How to configure Apache web server (httpd) in CentOS 7 with HTTPS
To know more about Apache: Visit here.
Minimum requirements:
1. A server with CentOS 7 OS.
3. A client system to access the webserver.
4. Corresponding DNS entries for name resolution.
Procedure to install and Configure Apache web Server.
· Update the server with latest patches.
[root@server01 ~]# yum update -y
· Install apache (https) package.
[root@server01 ~]# yum install httpd -y
· Enable firewall rules for port 80 (http) and 443 (https).
[root@server01 ~]# firewall-cmd --permanent --add-port=80/tcp
[root@server01 ~]# firewall-cmd --permanent --add-port=443/tcp
[root@server01 ~]# firewall-cmd --reload
· Disable SELinux.
Change SELinux option from SELINUX=enforcing to SELINUX=disabled
[root@server01 ~]# vim /etc/selinux/config
SELINUX=disabled
[root@server01 ~]# setenforce 0
[root@server01 ~]#
SELINUX=disabled
[root@server01 ~]# setenforce 0
[root@server01 ~]#
· Enable httpd service to start during system reboot.
[root@server01 ~]# systemctl enable httpd
· Start the apache (httpd) service in the system.
[root@server01 ~]# systemctl start httpd
· Access the webpage for testing.
Use the link http://<IP_Address_of_your_server> or http://<hostname_of_your_server> from a client machine through a browser to access the web page and test the functionality of the apache service. The browser will take you to the default web page like below if the Apache setup is working as expected.
Now you can create a test page in Apache document root path which is /var/www/html directory by default and test it once again.
[root@server01 ~]# echo "This is a test page for my apache server" > /var/www/html/index.html
Access the web page once again with IP address or hostname as mentioned above to see whether the above content “This is a test page for my apache server” is reflecting over there in the browser. If everything works fine as expected, the web page will show the content as below.
Secure the HTTP service.
· Install SSL
[root@server01 ~]# yum install openssl mod_ssl -y
· Create a Self-Signed Certificate.
[root@server01 ~]# openssl genrsa -out ca.key 2048
[root@server01 ~]# openssl req -new -key ca.key -out ca.csr
[root@server01 ~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
[root@server01 ~]# cp ca.crt /etc/pki/tls/certs/
[root@server01 ~]# cp ca.key /etc/pki/tls/private/
[root@server01 ~]# cp ca.csr /etc/pki/tls/private/
[root@server01 ~]# openssl req -new -key ca.key -out ca.csr
[root@server01 ~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
[root@server01 ~]# cp ca.crt /etc/pki/tls/certs/
[root@server01 ~]# cp ca.key /etc/pki/tls/private/
[root@server01 ~]# cp ca.csr /etc/pki/tls/private/
· Configure the service with Certificates
[root@server01 ~]# vim /etc/httpd/conf.d/ssl.conf
//** Find the section that begins with <VirtualHost _default_:443>. Uncomment the DocumentRoot and ServerName line and replace example.com with your server's IP address. **//
DocumentRoot "/var/www/html"
ServerName <IP Address of your server>:443
ServerName <IP Address of your server>:443
//** Next, find the SSLCertificateFile and SSLCertificateKeyFile lines and update them with the new location of the certificates. **//
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
· Save the configuration and Restart Apache service.
[root@server01 ~]# systemctl restart httpd
· Test the service once again using URL https://<IP_Address_of_the_server> or https://<hostname_of_the_server> from the browser of your client system.
Other Useful Links:
Comments
Post a Comment