Permissions for Files to Be Read by Apacjhe

The Apache HTTP Server, or Apache for short, is a very pop spider web server, developed by the Apache Software Foundation.

This commodity describes how to set up Apache and how to optionally integrate it with PHP.

Installation

Install the apache package.

Configuration

Apache configuration files are located in /etc/httpd/conf. The main configuration file is /etc/httpd/conf/httpd.conf, which includes various other configuration files. The default configuration file should be fine for a simple setup. Past default, it will serve the directory /srv/http to anyone who visits your website.

To kickoff Apache, beginning httpd.service using systemd.

Apache should now exist running. Test past visiting http://localhost/ in a web browser. It should display a simple index page.

For optional further configuration, run into the post-obit sections.

Advanced options

See the full list of Apache configuration directives and the directive quick reference.

These options in /etc/httpd/conf/httpd.conf might be interesting for you:

User http        

For security reasons, equally soon as Apache is started by the root user (directly or via startup scripts) it switches to this UID. The default user is http, which is created automatically during installation.

Listen fourscore        

This is the port Apache will listen to. For Net-admission with router, you accept to forward the port.

If you want to setup Apache for local development you may want it to be merely accessible from your computer. Then alter this line to Listen 127.0.0.one:80.

ServerAdmin yous@example.com        

This is the admin's email address which can be establish on e.thousand. error pages.

DocumentRoot "/srv/http"        

This is the directory where you should put your web pages.

Modify it, if you desire to, but do non forget to as well change <Directory "/srv/http"> to whatever yous inverse your DocumentRoot to, or you lot volition probable get a 403 Error (lack of privileges) when y'all attempt to access the new document root. Do not forget to modify the Require all denied line to Require all granted, otherwise you will go a 403 Error. Recall that the DocumentRoot directory and its parent folders must allow execution permission to others (tin can be prepare with chmod o+x /path/to/DocumentRoot), otherwise you will get a 403 Error.

AllowOverride None        

This directive in <Directory> sections causes Apache to completely ignore .htaccess files. Note that this is now the default for Apache 2.4, and then you lot demand to explicitly allow overrides if y'all plan to utilize .htaccess files. If you intend to utilize mod_rewrite or other settings in .htaccess files, you can allow which directives declared in that file can override server configuration. For more info refer to the Apache documentation.

Tip: If you have bug with your configuration you tin have Apache check the configuration with: apachectl configtest

More settings can exist constitute in /etc/httpd/conf/extra/httpd-default.conf:

To turn off your server'south signature:

ServerSignature Off        

To hide server information like Apache and PHP versions:

ServerTokens Prod        

User directories

User directories are available by default through http://localhost/~yourusername/ and evidence the contents of ~/public_html (this tin exist changed in /etc/httpd/conf/actress/httpd-userdir.conf).

If y'all exercise not want user directories to be available on the web, annotate out the following line in /etc/httpd/conf/httpd.conf:

Include conf/extra/httpd-userdir.conf        

The factual accuracy of this article or section is disputed.

You must make sure that your domicile directory permissions are set properly so that Apache can get at that place. Your dwelling house directory and ~/public_html must be executable for others ("residue of the globe"):

$ chmod o+x ~ $ chmod o+x ~/public_html $ chmod -R o+r ~/public_html        

Restart httpd.service to utilise whatever changes. See likewise Umask#Gear up the mask value.

TLS

Firstly obtain a document. If you own a public domain, you can use Transport Layer Security#Superlative clients.

In /etc/httpd/conf/httpd.conf, uncomment the following three lines:

LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Include conf/actress/httpd-ssl.conf        

If using Certbot (certbot --apache), the following line needs to be uncommented as well:

LoadModule rewrite_module modules/mod_rewrite.so        

Subsequently obtaining a key and document, make sure the SSLCertificateFile and SSLCertificateKeyFile lines in /etc/httpd/conf/extra/httpd-ssl.conf point to the key and document. If a concatenated concatenation of CA certificates was also generated, add together that filename against SSLCertificateChainFile.

Finally, restart httpd.service to apply any changes.

Virtual hosts

Note: You volition need to add a separate <VirtualHost *:443> section for virtual host SSL support. See #Managing many virtual hosts for an example file.

