How to Install Apache (HTTPD) on AlmaLinux 9

Apache, also known as Apache HTTP server, has been one of the most widely used web server applications globally for the past few decades. It is a free, open-source web application software maintained by the Apache Software Foundation. Apache provides some powerful features with dynamically loadable modules, easy integration with other software, and handling of static files, among other popular features.

In the following tutorial, you will learn how to install Apache Web Server on AlmaLinux 9 using the command line terminal for desktop or server and basic configuration and creating a TLS/SSL certificate with Let’s Encrypt.

Update AlmaLinux

Before proceeding, please update your system to ensure all existing packages are up to date to avoid conflicts during the tutorial and good practice.

sudo dnf upgrade --refresh

Install Apache

By default, Apache (HTTPD) is featured in your app stream; execute the following command to install Apache.

sudo dnf install httpd -y

When installing the web application, if it is not activated or enabled by default, use the following command to start the service and enable it on system boot immediately.

sudo systemctl enable httpd --now

Check to see if Apache is running correctly using the following systemctl command.

systemctl status httpd

Example output if everything is ok:

Configure FirewallD Rules

No firewall rules are set to the standard port 80 or 443 ports when installing the web application. Before you continue, you should set the following rules, this will depend on what ports you will use, but all options are listed.

Open port 80 or HTTP:

sudo firewall-cmd --permanent --zone=public --add-service=http

Open port 443 or HTTPS:

sudo firewall-cmd --permanent --zone=public --add-service=https

Reload firewall to make changes into effect

sudo firewall-cmd --reload

After FirewallD is configured, check to ensure you can see the HTTPD landing page in your Internet Browser.

http://your_server_ip

Alternative, try the localhost.

http://localhost

If all is working well, you should land on the following page:

Create Virtual Host

Using the Apache web server, you can create virtual hosts to manage configurations for more than one domain running on a single server. If you have used Nginx, it is the equivalent of server blocks. In the example below, the tutorial will create a domain example-domain.com which you will replace with your domain name.

Create and or Configure Directories

Create a new directory, /example.com/, and replace the example with your domain name with the following command.

sudo mkdir -p /var/www/example.com/

The next step is to assign ownership of the directory with the www-data environment variable.

sudo chown -R apache:apache /var/www/example.com

Now create a sample page index.html using your favorite text editor. The tutorial will use nano as below.

sudo nano /var/www/example.com/index.html

In the file, copy and paste the following code:

<html>
 <head>
  <title>Welcome to Linuxcapable.com</title>
 </head>
 <body>
   <h1>Success!  The tutorial server block is working! Thanks Linuxcapable.com :D</h1>
 </body>
</html>

Save the file (CTRL+O), then exit (CTRL+X).

Create Virtual Host

Now that you have created a landing page and set the correct ownership and permissions. The required directories will need to be made and set up by default.

First, make the directories needed for sites-available and sites-enabled. Nginx users would be familiar with this setup as well.

sudo mkdir /etc/httpd/sites-available
sudo mkdir /etc/httpd/sites-enabled

The next step you must do is instruct Apache to look for virtual host files that will need to be located at /etc/httpd/sites-available directory.

Open up the configuration file.

sudo nano /etc/httpd/conf/httpd.conf

Add the following to the end of the file.

IncludeOptional sites-enabled/*.conf

Optionally, you can disable the default folder Apache looks for virtual host files, which may be wanted to avoid confusion.

Just place a comment next to IncludeOptional conf.d/*.conf.

Example:

#IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf

Example output with the above configurations combined:

Save the file (CTRL+O), then exit (CTRL+X).

Next, use your favorite text editor to create a virtual host configuration file located at /etc/httpd/sites-available/example.com.conf as below.

sudo nano /etc/httpd/sites-available/example.com.conf

Copy and paste the following into the configuration block file; note to replace your ServerName, ServerAlias, and Document root with your own.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName example_domain
    ServerAlias www.example_domain
    DocumentRoot /var/www/example.com/
</VirtualHost>

Do not forget to change the required Server directives to your own.

Next, you need to enable permissions for the Apache service to allow access publically to your server in the /etc/httpd/conf/httpd.conf configuration file. Failure to do this may result in HTTP 403 errors when accessing your website, as, by default, the configuration is set to deny access.

Open the configuration file using nano or any text editor of your choice.

sudo nano /etc/httpd/conf/httpd.conf

Now, add the following to the file and make sure to change the root directory to your own.

Example:

<Directory /var/www/example.com/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

This can be added towards the end of the configuration file, below is an example of it in a live environment.

