How to Install & Configure Apache (httpd) with Let’s Encrypt TLS/SSL on AlmaLinux 8

Apache, also known as Apache HTTP server, has been one of the most widely used web server applications globally for the past few decades. It is a free and open-source web application software maintained by the Apache Software Foundation. Apache provides some powerful features with dynamically loadable modules, easy integration with other software, and handling of static files, among other popular features.

In the following tutorial, you will learn how to install Apache Web Server on AlmaLinux 8.

Prerequisites

• Recommended OS: AlmaLinux 8.
• User account: A user account with sudo privilages or root access (su command).

Updating Operating System

Update your AlmaLinux operating system to make sure all existing packages are up to date:

sudo dnf update && sudo dnf upgrade -y

The tutorial will be using the sudo command and assuming you have sudo status. To verify sudo status on your account:

sudo whoami

Example output showing sudo status:

[[email protected] ~]$ sudo whoami
root

If you have not set up a sudo user account and would like to, visit our tutorial on How to Add a User to Sudoers on AlmaLinux.

To use the root account, use the following command with the root password to log in.

su

Install Apache (HTTPD)

Apache, by default, is in the AlmaLinux 8 App stream. This is more practical for most users as it is very stable and secure. To install Apache, open your terminal and execute the following command:

sudo dnf install httpd

Example output:

Type “Y”, then press “ENTER KEY” to proceed.

Next, by default Apache (HTTPD) comes disabled and not activated. First, start the service.

sudo systemctl start httpd

Optionally, enable Apache on system boot.

sudo systemctl enable httpd

Example output if successful:

Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

Check to see if Apache2 is running correctly using the following systemctl command:

systemctl status httpd

Example output if everything is ok:

Configure Firewall Rules

It does not automatically add firewall rules to the standard port 80 or 443 ports when installing Apache. Before you continue, you should set the following rules, this will depend on what ports you will use, but all options are listed.

Open port 80 or HTTP:

sudo firewall-cmd --permanent --zone=public --add-service=http

Open port 443 or HTTPS:

sudo firewall-cmd --permanent --zone=public --add-service=https

Reload firewall to make changes into effect

sudo firewall-cmd --reload

Verify Apache Web Server

Now that you have installed and configured, it is time to test out to see if Apache 2 is reachable and is working correctly by requesting a page.

You can access the default Apache landing page to check if the software runs correctly through your server’s IP address. To find this out, if you do not know, use the following command below:

hostname -I

You should get back the internal IP address the server is on as an example:

###EXAMPLE ONLY###
192.168.50.15 

You may get 2 to 3 results back. Try each one until you find the correct IP address.

If you require your public IP address (external), use the following command instead:

curl -4 icanhazip.com

You may need to install the CURL package if it is missing. To do this, execute the following command:

sudo dnf install curl -y

Once you have your servers IP address, open up your favorite Internet Browser and enter the following:

http://your_server_ip

You should get the following page in your Internet Browser:

Congratulations, you have installed Apache 2 web server and are currently working.

The next step is to set up virtual hosts.

Create and or Configure Virtual Hosts for Apache

Using the Apache web server, you can create virtual hosts to manage configurations for more than one domain running on a single server. If you have used Nginx before, it is the equivalent of server blocks. In the example below, the tutorial will create a domain example-domain.com which you will replace with your domain name.

Create and or Configure Directories

Firstly, leave /var/www/html directory intact as the default directory, then create a new directory, for example-domain.com, as below:

sudo mkdir /var/www/example_domain

The next step is to assign ownership of the directory with the $USER environment variable:

sudo chown -R $USER:$USER /var/www/example_domain

Usually, the web roots permissions should be set correctly, and you can verify using the -ls l command:

ls -l /var/www/example_domain

Example output:

drwxr-xr-x 2 joshua joshua 4096 Oct 10 11:46 example_domain

As you can see, we have the permission of drwxr-xr-x, which is the equivalent of chmod 755. If you do not have this permission set, run the following command:

sudo chmod -R 755 /var/www/example_domain

Now create a sample page index.html using your favorite text editor. The tutorial will use nano as below:

sudo nano /var/www/example_domain/index.html

In the file, copy and paste the following code:

<html>
    <head>
        <title>Welcome to Website!</title>
    </head>
    <body>
        <h1>Success! The virtual host is working! You did not mess it up thanks to Linuxcapable.com</h1>
    </body>
</html>

Save the file (CTRL+O), then exit (CTRL+X).

Create Virtual Host

Now that you have created a landing page and set correct ownership and permissions. By default, the required directories will need to be made and set up.

