Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 2. Installing JBoss Core Services Apache HTTP Server on Red Hat Enterprise Linux

2.1. ZIP Installation
Copy link

2.1.1. Prerequisites
Copy link

The following packages are required to run Red Hat JBoss Core Services Apache HTTP Server 2.4.29 on Red Hat Enterprise Linux:

  • elinks
  • krb5-workstation
  • mailcap

To install these prerequisites on Red Hat Enterprise Linux, issue the following command as the root user: 

# yum install elinks krb5-workstation mailcap

2.1.2. Download and Extract Apache HTTP Server
Copy link

To install Apache HTTP Server, download and extract the installation ZIP files. Installation can be performed by non-root users if the user account has write access to the intended installation directory.

  1. Open a browser and log in to the Red Hat Customer Portal JBoss Software Downloads page.
  2. Select Apache HTTP Server in the Product drop-down menu.
  3. Select the correct JBoss Core Services version from the Version drop-down menu.
  4. Find Red Hat JBoss Core Services Apache HTTP Server in the list, ensuring that you select the correct platform and architecture for your system, and click the Download link.

  5. Extract the downloaded ZIP file to your installation directory.

    Note

    We recommend that you install Apache HTTP Server in the /opt/ directory.

The jbcs-httpd24-2.4/httpd directory created by extracting the ZIP archive is the top-level directory for Apache HTTP Server. This is referred to in this documentation as HTTPD_HOME.

Some configuration is required before running JBoss Core Services Apache HTTP Server. This section includes the following configuration procedures:

Creating an Apache User

Follow this procedure to create the apache user and its parent group:

As the root user:

  1. On a command line, change directory to HTTPD_HOME.

  2. Run the following command to create the apache user group: 

    # groupadd -g 48 -r apache

  3. Run the following command to create the apache user in the apache user group: 

    # useradd -c "Apache" -u 48 -g apache -s /bin/sh -r apache

  4. From HTTPD_HOME, issue the following command to assign the ownership of the Apache directories to the apache user to allow the user to run Apache HTTP Server: 

    # chown -R apache:apache *

    You can use ls -l to verify that the apache user is the owner of the directory.

Disabling/Enabling SSL Support

Apache HTTP Server supports SSL by default, but it can be disabled. Follow this procedure to disable or re-enable SSL support.

  1. Go to the HTTPD_HOME/conf.d/ directory and rename the SSL configuration file:

    1. To disable SSL, rename ssl.conf to ssl.conf.disabled.
    2. To re-enable SSL, rename ssl.conf.disabled to ssl.conf.
Running the Apache HTTP Server Post-Installation Script
  1. On a command line, change to the HTTPD_HOME directory (root user access not required).

  2. Issue the following command: 

     ./.postinstall

2.1.4. Starting Apache HTTP Server
Copy link

To start Apache HTTP Server, on a command line as root user, change to HTTPD_HOME/sbin/ and issue the following command: 

 ./apachectl start

2.1.5. Stopping Apache HTTP Server
Copy link

To stop Apache HTTP Server, on a command line as root user, change to HTTPD_HOME/sbin/, and issue the following command: 

 ./apachectl stop

To run Apache HTTP Server as a non-root user, such as the apache user:

  1. Stop all instances of Apache HTTP Server: 

    pkill httpd

  2. Set the http listen port to higher than 1024 in HTTPD_HOME/conf/httpd.conf: 

    Listen 2080
ServerName <hostname>:2080

  3. Set the https listen port to higher than 1024 in HTTPD_HOME/conf.d/ssl.conf: 

    Listen 2443

  4. Change the ownership of the logs directory: 

    chown -R apache:apache HTTPD_HOME/logs/

  5. Change the ownership of the run directory: 

    chown -R apache:apache HTTPD_HOME/var/run/

  6. Verify that httpd is only running under the apache user, not the root and apache users: 

    $ ps -eo euser,egroup,comm | grep httpd

apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
...
    Important

    To prevent unauthorized access or modification of files and directories by website users and to prevent unwanted changes to Apache HTTP Server configuration files, limit the file permissions of the apache user and enable SELinux .