If you lot want to have more than one host, uncomment the following line in /etc/httpd/conf/httpd.conf:

Include conf/extra/httpd-vhosts.conf        

In /etc/httpd/conf/extra/httpd-vhosts.conf fix your virtual hosts. The default file contains an elaborate case that should assistance yous get started.

To test the virtual hosts on your local machine, add the virtual names to your /etc/hosts file:

127.0.0.1 domainname1.dom  127.0.0.one domainname2.dom        

Restart httpd.service to utilise any changes.

Managing many virtual hosts

If you have a huge amount of virtual hosts, you may want to easily disable and enable them. It is recommended to create one configuration file per virtual host and store them all in ane folder, eg: /etc/httpd/conf/vhosts.

Outset create the folder:

# mkdir /etc/httpd/conf/vhosts        

Then place the single configuration files in it:

# nano /etc/httpd/conf/vhosts/domainname1.dom # nano /etc/httpd/conf/vhosts/domainname2.dom ...        

In the last step, Include the unmarried configurations in your /etc/httpd/conf/httpd.conf:

#Enabled Vhosts: Include conf/vhosts/domainname1.dom Include conf/vhosts/domainname2.dom        

Y'all can enable and disable single virtual hosts past commenting or uncommenting them.

A very basic vhost file will look like this:

/etc/httpd/conf/vhosts/domainname1.dom

<VirtualHost *:80>     ServerAdmin webmaster@domainname1.dom     DocumentRoot "/domicile/user/http/domainname1.dom"     ServerName domainname1.dom     ServerAlias domainname1.dom     ErrorLog "/var/log/httpd/domainname1.dom-error_log"     CustomLog "/var/log/httpd/domainname1.dom-access_log" mutual      <Directory "/abode/user/http/domainname1.dom">         Require all granted     </Directory> </VirtualHost>  <VirtualHost *:443>     ServerAdmin webmaster@domainname1.dom     DocumentRoot "/home/user/http/domainname1.dom"     ServerName domainname1.dom:443     ServerAlias domainname1.dom:443     SSLEngine on     SSLCertificateFile "/etc/httpd/conf/server.crt"     SSLCertificateKeyFile "/etc/httpd/conf/server.key"     ErrorLog "/var/log/httpd/domainname1.dom-error_log"     CustomLog "/var/log/httpd/domainname1.dom-access_log" common      <Directory "/dwelling house/user/http/domainname1.dom">         Crave all granted     </Directory> </VirtualHost>

Extensions

PHP

Kickoff install PHP, then follow one of the side by side three subsections beneath. Finally, examination the installation as described in the last subsection.

Using libphp

This method is probably the easiest, but is as well the least scalable: information technology is suitable for a light request load. It besides requires you to change the mpm module, which may cause issues with other extensions (due east.g. it is not uniform with #HTTP/2).

Install php7-apache for PHP 7 or php-apache for PHP 8, equally appropriate.

In /etc/httpd/conf/httpd.conf, comment the line:

#LoadModule mpm_event_module modules/mod_mpm_event.so        

and uncomment the line:

LoadModule mpm_prefork_module modules/mod_mpm_prefork.so        

Notation: The to a higher place is required, because libphp.and so included with the package does not piece of work with mod_mpm_event, but will but work mod_mpm_prefork instead. (FS#39218)

Otherwise you volition get the following error:

Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe.  You need to recompile PHP. AH00013: Pre-configuration failed httpd.service: control process exited, lawmaking=exited status=1

As an alternative, you can apply mod_proxy_fcgi (meet #Using php-fpm and mod_proxy_fcgi below).

To enable PHP, add these lines to /etc/httpd/conf/httpd.conf:

• Place this at the finish of the LoadModule list:

LoadModule php_module modules/libphp.so AddHandler php-script .php        

• Place this at the end of the Include listing:

Include conf/extra/php_module.conf        

Restart httpd.service.

Using apache2-mpm-worker and mod_fcgid

This method provides improved performance and retentivity usage when serving multiple requests.

Install mod_fcgid and php-cgi.