First, make the directories needed for sites-available and sites-enabled. Nginx users would be familiar with this setup as well.

sudo mkdir /etc/httpd/sites-available
sudo mkdir /etc/httpd/sites-enabled

The next step you must do is instruct Apache to look for virtual host files that will need to be located at /etc/httpd/sites-available directory.

Open up the configuration file.

sudo nano /etc/httpd/conf/httpd.conf

Add the following to the end of the file.

IncludeOptional sites-enabled/*.conf

Optionally, you can disable the default folder that Apache looks for virtual hosts files which maybe wanted to avoid confusion. Just place a comment next to IncludeOptional conf.d/*.conf.

Example:

#IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf

Save the file (CTRL+O), then exit (CTRL+X).

Next, use your favorite text editor to create a virtual host configuration file located at /etc/httpd/sites-available/example_domain.conf as below:

sudo nano /etc/httpd/sites-available/example_domain.conf

Now, copy and paste the following into the configuration block file, note to replace your ServerName, ServerAlias, and Document root with your own:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName example_domain
    ServerAlias www.example_domain
    DocumentRoot /var/www/example_domain
    ErrorLog /var/www/example_domain/error.log
    CustomLog /var/www/example_domain/requests.log combined
</VirtualHost>

Note, remember do not forget to change the required Server directives to your own.

Save the configuration file using (CTRL+O) and exit with (CTRL+X).

Enable Virtual Host

The next step is to enable the virtual host. Initially, you created two directories, sites-available and sites-enabled. Now, you will need to create a symlink to sites-enabled to activate the virtual host.

To create a symlink, use the following example in your terminal.

sudo ln -s /etc/httpd/sites-available/example_domain.conf /etc/httpd/example_domain.conf

Once done, restart the Apache service.

sudo systemctl restart httpd

Open your Internet Browser and type in your domain name HTTP://example_domain where you should get the following landing page you created in the index.html file:

Congratulations, you have successfully created your virtual host and made it work successfully on your domain.

Secure Apache with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Apache on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

First, install the EPEL repository and the mod_ssl package for better-updated packages and security.

sudo dnf install epel-release mod_ssl -y

Next, install the certbot package as follows:

sudo dnf install python3-certbot-apache -y

Once installed, run the following command to start the creation of your certificate:

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d www.example.com

This is the ideal setup that includes force HTTPS 301 redirects, Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be https://www.example.com instead of HTTP://www.example.com.

Note, if you use the old HTTP URL, it will automatically redirect to HTTPS.

Optionally, you can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.

sudo certbot renew --dry-run

If everything is working, open your crontab window by using the following terminal command.

sudo crontab -e

Next, specify the time when it should auto-renew. This should be checked daily at a minimum, and if the certificate needs to be renewed, the script will not update the certificate. If you need help with finding a good time to set, use the crontab.guru free tool.

00 00 */1 * * /usr/sbin/certbot-auto renew

Save (CTRL+O) then exit (CTRL+X), and the cronjob will be automatically enabled.

Managing Apache Service

Now that you have Apache running on your server successfully, some management keynotes are as follows.

Apache Server Logs

Apache server logs can be found in the directory var/www/example_domain with custom.log and error.log respectfully being the default access and error names given. This can be changed to other names in your virtual host configuration file in the future.

Apache Commands

The following commands that you will undoubtedly use in your day-to-day management when working with Apache. Some of the most common are:

To stop Apache webserver:

sudo systemctl stop httpd

To start Apache webserver:

sudo systemctl start httpd

To restart Apache webserver:

sudo systemctl restart httpd

To reload Apache webserver (For more minor changes not requiring a restart):

sudo systemctl reload httpd

To disable Apache on server boot:

sudo systemctl disable httpd

To start Apache on server boot (Automatically enabled on installation):

sudo systemctl enable httpd

How to Update Apache

To update Apache in the future, this is done with the command you used to check if your system is up to date. Note, always create backups or images if you have an Apache service running critical services. Usually, it’s pretty safe to upgrade, but sometimes bugs can occur like any software upgrade.

To update Apache, use the following command:

sudo dnf update

If an Apache upgrade is available, use the command:

sudo dnf upgrade

How to Remove (Uninstall) Apache

To remove Apache if you no longer use it, this can be done using the following command:

sudo dnf autoremove httpd

This command will also remove any unused dependencies that came with the installation.

Comments and Conclusion

In the tutorial, you have learned how to install Apache (httpd) on AlmaLinux 8. Overall, Apache has been the most used web application server in the World for decades. However, Nginx has finally overtaken the lead just slightly. Apache is still one of the most deployed and recognized web applications, especially with combing LAMP stack, which is often used for back-end web servers. You will find more friendly options for Apache than Nginx, leading newer users to get into hosting their web server, perhaps to try Apache over Nginx as the first step.