How to Install Apache (HTTPD) on CentOS Stream EL9 or EL8

Apache, also known as HTTPD on RHEL-based systems such as CentOS, is one of the world’s most widely used web server software. With its robust features, flexible configuration options, and compatibility with many operating systems, Apache is the go-to choice for many web developers, administrators, and businesses. It’s important to note that Apache is a highly configurable web server, allowing it to meet the needs of both small and large-scale websites.

Why Use Apache on CentOS Stream?

CentOS Stream is a community-driven distribution of the Red Hat Enterprise Linux (RHEL) operating system designed to provide a streamlined and transparent development process. By using Apache on CentOS Stream, you’ll be able to take advantage of the latest features and bug fixes while also benefiting from the stability and security offered by the RHEL ecosystem.

Features of Apache (HTTPD) on CentOS Stream:

• Modular Design: Apache has a modular design, which makes it easy to add or remove features to meet your needs. You can choose to load only the modules you require, which can help to improve performance and reduce memory usage.
• Virtual Hosting: Apache allows you to host multiple websites on a single server using a single IP address. This is known as virtual hosting, enabling you to save resources and reduce costs by hosting multiple websites on a single server.
• Compatibility: Apache is compatible with many operating systems, including Linux, Windows, and macOS. This makes it easy to deploy Apache in your environment, regardless of your existing infrastructure.
• Performance: Apache is designed to be fast and efficient, and it can easily handle high-traffic loads. With its ability to handle multiple concurrent requests, Apache can provide high performance even under heavy loads.
• Security: Apache has built-in security features, such as password protection, SSL encryption, and configuring firewall rules. These features help to keep your website and data secure and reduce the risk of attacks and security breaches.
• Flexible Configuration: Apache has a flexible configuration, which allows you to configure the server to meet your specific needs. Whether you need to configure virtual hosting, redirects, or other features, Apache provides a wide range of options to meet your needs.
• Extensibility: Apache can be extended with third-party modules, adding additional functionality and features to your server. Apache can extend its functionality if you need support for a specific language, such as PHP, or add extra security features.

In this comprehensive guide, you will be walked through installing Apache on CentOS Stream 9 or 8 using the command line terminal for either desktop or server purposes. Furthermore, we will cover the basic configuration and creation of a secure TLS/SSL certificate using Let’s Encrypt.

Step 1: Update CentOS Stream

Before installing Apache on your CentOS Stream system, it is imperative to ensure that your system is up to date. This is a critical step in the installation process as it helps prevent potential compatibility issues, improves performance, and enhances your system’s overall stability and security. To update your system, run the following command in your terminal.

sudo dnf upgrade --refresh

By executing this command, you will initiate the update process, downloading and installing your system’s latest software updates and security patches. It is advisable to wait until the update process is complete before proceeding with the installation of Apache. This will ensure your system is fully optimized and ready to run Apache without any interruptions or compatibility issues.

Step 2: Install Apache (HTTPD)

Installing Apache (HTTPD) on CentOS Stream is an effortless task that can be accomplished using the DNF package manager. The DNF package manager is a powerful tool that makes it easy to install, update, and manage software packages. To install Apache (HTTPD), run the following command in your terminal.

sudo dnf install httpd

Example output:

This command will initiate the installation process, which will download and install all the necessary components required to run Apache (HTTPD) on your system. The process should only take a few minutes, and upon completion, Apache (HTTPD) will be fully installed and ready to use.

After successfully installing Apache (HTTPD) on your CentOS Stream system, it’s important to start the service and enable it to run automatically on system boot. This ensures that Apache (HTTPD) is always running and ready to serve web requests whenever your system is turned on. If the service is not activated or enabled by default, you can use the following command in your terminal to start the service and enable it on system boot.

sudo systemctl start httpd
sudo systemctl enable httpd

The first command, sudo systemctl start httpd, starts the Apache (HTTPD) service, while the second command, sudo systemctl enable httpd, enables the service to run automatically on system boot. By executing these two commands, you will ensure that Apache (HTTPD) is always available and running to serve web requests whenever your system is turned on.

