How to Install Apache on CentOS Stream EL9 or EL8

The Apache Software Foundation developed Apache HTTP Server, often called Apache, which stands as a top web server software. It plays a crucial role in internet infrastructure and is the go-to choice for website hosting. This guide will show you how to install Apache on CentOS Stream 9 or the earlier enterprise version of CentOS Stream 8.

Why Choose Apache for CentOS Stream?

  • Stability and Reliability: Apache boasts robust performance and is a reliable choice for hosting websites and applications.
  • Flexibility: Apache offers a range of customization options, allowing you to tailor the server to meet your specific needs.
  • Security: With various modules and features designed to enhance security, Apache helps safeguard your web resources.
  • Community Support: Being open-source, Apache has a strong community of developers and users who contribute to its continuous improvement.

In the following sections, we’ll provide step-by-step instructions on how to install Apache on CentOS Stream 9 and CentOS Stream 8. Whether you’re a system administrator or a developer, this guide will help you set up Apache efficiently on your CentOS system.

Section 1: Install Apache on CentOS Stream 9 or 8

Step 1: Ensuring a Fully Updated CentOS Stream System Before Apache Installation

Before plunging into the installation process of Apache on your CentOS Stream machine, we need to verify that our system is fully up-to-date. This is more than just a precautionary measure. Updating your system helps preclude potential compatibility issues and significantly enhances your system’s stability, security, and performance.

To put this into motion, execute the following command in your terminal:

sudo dnf upgrade --refresh

This command sets off the update mechanism, procuring and installing your system’s latest software updates and security patches. It is crucial to allow the update process to fully conclude before advancing to the Apache installation. This ensures that your system is in its prime condition, optimally configured, and prepped to run Apache without encountering any snags or compatibility issues.

Step 2: Install Apache (HTTPD) on CentOS Stream 9 or 8

The second step is to install Apache, or HTTPD, on your CentOS Stream system. This is a straightforward process, courtesy of the powerful DNF package manager. The DNF, or Dandified Yum, package manager simplifies installing, updating, and managing software packages.

Kickstart the installation of Apache (HTTPD) by running the following command in your terminal:

sudo dnf install httpd

This command initiates the installation mechanism, and fetches, and installs all the necessary components to allow Apache (HTTPD) to run on your system. The process should finish in just a few minutes. Afterward, you will have Apache (HTTPD) fully installed and ready for use.

Step 3: Activating and Configuring Apache (HTTPD) to Run on System Boot

Following the successful installation of Apache (HTTPD) on your CentOS Stream system, the next key action is to activate the service and configure it to launch upon system boot automatically. Apache (HTTPD) is always active and prepared to serve web requests when your system powers up.

If the Apache (HTTPD) service is not active or set to run by default, use these commands in your terminal to start the service and ensure it runs on system boot:

sudo systemctl start httpd
sudo systemctl enable httpd

The first command, sudo systemctl start httpd, fires up the Apache (HTTPD) service, whereas the second command, sudo systemctl enable httpd, sets the service to run upon system boot automatically. By implementing these two commands, you guarantee that Apache (HTTPD) is constantly accessible and active, ready to cater to web requests each time your system turns on.

As an alternative, you can condense the two previous steps into one single command:

sudo systemctl enable httpd --now

The --now option in the command sudo systemctl enable httpd --now simultaneously starts the Apache (HTTPD) service and configures it to automatically launch on the system boot. This single command unifies the two separate commands from the previous steps, making the process more streamlined and efficient.

Step 4: Validating the Proper Functioning of Apache (HTTPD) on CentOS Stream

Finally, we should verify the successful implementation and functioning of Apache (HTTPD) by utilizing the following systemctl command:

systemctl status httpd
Screenshot showing systemctl status confirming Apache and systemd are working correctly on CentOS Stream 9 or 8.
Systemctl status output demonstrates that Apache and systemd function as expected on CentOS Stream.

This command provides you with the real-time status of the Apache (HTTPD) service, including any errors or messages that may have arisen. By scrutinizing the status of the service, you can confirm that Apache (HTTPD) is running seamlessly.

Section 2: Configure FirewallD Rules for Apache on CentOS Stream 9 or 8

After installing Apache (HTTPD) on CentOS Stream, you might notice that the firewall doesn’t include preconfigured rules for standard ports 80 and 443. You must configure these firewall rules before moving forward to improve the security of your web application.

Use the firewall-cmd tool, CentOS Stream’s default firewall management utility, to set the firewall rules. The rules you need to configure will vary based on the specific ports you intend to use. However, we list all critical options in the following steps.

Step 1: Opening Ports 80 and 443

We will run the first two commands to open ports 80 and 443. These ports handle incoming HTTP and HTTPS traffic, respectively.

