RHEL8: Install apache

Verify and run update

sudo dnf upgrade

Install apache and verify installation

sudo dnf upgrade
sudo dnf install httpd mod_ssl policycoreutils-python-utils
rpm -qi httpd

Start, enable and verify apache service

sudo systemctl start httpd
sudo systemctl enable httpd
sudo systemctl status httpd

Add firewall rules

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Configure virutal hosts

Create folders for virtual host and set required permissions

sudo mkdir -p /var/www/domain.se/html
sudo mkdir -p /var/www/domain.se/log
sudo chown -R apache:apache /var/www/domain.se/html
sudo chmod -R 755 /var/www
sudo mkdir /etc/httpd/sites-available
sudo mkdir /etc/httpd/sites-enabled

Activate virtual host in apache, edit httpd.conf

sudo vi /etc/httpd/conf/httpd.conf

add this row at the bottom of the file.

IncludeOptional sites-enabled/*.conf

Create virtual host file for your website

sudo vi /etc/httpd/sites-available/domain.se.conf

Add following text note that this will force HTTPS for domain you need to install and configure an SSL certificate. Follow this guide RHEL8: Confgiure SSL certificate for apache

<VirtualHost *:80>
   ServerName domain.se
   Redirect / https://domain.se
   DocumentRoot "/var/www/domain.se/html"
</VirtualHost>
		
<VirtualHost *:443>
   DocumentRoot "/var/www/domain.se/html"
   ServerName domain.se
   ErrorLog "/var/www/domain.se/log/error.log"
   CustomLog "/var/www/domain.se/log/requests.log" combined
   SSLEngine on
   SSLCertificateFile /etc/pki/tls/certs/localhost.crt
   SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
		
<Directory "/var/www/domain.se/html">
   DirectoryIndex index.html index.php
   Options FollowSymLinks
   AllowOverride All
   Require all granted
</Directory>
</VirtualHost>

Activate your virtual host for domain.se

sudo ln -s /etc/httpd/sites-available/domain.se.conf /etc/httpd/sites-enabled/domain.se.conf

Configure SE Policy on directory

You need to give SELinux permission on log folder to give you control over apahe webserver policies.

First confirm context type on log directory

sudo ls -dlZ /var/www/domain.se/log/

You should se httpd_sys_content_t in the output

Change context for folder

sudo semanage fcontext -a -t httpd_log_t "/var/www/domain.se/log(/.*)?"

Save changes

sudo restorecon -R -v /var/www/domain.se/log

Verify changes with

sudo ls -dlZ /var/www/domain.se/log/

Now you should see httpd_log_t in the output. Restart apache

sudo systemctl restart httpd

And confirm that logs are been written

ls -l /var/www/domain.se/log/

If your httpd service need to connect to remote database you will need allow it through SELinux

sudo setsebool -P httpd_can_network_connect_db 1

38

Leave a Reply

Your email address will not be published.