Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 1. Setting up the Apache HTTP web server

Deploy Apache HTTP Server to host websites and web applications. Configure virtual hosts, manage services, and distribute static or dynamic content efficiently to clients.

1.1. Introduction to the Apache HTTP web server
Link kopieren

To host websites and web applications, you can use the Apache HTTP web server. A web server is a network service that distributes contents, including web pages and other document types, to clients over the internet.

Web servers are also known as HTTP servers, as they use the HTTP protocol. The Apache HTTP Server, also known as httpd, is an open source web server developed by the Apache Software Foundation. If you are upgrading from a previous release of Red Hat Enterprise Linux, you have to update the httpd service configuration.

1.2. The Apache configuration files
Link kopieren

You can configure the Apache HTTP web server to set server parameters and virtual hosts. The httpd service, by default, reads the configuration files after start.

Expand
Table 1.1. The httpd service configuration files
PathDescription

/etc/httpd/conf/httpd.conf

The main configuration file.

/etc/httpd/conf.d/

The main configuration directory provides an auxiliary directory for configuration files.

/etc/httpd/conf.modules.d/

The auxiliary directory for configuration files which load installed dynamic modules packaged in Red Hat Enterprise Linux. In the default configuration, processing of these configuration files is on priority.

Although the main configuration file is suitable for most situations, you can also use other configuration options.

For any changes to take effect, restart the web server first. Create a backup of the configuration file before editing it to revert any changes.

To check the configuration for possible errors, enter: 

# apachectl configtest
Syntax OK

For details, see the apachectl(8) man page on your system.

1.3. Managing the httpd service
Link kopieren

You can start, stop, and restart the httpd service to manage the Apache HTTP web server.

Prerequisites

  • You have installed the Apache HTTP Server.

Procedure

  • To start the httpd service, enter: 

    # systemctl start httpd

  • To stop the httpd service, enter: 

    # systemctl stop httpd

  • To restart the httpd service, enter: 

    # systemctl restart httpd

1.4. Setting up a single-instance Apache HTTP server
Link kopieren

To distribute static contents through your web server, configure the Apache HTTP Server to distribute these contents.

By default, the Apache HTTP Server provides the same content for all domains associated with the server. If you want to provide different content for different domains, set up name-based virtual hosts. For details, see Configuring Apache name-based virtual hosts.

Prerequisites

  • You have set up firewall rules to enable basic web service connectivity before configuring the Transport Layer Security (TLS) protocol.

Procedure

  1. Install the httpd package: 

    # dnf install httpd

  2. If you use firewalld, open the TCP port 80 in the local firewall: 

    # firewall-cmd --permanent --add-port=80/tcp
     
    # firewall-cmd --reload

  3. Enable and start the httpd service: 

    # systemctl enable --now httpd

  4. Optional: Add HTML files to the /var/www/html/ directory.

    Note

    When adding content to /var/www/html/, files and directories must be readable by the user under which httpd runs by default. The content owner can be either the root user and root user group, or another user or group of the administrator’s choice. If the content owner is the root user and root user group, the files must be readable by other users. All the files and directories must have the httpd_sys_content_t SELinux context, which is applicable by default to all content within the /var/www directory.

  5. Connect to a web browser at http://server_IP_or_host_name/.

    If the /var/www/html/ directory is empty or does not contain an index.html or index.htm file, Apache displays the Red Hat Enterprise Linux Test Page. If /var/www/html/ contains HTML files with a different name, you can load them by entering the URL to that file, such as http://server_IP_or_host_name/example.html.

    For details, see the httpd.service(8) man page on your system.

1.5. Configuring Apache name-based virtual hosts
Link kopieren

To host multiple websites of different domains on a single Apache HTTP Server, you can configure name-based virtual hosts. With name-based virtual hosts, the Apache HTTP Server can distribute different websites to different domains that resolve to the server IP address.

You can set up a virtual host for both the example.com and example.net domains with separate document root directories. Both virtual hosts serve static HTML content.

Prerequisites

  • Clients and the web server resolve the example.com and example.net domain to the IP address of the web server.

    Note that you must manually add the example.com and example.net domain entries to your DNS server.

Procedure

  1. Install the httpd package: 

    # dnf install httpd

  2. Edit the /etc/httpd/conf/httpd.conf file:

    1. Append the following virtual host configuration for the example.com domain: 

      <VirtualHost *:80>
    DocumentRoot "/var/www/example.com/"
    ServerName example.com
    CustomLog /var/log/httpd/example.com_access.log combined
    ErrorLog /var/log/httpd/example.com_error.log
</VirtualHost>

      These settings configure the following:

      • All settings in the <VirtualHost *:80> directive are specific for this virtual host.
      • DocumentRoot sets the path to the web content of the virtual host.

