Naming /etc/httpd/conf.d/*.conf files in apache 2.4 on RHEL 7?

Latest response

How do I decide what names to give configuration files that I need to create and place in /etc/httpd/conf.d? I need to change some of the default values of directives, and I understand that I need to put them in file(s) that end with .conf in that directory, but how do I decide on the part to the left of the .conf?

Example: /etc/httpd/conf/httpd.conf has this block:

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

while my 2.0/2.2 servers have the block:

DirectoryIndex index.html index.html.var index.jsp

I understand that I need to stick a file in /etc/httpd/conf.d/ and have the lines:

<IfModule dir_module>
    DirectoryIndex index.html index.html.var index.jsp
</IfModule>

be in that file.

Ok, how do I decide what to name the file? Surely the apache gurus don't intend for the chaos of having every site have a different name for their little file -- DirectoryIndex.conf, directory_index.conf, dir_indx.conf, indexdir.conf, etc. And if like things ought to be grouped together (as in the conf.d/userdir.conf sample file) then how do we know what the canonical way is to structure all that?

Am I missing a piece of the install that documents/templates all that out?

Other details:
I have a new RHEL 7 server that was built for me by our systems group, and I have installed apache on it as specified in the manual

     yum install httpd

That gets me the executables, and a skeleton of the configuration:

$ ls -Rl /etc/httpd
/etc/httpd:
total 0
drwxr-xr-x 2 root root  35 Dec 14 01:30 conf
drwxr-xr-x 2 root root  78 Dec 14 01:30 conf.d
drwxr-xr-x 2 root root 139 Dec 14 01:30 conf.modules.d
lrwxrwxrwx 1 root root  19 Dec 14 01:30 logs -> ../../var/log/httpd
lrwxrwxrwx 1 root root  29 Dec 14 01:30 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx 1 root root  10 Dec 14 01:30 run -> /run/httpd

/etc/httpd/conf:
total 28
-rw-r--r-- 1 root root 11753 Aug  3 12:24 httpd.conf
-rw-r--r-- 1 root root 13077 Aug  3 12:33 magic

/etc/httpd/conf.d:
total 16
-rw-r--r-- 1 root root 2926 Aug  3 12:33 autoindex.conf
-rw-r--r-- 1 root root  366 Aug  3 12:34 README
-rw-r--r-- 1 root root 1252 Aug  3 12:24 userdir.conf
-rw-r--r-- 1 root root  516 Aug  3 12:24 welcome.conf

/etc/httpd/conf.modules.d:
total 28
-rw-r--r-- 1 root root 3739 Aug  3 12:24 00-base.conf
-rw-r--r-- 1 root root  139 Aug  3 12:24 00-dav.conf
-rw-r--r-- 1 root root   41 Aug  3 12:24 00-lua.conf
-rw-r--r-- 1 root root  742 Aug  3 12:24 00-mpm.conf
-rw-r--r-- 1 root root  957 Aug  3 12:24 00-proxy.conf
-rw-r--r-- 1 root root   88 Aug  3 12:24 00-systemd.conf
-rw-r--r-- 1 root root  451 Aug  3 12:24 01-cgi.conf

Notice that there are only 3 .conf files in conf.d. Ok, then later on in the manual there is reference to /usr/share/doc/httpd-VERSION, which looks like this:

$ ls -l /usr/share/doc/httpd-2.4.6/
total 244
-rw-r--r-- 1 root root  13507 Mar 29  2011 ABOUT_APACHE
-rw-r--r-- 1 root root 138742 Jul 15  2013 CHANGES
-rw-r--r-- 1 root root   1797 Aug  3 12:33 httpd-dav.conf
-rw-r--r-- 1 root root   2942 Aug  3 12:33 httpd-default.conf
-rw-r--r-- 1 root root   1119 Aug  3 12:33 httpd-info.conf
-rw-r--r-- 1 root root   5078 Aug  3 12:33 httpd-languages.conf
-rw-r--r-- 1 root root   1004 Aug  3 12:33 httpd-manual.conf
-rw-r--r-- 1 root root   4450 Aug  3 12:33 httpd-mpm.conf
-rw-r--r-- 1 root root   2216 Aug  3 12:33 httpd-multilang-errordoc.conf
-rw-r--r-- 1 root root   1511 Aug  3 12:33 httpd-vhosts.conf
-rw-r--r-- 1 root root  25852 Jul 23  2011 LICENSE
-rw-r--r-- 1 root root    550 Jan  5  2013 NOTICE
-rw-r--r-- 1 root root   3161 Aug  3 12:33 proxy-html.conf
-rw-r--r-- 1 root root   5158 Feb 20  2012 README
-rw-r--r-- 1 root root   8183 Feb 28  2007 VERSIONING
e2
Log in to join the conversation

Responses

Robert Krátký's picture Red Hat Guru 3240 points
22 December 2016 12:20 PM

Hi,

I don't think there's any official naming policy for custom config files. It really is up to the administrator to use a system that makes sense to them, and that they find logical. The only thing to keep in mind is that the config files in /etc/httpd/conf.d/ are read in an alphabetical order.

