Version 4 (modified by joshuadf, 11 years ago) (diff)



The base package for the Apache httpd web server is called httpd; if you need to compile modules you also need httpd-devel. Precompiled modules packages are named for the module, such as mod_python. If you want it all, try a command such as

yum -y install mod_python mod_perl mod_php mod_ssl httpd httpd-devel

.conf Files

In Red Hat Enterprise Linux the main /etc/httpd/conf/httpd.conf automatically includes any files named *.conf in the /etc/httpd/conf.d/ directory. This makes it easier to install official modules such as PHP, Python, mod_ssl, etc. and also separate out custom local configurations. However, you need to be careful to name only full configuration sections with .conf; other files could be named anything else such as .off or .vhost.


By default, Red Hat Enterprise Linux ship Apache with a working SSL configuration file, but a fake localhost.crt certificate. If you're not sure where your certificate came from, you can view the issuer of with the following command:

# view 
openssl x509 -noout -text -in /etc/pki/tls/certs/localhost.crt -issuer | tail -1
# for a UW cert output should be:
/C=US/ST=WA/O=University of Washington/OU=UW Services/CN=UW Services CA/

To get a valid certificate, first generate a key (or use your existing one) and a certificate request:

cd /etc/pki/tls/private/
openssl genrsa -out localhost.key 1024
openssl req -new -subj "/C=US/ST=Washington/O=University of Washington/CN=$FQDN"  -key localhost.key -out localhost.csr

Then go to the certificate provider (for UW ) and upload the certificate request. When you get notice that the certificate is ready, save it to localhost.crt:

cd /etc/pki/tls/certs/
mv localhost.crt localhost.crt.oldyear
cat > localhost.crt <<EOF
[paste here]

Finally, create an SSL vhost config like the following and verify the Apache config:

cd /etc/httpd/conf.d/
cat > ssl-vhost.conf <<EOF
# SSL - UW signed
<VirtualHost *:443>
  DocumentRoot /var/www/html
  ServerAlias 128.95.x.y testsig testsig.biostr
  ServerAlias *
  DirectoryIndex index.html index.htm index.html.var

  CustomLog combined logs/ssl_access_log
  ErrorLog logs/ssl_error_log

  # allow .htaccess control
  <Directory "/var/www/html">
  AllowOverride All

  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/localhost.crt
  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
  <Files ~ "\.(cgi|shtml)$">
  SSLOptions +StdEnvVars
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

# test Apache config
httpd -S

Optionally redirect all non-SSL traffic to your SSL site by adding this to your non-SSL config:

  RewriteEngine on
  RewriteRule ^/(.*)$1 [R]

Now restart Apache, open port 443 in the firewall, and visit in a web browser.