To open port 80 or HTTP, run the following command:

sudo firewall-cmd --permanent --add-port=80/tcp

Next, open port 443, or HTTPS, with the subsequent command:

sudo firewall-cmd --permanent --add-port=443/tcp

Step 2: Verify Firewall Changes For Apache on CentOS Stream

After specifying the ports to open, we must instruct the firewall to implement these changes. Do this by reloading the firewall rules using the command below:

sudo firewall-cmd --reload

Step 3: Understanding the Implications

A keen understanding of the security implications accompanying opening ports on your system is paramount. By selectively opening only the necessary ports, you bolster your web application’s defense against unauthorized access and potential security threats. This underlines why it is critical to properly configure the firewall rules for your Apache (HTTPD) installation on CentOS Stream.

Step 4: Verifying Apache (HTTPD) Access

After meticulously configuring Firewalld, ensure you can access the Apache (HTTPD) landing page through your web browser. Launch your favorite web browser and go to either http://localhost or http://your_server_ip.

To access via your server’s IP:

http://your_server_ip

Alternatively, to access via localhost:

http://localhost

When you configure everything precisely, the Apache (HTTPD) default landing page will greet you. This page displays a message confirming that the server operates as expected. The page will resemble:

Screenshot of Apache test page successfully loaded on a CentOS Stream 9 or 8 browser.
Successful loading of the Apache test page on CentOS Stream 9 or 8.

Section 3: Create and Configure Virtual Host with Apache on CentOS Stream

This section will delve into the practical aspect of creating a virtual host using Apache (HTTPD), a flexible web server known for its capability to host multiple domains on a single server. This utility is analogous to the “server blocks” attribute of Nginx. In the ensuing tutorial, we’ll illustrate how to formulate a virtual host for a given domain, represented as “example-domain.com.” Naturally, you’ll substitute this sample domain with your specific domain name.

Creating virtual hosts facilitates independent management of configurations for each domain. This provides control over various facets of your web server environment, including security, performance, and custom settings. This can prove particularly advantageous if you aim to host multiple websites on a single server or maintain separate settings for distinct sections of your website. With Apache (HTTPD), you can effortlessly devise virtual hosts to meet these requirements.

Step 1: Creating and Configuring Directories for Apache on CentOS Stream

Commencing your virtual host setup involves creating a new directory that serves as the root folder for your virtual host. The name of this directory typically aligns with your domain name.

For instance, if your domain name is “example.com,” you would generate a new directory with the command:

sudo mkdir /var/www/example.com

This command necessitates the replacement of “example.com” with your domain name. Thus, The directory will house files and assets associated with your virtual hosts, including HTML files, images, scripts, and other resources.

Setting up individual directories for each virtual host facilitates a distinct separation of concerns, a factor of significance in the context of security and troubleshooting.

The new directory may require appropriate ownership and permissions to allow Apache (HTTPD) access. The succeeding commands set the correct ownership and permissions:

sudo chown -R apache:apache /var/www/example.com
sudo chmod -R 755 /var/www/example.com

With the new directory primed, we can set up your virtual host.

Step 2: Creating an index.html File

A text editor generates an index.html file for your virtual host. For our tutorial, we’ll use the nano text editor, though you’re free to choose any text editor you prefer.

Execute the following command to create the index.html file:

sudo nano /var/www/example.com/index.html

In the text editor, commence creating the content for your index.html file. This file typically serves as the first point of contact for a user visiting your website.

Here’s a simple example:

<html>
  <head>
    <title>Example Domain</title>
  </head>
  <body>
    <h1>Welcome to Example Domain</h1>
    <p>This is a sample page for the domain example.com.</p>
  </body>
</html>
Screenshot of HTML code for Apache test page on CentOS Stream 9 or 8.
HTML code snippet for generating the Apache test page on CentOS Stream.

Upon finalizing the content of your index.html file, save the file and exit the text editor. In the case of nano, this is accomplished by pressing Ctrl + X, followed by Y, and Enter.

Step 3: Configuring Virtual Host Directories

Ensuring proper directory setup for the Apache web server guarantees a seamless and organized configuration. In specific, the “sites-available” and “sites-enabled” directories. This configuration mirrors the one adopted in Nginx and promotes organized and accessible configurations.

To create these directories, use the following command:

sudo mkdir /etc/httpd/sites-available /etc/httpd/sites-enabled

Subsequently, instruct Apache to look for virtual host files in the “/etc/httpd/sites-available” directory:

sudo nano /etc/httpd/conf/httpd.conf

In the opened configuration file, append the line “IncludeOptional sites-enabled/*.conf” at the end. This line instructs Apache to include all virtual host configuration files in the “sites-enabled” directory.

IncludeOptional sites-enabled/*.conf

Optionally, you might want to comment “IncludeOptional conf.d/*.conf”, disabling the default folder where Apache searches for virtual host files. This helps in preventing any potential confusion.