An alternative to the previous steps is to use a single command to start the Apache (HTTPD) service and enable it on system boot. This command can be executed as follows.

sudo systemctl enable httpd --now

The –now option in the command sudo systemctl enable httpd –now starts the Apache (HTTPD) service immediately and enables it to run automatically on system boot. This single command combines the two separate commands from the previous steps into one, making the process even more efficient and convenient.

Verify the proper functioning of Apache (HTTPD) by using the following systemctl command.

systemctl status httpd

Example output if successfully activated:

This command provides you with the current status of the Apache (HTTPD) service, including any errors or messages that may be present. By checking the status of the service, you can ensure that Apache (HTTPD) is running correctly on your CentOS Stream system and that it is ready to serve web requests.

In the command output, you will see information about the service, such as its state, active or inactive, and any relevant messages or errors. This information can help troubleshoot any issues that may arise during the installation process or while using Apache (HTTPD) on your system.

It’s essential to regularly check the status of Apache (HTTPD) to ensure that it runs smoothly and serves web requests as expected. By doing so, you can quickly identify and resolve any issues that may arise, keeping your web applications running smoothly and efficiently.

Step 3: Configure FirewallD Rules

When you install Apache (HTTPD) on CentOS Stream, it does not come with any firewall rules set for the standard ports 80 or 443. It is important to configure these firewall rules before continuing, as this will help ensure your web application’s security.

To set the firewall rules, you can use the firewall-cmd tool, the default firewall management tool in CentOS Stream. The exact rules you need to set will depend on the specific ports you plan to use, but all of the necessary options are listed below.

Open port 80 or HTTP:

sudo firewall-cmd --permanent --add-port=80/tcp

Open port 443 or HTTPS:

sudo firewall-cmd --permanent --add-port=443/tcp

Reload the firewall to make changes into effect

sudo firewall-cmd --reload

The first command opens port 80 for incoming TCP traffic, while the second open port 443 for incoming TCP traffic. The final command reloads the firewall rules to ensure that the changes take effect immediately.

Understanding the security implications of opening ports on your system is important. By only opening the necessary ports, you can help to protect your web application from unauthorized access and potential security threats. This is why it is critical to configure the firewall rules for your Apache (HTTPD) installation on CentOS Stream.

Once you have properly configured FirewallD, it’s time to verify that you can access the Apache (HTTPD) landing page in your web browser. To do this, open your preferred web browser and navigate to http://localhost or http://your_server_ip. If everything has been configured correctly, you should see the Apache (HTTPD) default landing page, which displays a message indicating that the server is up and running.

http://your_server_ip

Alternatively, try the localhost.

http://localhost

If all is working well, you should land on the following page:

If you cannot access the landing page, it could be due to several potential issues, such as incorrect firewall rules or server configuration. You may need to troubleshoot the problem to determine its cause and correct it.

By ensuring that you can access the Apache (HTTPD) landing page, you can verify that your installation and configuration process was successful and that you are ready to start serving web content on your CentOS Stream system.

Step 4: Create a Virtual Host

Apache (HTTPD) is a highly versatile web server that allows you to host multiple domains on a single server by creating virtual hosts. This feature is similar to the “server blocks” feature in Nginx. This tutorial will demonstrate creating a virtual host for a specific domain, such as “example-domain.com.” Of course, you will need to replace this example domain with the domain name you are working with.

By creating virtual hosts, you can manage each domain’s configurations independently, allowing you to control the different aspects of your web server environment, such as security, performance, and custom settings. This can be especially useful when you need to host multiple websites on a single server or if you need to maintain separate settings for different parts of your website. With Apache (HTTPD), you can easily create virtual hosts to achieve these goals, so let’s get started!

Create and or Configure Directories

To create a new directory for your virtual host, you will need to use the command line terminal. The directory will serve as the root folder for your virtual host, and it should be named after your domain name. For example, if your domain name is “example.com,” you would create a new directory with the following command.

sudo mkdir /var/www/example.com

Note that in this command, example.com should be replaced with your actual domain name. This directory will store the files and assets for your virtual hosts, such as HTML files, images, scripts, and other resources. By creating a separate directory for each virtual host, you can maintain a clear separation of concerns, which can be especially useful for security and troubleshooting purposes.

