Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
linux_wiki:apache_http_server [2016/01/30 23:28] billdozor [Repo Install] |
linux_wiki:apache_http_server [2018/03/23 16:01] billdozor [httpd.conf - Global Configs] |
||
---|---|---|---|
Line 6: | Line 6: | ||
**Checklist** | **Checklist** | ||
- | * Distro: Enterprise Linux 6 or 7 | + | * Distro(s): Enterprise Linux 6/7 |
---- | ---- | ||
Line 16: | Line 16: | ||
---- | ---- | ||
- | ===== Repo Install | + | ===== Repo: EPEL ===== |
* CentOS 6.7: Apache 2.2 | * CentOS 6.7: Apache 2.2 | ||
Line 42: | Line 42: | ||
yum -y install mod_ssl | yum -y install mod_ssl | ||
</ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Repo: Software Collections ===== | ||
+ | |||
+ | Versions as of 04/13/2016: | ||
+ | * httpd 2.4 | ||
+ | |||
+ | - Add the [[linux_wiki: | ||
+ | - Install< | ||
+ | - Enable the software collection< | ||
+ | - Control operation as below. | ||
---- | ---- | ||
Line 47: | Line 59: | ||
===== Compile and Install ===== | ===== Compile and Install ===== | ||
- | TODO | + | If you need a newer feature than what is available in the repo installed versions, you may need to compile and install. |
+ | |||
+ | **Prerequisites** | ||
+ | * Install gcc in order to compile packages< | ||
+ | * Install apr-devel, apr-util-devel, | ||
+ | * apr = Apache Portable Runtime | ||
+ | * pcre = Perl-Compatible Regular Expressions Library | ||
+ | * If you really want to compile these as well for newer versions, see here: [[http:// | ||
+ | \\ | ||
+ | **Install Procedure** | ||
+ | * Download | ||
+ | * Visit the download page: [[http:// | ||
+ | * Wget a link to the desired version(example with a mirror)< | ||
+ | * Extract Apache< | ||
+ | cd httpd-2.4.18</ | ||
+ | * Configure Apache from httpd-2.4.18/< | ||
+ | * --prefix=PREFIX => Where " | ||
+ | * Compile< | ||
+ | * Install< | ||
+ | * Customize web server< | ||
+ | * Start web server< | ||
---- | ---- | ||
Line 80: | Line 112: | ||
* Default: NameVirtualHost *:80 (and commented out) | * Default: NameVirtualHost *:80 (and commented out) | ||
- | Disable Trace/Track (a XSS Vulnerability) | + | Security Configs |
<code bash> | <code bash> | ||
+ | ##-- Security --## | ||
+ | #- Information Disclosure -# | ||
+ | ServerTokens Prod | ||
+ | ServerSignature Off | ||
+ | |||
+ | # FileETag: File attributes used to create the ETag HTTP response header for static files | ||
+ | FileETag -INode +MTime +Size | ||
+ | |||
+ | #- Web Application Security -# | ||
+ | # Trace/Track - disabled for security purposes | ||
TraceEnable Off | TraceEnable Off | ||
+ | |||
+ | # Cross-Frame Scripting prevention (click jacking) | ||
+ | # DENY = Deny all attempts to frame the page | ||
+ | Header always append X-Frame-Options DENY | ||
+ | |||
+ | # Cross Site Scripting protection | ||
+ | Header set X-XSS-Protection "1; mode=block" | ||
+ | Header edit Set-Cookie ^(.*)$ $1; | ||
+ | ##-- End of Security Settings --## | ||
</ | </ | ||
Line 101: | Line 152: | ||
Protocol and Ciphers | Protocol and Ciphers | ||
<code bash> | <code bash> | ||
- | SSLProtocol | + | SSLProtocol |
SSLCipherSuite HIGH: | SSLCipherSuite HIGH: | ||
</ | </ | ||
Line 209: | Line 260: | ||
CustomLog logs/ | CustomLog logs/ | ||
< | < | ||
- | | + | |
- | Allow from all | + | |
</ | </ | ||
Line 218: | Line 268: | ||
CustomLog logs/ | CustomLog logs/ | ||
< | < | ||
- | | + | |
- | Allow from all | + | |
</ | </ | ||
Line 231: | Line 280: | ||
192.168.1.150 server1 mysite.example.com</ | 192.168.1.150 server1 mysite.example.com</ | ||
* Sample of what visiting each site looks like:{{ : | * Sample of what visiting each site looks like:{{ : | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Operation ====== | ||
+ | |||
+ | Controlling the Apache httpd service: Apache recommends using the " | ||
+ | |||
+ | * After sending a signal to httpd, watch its progress in the error_log file: logs/ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ==== Start ==== | ||
+ | |||
+ | * Check syntax, if errors are found, refuse to start. | ||
+ | * Start the httpd process and start the number of workers specified on the config files via the " | ||
+ | |||
+ | <code bash> | ||
+ | apachectl -k start | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ==== Stop ==== | ||
+ | |||
+ | * Immediately stop the httpd process and kill workers. | ||
+ | * User connections in progress are terminated. | ||
+ | |||
+ | <code bash> | ||
+ | apachectl -k stop | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ==== Graceful Restart ==== | ||
+ | |||
+ | * Check syntax, if errors are found, refuse to restart. | ||
+ | * Parent process advises that workers shutdown after their current requests. | ||
+ | * Once all workers have finished and exited, start up. | ||
+ | * This does **not** interrupt user connections. | ||
+ | |||
+ | <code bash> | ||
+ | apachectl -k graceful | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ==== Restart ==== | ||
+ | |||
+ | * Check syntax, if errors are found, refuse to restart. | ||
+ | * Parent process kills workers, then starts up. | ||
+ | * This interrupts user connections. | ||
+ | |||
+ | <code bash> | ||
+ | apachectl -k restart | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ==== Graceful Stop ==== | ||
+ | |||
+ | * Parent process advises that workers shutdown after their current requests. | ||
+ | * New requests are not accepted. | ||
+ | * This does **not** interrupt user connections. | ||
+ | |||
+ | <code bash> | ||
+ | apachectl -k graceful-stop | ||
+ | </ | ||
---- | ---- | ||