How To Install the Apache Web Server on CentOS 9 stream
Introduction
The Apache HTTP server is the most widely-used web server in the world. It provides many powerful features including dynamically loadable modules, robust media support, and extensive integration with other popular software.
In this article, we will show you how to install an Apache web server with VPS on CentOS 9 stream.
Prerequisites
- an active KVM VPS
- root user
- A domain name configured to point to your VPS’s IP address
- A basic firewall configured
1. Update Software Versions List
Ensure you are using the latest versions of the software. In a terminal window, input the command:
dnf update
Once the packages are updated, install the Apache package:
dnf install httpd httpd-tools
2. Checking your Web Server
Apache does not automatically start on CentOS once the installation completes. You will need to start the Apache process manually:
systemctl start httpd
This will start the Apache service.
Next, set the Apache service to start when the system boots:
systemctl enable httpd
Verify that the service is running with the following command:
systemctl status httpd
You will see an active
status when the service is running:
httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2021-09-07 06:17:42 EDT; 1min 43s ago Docs: man:httpd(8) man:apachectl(8) Main PID: 1703 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/httpd.service ├─1703 /usr/sbin/httpd -DFOREGROUND ├─1704 /usr/sbin/httpd -DFOREGROUND ├─1705 /usr/sbin/httpd -DFOREGROUND ├─1706 /usr/sbin/httpd -DFOREGROUND ├─1707 /usr/sbin/httpd -DFOREGROUND └─1708 /usr/sbin/httpd -DFOREGROUND
As you can see from this output, the service appears to have started successfully. However, the best way to test this is to request a page from Apache.
You can access the default Apache landing page to confirm that the software is running properly through your IP address.
3. Configure firewalld to Allow Apache Traffic
In a standard installation, CentOS 9 stream is set to prevent traffic to Apache.
Normal web traffic uses the http protocol on Port 80, while encrypted web traffic uses the https protocol, on Port 443.
Next, you need to adjust the firewall so that Apache can run and you’ll need to open up port 80
to allow Apache to serve requests over HTTP. If you haven’t already done so, you can do this by command:
firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload
4. Configure Virtual Hosts on CentOS 9 stream (optional)
When using the Apache web server, you can use virtual hosts (similar to server blocks in Nginx) to encapsulate configuration details and host more than one domain from a single server. In this step, you will set up a domain that is referred to as your_domain
, but you should replace this with your own domain name.
Apache on CentOS 9 stream has one server block enabled by default that is configured to serve documents from the /var/www/html
directory. While this works well for a single site, it can become unwieldy if you are hosting multiple sites. Instead of modifying /var/www/html
, you will create a directory structure within /var/www
for the your_domain
site, leaving /var/www/html
in place as the default directory to be served if a client request doesn’t match any other sites.
Create the html
directory for your_domain
as follows, using the -p
flag to create any necessary parent directories:
mkdir -p /var/www/your_domain/html
Create an additional directory to store log files for the site:
mkdir -p /var/www/your_domain/log
Next, assign ownership of the html
directory with the $USER
environmental variable:
chown -R $USER:$USER /var/www/your_domain/html
Make sure that your web root has the default permissions set:
chmod -R 755 /var/www
Next, create a sample index.html
page using vi
or your favorite editor:
vi /var/www/your_domain/html/index.html
Press i
to switch to INSERT
mode and add the following sample HTML to the file: /var/www/your_domain/html/index.html
<html>
<head>
<title>Welcome to your website!</title>
</head>
<body>
<h1>Success! The your_domain is working!</h1>
</body>
</html>
Save and close the file by pressing ESC
, typing :wq
, and pressing ENTER
With your site directory and sample index file in place, you are almost ready to create the virtual host files. Virtual host files specify the configuration of your separate sites and tell the Apache web server how to respond to various domain requests.
Before you create your virtual hosts, you will need to create a sites-available
directory to store them in. You will also create the sites-enabled
directory that tells Apache that a virtual host is ready to serve to visitors. The sites-enabled
directory will hold symbolic links to virtual hosts that we want to publish. Create both directories with the following command:
mkdir /etc/httpd/sites-available /etc/httpd/sites-enabled
Next, you will tell Apache to look for virtual hosts in the sites-enabled
directory. To accomplish this, edit Apache’s main configuration file and add a line declaring an optional directory for additional configuration files:
IncludeOptional sites-enabled/*.conf
Save and close the file when you are done adding that line. Now that you have your virtual host directories in place, you will create your virtual host file.
