Table of Contents
/path/to/ is the full path to the htpasswd utility. The full path to the htpasswd utility is necessary if htpasswd is in a nonstandard location. After running the htpasswd command, you will be prompted to enter the user's password. Notice the difference between both commands. The first command uses the -c flag. This flag is used when creating a. This section focuses on the Apache HTTP Server 2.4, httpd, an open source web server developed by the Apache Software Foundation. If you are upgrading from a previous release of Red Hat Enterprise Linux, you will need to update the httpd service configuration accordingly. This section reviews some of the newly added features, outlines important changes between Apache HTTP Server 2.4.
Advanced Apache Configuration - The paths.conf File
Last modified: April 2, 2021
Overview
HTML File Paths. A file path describes the location of a file in a web site's folder structure. File paths are used when linking to external files, like. This is my Python3 project hiearchy: projet script.py web index.html From script.py, I would like to run a http server which serve the content of the web folder.
To improve future compatibility within the cPanel & WHM codebase, we eliminated the use of hardcoded paths to refer to Apache files and directories.
We strongly recommend that you do not change Apache configuration file locations. EasyApache 4 controls the /etc/cpanel/ea4/paths.conf file with the ea-apache24-config-runtime package, and you can only change these values if you create a custom webstack.
Default file paths
EasyApache 4 configures the following file paths by default:
| Alias | File path |
|---|---|
dir_domlogs | /etc/apache2/logs/domlogs |
bin_httpd | /usr/sbin/httpd |
bin_apachectl | /usr/sbin/apachectl |
bin_suexec | /usr/sbin/suexec |
dir_docroot | /var/www/html |
file_conf_php_conf | /etc/apache2/conf.d/php.conf |
dir_modules | /etc/apache2/modules |
dir_conf_userdata | /etc/apache2/conf.d/userdata |
file_conf | /etc/apache2/conf/httpd.conf |
dir_base | /etc/apache2 |
dir_conf | /etc/apache2/conf.d |
file_access_log | /etc/apache2/logs/access_log |
file_error_log | /etc/apache2/logs/error_log |
dir_conf_includes | /etc/apache2/conf.d/includes |
dir_run | CentOS 6: /var/run/apache2All other operating systems: /run/apache2 |
file_conf_mime_types | /etc/apache2/conf/mine.types |
dir_logs | /etc/apache2/logs |
file_conf_srm_conf | /etc/apache2/conf.d/srm.conf |
For more information about EasyApache 4 and Apache, read our Apache documentation.
Additional Documentation
Overview
SELinux can be very troublesome when deploying web applications on Red Hat while not using the default Apache directories, for either content or logs. Your application may need to be installed in a separate directory or maybe, for other reasons, you want to place your content somewhere else. In these scenarios, SELinux will not allow Apache to access your content or log files.
Instead of disabling SELinux, which you should never do, though many do, you should instead create custom policies that apply the proper SELinux context types to your directories and files. Aside from allowing more freedom for placement of your application files, if something were to cause your context settings to disappear, you will be able to quickly remedy the problem by running a context restore to get your applications running again right away.
Challenges
- Application must reside outside of the default Apache directory (/var/www/html).
- SELinux blocks Apache from loading content outside of default directories.
- Some files require for the application read and write access. By default, they cannot.
- Some directories require write access for uploading content. By default, they cannot.
Expectations
This tutorial assumes that MySQL and Apache are already installed and configured. The scope is to show how to apply common Apache SELinux contexts to a web application’s directory structure, by creating and applying custom policies, allowing you to place your files outside of the default location (/var/www/html).
Application Directory Structure
Before designing an SELinux policy for our web application, we need to understand the directory structure our application will use. This structure is an example only. Your structure will more than likely differ due to environmental requirements.
Our application has the following directory tree on the web server. I’m only showing a subset of directories and files, but it should be enough for the purposes of this tutorial.
| Apps | This directory contains web application directories, which host the application files. Each application will be segregated into its own child app directory. All files should be read-only, unless explicit permissions allow otherwise. |
|---|---|
| Logs | This directory will contain the log files for our applications. Each application will have its own child log directory. |
| Cache | Contains the Apache cache directories for each application. |
Creating SELinux Policies
Install Required Packages
Before we can create our own policies, we need to ensure SEMANAGE is installed. This application allows us to browse through the existing, default context policies, and create our own.
- Open a console with root privileges
- Install the policycoreutils-python package, which contains SEMANAGE.
- For troubleshooting SELinux issues, download the setroubleshooting package. This step is actually optional, but you’ll be thankful for it when you are able quickly diagnose SELinux problems with it.
Apache Context Types
Before we can start creating our own policies for applying Apache’s context types, we need to understand which are available to us out of the box. The following table shows the ones we are primarily interested in, however there are several others available.
| httpd_sys_content_t | Read-only directories and files used by Apache |
|---|---|
| httpd_sys_rw_content_t | Readable and writable directories and files used by Apache. Assign this to directories where files can be created or modified by your application, or assign it to files directory to allow your application to modify them. |
| httpd_log_t | Used by Apache to generate and append to web application log files. |
| httpd_cache_t | Assign to a directory used by Apache for caching, if you are using mod_cache. |
For a complete list of context types for Apache, open the man page for Apache and SELinux.
If you’d like to see existing policies, to better understand why default contexts are applied to your directories and files, list them using the semanage command.
Create the Policies
- Create a policy to assign the httpd_sys_content_t context to the /webapps directory, and all child directories and files.
- Create a policy to assign the httpd_log_t context to the logging directories.
- Create a policy to assign the httpd_cache_t context to our cache directories.
Allowing ReadWrite Access
Apache now has permission to use our custom application directories. However, it does not have readwrite access to anything, which may be desired. If your application does have files or directories that need this type of access, as WordPress does, then we need to also apply the context which allows it, but only for those files or directories that require it.
The following will be assigned the Apache readwrite context, so that they can be written to or modified.
| /uploads/ | Directory | Allow WordPress to upload files for blog entries, such as images, videos, audio, etc. |
|---|---|---|
| /wp-config.php | File | This file is modifed by WordPress when permalinks are enabled or changed. It needs to be writable, otherwise, changes to the file will have to be done manually. |
- Create a policy to assign the httpd_sys_rw_content_t context to the upload directory, and all child files.
- Create a policy to assign the httpd_sys_rw_content_t context to the WordPress configuration file, wp-config.php.
Applying the SELinux Policy
Our policies are created and ready to be applied to our directory structure. We will use the restorecon command to apply them. This is the same command you will use to re-apply the contexts to the application directories if for some reason they get removed or corrupted.
- Apply the SELinux policies
- Our directory structure should now have the following SELinux contexts applied.
- You can verify your context types are being applied used the ls command with the -Z switch, on each of the directories. We’ll check the webapps root, as an example.
- The output will display the context type. Notice the highlighted context types.
Conclusion
You now have a secure web application, with files the reside outside of the default locations. A lot of administrators disable SELinux thinking it prevents them from configuring the server based on their own requirements. Even a lot of vendors ask you to disable it, since it may be viewed as too difficult or time-consuming to guide the administrators through it.
Cached
SELinux is a crucial layer in securing your server. And as mentioned in the beginning, it should never be disabled. It provides protections beyond what firewalls and other layers can provide. It’s better to learn how easy it is to utilize than to open security holes.
Html - How Do I Change The Default Index Page In Apache ...
The goal of this tutorial was to show just how easy manipulating SELinux is to fit your environments requirements. I hope the example was helpful enough to show how easy it is.