TT Active Contributor 305 points
22 December 2016 4:28 PM

It may be that you are thinking about it from the wrong angle....

The config file for Apache HTTP Server is /etc/http/conf/http.conf. (for Red Hat style distroes, at least)

Inside this file there is the following:

#
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf

This makes it possible to add to the config by putting *.conf files in that directory, and also remove them. This means that a rpm package that uses Apache HTTP Server can have its config in a separate file, so you don't need to manually edit the main configuration file. A yum install will put it there, a yum erase remove it. (All that is needed is to ask Apache HTTP Server to reload the config).

Example: If you have php added to the server php.conf will be added, because it is in the rpm and that was what the package maintainer decided it to be named. And if php is removed with yum remove php, it disappears. And if you make a website that is served from this server, you can call it what you want, but it I made one named e.g. myblog.example.com, I would call it myblog.conf.

However, what you seem to want to do is to change the DirectoryIndex that tells Apache HTTP Server what files it will treat as directory index files by adding index.html.var and index.jsp, ... and this server only has one website, right? (Or you want it to work for all).

Then just do that. In /etc/httpd/conf/httpd.conf.

If there is some other website that is served from this server, e.g. myblog.example.com, and you want this to work only for that site, then set it in the config file for it, myblog.conf in my example.

Robert Krátký's picture Red Hat Guru 3240 points
22 December 2016 4:47 PM

> However, what you seem to want to do is to change the DirectoryIndex that tells Apache HTTP Server what files it will treat as directory index files by adding index.html.var and index.jsp, ... and this server only has one website, right? (Or you want it to work for all).

> Then just do that. In /etc/httpd/conf/httpd.conf.

I would suggest doing all edits to files in conf.d/, so that if the main httpd.conf gets updated in the package, it can be installed over the old one. (The package update process wouldn't overwrite a file with custom changes, but then you would miss out on the package updates.)

TT Active Contributor 305 points
22 December 2016 11:30 PM

Maaaaaybe..... I actually feel I have more control when I can look through .rpmnew files and decide what I think about the changes. But it has been a while since I had to configure httpd, and got burned by surprising changes in "defaults". It might have been better, and ymmv.

Many programs has this "style" of doing it, like having an someprog.conf that comes with the install and a someprog.conf.local that is where you make "overrides" to whatever you want. When this is known and documented, a sysadmin that takes over will be able to quickly find out about this, often very easy to spot if it is in the same dir.

Anyway, I'm not aware of any naming standard for making a local override for /etc/httpd/conf/httpd.conf. (never seen httpd.conf.local or similar).

Apache docs just says it has a hardcoded at compile time location for its config file, but you also can include other files as you wish in that. And this is at least in Red Hat and similar distros /etc/httpd/conf.d/*.conf, (But other distros and products that use httpd might put them elsewhere, or not even use Include, but that is irrelevant for this discussion).

Best advise is maybe "Do something that seems to make sense, and document it"?

The important thing to think about is anyway as you say that the files in conf.d are read alphabetically (alphanumerically actually with 0 first), and that from httpd's view it is as if they were added to the spot in the main config file as where the Include directive is. And that (for simple directives at least) the rule is that if something is repeated the last wins, so the Include directive should be last in the main configuration file, or else a later directive could override something set in a conf.d file.

https://httpd.apache.org/docs/current/configuring.html

e2 Community Member 25 points
22 December 2016 8:02 PM

Robert, I think I'm understanding things the way that you do... I need to change some things from the defaults that are in conf/httpd.conf -- for example, Timeout needs to be 60 rather than 300, and ServerTokens needs to be Prod rather than Full. There is a file, /usr/share/doc/httpd-2.4.6/httpd-default.conf that contains those guys. So I would copy that file into conf.d/, and I would edit conf.d/httpd-default.conf and set the Timeout to 60 and the ServerTokens to Prod.

