diff --git a/docs/guides/web/apache-sites-enabled.md b/docs/guides/web/apache-sites-enabled.md index 8edfec1e4c..e9a6541376 100644 --- a/docs/guides/web/apache-sites-enabled.md +++ b/docs/guides/web/apache-sites-enabled.md @@ -31,13 +31,14 @@ Historical fact: This server setup appears to have started with Debian-based sys For those looking for a similar setup for Nginx, [examine this guide](nginx-multisite.md). ## Install Apache + You will likely need other packages for your website, such as PHP, database, or other packages. Installing PHP along with `http` will get you the most recent version from the Rocky Linux repositories. Just remember that you may need modules, such as `php-bcmath` or `php-mysqlind`. Your web application specifications will dictate what you need. You can install these when needed. For now, you will install `http` and PHP, as those are almost a forgone conclusion: From the command-line run: -``` +```bash dnf install httpd php ``` @@ -45,9 +46,9 @@ dnf install httpd php This method uses a couple of additional directories, which do not currently exist on the system. You need to add two directories in */etc/httpd/* called "sites-available" and "sites-enabled." -From the command-line enter: +From the command-line enter: -``` +```bash mkdir -p /etc/httpd/sites-available /etc/httpd/sites-enabled ``` @@ -57,15 +58,15 @@ You also need a directory where our sites are going to be. This can be anywhere, ## Configuration -You also need to add a line to the bottom of the `httpd.conf` file. To do this, enter: +You also need to add a line to the bottom of the `httpd.conf` file. To do this, enter: -``` +```bash vi /etc/httpd/conf/httpd.conf ``` and go to the bottom of the file and add: -``` +```bash Include /etc/httpd/sites-enabled ``` @@ -87,9 +88,9 @@ If you want to serve the website with SSL/TLS (and face it, in most cases you do You can examine that below in the [Configuration `https` using An SSL/TLS certificate](#https) section. -You first need to create this configuration file in *sites-available*: +You first need to create this configuration file in *sites-available*: -``` +```bash vi /etc/httpd/sites-available/com.wiki.www ``` @@ -104,8 +105,8 @@ The configuration file content will look something like this: Alias /icons/ /var/www/icons/ # ScriptAlias /cgi-bin/ /var/www/sub-domains/your-server-hostname/cgi-bin/ - CustomLog "/var/log/httpd/your-server-hostname-access_log" combined - ErrorLog "/var/log/httpd/your-server-hostname-error_log" + CustomLog "/var/log/httpd/your-server-hostname-access_log" combined + ErrorLog "/var/log/httpd/your-server-hostname-error_log" Options -ExecCGI -Indexes @@ -124,7 +125,7 @@ When created, you need to write (save) it with ++shift+:+wq++. In the example, loading the wiki site happens from the "html" subdirectory of _your-server-hostname_, which means that the path you created in _/var/www_ (above) will need some additional directories to satisfy this: -``` +```bash mkdir -p /var/www/sub-domains/your-server-hostname/html ``` @@ -132,13 +133,13 @@ This will create the entire path with a single command. Next you want to install Copy your files to the path you created: -``` +```bash cp -Rf wiki_source/* /var/www/sub-domains/your-server-hostname/html/ ``` ## Configuration `https` using an SSL/TLS certificate -As stated earlier, every web server created these days _should_ be running with SSL/TLS (the secure socket layer). +As stated earlier, every web server created these days *should* be running with SSL/TLS (the secure socket layer). This process starts by generating a private key and CSR (certificate signing request) and submitting the CSR to the certificate authority to buy the SSL/TLS certificate. The process of generating these keys is somewhat extensive. @@ -148,15 +149,15 @@ You can also use this alternate process, using an [SSL certificate from Let's En ### Placement of the SSL/TLS keys and certificates -Since you have your keys and certificate files, you need to place them logically in your file system on the web server. As you have seen with the example configuration file, you are placing your web files in _/var/www/sub-domains/your-server-hostname/html_. +Since you have your keys and certificate files, you need to place them logically in your file system on the web server. As you have seen with the example configuration file, you are placing your web files in `/var/www/sub-domains/your-server-hostname/html`. -You want to place your certificate and key files with the domain, but outside of the document root, which in this case is the _html_ folder. +You want to place your certificate and key files with the domain, but outside of the document root, which in this case is the *html* folder. You never want to risk exposing your certificates and keys to the web. That would be bad! Instead, you will create a directory structure for our SSL/TLS files, outside the document root: -``` +```bash mkdir -p /var/www/sub-domains/your-server-hostname/ssl/{ssl.key,ssl.crt,ssl.csr}` ``` @@ -166,9 +167,9 @@ If you are new to the "tree" syntax for making directories, what the above says Just a note ahead of time: Storing the certificate signing request (CSR) file in the tree is not necessary, but it simplifies some things. If you ever need to re-issue the certificate from a different provider, having a stored copy of the CSR is a good idea. The question becomes where can you store it so that you will remember, and storing it within the tree of your website is logical. -Assuming that you have named your key, csr, and crt (certificate) files with the name of your site, and that you have them stored in _/root_, you will copy them up to their locations: +Assuming that you have named your key, csr, and crt (certificate) files with the name of your site, and that you have them stored in */root*, you will copy them up to their locations: -``` +```bash cp /root/com.wiki.www.key /var/www/sub-domains/your-server-hostname/ssl/ssl.key/ cp /root/com.wiki.www.csr /var/www/sub-domains/your-server-hostname/ssl/ssl.csr/ cp /root/com.wiki.www.crt /var/www/sub-domains/your-server-hostname/ssl/ssl.crt/ @@ -182,7 +183,6 @@ For starters, break down the beginning of the configuration file. For instance, You want them to go to port 443 (or "`http` secure", better known as SSL/TLS or `https`). Our port 80 configuration section will be minimal: - ```apache ServerName your-server-hostname @@ -211,8 +211,8 @@ Next, you need to define the `https` part of the configuration file: Alias /icons/ /var/www/icons/ # ScriptAlias /cgi-bin/ /var/www/sub-domains/your-server-hostname/cgi-bin/ - CustomLog "/var/log/`http`d/your-server-hostname-access_log" combined - ErrorLog "/var/log/`http`d/your-server-hostname-error_log" + CustomLog "/var/log/`http`d/your-server-hostname-access_log" combined + ErrorLog "/var/log/`http`d/your-server-hostname-error_log" SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 @@ -254,11 +254,10 @@ Remember that our *httpd.conf* file is including */etc/httpd/sites-enabled* at t That is by design, so that you can remove things when or if `httpd` fails to restart. To enable our configuration file, you need to create a symbolic link to that file in *sites-enabled* and start or restart the web service. To do this, you use this command: -``` +```bash ln -s /etc/httpd/sites-available/your-server-hostname /etc/httpd/sites-enabled/ ``` - This will create the link to the configuration file in *sites-enabled*. Now just start `httpd` with `systemctl start httpd`. Or restart it if it is already running: `systemctl restart httpd`, and assuming the web service restarts, you can now go and do some testing on your site.