25.4. Apache HTTP Server Configuration
/etc/httpd/conf/httpd.confconfiguration file for the Apache HTTP Server. It does not use the old
access.confconfiguration files; leave them empty. Through the graphical interface, you can configure directives such as virtual hosts, logging attributes, and maximum number of connections. To start the HTTD Configuration Tool, click on
System > Administration > Server Settings > HTTP.
/etc/httpd/conf/httpd.confconfiguration file by hand if you wish to use this tool. The HTTP Configuration Tool generates this file after you save your changes and exit the program. If you want to add additional modules or configuration options that are not available in HTTP Configuration Tool, you cannot use this tool.
- Configure the basic settings under the Main tab.
- Click on the Virtual Hosts tab and configure the default settings.
- Under the Virtual Hosts tab, configure the Default Virtual Host.
- To serve more than one URL or virtual host, add any additional virtual hosts.
- Configure the server settings under the Server tab.
- Configure the connections settings under the Performance Tuning tab.
- Copy all necessary files to the
- Exit the application and select to save your settings.
25.4.1. Basic Settings
Figure 25.1. Basic Settings
ServerNamedirective sets the hostname of the Web server. It is used when creating redirection URLs. If you do not define a server name, the Web server attempts to resolve it from the IP address of the system. The server name does not have to be the domain name resolved from the IP address of the server. For example, you might set the server name to www.example.com while the server's real DNS name is foo.example.com.
httpd.conf. If you configure the server's error pages to contain an email address, this email address is used so that users can report a problem to the server's administrator. The default value is root@localhost.
httpd.conf. By default, Red Hat configures the Apache HTTP Server to listen to port 80 for non-secure Web communications.
httpdcan be started as a regular user.
Figure 25.2. Available Addresses
25.4.2. Default Settings
Figure 25.3. Virtual Hosts Tab
Figure 25.4. General Options
184.108.40.206. Site Configuration
Figure 25.5. Site Configuration
DirectoryIndexis the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.
http://www.example.com/this_directory/, they are going to get either the
DirectoryIndexpage, if it exists, or a server-generated directory list. The server tries to find one of the files listed in the
DirectoryIndexdirective and returns the first one it finds. If it does not find any of these files and if
Options Indexesis set for that directory, the server generates and returns a list, in HTML format, of the subdirectories and files in the directory.
ErrorDocumentdirective. If a problem or error occurs when a client tries to connect to the Apache HTTP Server, the default action is to display the short error message shown in the Error Code column. To override this default configuration, select the error code and click the Edit button. Choose to display the default short error message. Choose to redirect the client to an external URL and enter a complete URL, including the
http://, in the Location field. Choose to redirect the client to an internal URL and enter a file location under the document root for the Web server. The location must begin the a slash (/) and be relative to the Document Root.
DocumentRoot/../error/404.html. In this case, DocumentRoot is the Document Root directory that you have defined (the default is
/var/www/html/). If the Document Root is left as the default location, the file should be copied to
/var/www/error/404.html. Then, choose as the Behavior for 404 - Not Found error code and enter
/error/404.htmlas the .
- Show footer with email address — Display the default footer at the bottom of all error pages along with the email address of the website maintainer specified by the
- Show footer — Display just the default footer at the bottom of error pages.
- No footer — Do not display a footer at the bottom of error pages.
220.127.116.11. SSL Support
mod_sslenables encryption of the HTTP protocol over SSL. SSL (Secure Sockets Layer) protocol is used for communication and encryption over TCP/IP networks. The SSL tab enables you to configure SSL for your server. To configure SSL you need to provide the path to your:
- Certificate file - equivalent to using the
SSLCertificateFiledirective which points the path to the PEM (Privacy Enhanced Mail)-encoded server certificate file.
- Key file - equivalent to using the
SSLCertificateKeyFiledirective which points the path to the PEM-encoded server private key file.
- Certificate chain file - equivalent to using the
SSLCertificateChainFiledirective which points the path to the certificate file containing all the server's chain of certificates.
- Certificate authority file - is an encrypted file used to confirm the authenticity or identity of parties communicating with the server.
SSLOptionswith the following options:
- FakeBasicAuth - enables standard authentication methods used by Apache. This means that the Client X509 certificate's Subject Distinguished Name (DN) is translated into a basic HTTP username.
- ExportCertData - creates CGI environment variables in
SSL_CLIENT_CERT_CHAIN_nwhere n is a number 0,1,2,3,4... These files are used for more certificate checks by CGI scripts.
- CompatEnvVars - enables backward compatibility for Apache SSL by adding CGI environment variables.
- StrictRequire - enables strict access which forces denial of access whenever the
SSLRequiredirectives indicate access is forbidden.
- OptRenegotiate - enables avoidance of unnecessary handshakes by
mod_sslwhich also performs safe parameter checks. It is recommended to enable OptRenegotiate on a per directory basis.
Figure 25.6. SSL
SSLand using only
TLSv1.2. Backwards compatibility can be achieved using
TLSv1.0. Many products Red Hat supports have the ability to use
SSLv3protocols, or enable them by default. However, the use of
SSLv3is now strongly recommended against.
/var/log/httpd/access_logfile and the error log to the
Figure 25.7. Logging
LogFormatdirective. Refer to http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#logformat for details on the format of this directive.
HostnameLookupsdirective. Choosing No Reverse Lookup sets the value to off. Choosing Reverse Lookup sets the value to on. Choosing Double Reverse Lookup sets the value to double.
18.104.22.168. Environment Variables
mod_envmodule to configure the environment variables which are passed to CGI scripts and SSI pages. Use the Environment Variables page to configure the directives for this module.
50, click the button inside the Set for CGI Script section, as shown in Figure 25.8, “Environment Variables”, and type
MAXNUMin the Environment Variable text field and
50in the Value to set text field. Click to add it to the list. The Set for CGI Scripts section configures the
envat a shell prompt. Click the button inside the Pass to CGI Scripts section and enter the name of the environment variable in the resulting dialog box. Click to add it to the list. The Pass to CGI Scripts section configures the
Figure 25.8. Environment Variables
Figure 25.9. Directories
Optionsdirective within the
<Directory>directive. You can configure the following options:
- ExecCGI — Allow execution of CGI scripts. CGI scripts are not executed if this option is not chosen.
- FollowSymLinks — Allow symbolic links to be followed.
- Includes — Allow server-side includes.
- IncludesNOEXEC — Allow server-side includes, but disable the
#includecommands in CGI scripts.
- Indexes — Display a formatted list of the directory's contents, if no
index.html) exists in the requested directory.
- Multiview — Support content-negotiated multiviews; this option is disabled by default.
- SymLinksIfOwnerMatch — Only follow symbolic links if the target file or directory has the same owner as the link.
Orderdirective with the left-hand side options. The
Orderdirective controls the order in which allow and deny directives are evaluated. In the Allow hosts from and Deny hosts from text field, you can specify one of the following:
- Allow all hosts — Type
allto allow access to all hosts.
- Partial domain name — Allow all hosts whose names match or end with the specified string.
- Full IP address — Allow access to a specific IP address.
- A subnet — Such as
- A network CIDR specification — such as
Figure 25.10. Directory Settings
.htaccessfile take precedence.