Save the configuration file using (CTRL+O) and exit with (CTRL+X).

Enable Virtual Host

The next step is to enable the virtual host. Initially, you created two directories, sites-available and sites-enabled. You must create a symlink to sites-enabled to activate the virtual host.

To create a symlink, use the following example in your terminal.

sudo ln -s /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-enabled/

Once done, restart the Apache service.

sudo systemctl restart httpd

Open your Internet Browser and type in your domain name HTTP://example_domain; if you do not have a domain with the remote or local IP address, you should get the following landing page you created in the index.html file.

Example:

Congratulations, you have successfully created your virtual host and made it work successfully on your domain.

Secure Webserver Files

One of the most common mistakes many users make is not fixing the permissions of files/folders. Many users even give complete read/write and execute access to the public.

Use the following command to search for all folders and files and set the most commonplace secure permissions. Make sure to change permissions on any files/directories afterward. For example, phpBB requires some folders to be 777.

sudo find /var/www/example.com/ -type d -exec chmod 755 "{}" \;
sudo find /var/www/example.com/ -type f -exec chmod 644 "{}" \;

Make sure to change /var/www/example.com/ to your root directory location.

Note that this does not make your Apache server secure; it eliminates a prevalent risk out of many.

Secure Apache with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Apache web server on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

First, enable the CRB repository.

sudo dnf config-manager --set-enabled crb

Next, install EPEL using the following (dnf) terminal command.

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm

Now, install snapd.

sudo dnf install snapd -y

Once installed, enable it immediately and on system startup to monitor for updates.

sudo systemctl enable snapd --now

Next, install the snap core to cover all dependencies required for snap packages.

sudo snap install core

Create a symlink for the snapd folder.

sudo ln -s /var/lib/snapd/snap /snap

Install Certbot snap package.

sudo snap install --classic certbot

Lastly, create another symlink for certbot.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Once installed, run the following command to start the creation of your certificate:

sudo certbot --dry-run --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

Alternatively, use the following command and follow the prompts if more accessible.

sudo certbot certonly --apache

This ideal setup includes force HTTPS 301 redirects, a Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be HTTPS://www.example.com instead of HTTP://www.example.com.

Optionally, you can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to ensure everything is working by performing a dry run.

sudo certbot renew --dry-run

Next, use the systemctl-timers to confirm that there is a cron job currently working to check and renew your certificate.

systemctl list-timers

Example output:

A timer will check and renew the certificate before it expires, so you do not need to worry again.

Manage Apache Service

Now that Apache is running on your server successfully, some management keynotes are as follows.

Apache Server Logs

Apache server logs can be found in the directory /var/log/httpd/, with access.log and error.log being the default access and error names given. This can be changed to other names in your virtual host configuration file in the future.

Apache Commands

The following commands that you will undoubtedly use in your day-to-day management when working with Apache. Some of the most common are:

Stop Apache webserver:

sudo systemctl stop apache2

Start Apache webserver:

sudo systemctl start apache2

Restart Apache webserver:

sudo systemctl restart apache2

Reload Apache webserver:

sudo systemctl reload apache2

Disable Apache on server boot:

sudo systemctl disable apache2

Enable Apache on server boot:

sudo systemctl enable apache2

How to Update Apache

To update Apache in the future, this is done with the command you used to check if your system is up to date. Always create backups or images if you have an Apache service running critical services. Usually, it’s pretty safe to upgrade, but sometimes bugs can occur like any software upgrade.

To update Apache, use the following command.

sudo dnf update --refresh

I recommend adding the –refresh to every update command to ensure you are refreshing your caches.

How to Remove (Uninstall) Apache

Removing Apache if you no longer use it can be done using the following command.

sudo systemctl disable apache2 --now

Now using the following command, remove Apache and all data traces for complete removal.

sudo dnf autoremove httpd

Leftover files may still exist in the /etc/apache2/ main folder, so let us remove this directory.

sudo rm -R /etc/httpd/

Note this will clear your custom configuration files. Make sure to back up if you may use it again on Github or a similar type of service.

Comments and Conclusion

In conclusion, Apache has been the most popular web application server for a very long time. However, Nginx has slowly caught up and overtaken the lead. This could be due to the increasing popularity of microservices and Nginx’s ability to handle larger loads more efficiently. Nevertheless, Apache remains one of the most deployed servers in use today. If you are starting with hosting your web applications, we recommend trying Apache first, as it is still one of the most accessible options to get started with.