How to Install Apache (HTTPD) on Fedora Linux

Apache, or Apache HTTP Server or httpd, is a powerful and widely used open-source web server software. It was developed by the Apache Software Foundation and has been one of the most popular web servers since its inception in 1995. Apache is available for many operating systems, including Linux, Windows, and macOS.

Some of the key features and benefits of Apache include the following:

• High performance: Apache is designed to handle large traffic volumes efficiently and reliably, making it suitable for high-traffic websites and web applications.
• Security: Apache strongly focuses on security and provides many built-in features such as SSL/TLS encryption, access control, and more.
• Flexibility: Apache is highly configurable and can be customized to meet the specific needs of different web applications and environments.
• Extensibility: Apache supports a wide range of modules and plugins, making adding new functionality and features to the server easy.
• Open-source: Apache is open-source software, which means it is free to use and distribute, and the community can modify and improve its source code.

Compared to other popular web servers like Nginx, Apache has some notable differences:

• Apache uses a process-based architecture, while Nginx uses an event-based architecture.
• Apache supports more operating systems than Nginx.
• Apache is better suited for dynamic content and scripting languages, while Nginx is better suited for serving static content and handling proxy requests.

Now that we understand what Apache is and its key features, let’s move on to the installation and configuration process. This guide will demonstrate how to install Apache (httpd) on Fedora Linux using the Fedora DNF package manager and configure a free SSL certificate with Let’s Encrypt.

Step 1: Update Fedora

Before installing Apache on your Fedora system, it is crucial to ensure that your system is up to date. Updating your system is a crucial step in the installation process as it helps prevent potential compatibility issues, improves performance, and enhances your system’s overall stability and security. To update your system, open a terminal and execute the following command:

sudo dnf upgrade --refresh

By executing this command, you will initiate the update process, downloading and installing your system’s latest software updates and security patches. The sudo command grants you the administrative privileges required for the upgrade process. The dnf upgrade command will update all installed packages on your system. The –refresh option refreshes the metadata from the configured repositories before the upgrade process.

It is advisable to wait until the update process is complete before proceeding with the installation of Apache. This will ensure your system is fully optimized and ready to run Apache without any interruptions or compatibility issues.

Step 2: Install Apache (HTTPD)

Installing Apache (HTTPD) on Fedora is an easy task that can be accomplished using the DNF package manager. The DNF package manager is a powerful tool that makes installing, updating, and managing software packages easy. To install Apache (HTTPD), open a terminal and execute the following command:

sudo dnf install httpd

This command will initiate the installation process, downloading and installing all the components required to run Apache (HTTPD) on your system. The process should only take a few minutes, and upon completion, Apache (HTTPD) will be fully installed and ready to use.

After successfully installing Apache (HTTPD) on your Fedora system, starting the service and enabling it to run automatically on system boot is important. This ensures that Apache (HTTPD) is always running and ready to serve web requests whenever your system is turned on. If the service is not activated or enabled by default, you can use the following commands in your terminal to start the service and enable it on system boot:

sudo systemctl start httpd
sudo systemctl enable httpd

The first command, sudo systemctl start httpd, starts the Apache (HTTPD) service, while the second command, sudo systemctl enable httpd, enables the service to run automatically on system boot. By executing these two commands, you will ensure that Apache (HTTPD) is always available and running to serve web requests whenever your system is turned on.

An alternative to the previous steps is to use a single command to start the Apache (HTTPD) service and enable it on system boot. This command can be executed as follows:

sudo systemctl enable httpd --now

The –now option in the command sudo systemctl enable httpd –now starts the Apache (HTTPD) service immediately, enabling it to run automatically on system boot. This single command combines the two separate commands from the previous steps into one, making the process even more efficient and convenient.

Verify the proper functioning of Apache (HTTPD) by using the following command:

systemctl status httpd

Example output if successfully activated:

This command provides you with the current status of the Apache (HTTPD) service, including any errors or messages that may be present. By checking the status of the service, you can ensure that Apache (HTTPD) is running correctly on your Fedora system and that it is ready to serve web requests.

In the command output, you will see information about the service, such as its state (active or inactive) and any relevant messages or errors. This information can help troubleshoot any issues arising during installation or while using Apache (HTTPD) on your system.

Step 3: Configure Firewalld Rules

When you install Apache (HTTPD) on Fedora, it has no firewall rules set for the standard ports 80 or 443. It is important to configure these firewall rules before continuing to ensure your web application’s security.

To set the firewall rules, you can use the firewall-cmd tool, the default firewall management tool in Fedora. The exact rules you need to set will depend on the specific ports you plan to use, but all the necessary options are listed below.