So far, so good... I've kept my customizations in /etc/httpd/conf.d and not messed with conf/httpd.conf, and I've used the template supplied in the install so I've done it in a standard way in a standard place.

So next I need to do some customizing of error logging, and there isn't any template. So I'm thinking that I need to put a file /etc/httpd/conf.d, and I would name it something like error-logging.conf, and then put my old 2.0/2.2 code in that file:


# overrides settings in conf/httpd.conf
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog logs/error_log

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#Prod is "error"
LogLevel warn

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#Prod has slightly different LogFormat
#The fromLB variable will be set if the request is routing through the NDH or DDC Netscalers
SetEnvIf Remote_Addr ^((172\.19\.51\.25[23])|(192\.168\.71\.25[23]))$ fromLB
LogFormat "%{Client-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{user_name}C\" \"%{Content-length}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{user_name}C\" \"%{Content-length}i\"" combined-direct
LogFormat "%{Client-IP}i %l %u %t \"%r\" %>s %b" common
LogFormat "%h %l %u %t \"%r\" %>s %b" common-direct
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%{Client-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{user_name}C\" \"%{SM_USER}i\" %T %P %D %k \"%{SOAPAction}i\" \"%{SOAPAction}o\"" troubleshooting
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{user_name}C\" \"%{SM_USER}i\" %T %P %D %k \"%{SOAPAction}i\" \"%{SOAPAction}o\"" troubleshooting-direct
# You need to enable mod_logio.c to use %I and %O
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here.  Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog logs/access_log combined env=fromLB
CustomLog logs/access_log combined-direct env=!fromLB
#
# If you would like to have agent and referer logfiles, uncomment the
# following directives.
#
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent

#
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog logs/access_log combined

Does this sound like I'm doing it the way that they want me to?

Robert Krátký's picture Red Hat Guru 3240 points
24 December 2016 12:41 PM

Yes, that sounds like the right way to go.

e2 Community Member 25 points
29 December 2016 11:53 PM

Here is another example. In https://access.redhat.com/solutions/385533, there is an instruction "For example see below configuration in /etc/httpd/conf.d/ssl.conf :" followed by a sample configuration.

NameVirtualHost *:443

###  vhost1.example.com #####
<VirtualHost vhost1.example.com:443>

        DocumentRoot /var/www/html/vhost1
        ServerName  vhost1.example.com
        ServerAlias www.vhost1.example.com

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

        SSLCertificateFile /opt/sslcert/wildcard.example.com.crt
        SSLCertificateKeyFile /opt/sslcert/wildcard.example.com.key

        ErrorLog /var/log/httpd/vhost1_ssl_error_log
        CustomLog /var/log/httpd/vhost1_ssl_access_log common

</virtualhost>

Then in the apache docs, http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html there is this:

Your SSL configuration will need to contain, at minimum, the following directives.

LoadModule ssl_module modules/mod_ssl.so

Listen 443
<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>

Ok, I'm following that the ServerName, SSLEngine, SSLCertificateFile, and SSLCertificateKeyFile directives that the apache docs say you need are in the suggested /etc/httpd/conf.d/ssl.conf. But two questions:

1) Where should I be putting the LoadModule ssl_module modules/mod_ssl.so command? Some file in conf.modules.d? What file?

2) Everyone else seems to know that the file should be in conf.d and should be called ssl.conf. Where is the documentation of this wisdom?

(I feel like the person who walked into the middle of a conversation and is totally confused!)

Robert Krátký's picture Red Hat Guru 3240 points
31 December 2016 10:36 AM

> 1) Where should I be putting the LoadModule ssl_module modules/mod_ssl.so command? Some file in conf.modules.d? What file?

When you install the mod_ssl package, which contains the module, you get /etc/httpd/conf.modules.d/00-ssl.conf, which contains this directive. There's nothing else in this file -- it only contains a single line:

LoadModule ssl_module modules/mod_ssl.so

> 2) Everyone else seems to know that the file should be in conf.d and should be called ssl.conf. Where is the documentation of this wisdom?

That's because the mod_ssl package contains this file. When you install the package, you get an example/default /etc/httpd/conf.d/ssl.conf file with it.

e2 Community Member 25 points
31 December 2016 2:05 PM

Aha! Thank you! The piece that I was missing was Chapter 12.1.8 that I actually have to install ssl to get it...

(Somehow I got it in my head that it was already installed...)

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.