Home > Uncategorized > Baseline apache server config (preferred) on CentOS6 with SElinux

Baseline apache server config (preferred) on CentOS6 with SElinux

This is a simple config for httpd.

It provides all traffic over HTTPS.

It serves a new directory, /var/www/newsiteroot.

Create the root directory of the served pages:

mkdir -p /var/www/newsiteroot

Install and configure httpd to start at system boot:

yum -y install httpd openssl mod_ssl
chkconfig --level 345 httpd on

Edit the httpd config so that you serve the page(s) only over HTTPS:

vim /etc/httpd/conf/httpd.conf
#disable all the LoadModule lines, except for ones you need
#ServerName SERVERNAME.domain.com #change the name
#at the bottom
#RewriteEngine On
#RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Edit the httpd config so that you serve the page(s) you want:

vim /etc/httpd/conf.d/ssl.conf
#find or modify (see http://goo.gl/uCpvP)
#SSLHonorCipherOrder On
#SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
#within the <VirtualHost _default_:443>...
#ServerName SERVERNAME.domain.com
#DocumentRoot /var/www/newsiteroot
#ErrorLog logs/newsite_error.log
#<Directory /var/www/newsiteroot>
#	Allow from all
#	Options -MultiViews
#	Order allow,deny
#	AllowOverride all
#</Directory>

Change the ownership of the site root, and adjust some SElinux settings:

chown -R apache:apache /var/www/newsiteroot
chcon -Rv --type=httpd_sys_content_t /var/www/newsiteroot
setsebool -P httpd_setrlimit 1
setsebool -P httpd_can_network_connect 1
Advertisements
  1. No comments yet.
  1. June 18, 2012 at 3:14 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: