new conf (/path/to/site/confs/domain.tld.conf) that contains the VirtualHost configuration for each website.

 

Regardless of the option, you choose above. This is how you will want to start your VirtualHost block.

<VirtualHost x.x.x.x:80>

</VirtualHost>

Below is a sample finished Apache configuration for mycooldomain.com. These are the outside brackets, so to say, of your website’s Apache configuration. We will fill in the space between information like user, directory location, and aliases.

<VirtualHost x.x.x.x:80>

SuexecUserGroup mycooldomain usergroup

DocumentRoot /home/mycooldomain.com/html/

ServerName www.mycooldomain.com

ServerAlias mycooldomain.com *.mycooldomain.com

ScriptAlias /cgi-bin/ "/home/mycooldomain.com/html/cgi-bin/"

Alias /adifferentlocation /home/adifferentlocation/html/

 

<Directory "/home/mycooldomain.com/html/">

Options Indexes MultiViews Includes

Order allow,deny

Allow from all

</Directory>

<Directory "/home/mycooldomain.com/cgi-bin/">

AddHandler cgi-script .cgi .pl

Options ExecCGI

AllowOverride None

Order allow,deny

Allow from all

</Directory>

<Directory "/home/adifferentlocation/html/">

AllowOverride None

Order deny,allow

Allow from all

DirectoryIndex index.php index.html index.htm

</Directory>

 

AddType application/x-httpd-php .php4 .php3 .phtml .php

CustomLog /home/weblogs/mycooldomain.com.log combined

</VirtualHost>

 

Now let’s take a look at what’s going on. First, we’ll take the section outside the <Directory> tags at the top.

SuExecUserGroup – This is the field your user and the user’s group for the website goes in. It’s a good idea to have the user be the user who belongs to this website to prevent confusion. This lets it know who to run CGI.

DocumentRoot – This is pretty self-explanatory in that it is the root (parent) folder for your website files. This tells Apache where to direct the site to look for files.

ServerName – This tells Apache the website to use about the rest of the fields. It is how Apache knows that it pulls all of the followed specified information for your website.

ServerAlias – This is different names that Apache can use for the ServerName. They are alias’ to the ServerName.

ScriptAlias – This is an alias used to mark a directory containing CGI scripts and essentially shortcutting it. We make the alias /cgi-bin/, so we don’t have to type the whole path every time we reference that directory.

Alias – This is an alias for directory paths. It resolves like mycooldomain/adifferentlocation, but the “adifferentlocation” isn’t under or included in the original website director. In our case, we used it to shortcut an entirely different path to a simple /adifferentlocation.y.

 

Then the section at the very bottom.

AddType – This maps the specified extensions to a specific MIME-type. In our case, we’re putting some common php file extensions mapped to the PHP MIME-type. This allows us to name our php files .php, .php4, and so on and have PHP process it correctly.

CustomLog – This specifies a log location for only this website. The combined is a nickname if you wish to have a LogFormat specified to match this log. In our case, we do not have a specific LogFormat.

 

And now we’ll take the things in the <Directory> tags.

AddHandler – This allows you to list extensions (like .cgi, .pl) that will be handled by a specific handler, in our case, cgi-script.

Options – This controls which server features are available in a given directory. They include:

– All – This allows all options except Multiviews. This is the default setting.

– ExecCGI – This allows for the execution of CGI scripts

FollowSymLinks allows the server to follow symbolic links in the directory.

– Includes – This allows the server to use includes.

– IncludesNOEXEC – This allows the server to use includes with the exceptions of exec cmd and exec cgi.

– Indexes – If the directory has no index page, it will list what is in the directory.

– Multiviews – This allows for content negotiated Multiviews.

SymLinksIfOwnerMatch allows the server to follow symbolic links if the “link to” location is owned by the website owner. If another user owns a file, it will not work.

AllowOverride – This controls what overrides are allowed by a .htaccess file. This can be All or None (allows all or no overrides), AuthConfig (enables authorization directives to), FileInfo (allows document type controlling), Indexes (allows control over directory indexing), Limit (allows control over host access), and Options (allows control over directory features.)

Order – This is an access control system. This has two real options. They are either “Allow,Deny” or “Deny,Allow.” The third option, “Mutual-failure,” is deprecated.  This order tells the system to process allows first and denies second, or vice-versa. You can specify these in the Allow From/Deny From that follow.

Allow from / Deny from – This allows you to edit a list by hostname or IP, or just all regarding access. The order in the processing is determined by the Order option above.

DirectoryIndex – This specifies which index-type pages you want to have behaved as the index page. Whether php or html or another format.

 

From this and changing the example config here to fit your needs, you can have a website up and running in any location you specify on your server.

 

SSL Configuration

The SSL configuration file is similar to a standard Web configuration Virtualhost, but you want to make changes in the port and add a few things to it. The SSL configuration is in addition to the standard configuration file above and is treated as it’s own Virtualhost.

<VirtualHost x.x.x.x:443>

SuexecUserGroup mycooldomain usergroup

DocumentRoot /home/mycooldomain.com/html/

ServerName www.mycooldomain.com

ServerAlias mycooldomain.com *.mycooldomain.com

ScriptAlias /cgi-bin/ "/home/mycooldomain.com/html/cgi-bin/"

Alias /adifferentlocation /home/adifferentlocation/html/

SSLEngine on

SSLCertificateFile /etc/httpd/conf/ssl.crt/www.2die4jewels.com.crt

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.2die4jewels.com.key

SSLCACertificateFile /etc/httpd/conf/ssl.crt/thwate_intermediate.crt

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP


<Files ~ ".(cgi|shtml)">

SSLOptions +StdEnvVars

</Files>


<Directory "/home/mycooldomain.com/html/">

Options Indexes MultiViews Includes

Order allow,deny

Allow from all

SSLOptions +StdEnvVars

</Directory>

<Directory "/home/mycooldomain.com/cgi-bin/">

AddHandler cgi-script .cgi .pl

Options ExecCGI

AllowOverride None

Order allow,deny

Allow from all

SSLOptions +StdEnvVars

</Directory>

<Directory "/home/adifferentlocation/html/">

AllowOverride None

Order deny,allow

Allow from all

DirectoryIndex index.php index.html index.htm

SSLOptions +StdEnvVars

</Directory>

 

AddType application/x-httpd-php .php4 .php3 .phtml .php

CustomLog /home/weblogs/mycooldomain.com.log combined

</VirtualHost>

 

Now let’s take apart the additions which are italicized.

SSLEngine – This tells Apache to turn on the SSL options for this VirtualHost.

SSLCertificateFile – This is the path to your certificate (.CRT) file.

SSLCertificateKeyFile – This is the path to your certificate’s key (.key) file.

SSLCACertificateFile – This is the path to the Intermediate (CA) certificate (.CRT) file. This is typically provided by the company you purchased your SSL through.

SSLCipherSuite – This string with cipher-specifications separated by colons configures the Cipher Suite the visitor is allowed to negotiate on. It tells Apache which SSL “formats” you could say to accept.

SSLOptions – This is used to control various run-time operations. The option we used +StdEnvVars allows the standard set of CGI/SSI related to SSLs. Because of the number of tools, this has to load and the fact it is only used for CGI/SSI, we have put it in it’s own block that deals specifically with shtml and cgi pages.

 

And that’s it. Those are the basics you need for an Apache configuration file to get a standard website and SSL website up and running. You can always do more options and tweaks that I haven’t included, and you can always read about them on the Apache page.

Thank you for following this how-to. Please check back here for more updates and consider a market-leading HIPAA-compliant WordPress hosting server from Atlantic.Net.

Learn more about HIPAA Compliance.