Documentation for a newer release is available. View Latest

Web Servers

indexterm:[HTTP server,Apache HTTP Server]indexterm:[web server,Apache HTTP Server] Last review: as they use the _hypertext transport protocol_ (*HTTP*).

The Apache HTTP Server

The web server available in Fedora is the Apache HTTP server daemon, httpd, an open source web server developed by the Apache Software Foundation. This section describes the basic configuration of the httpd service, and covers some advanced topics such as adding server modules, setting up virtual hosts, or configuring the secure HTTP server.

Running the httpd Service

This section describes how to start, stop, restart, and check the current status of the Apache HTTP Server. To be able to use the httpd service, make sure you have the httpd installed. You can do so by using the following command:

# dnf install httpd

For more information on the concept of targets and how to manage system services in Fedora in general, see Services and Daemons.

Starting the Service

To run the httpd service, type the following at a shell prompt as root:

# systemctl start httpd.service

If you want the service to start automatically at boot time, use the following command:

# systemctl enable httpd.service
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'

Using the secure server

If running the Apache HTTP Server as a secure server, a password may be required after the machine boots if using an encrypted private SSL key.

Stopping the Service

To stop the running httpd service, type the following at a shell prompt as root:

# systemctl stop httpd.service

To prevent the service from starting automatically at boot time, type:

# systemctl disable httpd.service
rm '/etc/systemd/system/multi-user.target.wants/httpd.service'

Restarting the Service

There are three different ways to restart a running httpd service:

To restart the service completely, enter the following command as root:

# systemctl restart httpd.service

This stops the running httpd service and immediately starts it again. Use this command after installing or removing a dynamically loaded module such as PHP.

To only reload the configuration without interrupting active requests, as root, type:

# systemctl reload httpd.service

This causes the running httpd service to reload its configuration file. Any requests currently being processed will not be interrupted, so configuration changes will only take effect for new client connections.

To reload the configuration and immediately terminate any active connections, enter the following command as root:

# systemctl kill --kill-who=main --signal=HUP httpd

Verifying the Service Status

To verify that the httpd service is running, type the following at a shell prompt:

# systemctl is-active httpd.service
active

Editing the Configuration Files

When the httpd service is started, by default, it reads the configuration from locations that are listed in The httpd service configuration files.

Table 1. The httpd service configuration files
Path	Description
`/etc/httpd/conf/httpd.conf`	The main configuration file.
`/etc/httpd/conf.d/`	An auxiliary directory for configuration files that are included in the main configuration file.

Although the default configuration should be suitable for most situations, it is a good idea to become at least familiar with some of the more important configuration options. Note that for any changes to take effect, the web server has to be restarted first. See Restarting the Service for more information on how to restart the httpd service. To check the configuration for possible errors, type the following at a shell prompt:

# apachectl configtest
Syntax OK

To make the recovery from mistakes easier, it is recommended that you make a copy of the original file before editing it.

Common httpd.conf Directives

The following directives are commonly used in the /etc/httpd/conf/httpd.conf configuration file:

<Directory>: The <Directory> directive allows you to apply certain directives to a particular directory only. It takes the following form:

<Directory directory>
  directive
  …
</Directory>

The directory can be either a full path to an existing directory in the local file system, or a wildcard expression.

This directive can be used to configure additional cgi-bin directories for server-side scripts located outside the directory that is specified by ScriptAlias. In this case, the ExecCGI and AddHandler directives must be supplied, and the permissions on the target directory must be set correctly (that is, 0755).

Example 1. Using the <Directory> directive

<Directory /var/www/html>
  Options Indexes FollowSymLinks
  AllowOverride None
  Order allow,deny
  Allow from all
</Directory>

<IfDefine>: The IfDefine directive allows you to use certain directives only when a particular parameter is supplied on the command line. It takes the following form:

<IfDefine !parameter>
  directive
  …
</IfDefine>

The parameter can be supplied at a shell prompt using the -Dparameter command line option (for example, httpd -DEnableHome). If the optional exclamation mark (that is, !) is present, the enclosed directives are used only when the parameter is not specified.

Example 2. Using the <IfDefine> directive

<IfDefine EnableHome>
  UserDir public_html
</IfDefine>

<IfModule>: The <IfModule> directive allows you to use certain directive only when a particular module is loaded. It takes the following form:

<IfModule !module>
  directive
  …
</IfModule>

The module can be identified either by its name, or by the file name. If the optional exclamation mark (that is, !) is present, the enclosed directives are used only when the module is not loaded.

Example 3. Using the <IfModule> directive

<IfModule mod_disk_cache.c>
  CacheEnable disk /
  CacheRoot /var/cache/mod_proxy
</IfModule>

<Location>: The <Location> directive allows you to apply certain directives to a particular URL only. It takes the following form:

<Location url>
  directive
  …
</Location>

The url can be either a path relative to the directory specified by the DocumentRoot directive (for example, /server-info), or an external URL such as http://example.com/server-info.

Example 4. Using the <Location> directive

<Location /server-info>
  SetHandler server-info
  Order deny,allow
  Deny from all
  Allow from .example.com
</Location>

<Proxy>: The <Proxy> directive allows you to apply certain directives to the proxy server only. It takes the following form:

<Proxy pattern>
  directive
  …
</Proxy>

The pattern can be an external URL, or a wildcard expression (for example, http://example.com/*).

Example 5. Using the <Proxy> directive

<Proxy *>
  Order deny,allow
  Deny from all
  Allow from .example.com
</Proxy>

<VirtualHost>: The <VirtualHost> directive allows you apply certain directives to particular virtual hosts only. It takes the following form:

<VirtualHost address:port…>
  directive
  …
</VirtualHost>

The address can be an IP address, a fully qualified domain name, or a special form as described in Available <VirtualHost> options.