2.2. RPM Installation
Copy link

Installing JBoss Core Services Apache HTTP Server from RPM packages installs Apache HTTP Server as a service. The RPM installation option is available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8

This section cover proper procedure to install and configure the JBCS modules; mod_jk, mod_cluster, mod_rt, and mod_bmx on the RHEL 8 OS.

Installing httpd

To install httpd run the following command with root access: 

$ yum install httpd
Installing Modules

To install mod_jk, mod_cluster, mod_rt, and mod_bmx, run the following commands with root access: 

$ yum install jbcs-httpd24-mod_jk-ap24

$ yum install jbcs-httpd24-mod_cluster-native

$ yum install jbcs-httpd24-mod_bmx

$ yum install jbcs-httpd24-mod_rt

For RHEL-8 httpd has its BaseOS modules directory in /usr/lib64/httpd/modules. For the time being, JBCS modules are located in /opt/rh/jbcs/root/usr/lib64/httpd/modules and follow all JBCS rules in regards to naming, directories, and prefixes. This includes mod_jk, mod_cluster, mod_rt, and mod_bmx.

If you want to use these modules, create or modify configuration file to add LoadModule command, for example: 

LoadModule jk_module /opt/rh/jbcs/root/usr/lib64/httpd/modules/mod_jk.so
Note
  • mod_proxy_balancer MUST be disabled when mod_proxy_cluster is used.
  • mod_proxy MUST be enabled when mod_proxy_cluster is used
  • If one needs mod_proxy_cluster to use AJP, proxy_ajp_module must be enabled

Alternatively you may include the directory of the installed JBCS modules in the JBCS_HOME/httpd/conf.d directory.

Before downloading and installing the RPM packages, you must register your system with Red Hat Subscription Management and subscribe to the respective Content Delivery Network (CDN) repositories.

For information on registering Red Hat Enterprise Linux, see:

Configuring the Subscription Service for Red Hat Enterprise Linux 6

OR

The Subscription Manager for Red Hat Enterprise Linux 7

OR

The Subscription Manager for Red Hat Enterprise Linux 8

Attaching subscriptions to Red Hat Enterprise Linux (if required)

If the system does not have a subscription attached that provides the Apache HTTP Server:

  1. Log in to the Red Hat Subscription Manager.
  2. Click on the Systems tab.
  3. Click on the Name of the system to add the subscription to.
  4. Change from the Details tab to the Subscriptions tab, then click Attach Subscriptions.
  5. Select the check box beside the subscription to attach, then click Attach Subscriptions.
Note

To verify that a subscription provides the required CDN repositories:

  1. Log in to: https://access.redhat.com/management/subscriptions.
  2. Click the Subscription Name.

  3. Under Products Provided, you require:

    • Red Hat JBoss Core Services.

Installing the Apache HTTP Server from RPM packages using YUM

  1. On a command line, subscribe to the Apache HTTP Server CDN repositories for your operating system version using subscription-manager: 

    # subscription-manager repos --enable <repository>

    • For Red Hat Enterprise Linux 6:

      • jb-coreservices-1-for-rhel-6-server-rpms

    • For Red Hat Enterprise Linux 7:

      • jb-coreservices-1-for-rhel-7-server-rpms

  2. Run the following command as the root user to install the Apache HTTP Server: 

    # yum groupinstall jbcs-httpd24
Note

For complete instructions on installing and configuring HTTPD on RHEL 8, please see this link

Before starting an RPM installation of JBoss Core Services Apache HTTP Server, there are some optional configurations you can perform. This section includes the following configuration procedures:

Removing SSL Support

Apache HTTP Server supports SSL by default, but it can be removed. To remove SSL support, remove the mod_ssl package.

