(2024.2) Apache

1 Installation
- 1.1 Apache
- 1.2 Mod SSL, http2, headers
- 1.3 MINIMAL (REQUIRED) APACHE MODULES
2 Configuration
3 Set Apache to Start on Boot

Installation

Apache

yum install httpd

Mod SSL, http2, headers

yum install mod_ssl mod_headers mod_http2

MINIMAL (REQUIRED) APACHE MODULES

alias_module (shared)       - ''Alias'' and ''ScriptAlias'' directives
authz_host_module (shared)  - ''Allow'' and ''Deny'' directives
autoindex_module (shared)   - Generates directory indexes, automatically
core_module (static)        - The core Apache module
dir_module (shared)         - ''DirectoryIndex'' directive
env_module (shared)         - Modifies the environment
http_module (static)        - Handles HTTP protocol
log_config_module (shared)  - Enables logging configuration
logio_module (shared)       - Enables log writing/reading
mime_module (shared)        - Enables MIME (file type) alteration and interpretation
mpm_prefork_module (static) - Implements a non-threaded, pre-forking (multiprocess) web server
negotiation_module (shared) - Provides for content negotiation (parsing of Headers)
php5_module (shared)        - Enables PHP5 interpreter
rewrite_module (shared)     - Rule-based (regex) url rewriting engine
setenvif_module (shared)    - Enables ''BrowserMatch'' and ''SetEnvIf'' directives
so_module (static)          - Enables modules
status_module (shared)      - Provides information on server activity and performance
version_module (shared)     - Allows Version dependent configuration
vhost_alias_module (shared) - Enable virtual hosts.

Configuration

Apache configuration for PCR-360 is typically done with a Virtual Host and is stored in /etc/httpd/conf.d/pcr360.conf

Create the new apache configuration file.

cd /etc/httpd/conf.d
vi pcr360.conf

This example shows standard configuration for http port 80

ServerName pcr360.customeraddress.com
Protocols h2 h2c http/1.1

## PROTECT FILES ##
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

## HEADERS FOR MS EDGE ##
<IfModule headers_module>
     Header Set X-UA-Compatible: IE=Edge
</IfModule>

## LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK ##
LimitRequestBody 10240000
#bytes, 0-2147483647(2GB)

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

# this is production
<VirtualHost *:80>
    ServerName pcr360.pcr.com
    DocumentRoot /var/www/pcr360/prod/public

RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]

SetEnv APPLICATION_ENV "prod"
    SetEnv APPLICATION_INI "/var/www/pcr360/configs/pcr360.ini"
    SetEnv APPLICATION_ENVDEBUG 0
    SetEnv APPLICATION_ENVPCR 0

<Directory /var/www/pcr360/prod/public>
        Options -Indexes
        DirectoryIndex index.php
        AllowOverride None
        Include /var/www/pcr360/prod/public/.htaccess
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

This example shows standard configuration for https port 443

ServerName pcr360.customeraddress.com
Protocols h2 h2c http/1.1
Header always set Strict-Transport-Security max-age=31536000

## PROTECT FILES ##
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

## HEADERS FOR MS EDGE ##
<IfModule headers_module>
     Header Set X-UA-Compatible: IE=Edge
</IfModule>

## LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK ##
LimitRequestBody 10240000
#bytes, 0-2147483647(2GB)

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

<VirtualHost *:80>
    ServerName pcr360.pcr.com
    DocumentRoot /var/www/pcr360/prod/public

RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
    ServerName pcr360.pcr.com
    DocumentRoot /var/www/pcr360/prod/public

ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn

SSLEngine on
    # TLS 1.2 is currently considered the only secure transport type at this time
    SSLProtocol -all +TLSv1.2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
    SSLCertificateFile /etc/pki/tls/certs/pcr360.pcr.com.cert
    SSLCertificateKeyFile /etc/pki/tls/private/pcr360.pcr.com.key

SetEnv APPLICATION_ENV "prod"
    SetEnv APPLICATION_INI "/var/www/pcr360/configs/pcr360.ini"
    SetEnv APPLICATION_ENVDEBUG 0
    SetEnv APPLICATION_ENVPCR 0

<Directory /var/www/pcr360/prod/public>
        Options -Indexes
        DirectoryIndex index.php
        AllowOverride None
        Include /var/www/pcr360/prod/public/.htaccess
        Order allow,deny
        Allow from all
    </Directory>

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
</VirtualHost>

Set Apache to Start on Boot

1. Add it to chkconfig

sudo /sbin/chkconfig --add httpd

2. Make sure it is in the chkconfig.

sudo /sbin/chkconfig --list httpd

3. Set it to autostart

sudo /sbin/chkconfig httpd on

PCR-360 Wiki