How to Set Up HTTP Server on CentOS?
Deploying an HTTP server on CentOS requires careful planning and execution, especially when dealing with enterprise-grade hosting environments. This guide dives deep into the technical aspects of setting up a robust HTTP server, focusing on performance, security, and scalability.
Prerequisites and System Requirements
Before diving into the installation process, ensure your system meets these baseline requirements:
- CentOS 7.x or 8.x (minimal installation)
- Root access or sudo privileges
- Minimum 2GB RAM
- 20GB available disk space
- Active internet connection
Initial System Configuration
First, let’s update the system and configure the necessary repositories. Open your terminal and execute:
sudo dnf update -y
sudo dnf install epel-release -y
sudo dnf install httpd -y
Apache Installation and Basic Setup
After installing Apache HTTP Server, we’ll need to configure the service and set up automatic startup. Execute these commands sequentially:
sudo systemctl start httpd
sudo systemctl enable httpd
sudo systemctl status httpd
Verify the installation by accessing your server’s IP address through a web browser. You should see the default Apache test page.
Essential Configuration Steps
The main configuration file for Apache is located at /etc/httpd/conf/httpd.conf. Let’s make some crucial modifications to enhance security and performance:
# Backup the original configuration
sudo cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.backup
# Edit the configuration file
sudo nano /etc/httpd/conf/httpd.conf
Add these optimized settings to your configuration:
ServerTokens Prod
ServerSignature Off
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
Timeout 60
LimitRequestBody 10485760
Virtual Host Configuration
For hosting multiple websites, virtual hosts are essential. Create a new virtual host configuration:
sudo mkdir -p /var/www/yourdomain.com/html
sudo chown -R apache:apache /var/www/yourdomain.com/html
sudo chmod -R 755 /var/www/yourdomain.com
# Create virtual host configuration
sudo nano /etc/httpd/conf.d/yourdomain.com.conf
Add this virtual host configuration template:
<VirtualHost *:80>
ServerAdmin webmaster@yourdomain.com
ServerName yourdomain.com
ServerAlias www.yourdomain.com
DocumentRoot /var/www/yourdomain.com/html
ErrorLog /var/log/httpd/yourdomain.com-error.log
CustomLog /var/log/httpd/yourdomain.com-access.log combined
<Directory /var/www/yourdomain.com/html>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Security Hardening Measures
Implementing robust security measures is crucial for any production HTTP server. Here’s how to enhance your server’s security posture:
1. Configure ModSecurity Web Application Firewall
sudo dnf install mod_security mod_security_crs -y
sudo systemctl restart httpd
sudo mv /etc/httpd/modsecurity.d/modsecurity.conf{-recommended,}
sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/httpd/modsecurity.d/modsecurity.conf
2. SSL/TLS Configuration
Install and configure SSL certificate using Let’s Encrypt:
sudo dnf install certbot python3-certbot-apache -y
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
sudo systemctl restart httpd
Add these security headers to your Apache configuration:
<IfModule mod_headers.c>
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set Content-Security-Policy "default-src 'self'"
</IfModule>
Performance Optimization
Optimize your HTTP server’s performance with these advanced configurations:
1. Enable Caching
sudo nano /etc/httpd/conf.d/cache.conf
# Add the following configuration
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
</IfModule>
2. Enable Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/json
</IfModule>
3. MPM Configuration
For better performance, configure the MPM (Multi-Processing Module) settings:
sudo nano /etc/httpd/conf.modules.d/00-mpm.conf
# Comment out prefork module and enable event module
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule mpm_event_module modules/mod_mpm_event.so
# Add event MPM configuration
<IfModule mpm_event_module>
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0
</IfModule>
Monitoring and Troubleshooting
Implementing proper monitoring and knowing how to troubleshoot issues are crucial for maintaining a reliable HTTP server:
1. Log Analysis
Set up log rotation to manage Apache logs effectively:
sudo nano /etc/logrotate.d/httpd
/var/log/httpd/*log {
weekly
rotate 52
missingok
notifempty
sharedscripts
compress
delaycompress
postrotate
/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
endscript
}
2. Performance Monitoring
Install and configure Apache server-status module:
sudo nano /etc/httpd/conf.d/server-status.conf
<Location "/server-status">
SetHandler server-status
Require ip 127.0.0.1
Require ip ::1
</Location>
Common Issues and Solutions
Here are solutions to frequently encountered issues:
1. Permission Issues
# Fix SELinux contexts
sudo restorecon -Rv /var/www/html/
# Set correct permissions
sudo chcon -R -t httpd_sys_content_t /var/www/html/
sudo setsebool -P httpd_can_network_connect 1
2. Connection Timeouts
# Adjust timeout settings in Apache configuration
Timeout 300
KeepAliveTimeout 15
MaxKeepAliveRequests 100
Maintenance Best Practices
Follow these maintenance procedures to ensure optimal server performance:
- Regular system updates:
sudo dnf update -y
- Monitor disk usage:
df -h
- Check Apache status:
sudo systemctl status httpd
- Review error logs:
sudo tail -f /var/log/httpd/error_log
Conclusion
Setting up an HTTP server on CentOS requires careful attention to security, performance, and maintenance. This guide covered essential aspects of Apache configuration, from basic installation to advanced optimization techniques. Regular monitoring and proper maintenance will ensure your web server remains secure and performs optimally. For those looking to deploy production servers, consider professional hosting solutions that provide additional security layers and managed services.