  1. At a shell prompt, run the following command as the root user: 

    # yum remove jbcs-httpd24-mod_ssl
Note

For complete instructions on installing and configuring HTTPD on RHEL 8, please see this link

2.2.4. Starting Apache HTTP Server
Copy link

In a shell prompt as the root user, start the Apache HTTP Server service:

  • For Red Hat Enterprise Linux 6: 

    # service jbcs-httpd24-httpd start

  • For Red Hat Enterprise Linux 7: 

    # systemctl start jbcs-httpd24-httpd.service
Note

For complete instructions on installing and configuring HTTPD on RHEL 8, please see this link

2.2.5. Stopping Apache HTTP Server
Copy link

In a shell prompt as the root user, stop the Apache HTTP Server service:

  • For Red Hat Enterprise Linux 6: 

    # service jbcs-httpd24-httpd stop

  • For Red Hat Enterprise Linux 7: 

    # systemctl stop jbcs-httpd24-httpd.service
Note

For complete instructions on installing and configuring HTTPD on RHEL 8, please see this link

Use the following command to enable the Apache HTTP Server service to start at boot.

  • For Red Hat Enterprise Linux 6: 

    # chkconfig jbcs-httpd24-httpd on

  • For Red Hat Enterprise Linux 7: 

    # systemctl enable jbcs-httpd24-httpd.service

2.3. SELinux Policies
Copy link

2.3.1. SELinux Policy Information
Copy link

The Security-Enhanced Linux (SELinux) security model is enforced by the kernel and ensures applications have limited access to resources such as file system locations and ports. This helps ensure that the errant processes (either compromised or poorly configured) are restricted and in some cases prevented from running.

The following table contains information about the SELinux policies provided in the jbcs-httpd2.4-httpd-selinux packages.

Expand
Table 2.1. RPMs and Default SELinux Policies
NamePort InformationPolicy Information

mod_cluster

Two ports (6666 for TCP and 23364 for UDP) are added for httpd_port_t to allow the httpd process to use them.

A post installation script configures the context mapping for /var/cache/mod_cluster to enable the httpd process to write at this location.

For more information about using SELinux and other Red Hat Enterprise Linux security information, see the Red Hat Enterprise Linux Security Guide.

2.3.2. SELinux Policies for an RPM Installation
Copy link

SELinux policies for Apache HTTP Server are provided by the jbcs-httpd2.4-httpd-selinux package available in the jb-coreservices-1-for-rhel-7-server-rpms and jb-coreservices-1-for-rhel-6-server-rpms Content Delivery Network (CDN) repositories.

To enable SELinux policies on Apache HTTP Server, install the jbcs-httpd2.4-httpd-selinux package for the version of Red Hat Enterprise Linux in use.

2.3.3. SELinux Policies for a ZIP Installation
Copy link

Important

By default, the SELinux policy provided is not active and the Apache HTTP Server processes run in the unconfined_t domain. This domain does not confine the processes, and if you chose not to enable the SELinux policy provided, it is recommended that you restrict file access for the apache user to the files and directories required by the Apache HTTP Server runtime.

For this release, SELinux policies are provided in the ZIP packages. The .postinstall.selinux file is included in root Apache HTTP Server folder. If required, you can run the .postinstall.selinux script.

To install the SELinux policies for ZIP installations:

  1. Install the selinux-policy-devel package: 

    yum install -y selinux-policy-devel

  2. Execute the .postinstall.selinux script: 

    cd <httpd_home>
sh .postinstall.selinux

  3. Make and install the SELinux module: 

    cd <httpd_home>/selinux/
make -f /usr/share/selinux/devel/Makefile
semodule -i jbcs-httpd24-httpd.pp

  4. Apply the SELinux contexts for Apache HTTP Server: 

    restorecon -r <httpd_home>

  5. Add access permissions to the required ports for Apache HTTP Server: 

    semanage port -a -t http_port_t -p tcp 6666
semanage port -a -t http_port_t -p udp 23364

  6. Start the Apache HTTP Server service: 

    <httpd_home>/sbin/apachectl start

  7. Check the context of the running process expecting httpd_t: 

    $ ps -eZ | grep httpd | head -n1

unconfined_u:unconfined_r:httpd_t:s0-s0:c0.c1023 2864 ? 00:00:00 httpd

  8. To verify the contexts of the httpd directories, for example: 

    ls -lZ <httpd_home>/logs/
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top