How To Install the Apache Web Server on CentOS 8
Introduction
In this guide, we’ll explain how to install an Apache web server on your CentOS 8 server.
The Apache HTTP server is the most widely-used web server in the world. It provides many powerful features including dynamically loadable modules, robust media support, and extensive integration with other popular software.
In this guide, you will install an Apache web server with virtual hosts on your CentOS 8 server.
Prerequisites
Before you begin this guide, you should have a regular, non-root user with sudo privileges configured on your server. Additionally, you will need to enable a basic firewall to block non-essential ports. You can learn how to configure a regular user account and set up a firewall for your server by following our Initial server setup guide for CentOS 8. Pay particular attention to step 4: setting up a basic firewall.
When you have an account available, log in as your non-root user to begin.
You are now ready to install an Apache web server on your CentOS 8 server.
Step 1 — Installing Apache
Apache is available within CentOS’s default software repositories, which means you can install it with the [dnf] package manager.
As the non-root sudo user configured in the prerequisites, install the Apache package:
$ sudo dnf install httpdAfter confirming the installation, [dnf] will install Apache and all required dependencies.
By completing Step 4 of the Initial Server Setup with CentOS 8 guide mentioned in the prerequisites section, you will have already installed [firewalld] on your server to serve requests over HTTP.
If you also plan to configure Apache to serve content over HTTPS, you will also want to open up port [443] by enabling the https service:
$ sudo firewall-cmd --permanent --add-service=httpsNext, reload the firewall to put these new rules into effect:
$ sudo firewall-cmd --reloadAfter the firewall reloads, you are ready to start the service and check the web server.
Step 2 — Checking your Web Server
Apache does not automatically start on CentOS once the installation completes, so you will need to start the Apache process manually:
$ sudo systemctl start httpdVerify that the service is running with the following command:
$ sudo systemctl status httpdYou will receive an [active] status when the service is running:
Output
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disa>
Active: active (running) since Thu 2020-04-23 22:25:33 UTC; 11s ago
Docs: man:httpd.service(8)
Main PID: 14219 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 5059)
Memory: 24.9M
CGroup: /system.slice/httpd.service
├─14219 /usr/sbin/httpd -DFOREGROUND
├─14220 /usr/sbin/httpd -DFOREGROUND
├─14221 /usr/sbin/httpd -DFOREGROUND
├─14222 /usr/sbin/httpd -DFOREGROUND
└─14223 /usr/sbin/httpd -DFOREGROUND
...As this output indicates, the service has started successfully. However, the best way to test this is to request a page from Apache.
You can access the default Apache landing page to confirm that the software is running properly through your IP address. If you do not know your server’s IP address, you can get it a few different ways from the command line.
Type [q] to return to the command prompt and then type:
$ hostname -IThis command will display all of the host’s network addresses, so you will get back a few IP addresses separated by spaces. You can try each in your web browser to determine whether they work.
Alternatively, you can use [curl] to request your IP from [icanhazip.com], which will give you your public IPv4 address as read from another location on the internet:
$ curl -4 icanhazip.comWhen you have your server’s IP address, enter it into your browser’s address bar:
$ http://your_server_ipYou’ll see the default CentOS 8 Apache web page:
[Image: Install the Apache Web Server on CentOS 8 - success] https://5wire.co.uk/wp-content/uploads/2021/04/1a-1024x740.png
This page indicates that Apache is working correctly. It also includes some basic information about important Apache files and directory locations.
Step 3 — Managing the Apache Process
Now that the service is installed and running, you can now use different systemctl commands to manage the service.
To stop your web server, type:
$ sudo systemctl stop httpdTo start the web server when it is stopped, type:
$ sudo systemctl start httpdTo stop and then start the service again, type:
$ sudo systemctl restart httpdIf you are simply making configuration changes, Apache can often reload without dropping connections. To do this, use this command:
$ sudo systemctl reload httpdBy default, Apache is configured to start automatically when the server boots. If this is not what you want, disable this behavior by typing:
$ sudo systemctl disable httpdTo re-enable the service to start up at boot, type:
$ sudo systemctl enable httpdApache will now start automatically when the server boots again.
The default configuration for Apache will allow your server to host a single website. If you plan on hosting multiple domains on your server, you will need to configure virtual hosts on your Apache web server.
Step 4 — Setting Up Virtual Hosts (Recommended)
When using the Apache web server, you can use virtual hosts (if you are more familiar with Nginx, these are similar to server blocks) to encapsulate configuration details and host more than one domain from a single server. In this step, you will set up a domain called [example.com], but you should replace this with your own domain name. If you are setting up a domain name with 5wire, please refer to this page.
Apache on CentOS 8 has one virtual host enabled by default that is configured to serve documents from the [/var/www/html] directory. While this works well for a single site, it can become unwieldy if you are hosting multiple sites. Instead of modifying [/var/www/html], you will create a directory structure within [/var/www] for the [example.com] site, leaving [/var/www/html] in place as the default directory to be served if a client request doesn’t match any other sites.
Create the directory for [example.com] as follows, using the [-p] flag to create any necessary parent directories:
$ sudo mkdir -p /var/www/example.com/htmlCreate an additional directory to store log files for the site:
$ sudo mkdir -p /var/www/example.com/logNext, assign ownership of the directory with the [$USER] environmental variable:
$ sudo chown -R $USER:$USER /var/www/example.com/htmlMake sure that your web root has the default permissions set:
$ sudo chmod -R 755 /var/wwwNext, create a sample [index.html] page using [vi] or your favorite editor:
$ sudo vi /var/www/example.com/html/index.htmlPress [i] to switch to [INSERT] mode and add the following sample HTML to the file:
/var/www/example.com/html/index.html
<html>
<head>
<title>Welcome to Example.com!</title>
</head>
<body>
<h1>Success! The example.com virtual host is working!</h1>
</body>
</html>Save and close the file by pressing [ESC], typing [:wq], and pressing [ENTER].
With your site directory and sample index file in place, you are almost ready to create the virtual host files. Virtual host files specify the configuration of your separate sites and tell the Apache web server how to respond to various domain requests.
Before you create your virtual hosts, you will need to create a [sites-available] directory to store them in. You will also create the [sites-enabled] directory that tells Apache that a virtual host is ready to serve to visitors. The [sites-enabled] directory will hold symbolic links to virtual hosts that we want to publish. Create both directories with the following command:
$ sudo mkdir /etc/httpd/sites-available /etc/httpd/sites-enabledNext, you will tell Apache to look for virtual hosts in the [sites-enabled] directory. To accomplish this, edit Apache’s main configuration file using vi or your favorite text editor and add a line declaring an optional directory for additional configuration files:
$ sudo vi /etc/httpd/conf/httpd.confPress capital [G] to navigate towards the end of the file. Then press [i] to switch to [INSERT] mode and add the following line to the very end of the file:
/etc/httpd/conf/httpd.conf
...
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.confSave and close the file when you are done adding that line. Now that you have your virtual host directories in place, you will create your virtual host file.
Start by creating a new file in the [sites-available] directory:
$ sudo vi /etc/httpd/sites-available/example.com.confAdd in the following configuration block, and change the [example.com] domain to your domain name:
/etc/httpd/sites-available/example.com.conf
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/example.com/html
ErrorLog /var/www/example.com/log/error.log
CustomLog /var/www/example.com/log/requests.log combined
</VirtualHost>This will tell Apache where to find the root directly that holds the publicly accessible web documents. It also tells Apache where to store error and request logs for this particular site.
Save and close the file when you are finished.
Now that you have created the virtual host files, you will enable them so that Apache knows to serve them to visitors. To do this, create a symbolic link for each virtual host in the [sites-enabled] directory:
$ sudo ln -s /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-enabled/example.com.confYour virtual host is now configured and ready to serve content. Before restarting the Apache service, let’s make sure that SELinux has the correct policies in place for your virtual hosts.
Step 5 — Adjusting SELinux Permissions for Virtual Hosts (Recommended)
SELinux is a Linux kernel security module that brings heightened security for Linux systems. CentOS 8 comes equipped with SELinux configured to work with the default Apache configuration. Since you changed the default configuration by setting up a custom log directory in the virtual hosts configuration file, you will receive an error if you attempt to start the Apache service. To resolve this, you need to update the SELinux policies to allow Apache to write to the necessary files.
There are different ways to set policies based on your environment’s needs as SELinux allows you to customize your security level. This step will cover two methods of adjusting Apache policies: universally and on a specific directory. Adjusting policies on directories is more secure, and is therefore the recommended approach.
Adjusting Apache Policies Universally
Setting the Apache policy universally will tell SELinux to treat all Apache processes identically by using the [httpd_unified] Boolean. While this approach is more convenient, it will not give you the same level of control as an approach that focuses on a file or directory policy.
Run the following command to set a universal Apache policy:
$ sudo setsebool -P httpd_unified 1The [setsebool] command changes SELinux Boolean values. The [-P] flag will update the boot-time value, making this change persist across reboots. [httpd_unified] is the Boolean that will tell SELinux to treat all Apache processes as the same type, so you enabled it with a value of [1].
Adjusting Apache Policies on a Directory
Individually setting SELinux permissions for the [/var/www/example.com/log] directory will give you more control over your Apache policies, but may also require more maintenance. Since this option is not universally setting policies, you will need to manually set the context type for any new log directories specified in your virtual host configurations.
First, check the context type that SELinux gave the [/var/www/example.com/log] directory:
$ sudo ls -dlZ /var/www/example.com/log/This command lists and prints the SELinux context of the directory. You will receive output similar to the following:
Output
drwxr-xr-x. 2 root root unconfined_u:object_r:httpd_sys_content_t:s0 6 Apr 23 23:51 /var/www/example.com/log/The current context is [httpd_sys_content_t], which tells SELinux that the Apache process can only read files created in this directory. In this tutorial, you will change the context type of the [/var/www/example.com/log] directory to [httpd_log_t]. This type will allow Apache to generate and append to web application log files:
$ sudo semanage fcontext -a -t httpd_log_t "/var/www/example.com/log(/.*)?"Next, use the [restorecon] command to apply these changes and have them persist across reboots:
$ sudo restorecon -R -v /var/www/example.com/logThe [-R] flag runs this command recursively, meaning it will update any existing files to use the new context. The [-v] flag will print the context changes the command made. You will receive the following output confirming the changes:
Output
Relabeled /var/www/example.com/log from unconfined_u:object_r:httpd_sys_content_t:s0 to unconfined_u:object_r:httpd_log_t:s0You can list the contexts once more to see the changes:
$ sudo ls -dlZ /var/www/example.com/log/The output reflects the updated context type:
Output
drwxr-xr-x. 2 root root unconfined_u:object_r:httpd_log_t:s0 6 Apr 23 23:51 /var/www/example.com/log/Now that the [/var/www/example.com/l0og] directory is using the [httpd_log_t] type, you are ready to test your virtual host configuration.
Step 6 — Testing the Virtual Host (Recommended)
Once the SELinux context has been updated with either method, Apache will be able to write to the [/var/www/example.com/log] directory. You can now successfully restart the Apache service:
$ sudo systemctl restart httpdList the contents of the [/var/www/example.com/log] directory to see if Apache created the log files:
$ ls -lZ /var/www/example.com/logYou’ll receive confirmation that Apache was able to create the error.log and requests.log files specified in the virtual host configuration:
Output
-rw-r--r--. 1 root root system_u:object_r:httpd_log_t:s0 0 Apr 24 00:06 error.log
-rw-r--r--. 1 root root system_u:object_r:httpd_log_t:s0 0 Apr 24 00:06 requests.logNow that you have your virtual host set up and SELinux permissions updated, Apache will now serve your domain name. You can test this by navigating to [http://example.com], where you should see something like this:
[Image: Success! The example.com virtual host is working!] https://5wire.co.uk/wp-content/uploads/2021/04/1b.png
This confirms that your virtual host is successfully configured and serving content. Repeat Steps 4 and 5 to create new virtual hosts with SELinux permissions for additional domains.
Conclusion
Now that you have learned how to install the Apache Web Server on CentOS 8, you might want to check out these articles:
- For help on initial server setup with CentOS 8 check out our initial setup guide.
- This tutorial taught you how to install an Apache web server on your CentOS 8 server, see this article for the Ubuntu 18.04 tutorial and this article for the Ubuntu 20.04 tutorial.
break
Original Content by Haley Mills and Erin Glass and edited by the author of this post according to the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.