Verified and Tested 08/11/2015

Introduction

This tutorial will show you how to configure a basic configuration (conf) file for Apache on CentOS 6.7 and create a website. For example, this will show where you can change the web path of your websites, how to assign a public IP to a website, how to enable extensions, and how to allow your site to pick up pages like .php for an index.

Prerequisites

A server running CentOS 6.7 and has either Apache 2.2 or LAMP already installed. For information on Apache or LAMP installation, please see this walk-through here. If you do not have a server, try our Linux Cloud Hosting.

Configure Apache Basic Configuration

So the first thing to realize is that your configuration file is located in “/etc/httpd/conf/httpd.conf” by default. The httpd.conf is where we will be making a majority of the changes for websites without an SSL. For websites with an SSL, look for the SSL configuration down lower in the tutorial. Before making any changes to the configuration, let’s go through and ensure that everything appears how we’d like it to for the base configuration of Apache.

Go ahead and open /etc/httpd/conf/httpd.conf into a text editor of your choice. What you will want to do first is a search for the “Listen” field. What this setting does is it binds Apache to the port/IP you specify for websites. By default, your conf should state:

Listen 80

What this means is that Apache is listening (binding) on all your IPs on the server on port 80. Now let’s say you have an additional IP and want ONLY that IP to be used for websites. What you will need to do is change the Listen line to look like:

Listen x.x.x.x:80

Where “x.x.x.x” is your IP you want the websites to run on. Why is this viable? Say you have multiple IPs on your server but you really want to limit what each IP does on your system. This allows you to confine all basic (non-SSL) HTTP processes onto being handled on one IP. If you have multiple IPs (but not all IPs!) that you want Apache to bind to, you only need to add more “Listen x.x.x.x:80” lines for each IP.

Also, you can change the port “80” to another port if you’d like. This is useful if you have port redirects in place or have a particular IP that needs to have Apache listening on a different port. By default, all browsers use port 80 to browse and pull up web pages. Unless you have a reason to change this, it’s best to leave the port at “80”.

For now, we will keep this field the default of “Listen 80”.

 

Let’s now look at the next field you’d want to edit named “ServerAdmin.” ServerAdmin is simply the email address Apache will email if there is a problem. By default, it appears like below:

ServerAdmin [email protected]

If you want to receive notifications regarding Apache/httpd, but your email address there. If you don’t, you can either leave it how it is, or put a “#” in front of the line to comment it out.

 

The next line we want to look at is pretty close after “ServerAdmin”, it’s called “ServerName.” ServerName is just how it sounds. It’s the name for the server to identify itself. Say you want server.yourdomain.tld to resolve to a http page. What you would do is set ServerName to something like:

ServerName server.yourdomain.tld:80

If you do not have a domain or subdomain that you want to use for the ServerName, you can set this to be your IP like:

ServerName x.x.x.x:80

Where x.x.x.x is your IP address.

If you specified a Listen IP, you would want to use that IP here as well.

For both of these options, if you customized the Listen port, you will need to apply that value here instead of “80” as well.

 

By default, ServerName is commented out. You will want to remove the “#” in front of the line to put the value into play. No matter what you put here, you do need to add either a subdomain or the IP address. If you do not, any type of server generated redirection you do on the server will not take effect.

 

For a base configuration, these are the main fields you will want to edit before adding anything additional. It confirms that Apache is running on the port and IPs you want it to. There are other configuration options available of course, and each field has a block of text explaining what it is used for but unless you have reason to edit these, it is best to leave them at their default values. To have the changes take effect, exit and save the conf file and run:

service httpd restart

Once restarted, all changes will take effect. We can now proceed to make a new configuration file for a website.

Website configuration time!

In our example here, we will be using VirtualHosts. What is a VirtualHost? What it does is it allows the IP address specified as a VirtualHost to host multiple websites on it! Super useful if you have more than one site on your server. It also allows you to customize the fields of where to pull the site, what kind of permissions it’s granted in terms of overwriting default values and so forth.

So how do we set this up? Well, the first thing to do is tell Apache what IP and port is going to be a VirtualHost. To do this, at the end of your Apache conf file, add:

NameVirtualHost x.x.x.x:80

Where x.x.x.x is the IP address that you will have sites pulling on and 80 is the port you have specified, each from the basic configuration from above. If you have no additional IP addresses and just have Apache running off your server and it’s main IP, put your primary IP address here.