Start by creating a new file in the sites-available
directory:
vi /etc/httpd/sites-available/your_domain.conf
Add in the following configuration block, and change the your_domain
domain to your domain name:
/etc/httpd/sites-available/your_domain.conf
<VirtualHost *:80>
ServerName www.your_domain
ServerAlias your_domain
DocumentRoot /var/www/your_domain/html
ErrorLog /var/www/your_domain/log/error.log
CustomLog /var/www/your_domain/log/requests.log combined
</VirtualHost>
This will tell Apache where to find the root directly that holds the publicly accessible web documents. It also tells Apache where to store error and request logs for this particular site.
Save and close the file when you are finished.
Now that you have created the virtual host files, you will enable them so that Apache knows to serve them to visitors. To do this, create a symbolic link for each virtual host in the sites-enabled
directory:
ln -s /etc/httpd/sites-available/your_domain.conf /etc/httpd/sites-enabled/your_domain.conf
Your virtual host is now configured and ready to serve content. Before restarting the Apache service, let’s make sure that SELinux has the correct policies in place for your virtual hosts.
5. Adjusting SELinux Permissions for Virtual Hosts (Recommended)
SELinux is configured to work with the default Apache configuration. Since you set up a custom log directory in the virtual hosts configuration file, you will receive an error if you attempt to start the Apache service. To resolve this, you need to update the SELinux policies to allow Apache to write to the necessary files. SELinux brings heightened security to your CentOS 9 stream environment, therefore it is not recommended to completely disable the kernel module.
There are different ways to set policies based on your environment’s needs, as SELinux allows you to customize your security level. This step will cover two methods of adjusting Apache policies: universally and on a specific directory. Adjusting policies on directories is more secure, and is therefore the recommended approach.
- Adjusting Apache Policies Universally
Setting the Apache policy universally will tell SELinux to treat all Apache processes identically by using the httpd_unified
boolean. While this approach is more convenient, it will not give you the same level of control as an approach that focuses on a file or directory policy.
Run the following command to set a universal Apache policy:
setsebool -P httpd_unified 1
The setsebool
command changes SELinux boolean values. The -P
flag will update the boot-time value, making this change persist across reboots. httpd_unified
is the boolean that will tell SELinux to treat all Apache processes as the same type, so you enabled it with a value of 1
.
- Adjusting Apache Policies on a Directory
Individually setting SELinux permissions for the /var/www/your_domain/log
directory will give you more control over your Apache policies, but may also require more maintenance. Since this option is not universally setting policies, you will need to manually set the context type for any new log directories specified in your virtual host configurations.
First, check the context type that SELinux gave the /var/www/your_domain/log
directory:
ls -dZ /var/www/your_domain/log/
This command lists and prints the SELinux context of the directory. You will see output similar to the following:
drwxr-xr-x root root ? unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/your_domain/log/
The current context is httpd_sys_content_t
, which tells SELinux that the Apache process can only read files created in this directory. In this tutorial, you will change the context type of the /var/www/your_domain/log
directory to httpd_log_t
. This type will allow Apache to generate and append to web application log files:
semanage fcontext -a -t httpd_log_t "/var/www/your_domain/log(/.*)?"
Next, use the restorecon
command to apply these changes and have them persist across reboots:
restorecon -R -v /var/www/your_domain/log
The -R
flag runs this command recursively, meaning it will update any existing files to use the new context. The -v
flag will print the context changes the command made. You will see the following output confirming the changes:
restorecon reset /var/www/your_domain/log context unconfined_u:object_r:httpd_sys_content_t:s0->unconfined_u:object_r:httpd_log_t:s0
You can list the contexts once more to see the changes:
ls -dZ /var/www/your_domain/log/
The output reflects the updated context type:
drwxr-xr-x. root root ? unconfined_u:object_r:httpd_log_t:s0 /var/www/your_domain/log
Now that the /var/www/your_domain/log
directory is using the httpd_log_t
type, you are ready to test your virtual host configuration.
6. Testing the Virtual Host (Recommended)
Once the SELinux context has been updated with either method, Apache will be able to write to the /var/www/your_domain/log
directory. Restart the Apache service to apply your changes by entering:
systemctl restart httpd
List the contents of the /var/www/your_domain/log
directory to see if Apache created the log files:
ls -lZ /var/www/your_domain/log
You’ll see that Apache was able to create the error.log
and requests.log
files specified in the virtual host configuration:
-rw-r--r-- root root ? error.log -rw-r--r-- root root ? requests.log
Now that you have your virtual host set up and SELinux permissions updated, Apache will now serve your domain name. You can test this by navigating to http://your_domain
, where you should see something like this:
This confirms that your virtual host is successfully configured and serving content. Repeat Steps 4 and 5 to create new virtual hosts with SELinux permissions for additional domains.