Additionally, you may need to set the correct ownership and permissions for this directory so that Apache (HTTPD) can access it. The following command will set the correct ownership and permissions:

sudo chown -R apache:apache /var/www/example.com
sudo chmod -R 755 /var/www/example.com

With the new directory in place, you can now proceed to the next step in creating your virtual host.

To create the index.html file for your virtual host, you must use a text editor of your choice. In this example, we will use the nano text editor, but you can use any other text editor you are comfortable with, such as vi, emacs, or gedit. To create the file, run the following command in the terminal.

sudo nano /var/www/example.com/index.html

This will open the nano text editor, and you can begin creating the content for your index.html file. The index.html file is typically the first file that a user sees when they visit your website, so it’s important to include some basic information, such as the title and description of your website, as well as any other relevant information you want to convey to your users.

<html>
  <head>
    <title>Example Domain</title>
  </head>
  <body>
    <h1>Welcome to Example Domain</h1>
    <p>This is a sample page for the domain example.com.</p>
  </body>
</html>

Example:

Of course, you can customize this code as you see fit and include as much or as little information as you like. Once you have finished creating the content for your index.html file, you can save the file and close the text editor by pressing Ctrl + X, Y, and Enter.

Create Virtual Host

Creating the necessary directories for the Apache web server is essential to ensure a smooth and organized setup. Specifically, the “sites-available” and “sites-enabled” directories. This setup is similar to the one used in Nginx, and it helps to keep configurations organized and easily accessible.

sudo mkdir /etc/httpd/sites-available /etc/httpd/sites-enabled

The subsequent step involves directing Apache to search for virtual host files within the “/etc/httpd/sites-available” directory.

sudo nano /etc/httpd/conf/httpd.conf

To complete the configuring Apache to look for virtual host files, you will need to add the following line “IncludeOptional sites-enabled/*.conf” at the end of the “/etc/httpd/conf/httpd.conf” file. This line tells Apache to include all virtual host configuration files in the “sites-enabled” directory.

IncludeOptional sites-enabled/*.conf

Optionally, you can comment out the line “IncludeOptional conf.d/*.conf,” you can disable the default folder where Apache looks for virtual host files, which can help prevent confusion.

Example:

#IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf

Example output with the above configurations combined:

To save and exit the file, you can use the keyboard shortcuts CTRL + O followed by CTRL + X.

Next, create a virtual host configuration file located at /etc/httpd/sites-available/example.com.conf using your preferred text editor. The following example uses nano.

sudo nano /etc/httpd/sites-available/example.com.conf

Replace the placeholder information in the following configuration block with your ServerName, ServerAlias, and Document Root before copying it into the virtual host configuration file located at /etc/httpd/sites-available/example.com.conf.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName example_domain
    ServerAlias www.example_domain
    DocumentRoot /var/www/example.com/
</VirtualHost>

Don’t forget to adjust the necessary Server directives to match your specific requirements.

Next, you need to modify the access permissions for the Apache service in the /etc/httpd/conf/httpd.conf configuration file to allow public access to your server. By default, the configuration is set to deny access, and failure to change this may result in HTTP 403 errors when attempting to access your website.

sudo nano /etc/httpd/conf/httpd.conf

Add the following to the file to allow access and change the root directory to match your own.

Example:

<Directory /var/www/example.com/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

Example:

To save the changes made to the configuration file, use the keyboard combination of “CTRL+O” and exit the text editor using “CTRL+X.”

Enable Virtual Host

To activate the virtual host, a symbolic link must be created from the sites-available directory to the sites-enabled directory. This can be done using the following terminal command.

sudo ln -s /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-enabled/

Restart the Apache service after creating the symlink to complete the activation process.

sudo systemctl restart httpd

Once the Apache service has been restarted, open your internet browser and navigate to your domain name, e.g., “HTTP://example_domain.” If you have not yet registered a domain, you can also try accessing your website using the remote or local IP address. You should see the landing page you created in the index.html file if everything was set up correctly.

