Apache Configuration with multiple websites using SSL

How to Install Apache on CentOS 7

Apache is a free, open source and popular HTTP Server that runs on Unix-like operating systems including Linux and also Windows OS. Since its release 20 years ago, it has been the most popular web server powering several sites on the Internet. It is easy to install and configure to host single or multiple websites on a same Linux or Windows server.

In this article, we will explain how to install, configure and manage Apache HTTP web server on a CentOS 7 server using command line.

Prerequisites:

  • CentOS 7 system with static IP address.
  • Connect server to local/internet repository. 

Server Details: 

Hostname: lamp01.darole.org
IP-Address: 172.16.1.211

Virtual Host Details:

Hostname: ninom.darole.org
IP-Address: 172.16.1.216
Hostname: online-education.darole.org
IP-Address: 172.16.1.217
Hostname: organic-farm.darole.org
IP-Address: 172.16.1.218

1. Install Apache Web Server

Install httpd package on servers

# yum install httpd

Once the httpd package is installed it will create folder /var/www/html/ to store the website code. 

Start Apache service and enable it.

# systemctl start httpd
# systemctl enable httpd
# systemctl status httpd

Test Apache service by go to on web browser with give below URL, it will display the default Apache page. 

http://lamp01.darole.org

Let create  first webpage index.html under /var/www/html/ folder. 

# echo "Welcome to DAROLE.ORG" > /var/www/html/index.html

Restart Apache service for the above changes to take effect.

# systemctl restart httpd

Apache Important Files and Directoires

  • The default server root directory (top level directory containing configuration files): /etc/httpd
  • The main Apache configuration file: /etc/httpd/conf/httpd.conf
  • Additional configurations can be added in: /etc/httpd/conf.d/
  • Apache virtual host configuration file: /etc/httpd/conf.d/httpd.conf
  • Configurations for modules: /etc/httpd/conf.modules.d/
  • Apache default server document root directory (stores web files): /var/www/html
  • Log directory 
    • access logs /var/log/httpd/access_log
    • error logs /var/log/httpd/error_log

Few parameter of httpd configuration file.

Listen: Allows you to bind Apache to specific IP addresses
Below is default setting
# cat /etc/httpd/conf/httpd.conf | grep Listen
Listen 80

DocumentRoot: The directory out of which you will serve your
Below is default setting
# cat /etc/httpd/conf/httpd.conf | grep DocumentRoot
DocumentRoot "/var/www/html"

How to secure web server ?

The http protocol is sent over wire in clear test using port 80/TCP by default, (through other ports can be used) There is also a TLS/SSL encrypted version of protocol called https that uses 443/TCP by default.

HTTP(Hypertext transfer protocol) Default port for browser access is 80/TCP.
HTTPS(Hypertext transfer protocol secure) Default port for browser and web services interfaces is 443/TCP

Install the openssl and mod_ssl

# yum -y install openssl mod_ssl

The below command is to generate the ssl certificate.

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout lamp01.key -out lamp01.crt

  • req = Certificate Signing Request (CSR) Management.
  • X.509 = Certificate Data Management.
  • rsa:2048 = Algorithm.
  • lamp01.key = Private key
  • lamp01.crt = Public key

Copy the certificates to below location.

# cp lamp01.crt /etc/pki/tls/certs/
# cp lamp01.key /etc/pki/tls/private/

Grep localhost from ssl.conf file and replace with the certificate name.

# cat /etc/httpd/conf.d/ssl.conf | grep localhost

Update the configuration file with certificate name

# vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/lamp01.crt
SSLCertificateKeyFile /etc/pki/tls/private/lamp01.key

Recheck the configuration file.

# cat /etc/httpd/conf.d/ssl.conf | grep lamp01

Run syntax tests for configuration files only

# httpd -t
# apachectl configtest

Test Apache service by go to on web browser with give below URL(https), it will display index.html page. 

https://lamp01.darole.org

Set Up Apache Virtual Hosts on CentOS 7

Apache Virtual Hosts allows multiple websites to run on one Web server. With virtual hosts, you can specify the site document root (the directory which contains the website files), create a separate security policy for each site, use different SSL certificates for each site and much more.

Download free website templates from below site. 

https://www.free-css.com/free-css-templates

Create folder to store the template 

# mkdir /var/www/html/ninom
# mkdir /var/www/html/online-education
# mkdir /var/www/html/organic-farm

Unzip the templates

# unzip Edukate\ Free\ Website\ Template\ -\ Free-CSS.com.zip
# unzip FarmFresh\ Free\ Website\ Template\ -\ Free-CSS.com.zip
# unzip Ninom\ Free\ Website\ Template\ -\ Free-CSS.com.zip

Move the data from template folder to below directory 

# mv online-education-website-template/* /var/www/html/online-education
# mv organic-farm-website-template/* /var/www/html/organic-farm
# mv ninom-html/* /var/www/html/ninom

Create the below configuration files. 

# vi /etc/httpd/conf.d/httpd.conf

<VirtualHost 172.16.1.216:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/lamp01.crt
SSLCertificateKeyFile /etc/pki/tls/private/lamp01.key
ServerName ninom.darole.org
ServerAlias www.ninom.darole.org
DocumentRoot /var/www/html/ninom
</VirtualHost>


<VirtualHost 172.16.1.217:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/lamp01.crt
SSLCertificateKeyFile /etc/pki/tls/private/lamp01.key
ServerName online-education.darole.org
ServerAlias www.online-education.darole.org
DocumentRoot /var/www/html/online-education
</VirtualHost>


<VirtualHost 172.16.1.218:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/lamp01.crt
SSLCertificateKeyFile /etc/pki/tls/private/lamp01.key
ServerName organic-farm.darole.org
ServerAlias www.organic-farm.darole.org
DocumentRoot /var/www/html/organic-farm
</VirtualHost>

Update the Virtual IP-Adress in the network configuration file 

# vi /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=none
NAME=eth0
UUID=a4994124-fc77-4f57-8fc2-542091e3856a
DEVICE=eth0
ONBOOT=yes
IPADDR0=172.16.1.211
PREFIX=16
IPADDR1=172.16.1.216
PREFIX=16
IPADDR2=172.16.1.217
PREFIX=16
IPADDR3=172.16.1.218
PREFIX=16
#GATEWAY=192.168.2.1
DNS1=172.16.1.200
[root@lamp01 ~]#

Run syntax tests for configuration files only

# httpd -t
# apachectl configtest

Restart the network and apache services

# systemctl restart network
# systemctl restart httpd

Test Apache service by go to on web browser with give below URL(https)

https://online-education.darole.org/
https://online-education.darole.org/
https://organic-farm.darole.org/

Then we will run the Apache benchmark tool (ab) with 200 simultaneous requests until 2000 requests are completed:

# ab -k -c 100 -n 2000 lamp01.darole.org/ninom.darole.org:443

-k Use HTTP KeepAlive feature
-n requests Number of requests to perform
-c concurrency Number of multiple requests to make at a time

Perform load testing on web site. 
# ab -kc 10 -t 30 https://online-education.darole.org/
# ab -kc 10 -t 30 https://online-education.darole.org/
# ab -kc 10 -t 30 https://organic-farm.darole.org/

 

 

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)