X-Files Wiki

CentOS install Apache

Install Apache

yum install httpd

Remove default Apache page

> /etc/httpd/conf.d/welcome.conf
touch /var/www/html/index.html

Set the servername

sed -i "s/#ServerName www.example.com:80/#ServerName MYSERVERNAME:80/" /etc/httpd/conf/httpd.conf

Remove indexes so we don't expose files

sed -i "s/Options Indexes FollowSymLinks/Options -Indexes +FollowSymLinks/" /etc/httpd/conf/httpd.conf

Enable and start Apache

systemctl enable httpd.service
systemctl start httpd.service

Tweak /etc/httpd/conf/httpd.conf to your liking.

Apache create a virtual host

touch /etc/httpd/conf.d/vhost.conf
chown root: /etc/httpd/conf.d/vhost.conf
mkdir -p /var/www/html/default

A simple vhost file

<VirtualHost *:80>
        ServerName 80.71.128.10
        DocumentRoot /var/www/html/default
        ErrorLog /var/log/httpd/ip.error.log
        CustomLog /var/log/httpd/ip.access.log combined env=!dontlog

        RewriteEngine on
        RewriteCond %{HTTP_USER_AGENT} ^.*internal\ dummy\ connection.*$ [NC]
        RewriteRule .* - [F,E=dontlog:1,L]

        RewriteEngine on
        RewriteCond %{HTTP_USER_AGENT}  ^.*ApacheBench.*$
        RewriteRule . - [R=403,L]

        SetEnvIf Remote_Addr "::1" dontlog
        SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
        SetEnvIf Remote_Addr "10\.0\.235\.191" dontlog
        SetEnvIf Remote_Addr "142\.11\.212\.206" dontlog
        SetEnvIf Remote_Host "bing\.com" dontlog
        SetEnvIf Remote_Host "crawl\.baidu\.com" dontlog
        SetEnvIf Remote_Host "search\.msn\.com" dontlog
        SetEnvIf Remote_Host "yandex\.com" dontlog
        SetEnvIf Remote_Host "google\.com" dontlog
        SetEnvIFNoCase User-Agent "Googlebot" dontlog

        # Dont log certain files Start
        SetEnvIf Request_URI "^/gft.php$" dontlog
        # Dont log certain files Stop

    # Ip Access list Start
        <Location />
        Order Deny,Allow
        Deny from all
        </Location>
    # Ip Access list Stop
</VirtualHost>

Check Apache configuration and restart

apachectl configtest
systemctl restart httpd.service

Install mod_proxy_html

Default install of Apache includes most of the proxy modules but for some reason mod_proxy_html does not get installed, you can do it like this.

yum install mod_proxy_html

Optional install mod_ssl

If you plan on using a certificate on your Apache server you will need mod_ssl

yum install mod_ssl
systemctl restart httpd.service

Wordpress

Notes on wordpress if running wordpress or having ssl certificates located other places than default remember to disable selinux

Optional tweak connections etc

You can modify /etc/sysctl.conf to get the most out of your server and example can be found (here)