The Apache web server is the most popular and powerful web server in the world. It is also one of the most secure web servers in the world. This Project is an effort to develop and maintain an open-source HTTP server for modern operating systems with UNIX and Windows platforms. The main goal is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
The Apache HTTP Server ("httpd") was launched in 1995 and it has been the most used web server on the Internet since April 1996. It celebrated its 21st birthday as a project in February 2016 and in 2009, it became the first web server application to serve more than 100 million websites. The Apache HTTP Server is a project of The Apache Software Foundation. When Apache is running, its process name is sometimes httpd, which is short for "HTTP daemon."
Apache supports compiled modules which extend the core functionality of the web server which can range from server-side programming language support to authentication schemes. The language interfaces support Perl, Python, Tcl, and PHP. Apache had authentication modules which include mod_access, mod_auth, mod_digest, and mod_auth_digest, the successor to mod_digest. Also it contains features of Secure Sockets Layer and Transport Layer Security support (mod_ssl), a proxy module (mod_proxy), a URL rewriting module (mod_rewrite), custom log files (mod_log_config), and filtering support (mod_include and mod_ext_filter).
It also supports compression methods which include the external extension module, mod_gzip, implemented to help with reduction of the size (weight) of Web pages served over HTTP. ModSecurity is an open source intrusion detection and prevention engine for Web applications. The logs can be analyzed through a Web browser using free scripts, such as AWStats/W3Perl or Visitors.
It has many additional features such as configurable error messages, DBMS-based authentication databases, and content negotiation. It is also supported by several graphical user interfaces (GUIs).
In this tutorial, we we'll learn how to set up the Apache web server and how to secure it with SSL in Centos-7.
A server running CentOS v. 7
A static IP Address for your server
A non-root user account with sudo privilege set up on your server
Let's start make sure that your Centos-7 server is fully up to date.
You can update your server by running the following command:
sudo yum update -y
Install the Apache Web Server
This section will talk you through the process of preparing your server for Apache, setting up Apache, and testing the installation in Centos-7.
You can install Apache by running the following command:
sudo yum install httpd -y
By default SELinux is enabled in CentOS 7. It is recommended to disable it first. You can disable SELinux by editing the /etc/selinux/config file:
sudo nano /etc/selinux/config
Change the line from SELINUX=enforcing to SELINUX=disabled
Save and close the file, then restart your machine for the changes to take effect.
Allow Apache Through the Firewall
Next, you will need to allow the default Apache port 80 (HTTP) and 443 (HTTPS) using FirewallD.
You can do this by running the following commands:
SSL (Secure Socket Layer protocol) was created by Netscape to secure transactions between web servers and browsers.
SSL is an essential part of creating a secure Apache site. SSL certificates allow you encrypt all the traffic sent to and from your Apache web site to prevent others from viewing all of the traffic. It uses public key cryptography to establish a secure connection. This means that anything encrypted with a public key (the SSL certificate) can only be decrypted with the private key.
A Self-signed Certificate is signed by its owner. It is generally used for testing local servers and development environment. Although self-signed certificates provide the same level of security between website and browser, most web browsers will always display a security alert message that the website certificate is self-signed and cannot be trusted, as it is not signed by the certificate authority.
Commercial Certificates are an authorised certificate issued by a trusted certificate authority. Signed certificates are mostly used in a production environment.
In order to set up the self-signed certificate, you will need to install mod_ssl Apache module in your system.
You can install mod_ssl by running the following command:
sudo yum install mod_ssl
Generate a Self-signed Certificate
First, you need to generate a private key ca.key with 2048-bit encryption.
You can do this by running the following command:
sudo openssl genrsa -out ca.key 2048
You should see the following output:
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)
Then generate the certificate signing request ca.csr using the following command.
sudo openssl req -new -key ca.key -out ca.csr
Fill in all required information as shown below:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) :Hitesh Jethva
Locality Name (eg, city) [Default City]:Ahmedabad
Organization Name (eg, company) [Default Company Ltd]:Hostpresto
Organizational Unit Name (eg, section) :IT
Common Name (eg, your name or your server's hostname) :Hitesh
Email Address :firstname.lastname@example.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
Finally, generate a self-signed certificate ca.crt of X509 type valid for 365 keys.
Now, all the certificates are ready. The next thing to do is to set up Apache to display the new certificates.
You can do this by editing the SSL config file:
sudo nano /etc/httpd/conf.d/ssl.conf
Find the section that begins with . Uncomment the DocumentRoot and ServerName line and replace example.com with your server's IP address. Next, find the SSLCertificateFile and SSLCertificateKeyFile lines and update them with the new location of the certificates.
After making these changes, restart Apache service for the changes to take effect.
sudo systemctl restart httpd
Test Apache (HTTPS) Server
To verify that the secure Apache HTTPS web server is working, open your web browser and type the URL https://server-ip-address. An error should appear on your browser, and you must manually accept the certificate. The error message shows up because we are using a self-signed certificate instead of certificate signed by a certificate authority that the browser trusts, and the browser is unable to verify the identity of the server that you are trying to connect to. Once you add an exception to the browser's identity verification, you should see a Ubuntu test page for your newly secure site.
In this tutorial, you learned how to install Apache Web server in Centos-7 and how to secure it through SSL. If you want to host a public site with SSL support, then you need to purchase an SSL certificate from a trusted certificate authority.
If you find your cPanel disk space filling up, or an email address has hit its disk space quota, cPanel has a helpful built in Email Disk Usage tool. This will provide you with a simple to understand breakdown of how much disk space each folder for a particular email...
Although WHM will normally automatically keep itself up to date, you may want to manually check for server updates / push through an update that is pending, or it may be that you have automatic updates switched off on your cPanel server. In this guide we will show you how...
You may sometimes need to manually adjust the PHP settings on your cPanel server – for example if a site is hitting the PHP memory, or file size upload limit. WHM allows you to quickly change the settings of any PHP version installed on the server when needed, using the...