Create the needed directory and symlink it for the PHP wrapper:

# mkdir /srv/http/fcgid-bin # ln -due south /usr/bin/php-cgi /srv/http/fcgid-bin/php-fcgid-wrapper        

Create /etc/httpd/conf/actress/php-fcgid.conf with the following content:

/etc/httpd/conf/extra/php-fcgid.conf

# Required modules: fcgid_module  <IfModule fcgid_module>     AddHandler php-fcgid .php     AddType application/x-httpd-php .php     Action php-fcgid /fcgid-bin/php-fcgid-wrapper     ScriptAlias /fcgid-bin/ /srv/http/fcgid-bin/     SocketPath /var/run/httpd/fcgidsock     SharememPath /var/run/httpd/fcgid_shm         # If you don't allow bigger requests many applications may fail (such as WordPress login)         FcgidMaxRequestLen 536870912         # Path to php.ini – defaults to /etc/phpX/cgi         DefaultInitEnv PHPRC=/etc/php/         # Number of PHP childs that will exist launched. Leave undefined to allow PHP decide.         #DefaultInitEnv PHP_FCGI_CHILDREN iii         # Maximum requests before a process is stopped and a new one is launched         #DefaultInitEnv PHP_FCGI_MAX_REQUESTS 5000     <Location /fcgid-bin/>         SetHandler fcgid-script         Options +ExecCGI     </Location> </IfModule>        

Edit /etc/httpd/conf/httpd.conf:

• Uncomment the loading of the actions module:

  LoadModule actions_module modules/mod_actions.and then

• Load the FCGID module after the loading of the unixd module (on which it is dependent) - yous may wish to identify this inside the <IfModule unixd_module> block:

  LoadModule fcgid_module modules/mod_fcgid.and so

• Ensure that the inclusion of the MPM configuration is uncommented (it is uncommented in the default installed version of this file):

  Include conf/extra/httpd-mpm.conf

• Add together an inclusion of your new FCGID configuration:

  Include conf/actress/php-fcgid.conf

Restart httpd.service.

Using php-fpm and mod_proxy_fcgi

This method provides "an alternative PHP FastCGI implementation with some additional features (mostly) useful for heavy-loaded sites" [ane].

Note: Unlike the widespread setup with ProxyPass, the proxy configuration with SetHandler respects other Apache directives like DirectoryIndex. This ensures a amend compatibility with software designed for libphp, mod_fastcgi and mod_fcgid. If you withal want to effort ProxyPass, experiment with a line like this:

ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/run/php-fpm/php-fpm.sock|fcgi://localhost/srv/http/$one

Install php-fpm.

Enable proxy modules:

/etc/httpd/conf/httpd.conf

LoadModule proxy_module modules/mod_proxy.and then LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.and then        

Create /etc/httpd/conf/extra/php-fpm.conf with the following content:

DirectoryIndex index.php index.html <FilesMatch \.php$>     SetHandler "proxy:unix:/run/php-fpm/php-fpm.sock|fcgi://localhost/" </FilesMatch>        

And include it at the bottom of /etc/httpd/conf/httpd.conf:

Include conf/extra/php-fpm.conf        

Notation: The piping between sock and fcgi is not allowed to be surrounded by a space! localhost can exist replaced past any string. More here

You can configure PHP-FPM in /etc/php/php-fpm.d/www.conf, but the default setup should work fine.

Start and enable php-fpm.service. Restart httpd.service.

Exam whether PHP works

To test whether PHP was correctly configured, create a file called test.php in your Apache DocumentRoot directory (eastward.g. /srv/http/ or ~<username>/public_html/) with the following contents:

<?php phpinfo(); ?>        

Then get to http://localhost/test.php or http://localhost/~<username>/test.php as appropriate.

HTTP/ii

Annotation:

• While Apache supports unencrypted HTTP/2 over TCP (h2c), common browsers exercise not. Thus for apply with the latter, #TLS must exist enabled first.
• If supporting clients practice not employ HTTP/two instead of HTTP/1.one and Mozilla's configuration generator (which already includes the Protocols line below) was used to setup #TLS, try Includeing httpd-ssl.conf after the latter'due south output.
• Ways to test include curl -sI https://your.website or this Chrome extension.