      • ServerName sets the domains for which this virtual host serves content.

        To set multiple domains, add the ServerAlias parameter to the configuration and specify the additional domains separated with a space in this parameter.

      • CustomLog sets the path to the access log of the virtual host.

      • ErrorLog sets the path to the error log of the virtual host.

        Note

        The Apache HTTP Server uses the first virtual host found in the configuration also for requests that do not match any domain set in the ServerName and ServerAlias parameters. This also includes requests sent to the IP address of the server.

  3. Append a similar virtual host configuration for the example.net domain: 

    <VirtualHost *:80>
    DocumentRoot "/var/www/example.net/"
    ServerName example.net
    CustomLog /var/log/httpd/example.net_access.log combined
    ErrorLog /var/log/httpd/example.net_error.log
</VirtualHost>

  4. Create the document roots for both virtual hosts: 

    # mkdir /var/www/example.com/
# mkdir /var/www/example.net/

  5. Install the policycoreutils-python-utils package to run the restorecon command: 

    # dnf install policycoreutils-python-utils

  6. If you set paths in the DocumentRoot parameters that are not within /var/www/, set the httpd_sys_content_t context on both document roots: 

    # semanage fcontext -a -t httpd_sys_content_t "/srv/example.com(/.*)?"
# restorecon -Rv /srv/example.com/
# semanage fcontext -a -t httpd_sys_content_t "/srv/example.net(/.\*)?"
# restorecon -Rv /srv/example.net/

    These commands set the httpd_sys_content_t context on the /srv/example.com/ and /srv/example.net/ directory.

  7. If you use firewalld, open port 80 in the local firewall: 

    # firewall-cmd --permanent --add-port=80/tcp
# firewall-cmd --reload

  8. Enable and start the httpd service: 

    # systemctl enable --now httpd

Verification

  1. Create a different example file in each virtual host’s document root: 

    # echo "vHost example.com" > /var/www/example.com/index.html
# echo "vHost example.net" > /var/www/example.net/index.html
  2. Use a browser and connect to http://example.com. The web server shows the example file from the example.com virtual host.

For details, see httpd(8) and httpd.conf(5) man pages on your system.

1.6. Configuring TLS client certificate authentication
Link kopieren

To allow only authenticated users to access resources on the web server, configure client certificate authentication for the /var/www/html/Example/ directory.

If the Apache HTTP Server uses the Transport Layer Security (TLS) 1.3 protocol, some clients require additional configuration. For example, in Mozilla Firefox, set the security.tls.enable_post_handshake_auth parameter in the about:config menu to true.

Prerequisites

  • You have enabled TLS encryption on the server.

Procedure

  1. Edit the /etc/httpd/conf/httpd.conf file to configure client authentication: 

    <Directory "/var/www/html/Example/">
  SSLVerifyClient require
</Directory>

    The SSLVerifyClient require setting configures the server to require a client certificate before the client can access the content in the /var/www/html/Example/ directory.

  2. Restart the httpd service: 

    # systemctl restart httpd

Verification

  1. Access the https://example.com/Example/ URL without client authentication: 

    $ curl \https://example.com/Example/
     
    curl: (56) OpenSSL SSL_read: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0

    The error indicates that the web server requires a client certificate authentication.

  2. Access the same URL with client authentication by passing the client private key and certificate, and the CA certificate: 

    $ curl --cacert ca.crt --key client.key --cert client.crt https://example.com/Example/

    If the request succeeds, the curl utility displays the index.html file stored in the /var/www/html/Example/ directory.

1.7. Installing the Apache HTTP server manual
Link kopieren

To perform various configuration tasks, you can use the Apache HTTP Server manual. This manual includes detailed documentation of configuration parameters and directives, performance tuning, authentication settings, modules, content caching, security tips, and configuring TLS encryption.

Prerequisites

  • The Apache HTTP Server is installed and running.

Procedure

  1. Install the httpd-manual package: 

    # dnf install httpd-manual

  2. Optional: By default, all clients connecting to the Apache HTTP Server can display the manual. To restrict access to a specific IP range, such as the 192.0.2.0/24 subnet, edit the /etc/httpd/conf.d/manual.conf file and add the Require ip 192.0.2.0/24 setting to the <Directory "/usr/share/httpd/manual"> directive: 

    <Directory "/usr/share/httpd/manual">
...
    Require ip 192.0.2.0/24
...
</Directory>

  3. Restart the httpd service: 

    # systemctl restart httpd

Verification

  • To display the Apache HTTP Server manual, connect to the http://host_name_or_IP_address/manual/ URL with a web browser.
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2026 Red HatNach oben