Example:

#IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf
This image shows a section of the Apache configuration file that specifies how to include additional directories, tailored for CentOS Stream 9 or 8 systems.
Apache Configuration for Directory Inclusion on CentOS Stream

To save the file and exit, use the keyboard combination CTRL + O, followed by CTRL + X.

Step 4: Create the Virtual Host Configuration File for Apache on CentOS Stream

Next, using your text editor, we will create a virtual host configuration file at /etc/httpd/sites-available/example.com.conf.

sudo nano /etc/httpd/sites-available/example.com.conf

Fill in the placeholder information in the following configuration block with your ServerName, ServerAlias, and Document Root before copying it into the virtual host configuration file located at /etc/httpd/sites-available/example.com.conf.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName example_domain
    ServerAlias www.example_domain
    DocumentRoot /var/www/example.com/
</VirtualHost>

Adjust the server directives to fit your specific requirements.

Step 5: Modifying Access Permissions

To grant public access to your server, modify the access permissions for the Apache service in the /etc/httpd/conf/httpd.conf configuration file. The default configuration denies access. If you neglect this step, you might encounter HTTP 403 errors when people try to access your website.

sudo nano /etc/httpd/conf/httpd.conf

Add the following block to your file, ensuring that you adjust the root directory to match your own.

<Directory /var/www/example.com/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Screenshot showing Apache configuration for enabling virtual hosts on CentOS Stream 9 or 8.
Configuration snippet for allowing virtual hosts in Apache on CentOS Stream 9 or 8.

To save these changes, use the keyboard combination of CTRL+O and exit the text editor using CTRL+X.

Step 6: Enable the Virtual Host for Apache on CentOS Stream

To set up the virtual host, you must activate it as the final step. Create a symbolic link from the sites-available directory to the sites-enabled directory using the command provided below:

sudo ln -s /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-enabled/

You need to restart the Apache service to complete the activation process.

sudo systemctl restart httpd

After restarting the Apache service, open your web browser and navigate to “HTTP://example_domain.” If you haven’t registered a domain, you can access your website using the IP address (local or remote). If you set everything up correctly, the landing page you created in the index.html file will greet you.

Screenshot of a working test index page served by Apache with virtual host enabled on CentOS Stream 9 or 8.
Working test index page on Apache with virtual host configuration on CentOS Stream 9 or 8.

Additional Commands & Tips with Apache on CentOS Stream 9 or 8

Secure Directories and Files on Apache

Setting Secure Permissions

Using secure permissions for files and directories in Apache on CentOS is crucial. Often, excessive permissions are granted, like full public access. To prevent security risks, it’s recommended to limit permissions. For directories, use chmod 755 and for files, chmod 644. Below are the commands for setting these permissions. Remember, some applications may require different permissions, like 777 for phpBB.

  • For directories:
sudo find /var/www/example.com/ -type d -exec chmod 755 "{}" \;
  • For files:
sudo find /var/www/example.com/ -type f -exec chmod 644 "{}" \;

These commands will replace /var/www/example.com/ with the appropriate directory path. This step doesn’t guarantee complete security but significantly reduces risks by preventing public access to crucial files.

Secure Apache with Let’s Encrypt SSL

Installing Let’s Encrypt SSL Certificate

Securing your Apache server with an SSL certificate is a must for safe client-server connections. Let’s Encrypt provides a free, automated SSL certificate. To start, ensure the CRB repository is enabled and the EPEL repository is installed. The installation process varies slightly between CentOS Stream 9 and 8.

For CentOS Stream 9:
  • Enable CRB:
sudo dnf config-manager --set-enabled crb
  • Install EPEL repository:
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
For CentOS Stream 8:
  • Install EPEL repository:
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

Next, install mod_ssl and Snap:

sudo dnf install mod_ssl

Activate EPEL on your CentOS Stream distribution, and then install Snap.

sudo dnf install snapd -y

After installation, make sure to enable Snap and on system startup immediately.

sudo systemctl enable snapd --now

The next step is to install the snap core, which will take care of all the dependencies needed for snap packages to run.

sudo snap install core

Create a symbolic link for the snapd directory.

sudo ln -s /var/lib/snapd/snap /snap

Use the following terminal command to install the Certbot snap package.

sudo snap install --classic certbot

Finally, create another symbolic link for the Certbot snap package.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Run Certbot for Apache

Run the following command in your terminal to generate your SSL certificate using Certbot.

sudo certbot --dry-run --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

For those new to Let’s Encrypt, you may seek more information on the abbreviation in the command.

  • The “–dry-run” option lets you execute a test run of the certificate generation process without altering the system. This option is valuable for testing.
  • The “–apache” option is to generate a certificate for an Apache web server.
  • The “–agree-tos” option allows you to accept the terms of service from Let’s Encrypt, the certificate authority that provides the SSL certificate.
  • The “–redirect” option automatically redirects all HTTP traffic to HTTPS.
  • The “–hsts” option enables HTTP Strict Transport Security (HSTS). This security feature helps protect against protocol downgrade attacks and cookie hijacking by telling browsers only to access your website over a secure HTTPS connection.
  • The “–staple-ocsp” option enables Online Certificate Status Protocol (OCSP) stapling, which verifies an SSL certificate’s revocation status without contacting the certificate authority.
  • Use the “–email” option to specify the email address you want to associate with the certificate.
  • The “-d” option specifies the domain name for which you will generate the certificate. In this example, the domain name is “www.example.com.”

Alternatively, you can use the following command and follow the step-by-step prompts for a more accessible experience.

sudo certbot certonly --apache

By executing the command with the mentioned parameters, you are directing certbot to create an SSL certificate for your domain “www.example.com” while also including the necessary security features like a force HTTPS 301 redirect, Strict-Transport-Security header, and OCSP Stapling. It’s important to note that you should replace the email address in the command with your own, and also make sure to replace the domain name “www.example.com” with your desired domain name.

Configuring SSL on Apache

After obtaining the SSL certificate, configure your Apache server to use it. Edit the ssl.conf file and add the following lines, replacing “example.com” with your domain:

sudo nano /etc/httpd/conf.d/ssl.conf

In the configuration file, add the following lines: replace “example.com” with your domain name.

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

Save the changes and restart Apache for the configuration to take effect.

sudo systemctl restart httpd 

This setup ensures encrypted, secure communication between browsers and your website.

Automating Certificate Renewal

To keep the SSL certificate up-to-date, set up a cron job for automatic renewal. Test the renewal process with a dry run:

sudo certbot renew --dry-run

Check the timers using the systemctl list-timers command and confirm that “snap.certbot.renew.timer” is present.

systemctl list-timers snap.certbot.renew.timer
Screenshot of Certbot timers for SSL certificate renewal on Apache and CentOS Stream 9 or 8.
Timers set for Certbot to handle SSL certificate renewals on Apache running on CentOS Stream 9 or 8.

Use the command “systemctl list-timers –all” to view both active and inactive timers on your system. This command provides an overview of all timers, including the “snap.certbot.renew.timer.” The “snap.certbot.renew.timer” ensures the automatic checking and renewal of your certificate before its expiration. Thus, you eliminate concerns regarding the renewal process.

systemctl list-timers --all

Manage Apache (HTTPD) Service on CentOS Stream

With Apache successfully set up on your server, here are some important points to remember for effective management.

Apache Server Logs

Apache server logs are stored in the directory at /var/log/httpd/. The default filenames for the access and error logs are access.log and error.log, respectively. However, changing these names in the virtual host configuration file is possible.

Here’s an example of changing the Apache server logs in the virtual host configuration file.

<VirtualHost *:80>
    ServerName www.example.com
    DocumentRoot /var/www/example.com
    
    # Change access log to custom-access.log
    CustomLog /var/log/httpd/custom-access.log combined
    
    # Change error log to custom-error.log
    ErrorLog /var/log/httpd/custom-error.log
</VirtualHost>

This example changes the access and error logs to custom-access.log and custom-error.log, respectively. You can change the names of the log files to whatever you prefer and update the corresponding path in the virtual host configuration file.

Apache Commands

Here are some of the frequently used commands when managing Apache:

Stop Apache webserver:

sudo systemctl stop httpd

Start Apache webserver:

sudo systemctl start httpd

Restart Apache webserver:

sudo systemctl restart httpd

Reload Apache webserver:

sudo systemctl reload httpd

Disable Apache on server boot:

sudo systemctl disable httpd

Enable Apache on server boot:

sudo systemctl enable httpd

How to Update Apache (HTTPD) on CentOS Stream 9 or 8

To keep Apache updated, run the command you typically use to check if your system is up to date.

sudo dnf update --refresh

It’s important to make backups or create images of your system before performing any upgrades, as bugs can sometimes occur. The following command will refresh all system packages, including Apache, and prompt you to upgrade.

How to Remove (Uninstall) Apache from CentOS Stream 9 or 8

To uninstall Apache from your system, use the following command.

sudo systemctl disable httpd --now

Now, use the following command to remove Apache altogether.

sudo dnf remove httpd

Leftover files may persist in the /etc/httpd main directory, so let’s erase that folder.

sudo rm -R /etc/httpd/

Conclusion

Installing Apache (HTTPD) on CentOS Stream is a simple and straightforward process and can be done in just a few steps. Whether you’re a beginner or an experienced user, this guide will help you get up and running with Apache (HTTPD) on CentOS Stream in no time. Don’t forget to configure Apache (HTTPD) to meet your needs and secure your installation to protect your website and data.

Leave a Comment


Your Mastodon Instance
Share to...