Open port 80 or HTTP:

sudo firewall-cmd --permanent --add-port=80/tcp

Open port 443 or HTTPS:

sudo firewall-cmd --permanent --add-port=443/tcp

Reload the firewall to make changes into effect:

sudo firewall-cmd --reload

The first command opens port 80 for incoming TCP traffic, while the second opens port 443 for incoming TCP traffic. The final command reloads the firewall rules to ensure the changes take effect immediately.

Understanding the security implications of opening ports on your system is important. Only opening the necessary ports can help protect your web application from unauthorized access and potential security threats. This is why it is critical to configure the firewall rules for your Apache (HTTPD) installation on Fedora.

Once you have properly configured FirewallD, it’s time to verify that you can access the Apache (HTTPD) landing page in your web browser. To do this, open your preferred web browser and navigate to http://localhost or http://your_server_ip. If everything has been configured correctly, you should see the Apache (HTTPD) default landing page, which displays a message indicating that the server is running.

Alternatively, you can access the landing page using the server’s IP address or hostname. If everything is working well, you should see the following page:

If you cannot access the landing page, it could be due to several potential issues, such as incorrect firewall rules or server configuration. You may need to troubleshoot the problem to determine its cause and correct it.

It is essential to verify that you can access the Apache (HTTPD) landing page to ensure that your installation and configuration process was successful and that you are ready to start serving web content on your Fedora system. By accessing the landing page, you can verify that the Apache (HTTPD) service is running correctly and that you can access it through your web browser.

Suppose you encounter any issues while accessing the landing page. In that case, you can try troubleshooting the problem by checking the firewall rules, verifying the Apache (HTTPD) service status, or examining the server configuration. This will help you identify and correct any issues preventing you from accessing the landing page and ensure your web application runs smoothly and efficiently.

Step 4: Create a Virtual Host

Apache (HTTPD) is a versatile web server that allows you to host multiple domains on a single server by creating virtual hosts. Like the “server blocks” feature in Nginx, creating a virtual host enables you to manage each domain’s configurations independently, giving you control over various aspects of your web server environment, such as security, performance, and custom settings.

This feature is particularly useful when hosting multiple websites on a single server or maintaining separate settings for different parts of your website. With Apache (HTTPD), creating virtual hosts is a straightforward process that enables you to achieve these goals efficiently. Create a virtual host for your domain, such as “example-domain.com.” Remember to replace this example domain with the domain name you are working with.

Create and or Configure Directories

To create a new directory for your virtual host, you will need to use the command line terminal. This directory will serve as the root folder for your virtual host, and it should be named after your domain name. For instance, if your domain name is “example.com,” you can create a new directory using the following command:

sudo mkdir /var/www/example.com

Remember to replace “example.com” in the above command with your domain name. The directory will store all the files and assets for your virtual hosts, such as HTML files, images, scripts, and other resources. It’s a good practice to create a separate directory for each virtual host to maintain a clear separation of concerns, which can be helpful for security and troubleshooting purposes.

You may need to set this directory’s correct ownership and permissions so that Apache (HTTPD) can access it. To do this, use the following commands:

sudo chown -R apache:apache /var/www/example.com
sudo chmod -R 755 /var/www/example.com

The first command sets the ownership of the directory to the Apache user and group, while the second command sets the appropriate permissions for the directory.

With the new directory, you can create the index.html file for your virtual host. To create the file, use a text editor of your choice. In this example, we will use the nano text editor, which you can launch by running the following command:

sudo nano /var/www/example.com/index.html

This will open the nano text editor, where you can begin creating the content for your index.html file. The index.html file is typically the first file a user sees when they visit your website, so it’s essential to include some basic information, such as the title and description of your website and any other relevant information you want to convey to your users.

Here’s a sample code snippet that you can use:

<html>
  <head>
    <title>Example Domain</title>
  </head>
  <body>
    <h1>Welcome to Example Domain</h1>
    <p>This is a sample page for the domain example.com.</p>
  </body>
</html>

You can customize this code according to your preference and include as much or as little information as possible. Once you have finished creating the content for your index.html file, save the file and close the text editor by pressing Ctrl + X, Y, and Enter.

Create Virtual Host

To ensure a smooth and organized setup, create the necessary directories for the Apache web server. Specifically, the “sites-available” and “sites-enabled” directories are essential. This setup is similar to the one used in Nginx and helps to keep configurations organized and easily accessible.

