Skip to content

==File Locations==

===Fedora/CentOS=== * HTML Document Root : /var/www/html * Main httpd config file: /etc/httpd/conf/httpd.conf * Apache Daemon Directory: /etc/rc.d/init.d/httpd ===Ubuntu=== * HTML Document Root : /var/www/html * Main httpd config file: /etc/apache2/apache.conf * Virtual Host Configuration file: /etc/apache2/sites-available/000-default.conf

==Basic Install Apache==

===Fedora/CentOS=== sudo dnf install httpd OR sudo yum install httpd depending on Fedora version

====Apache Status==== sudo systemctl httpd status
sudo apachectl status

====Start Apache==== sudo systemctl start httpd.service
sudo apachectl start

====Stop Apache==== sudo systemctl httpd stop
sudo apachectl stop

====Set Apache To Start At Boot==== sudo systemctl enable httpd.service
sudo apachectl enable

===Ubuntu=== sudo apt-get install apache2

====Apache Status====

====Start Apache==== sudo service apache2 start

====Stop Apache==== sudo service apache2 stop

====Restart Apache==== sudo service apache2 restart

==Create User Account Site== ===Fedora/CentOS===

Edit File: /etc/httpd/conf.d/userdir.conf

Comment out the “UserDir disable” macro and uncomment the “UserDir public_html” macro in userdir.conf

Create the useraccount (adduser, passwd)

Login to the account (avoids some known errors)

LOGOUT AND BACK IN AS ROOT

Create the public_html folder inside the users account folder (if you logged in the folder will have Documents, Music, Downloads, etc.)

==Add Password Access To Site== This is configuration guide in the appropriate conf file to cause a Basic Auth prompt to appear in the user's browser when viewing a page. Typically you will also want to generate a password file which will store the username and password to log into this area of your website. See the Create Password File section for steps on how to do that ===Fedora/CentOS=== Add this to /etc/httpd/conf.d/userdir.conf <Directory /home/ AllowOverride None AuthUserFile # Group authentication is disabled AuthGroupFile /dev/null AuthName test AuthType Basic require valid-user order deny,allow deny from all allow from all

If the basic auth does not appear, check in the userdir.conf the stanza at the bottom the page blocking access to userdir is commented out

==Create A Password File==

htpasswrd [-c]

Eg:
htpasswd [-c ] passwordfile username

-c to create a new password file

do not include '-c' to update a password file

Note when generating this file, if using it for the above user profile site and with basic auth security, you may need to place this created file in the public_html folder of the user's profile site you are trying to access. This doesn't seem safe, but it works. The internet gives notions that the file should be named with a '.' so that it is hidden from the file system

==Create A Self-Signed Certificate For Apache== ===Ubuntu=== 1. Create a folder create all of your self-signed certs in. cd into it
2. Execute: sudo openssl req -new > new.ssl.csr

First your going to be prompted to create a password. Remember this password, you will need it in a later command

At this point you will be prompted to enter some information looking something like this: Generating a 1024 bit RSA private key ................++++++ ........................++++++ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase:

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []: <email (optional)

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:

Basicaly for any setup most of the fields are optional except the Common Name field. If you are setting up apache with VirtualHost then you will need to make sure this is the fully qualified domain name (eg. wiki.bensoer.com) OR whatever value you are placing in the ServerAlias field of your VirtualHost entry for apache. This is important as apache will deny access if the value in the ServerAlias and the Common Name in the Self-Signed Certificate don't match

Additionaly you should leave the challenge password blank, otherwise you will need to enter the password you put there everytime you reboot apache

  1. Execute the Following commands: sudo openssl rsa -in privkey.pem -out new.cert.key sudo openssl x509 -in new.ssl.csr -out new.cert.cert -req -signkey new.cert.key -days 3600

sudo mkdir /etc/ssl/self-signed sudo mkdir /etc/ssl/self-signed/certs sudo mkdir /etc/ssl/self-signed/private

sudo cp new.cert.cert /etc/ssl/self-signed/certs/server.crt sudo cp new.cert.key /etc/ssl/self-signed/private/server.key

After entering the first command in step 3 you will be prompted for a password. This is the password you created earlier in step 1

Note the -days command used in the second command of step 3 is setting the number of days the self-signed certificate is valid. If you would like to renew your self-sgined certificate more often then change this number to something smaller

After completing all commands in step 3 your self-signed certificates will be available in the /etc/ssl/self-signed folder. You can reference these directories in your VirtualHost configurations when setting up SSL for a VirtualHost

==Notes==

Check Folder/File Permissions (sudo chmod 777 with caution)

* Check index.html

Check the Account was created correctly (login/logout)

==Sources== Create Self-Signed Certificates https://www.linux.com/learn/tutorials/392099-creating-self-signed-ssl-certificates-for-apache-on-linux