We have two options on how to proceed here. 1) We can keep all our VirtualHosts located in the Apache configuration file (httpd.conf) or 2) We can break sites into their own files. What you do is up to you. If you don’t have many sites, option 1 is perfectly fine. If you are planning to have a lot of websites, you may wish to consider option 2. Either way will work with the VirtualHost conf block but this is how you will enable option 2. At the end of your httpd.conf, put:

Include /path/to/site/confs

And save and exit the file. “/path/to/site/confs” is your path where you will be putting all your website configuration files. With option 2 you will now want to make a new conf (/path/to/site/confs/domain.tld.conf) that contains the VirtualHost configuration for each website.

 

Regardless of the option you choose above, this is how you will want to start your VirtualHost block

<VirtualHost x.x.x.x:80>

</VirtualHost>

These are the outside brackets, so to say, of your website’s Apache configuration. Now we will in the between space with information like user, directory location, and aliases. Below is a sample finished Apache configuration for mycooldomain.com.

<VirtualHost x.x.x.x:80>

SuexecUserGroup mycooldomain usergroup

DocumentRoot /home/mycooldomain.com/html/

ServerName www.mycooldomain.com

ServerAlias mycooldomain.com *.mycooldomain.com

ScriptAlias /cgi-bin/ "/home/mycooldomain.com/html/cgi-bin/"

Alias /adifferentlocation /home/adifferentlocation/html/

 

<Directory "/home/mycooldomain.com/html/">

Options Indexes MultiViews Includes

Order allow,deny

Allow from all

</Directory>

<Directory "/home/mycooldomain.com/cgi-bin/">

AddHandler cgi-script .cgi .pl

Options ExecCGI

AllowOverride None

Order allow,deny

Allow from all

</Directory>

<Directory "/home/adifferentlocation/html/">

AllowOverride None

Order deny,allow

Allow from all

DirectoryIndex index.php index.html index.htm

</Directory>

 

AddType application/x-httpd-php .php4 .php3 .phtml .php

CustomLog /home/weblogs/mycooldomain.com.log combined

</VirtualHost>

 

Now let’s take a look at what’s going on. First we’ll take the section outside the <Directory> tags at the top.

SuExecUserGroup – This is the field your user and the user’s group for the website goes. This lets it know who to run CGI as. It’s a good idea to have the user be the user that belongs to this website just to prevent confusion.

DocumentRoot – This is pretty self explanatory in that it is the root (parent) folder for your website files. This tells Apache where to direct the site to look for files.

ServerName – This tells Apache the website to use in reference to the rest of the fields. It is how Apache knows that for your website, it pulls all of the followed specified information.

ServerAlias – This is different names that Apache can use for the ServerName. They are alias’ to the ServerName.

ScriptAlias – This is an alias used for marking a directory as containing CGI scripts and essentially shortcutting it. We make the alias /cgi-bin/ so we don’t have to type the whole path every time we want to reference that directory.

Alias – This is an alias for directory paths. In our case we used it to shortcut an entire different path to a simple /adifferentlocation. It resolves like mycooldomain/adifferentlocation but the “adifferentlocation” isn’t under or included in the original website directory.

 

Then the section at the very bottom.

AddType – This maps the specified extensions to a specific MIME-type. In our case we’re putting some common php file extensions mapped to the PHP MIME-type. This allows us to name our php files .php, .php4, and so on and have PHP process it correctly.

CustomLog – This specifies a log location for only this website. The combined at the end is a nickname in case you wish to have a LogFormat specified to match to this log. In our case, we do not have a specific LogFormat.

 

And now we’ll take the things in the <Directory> tags.

AddHandler – This allows you to list extensions (like .cgi, .pl) that will be handled by a specific handler, in our case cgi-script.

Options – This controls which server features are available in a given directory. The include:

– All – This allows all options except Multiviews. This is the default setting.

– ExecCGI – This allows for execution of CGI scripts

– FollowSymLinks – This allows the server to follow symbolic links in the directory.

– Includes – This allows the server to use includes.

– IncludesNOEXEC – This allows the server to use includes with the exceptions of exec cmd and exec cgi.

– Indexes – If the directory has no index page, it will provide a listing of what is in the directory.

– Multiviews – This allows for content negotiated Multiviews.

– SymLinksIfOwnerMatch – This allows the server to follow symbolic links if the “link to” location is owned by the website owner. If it’s a file owned      by another user, it will not work.

AllowOverride – This controls what overrides are allowed by a .htaccess file. This can be All or None (allows all or no overrides), AuthConfig (allows authorization directives), FileInfo (allows document type controlling), Indexes (allows control over directory indexing), Limit (allows control over host access), and Options (allows control over directory features.)

Order – This is an access control system. This has 2 real options. They are either “Allow,Deny” or “Deny,Allow”. The third option, “Mutual-failure”, is deprecated.  This order tells the system to process allows first and denies second, or vice-versa. You can specify these in the Allow From/Deny From that follow.

Allow from / Deny from – This allows you to edit a list by hostname or IP, or just all in regards to access. The order in the processing is determined by the Order option above.

DirectoryIndex – This specifies which index type pages you want to have behave as the index page. Whether php or html or another format.

 

From this and changing the example config here to fit your needs, you can have a website up and running in any location you specify on your server.

 

SSL Configuration

The SSL configuration file is similar to a standard Web configuration Virtualhost but you do want to make changes in the port and add a few things to it. The SSL configuration is in addition to the standard configuration file above and is treated as it’s own Virtualhost.

<VirtualHost x.x.x.x:443>

SuexecUserGroup mycooldomain usergroup

DocumentRoot /home/mycooldomain.com/html/

ServerName www.mycooldomain.com

ServerAlias mycooldomain.com *.mycooldomain.com

ScriptAlias /cgi-bin/ "/home/mycooldomain.com/html/cgi-bin/"

Alias /adifferentlocation /home/adifferentlocation/html/

SSLEngine on

SSLCertificateFile /etc/httpd/conf/ssl.crt/www.2die4jewels.com.crt

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.2die4jewels.com.key

SSLCACertificateFile /etc/httpd/conf/ssl.crt/thwate_intermediate.crt

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP


<Files ~ ".(cgi|shtml)">

SSLOptions +StdEnvVars

</Files>


<Directory "/home/mycooldomain.com/html/">

Options Indexes MultiViews Includes

Order allow,deny

Allow from all

SSLOptions +StdEnvVars

</Directory>

<Directory "/home/mycooldomain.com/cgi-bin/">

AddHandler cgi-script .cgi .pl

Options ExecCGI

AllowOverride None

Order allow,deny

Allow from all

SSLOptions +StdEnvVars

</Directory>

<Directory "/home/adifferentlocation/html/">

AllowOverride None

Order deny,allow

Allow from all

DirectoryIndex index.php index.html index.htm

SSLOptions +StdEnvVars

</Directory>

 

AddType application/x-httpd-php .php4 .php3 .phtml .php

CustomLog /home/weblogs/mycooldomain.com.log combined

</VirtualHost>

 

Now let’s take apart the additions which are italicized.

SSLEngine – This tells Apache to turn on the SSL options for this VirtualHost.

SSLCertificateFile – This is the path to your certificate (.CRT) file.

SSLCertificateKeyFile – This is the path to your certificate’s key (.key) file.

SSLCACertificateFile – This is the path to the Intermediate (CA) certificate (.CRT) file. This is typically provided by the company you purchased your SSL through.

SSLCipherSuite – This is a string with cipher-specifications separated by colons that configures the Cipher Suite the visitor is allowed to negotiate on. It tells Apache which SSL “formats” you could say, to accept.

SSLOptions – This is used to control various run time operations. The option we used +StdEnvVars allows the standard set of CGI/SSI related to SSLs to be used. Because of the amount of tools this has to load and the fact it is only used for CGI/SSI, we have put it in it’s own block that deals specifically with shtml and cgi pages.

 

And that’s it. Those are the basics you need for an Apache configuration file to get a standard website and SSL website up and running. There are always more options and tweaks you can do that I haven’t included, and you can always read about them on the Apache page.