Example:

Well done! You have completed creating a virtual host, which is now successfully up and running on your domain.

Additional Commands & Tips

Secure Directories and Files on Apache

It’s important to note that many users make a common mistake by granting excessive permissions, such as full read, write, and execute access to the public. To avoid this, it’s recommended to set secure permissions for all files and directories. Use the following command to search for all files and folders and set the most commonly used secure permissions. However, remember that certain applications, such as phpBB, may require specific folder permissions to be set to 777. So, adjust the permissions accordingly on any files and directories as needed.

sudo find /var/www/example.com/ -type d -exec chmod 755 "{}" \;
sudo find /var/www/example.com/ -type f -exec chmod 644 "{}" \;

It is essential to ensure that the correct permissions are set for your files and directories. One common mistake is to grant full read, write, and execute access to the public. To avoid this, use the following command to search for all folders and files and set secure permissions. Make sure to replace “/var/www/example.com/” with the location of your root directory.

This process will not guarantee the complete security of your Apache server. Still, it will reduce the risk of hackers exploiting essential site files, as permission 777 is generally not recommended.

Secure Apache with Let’s Encrypt SSL Free Certificate

To enhance the security of your Apache web server and to provide a secure connection between the client and the server, it is recommended to use HTTPS with an SSL certificate. One of the most convenient ways to obtain a certificate is through Let’s Encrypt, a free, automated, and open certificate authority managed by the non-profit organization Internet Security Research Group (ISRG).

One of the most convenient methods for installing Let’s Encrypt SSL certificates is using Snapcraft, which provides an easy and stable approach for all RHEL-based distributions. You’ll need to incorporate the EPEL repository for CentOS Stream into your setup. The exact method for doing this will vary depending on your distribution version, but one of the following commands should do the trick.

Import EPEL for CentOS Stream 9

Before we proceed, make sure to enable the CRB repository.

sudo dnf config-manager --set-enabled crb

Next, install the EPEL repository by executing the following terminal command using (dnf).

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm

Import EPEL for CentOS Stream 8

Next, you can install EPEL on CentOS Stream 8 by executing the following command in the terminal with the dnf package manager.

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

First, install the package “mod_ssl.”

sudo dnf install mod_ssl

Now that EPEL is activated on your CentOS Stream distribution, you can install Snap.

sudo dnf install snapd -y

After installation, make sure to enable Snap and on system startup immediately.

sudo systemctl enable snapd --now

The next step is to install the snap core, which will take care of all the dependencies needed for snap packages to run.

sudo snap install core

Create a symbolic link for the snapd directory.

sudo ln -s /var/lib/snapd/snap /snap

Use the following terminal command to install the Certbot snap package.

sudo snap install --classic certbot

Finally, create another symbolic link for the Certbot snap package.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

To generate your SSL certificate using Certbot, run the following command in your terminal.

sudo certbot --dry-run --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

For those new to Let’s Encrypt, you may seek more information on the abbreviation in the command.

• The “–dry-run” option is used to perform a test run of the certificate generation process without making any changes to the system. This is useful for testing purposes.
• The “–apache” option is used to specify that the certificate will be generated for an Apache web server.
• The “–agree-tos” option is used to agree to the terms of service of Let’s Encrypt, the certificate authority providing the SSL certificate.
• The “–redirect” option automatically redirects all HTTP traffic to HTTPS.
• The “–hsts” option is used to enable HTTP Strict Transport Security (HSTS) which is a security feature that helps protect against protocol downgrade attacks and cookie hijacking by telling browsers only to access your website over a secure HTTPS connection.
• The “–staple-ocsp” option is used to enable Online Certificate Status Protocol (OCSP) stapling, which verifies an SSL certificate’s revocation status without contacting the certificate authority.
• The “–email” option is used to specify the email address that will be associated with the certificate.
• The “-d” option is used to specify the domain name for which the certificate will be generated. In this example, the domain name is “www.example.com.”

Alternatively, you can use the following command and follow the step-by-step prompts for a more accessible experience.

sudo certbot certonly --apache

By executing the command with the mentioned parameters, you are directing certbot to create an SSL certificate for your domain “www.example.com” while also including the necessary security features like a force HTTPS 301 redirect, Strict-Transport-Security header, and OCSP Stapling. It’s important to note that you should replace the email address in the command with your own, and also make sure to replace the domain name “www.example.com” with your own desired domain name.

Having obtained the SSL certificate, the next step is to configure our web server to utilize it. This can be done automatically with the prompts from CertBot, but you may require to set it up manually in Apache.

Use the following command to open the ssl.conf file.

sudo nano /etc/httpd/conf.d/ssl.conf

In the configuration file, add the following lines, making sure to replace “example.com” with your own domain name.

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

Save the changes and restart Apache for the configuration to take effect.

sudo systemctl restart httpd 

Once the certificate is created and configured, your website’s URL will change from “HTTP://www.example.com” to “HTTPS://www.example.com.” This means that all communication between the user’s browser and your website will be encrypted and secure.

For added convenience and security, you can set up a cron job to automatically renew the certificates. Certbot provides a script for this purpose, and it’s advisable to perform a dry run of the script to ensure that everything is working as intended before setting it up.

sudo certbot renew --dry-run

Check the timers using the systemctl list-timers command and confirm that “snap.certbot.renew.timer” is present.

systemctl list-timers snap.certbot.renew.timer

Example output:

You can use the following command to list active and inactive timers on your system: “systemctl list-timers –all.” This will give you an overview of all timers, including the “snap.certbot.renew.timer,” ensuring that your certificate will be automatically checked and renewed before it expires. This way, you won’t have to worry about the renewal process.

systemctl list-timers --all

Manage Apache (HTTPD) Service

With Apache successfully set up on your server, here are some important points to keep in mind for effective management.

Apache Server Logs

Apache server logs are stored in the directory at /var/log/httpd/. The default filenames for the access and error logs are access.log and error.log, respectively. However, changing these names in the virtual host configuration file is possible.

Here’s an example of changing the Apache server logs in the virtual host configuration file.

<VirtualHost *:80>
    ServerName www.example.com
    DocumentRoot /var/www/example.com
    
    # Change access log to custom-access.log
    CustomLog /var/log/httpd/custom-access.log combined
    
    # Change error log to custom-error.log
    ErrorLog /var/log/httpd/custom-error.log
</VirtualHost>

In this example, the access and error logs are changed to custom-access.log and custom-error.log, respectively. You can change the names of the log files to whatever you prefer and update the corresponding path in the virtual host configuration file.

Apache Commands

Here are some of the frequently used commands when managing Apache:

Stop Apache webserver:

sudo systemctl stop httpd

Start Apache webserver:

sudo systemctl start httpd

Restart Apache webserver:

sudo systemctl restart httpd

Reload Apache webserver:

sudo systemctl reload httpd

Disable Apache on server boot:

sudo systemctl disable httpd

Enable Apache on server boot:

sudo systemctl enable httpd

How to Update Apache (HTTPD)

To keep Apache updated, run the command you typically use to check if your system is up to date.

sudo dnf update --refresh

It’s important to make backups or create images of your system before performing any upgrades, as bugs can sometimes occur. The following command will refresh all system packages, including Apache, and prompt you to upgrade.

How to Remove (Uninstall) Apache

To uninstall Apache from your system, use the following command.

sudo systemctl disable httpd --now

Now use the following command to remove Apache altogether.

sudo dnf remove httpd

Leftover files may persist in the /etc/httpd main directory, so let’s erase that folder.

sudo rm -R /etc/httpd/

Conclusion

Installing Apache (HTTPD) on CentOS Stream is a simple and straightforward process and can be done in just a few steps. Whether you’re a beginner or an experienced user, this guide will help you get up and running with Apache (HTTPD) on CentOS Stream in no time. Don’t forget to configure Apache (HTTPD) to meet your needs and secure your installation to protect your website and data.

Frequently Asked Questions