To create these directories, run the following command in your terminal:

sudo mkdir /etc/httpd/sites-available /etc/httpd/sites-enabled

The next step is to direct Apache to search for virtual host files within the “sites-available” directory. To do this, open the Apache configuration file by running the following command:

sudo nano /etc/httpd/conf/httpd.conf

Then add the following line at the end of the file:

IncludeOptional sites-enabled/*.conf

This line tells Apache to include all virtual host configuration files in the “sites-enabled” directory. Optionally, you can comment out the line “IncludeOptional conf.d/*.conf” to disable the default folder where Apache looks for virtual host files, which can help prevent confusion.

Example:

#IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf

Example output with the above configurations combined:

To save and exit the file, use the keyboard shortcuts CTRL + O followed by CTRL + X.

Next, create a virtual host configuration file for your domain name. This example will use “example.com” as the domain name. To create the file, run the following command in your terminal:

sudo nano /etc/httpd/sites-available/example.com.conf

Replace the placeholder information in the following configuration block with your ServerName, ServerAlias, and Document Root before copying it into the virtual host configuration file located at /etc/httpd/sites-available/example.com.conf.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName example_domain
    ServerAlias www.example_domain
    DocumentRoot /var/www/example.com/
</VirtualHost>

Remember to adjust the server directives to match your specific requirements.

Next, you need to modify the access permissions for the Apache service in the /etc/httpd/conf/httpd.conf configuration file to allow public access to your server. By default, the configuration is set to deny access, and failure to change this may result in HTTP 403 errors when attempting to access your website.

To modify the access permissions, open the configuration file by running the following command:

sudo nano /etc/httpd/conf/httpd.conf

Then add the following lines at the end of the file:

Example:

<Directory /var/www/example.com/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

Example:

To save the changes made to the configuration file, use the keyboard combination of “CTRL+O” and exit the text editor using “CTRL+X.”

Enable Virtual Host

To enable the virtual host, you must create a symbolic link from the sites-available directory to the sites-enabled directory. Run the following command in the terminal to create the link:

sudo ln -s /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-enabled/

After creating the symlink, restart the Apache service to complete the activation process:

sudo systemctl restart httpd

Once the Apache service has been restarted, open your web browser and navigate to your domain name (e.g., “http://example_domain”). If you have not registered a domain yet, you can try accessing your website using the remote or local IP address. If everything was set up correctly, you should see the landing page you created in the index.html file.

Example:

Additional Commands & Tips

Secure Directories and Files on Apache

It is crucial to ensure that proper file permissions are set for your directories and files to maintain a secure web server environment. Many users often make the mistake of granting excessive permissions, such as full read, write, and execute access to the public. This can leave your server vulnerable to potential security threats.

To avoid this, it is recommended to set secure permissions for all files and directories. You can use the following command to search for all files and folders and set the most commonly used secure permissions:

sudo find /var/www/example.com/ -type d -exec chmod 755 "{}" \;
sudo find /var/www/example.com/ -type f -exec chmod 644 "{}" \;

It’s important to note that certain applications, such as phpBB, may require specific folder permissions to be set to 777. So, adjusting the permissions accordingly on any files and directories is essential.

However, setting secure permissions alone does not guarantee complete security for your Apache server. Implementing other security measures, such as using SSL certificates and configuring firewalls, is still essential to protect your web server from potential threats.

Secure Apache with Let’s Encrypt SSL Free Certificate

After setting secure file permissions, the next step is to install Certbot, a free and open-source software tool used for automating the process of obtaining and renewing SSL/TLS certificates. This will enable you to secure your website with HTTPS encryption.

To install Certbot, use the following command:

sudo dnf install certbot python3-certbot-apache

After the installation process is complete, generate an SSL/TLS certificate for your domain by running the following command:

sudo certbot --apache -d example.com

Make sure to replace “example.com” with your actual domain name.

Alternatively, you can generate your SSL certificate using Certbot by running the following command in your terminal:

sudo certbot --dry-run --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

For those new to Let’s Encrypt, you may seek more information on the abbreviation in the command.

• The “–dry-run” option is used to perform a test run of the certificate generation process without making any changes to the system. This is useful for testing purposes.
• The “–apache” option is used to specify that the certificate will be generated for an Apache web server.
• The “–agree-tos” option is used to agree to the terms of service of Let’s Encrypt, the certificate authority providing the SSL certificate.
• The “–redirect” option automatically redirects all HTTP traffic to HTTPS.
• The “-hsts” option enables HTTP Strict Transport Security (HSTS). This security feature helps protect against protocol downgrade attacks and cookie hijacking by telling browsers only to access your website over a secure HTTPS connection.
• The “–staple-ocsp” option enables Online Certificate Status Protocol (OCSP) stapling, which verifies an SSL certificate’s revocation status without contacting the certificate authority.
• The “–email” option is used to specify the email address that will be associated with the certificate.
• The “-d” option is used to specify the domain name for which the certificate will be generated. In this example, the domain name is “www.example.com.”