To enable HTTP/2 over TLS support, uncomment the post-obit line in httpd.conf:

LoadModule http2_module modules/mod_http2.and so        

And add the following line:

Protocols h2 http/1.1        

To debug, yous can set simply the module rather than the unabridged server to debug or info:

<IfModule http2_module>     LogLevel http2:info </IfModule>        

For more information – including extra HTTP/2 characteristic settings – see the mod_http2 documentation.

Warning: The http2_module is incompatible with the mpm_prefork_module that old configurations widely use to setup PHP. Consider using php-fpm instead.

Troubleshooting

Apache Status and Logs

Run into the condition of the Apache daemon with systemctl.

Apache logs can be plant in /var/log/httpd/

Error: PID file /run/httpd/httpd.pid non readable (notwithstanding?) after start

Annotate out the unique_id_module line in httpd.conf: #LoadModule unique_id_module modules/mod_unique_id.and then

/run/httpd not beingness created at kick

If systemd-tmpfiles --create as the root user complains virtually "unsafe path transition", check ownership of your root directory.

ls -la / chown root:root /        

Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe.

If when loading php_module the httpd.service fails, and you become an mistake similar this in the periodical:

Apache is running a threaded MPM, but your PHP Module is non compiled to exist threadsafe.  Yous demand to recompile PHP.        

This is because PHP includes support for a module that is non threadsafe, and you are trying to use a threaded MPM. 1 solution to fix this is to employ a non-threaded MPM. Effort replacing mpm_event_module with mpm_prefork_module:

/etc/httpd/conf/httpd.conf

          LoadModule mpm_event_module modules/mod_mpm_event.so          LoadModule mpm_prefork_module modules/mod_mpm_prefork.so        

and restart httpd.service.

Warning: Another modules, like the http2_module, will disable themselves when mpm_prefork is active.

AH00534: httpd: Configuration error: No MPM loaded.

You might encounter this error after a recent upgrade. This is simply the upshot of a recent change in httpd.conf that you might non have reproduced in your local configuration. To fix it, uncomment the following line.

/etc/httpd/conf/httpd.conf

LoadModule mpm_prefork_module modules/mod_mpm_prefork.so        

and restart httpd.service.

AH00072: make_sock: could non bind to address

This can be caused by multiple things. Most common issue being that something is already listening on a given port, check via netstat that this is not happening:

# netstat -lnp | grep -east :80 -e :443        

If you get whatsoever output, stop the given service that's taking upwards the port or kill the runaway procedure that is causing the port to exist bound, and attempt again.

Another effect could be that Apache is not starting equally root for some reason - try starting it manually and see if you withal go the AH0072 error.

# httpd -1000 first        

Finally, you can also accept an error with your configuration and y'all are listening twice on the given port. Following is an example of a bad configuration that will trigger this issue:

Heed 0.0.0.0:80 Listen [::]:lxxx        

AH01071: Got error 'Main script unknown'

This tin be caused by ProtectHome=true in the php-fpm systemd unit of measurement file if you lot are serving files in /abode such as in a virtual host environment. You can disable this feature by editing the php-fpm unit file and restarting php-fpm. Alternatively, move your document root.

Changing the max_execution_time in php.ini has no issue

If you inverse the max_execution_time in php.ini to a value greater than thirty (seconds), yous may nevertheless get a 503 Service Unavailable response from Apache after thirty seconds. To solve this, add a ProxyTimeout directive to your http configuration right before the <FilesMatch \.php$> block:

/etc/httpd/conf/httpd.conf

ProxyTimeout 300        

and restart httpd.service.

PHP-FPM: errors are not existence logged separately per virtual host

If you have multiple virtual hosts, it may exist desirable to have each of them output their error logs to separate files (using the ErrorLog Apache directive). If this is non working for yous, confirm that PHP-FPM is configured to log errors to syslog:

/etc/php/php-fpm.conf

error_log = syslog

Information technology's too possible that the pool configuration is overriding it. Ensure the post-obit line is commented out:

/etc/php/php-fpm.d/www.conf

;php_admin_value[error_log] = /var/log/fpm-php.www.log

See too

• Apache Official Website
• Apache documentation
• Apache wiki
• Apache documentation - Security Tips
• Apache Wiki - Troubleshooting
• Apache on wiki.debian.org

wiltonpoicheir.blogspot.com

Source: https://wiki.archlinux.org/title/Apache_HTTP_Server

Share this post