Once you have obtained the SSL certificate, the next step is configuring the webserver to utilize it. This can be done automatically with the prompts from CertBot, but you may require to set it up manually in Apache.

Use the following command to open the ssl.conf file:

sudo nano /etc/httpd/conf.d/ssl.conf

In the configuration file, add the following lines, making sure to replace “example.com” with your domain name.

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

After making changes to the SSL configuration, you must restart the Apache service for the configuration changes to take effect. Use the following command to restart the Apache service:

sudo systemctl restart httpd 

Once the SSL certificate is created and configured, your website’s URL will change from “HTTP://www.example.com” to “HTTPS://www.example.com.” This means that all communication between the user’s browser and your website will be encrypted and secure.

To ensure that your SSL certificate is automatically renewed before it expires, you can set up a cron job to run the Certbot renewal script. Performing a dry run of the script before setting up the cron job is recommended to ensure everything works as intended.

Use the following command to run the Certbot renewal script in dry-run mode:

sudo certbot renew --dry-run

Create Certbot CronJob for Let’s Encrypt Auto Update

First, check if Certbot is configured to renew your SSL certificate automatically; you can run the following command:

sudo certbot certificates

This will display a list of all SSL certificates managed by Certbot and their expiration dates.

To schedule the automatic renewal of your SSL certificate, you can set up a cron job to run the renewal command automatically. To do this, run the following command:

sudo crontab -e

This will open the crontab editor. If this is not installed, run the following command:

sudo dnf install cronie

This will install the necessary package to manage cron jobs on your system. Once installed, you can use the crontab -e command to edit the cron job configuration file and schedule automated tasks.

Next, add the following line to the file to run the renewal command twice a day at 6:00 AM and 6:00 PM:

0 6,18 * * * certbot renew --quiet

Save the changes and exit the editor. This will schedule the cron job to run twice a day and automatically renew your SSL certificate if it is within 30 days of expiring.

It’s important to note that Certbot will only attempt to renew certificates due for renewal. If a certificate is not due for renewal, Certbot will exit without taking any action.

Manage Apache (HTTPD) Service

Once you have set up Apache successfully on your Fedora server, it is essential to manage it effectively. Here are some important points to keep in mind:

Apache Server Logs

Apache server logs are stored in the directory at /var/log/httpd/. The default filenames for the access and error logs are access.log and error.log, respectively. However, you can change these names in the virtual host configuration file.

For example, you can change the access and error logs to custom-access.log and custom-error.log, respectively, in the virtual host configuration file, as shown below:

<VirtualHost *:80>
    ServerName www.example.com
    DocumentRoot /var/www/example.com
    
    # Change access log to custom-access.log
    CustomLog /var/log/httpd/custom-access.log combined
    
    # Change error log to custom-error.log
    ErrorLog /var/log/httpd/custom-error.log
</VirtualHost>

You can change the names of the log files to whatever you prefer and update the corresponding path in the virtual host configuration file.

Apache Commands

Here are some of the frequently used commands when managing Apache:

Stop Apache webserver:

sudo systemctl stop httpd

Start Apache webserver:

sudo systemctl start httpd

Restart Apache webserver:

sudo systemctl restart httpd

Reload Apache webserver:

sudo systemctl reload httpd

Disable Apache on server boot:

sudo systemctl disable httpd

Enable Apache on server boot:

sudo systemctl enable httpd

How to Update Apache (HTTPD)

To keep Apache updated, run the command you typically use to check if your system is up to date:

sudo dnf update --refresh

Before performing any upgrades, it is important to make backups or create images of your system, as bugs can sometimes occur. The above command will refresh all system packages, including Apache, and prompt you to upgrade.

How to Remove (Uninstall) Apache

To uninstall Apache from your system, use the following commands:

sudo systemctl disable httpd --now

This command will disable and stop the Apache service.

Now use the following command to remove Apache altogether.

sudo dnf remove httpd

This command will remove the Apache package from your system.

Note: leftover files may persist in the /etc/httpd main directory so you can erase that folder with the following command:

sudo rm -R /etc/httpd/

Conclusion

In conclusion, installing Apache on Fedora Linux can seem daunting for beginners. However, following the steps outlined in this guide, you can easily set up a secure and functional web server. It is important to remember to secure your server by setting proper file permissions and configuring SSL/TLS encryption with Let’s Encrypt. Additionally, understanding how to manage Apache with commonly used commands, configure server logs, and update or remove the software is crucial for the ongoing success of your web server. With this knowledge and continued learning, you can confidently run a web server using Apache on Fedora Linux.