Table 2. Available <VirtualHost> options
Option	Description
`*`	Represents all IP addresses.
`default`	Represents unmatched IP addresses.

Example 6. Using the <VirtualHost> directive

<VirtualHost *:80>
  ServerAdmin webmaster@penguin.example.com
  DocumentRoot /www/docs/penguin.example.com
  ServerName penguin.example.com
  ErrorLog logs/penguin.example.com-error_log
  CustomLog logs/penguin.example.com-access_log common
</VirtualHost>

AccessFileName: The AccessFileName directive allows you to specify the file to be used to customize access control information for each directory. It takes the following form:

AccessFileName filename…

The filename is a name of the file to look for in the requested directory. By default, the server looks for .htaccess. For security reasons, the directive is typically followed by the Files tag to prevent the files beginning with .ht from being accessed by web clients. This includes the .htaccess and .htpasswd files.

Example 7. Using the AccessFileName directive

AccessFileName .htaccess

<Files ~ "^\.ht">
  Order allow,deny
  Deny from all
  Satisfy All
</Files>

Action: The Action directive allows you to specify a CGI script to be executed when a certain media type is requested. It takes the following form:

Action content-type path

The content-type has to be a valid MIME type such as text/html, image/png, or application/pdf. The path refers to an existing CGI script, and must be relative to the directory specified by the DocumentRoot directive (for example, /cgi-bin/process-image.cgi).

Example 8. Using the Action directive

Action image/png /cgi-bin/process-image.cgi

AddDescription: The AddDescription directive allows you to specify a short description to be displayed in server-generated directory listings for a given file. It takes the following form:

AddDescription "description" filename…

The description should be a short text enclosed in double quotes (that is, "). The filename can be a full file name, a file extension, or a wildcard expression.

Example 9. Using the AddDescription directive

AddDescription "GZIP compressed tar archive" .tgz

AddEncoding: The AddEncoding directive allows you to specify an encoding type for a particular file extension. It takes the following form:

AddEncoding encoding extension…

The encoding has to be a valid MIME encoding such as x-compress, x-gzip, etc. The extension is a case sensitive file extension, and is conventionally written with a leading dot (for example, .gz).

This directive is typically used to instruct web browsers to decompress certain file types as they are downloaded.

Example 10. Using the AddEncoding directive

AddEncoding x-gzip .gz .tgz

AddHandler: The AddHandler directive allows you to map certain file extensions to a selected handler. It takes the following form:

AddHandler handler extension…

The handler has to be a name of previously defined handler. The extension is a case sensitive file extension, and is conventionally written with a leading dot (for example, .cgi).

This directive is typically used to treat files with the .cgi extension as CGI scripts regardless of the directory they are in. Additionally, it is also commonly used to process server-parsed HTML and image-map files.

Example 11. Using the AddHandler option

AddHandler cgi-script .cgi

AddIcon: The AddIcon directive allows you to specify an icon to be displayed for a particular file in server-generated directory listings. It takes the following form:

AddIcon path pattern…

The path refers to an existing icon file, and must be relative to the directory specified by the DocumentRoot directive (for example, /icons/folder.png). The pattern can be a file name, a file extension, a wildcard expression, or a special form as described in the following table:

Table 3. Available AddIcon options
Option	Description
`^{^DIRECTORY}^`	Represents a directory.
`^{^BLANKICON}^`	Represents a blank line.

Example 12. Using the AddIcon directive

AddIcon /icons/text.png .txt README

AddIconByEncoding: The AddIconByEncoding directive allows you to specify an icon to be displayed for a particular encoding type in server-generated directory listings. It takes the following form:

AddIconByEncoding path encoding…

The path refers to an existing icon file, and must be relative to the directory specified by the DocumentRoot directive (for example, /icons/compressed.png). The encoding has to be a valid MIME encoding such as x-compress, x-gzip, etc.

Example 13. Using the AddIconByEncoding directive

AddIconByEncoding /icons/compressed.png x-compress x-gzip

AddIconByType: The AddIconByType directive allows you to specify an icon to be displayed for a particular media type in server-generated directory listings. It takes the following form:

AddIconByType path content-type…

The path refers to an existing icon file, and must be relative to the directory specified by the DocumentRoot directive (for example, /icons/text.png). The content-type has to be either a valid MIME type (for example, text/html or image/png), or a wildcard expression such as text/, image/, etc.

Example 14. Using the AddIconByType directive

AddIconByType /icons/video.png video/*

AddLanguage: The AddLanguage directive allows you to associate a file extension with a specific language. It takes the following form:

AddLanguage language extension…

The language has to be a valid MIME language such as cs, en, or fr. The extension is a case sensitive file extension, and is conventionally written with a leading dot (for example, .cs).

This directive is especially useful for web servers that serve content in multiple languages based on the client’s language settings.

Example 15. Using the AddLanguage directive

AddLanguage cs .cs .cz

AddType: The AddType directive allows you to define or override the media type for a particular file extension. It takes the following form:

AddType content-type extension…

The content-type has to be a valid MIME type such as text/html, image/png, etc. The extension is a case sensitive file extension, and is conventionally written with a leading dot (for example, .cs).

Example 16. Using the AddType directive

AddType application/x-gzip .gz .tgz

Alias: The Alias directive allows you to refer to files and directories outside the default directory specified by the DocumentRoot directive. It takes the following form:

Alias url-path real-path

The url-path must be relative to the directory specified by the DocumentRoot directive (for example, /images/). The real-path is a full path to a file or directory in the local file system. This directive is typically followed by the Directory tag with additional permissions to access the target directory. By default, the /icons/ alias is created so that the icons from /var/www/icons/ are displayed in server-generated directory listings.

Example 17. Using the Alias directive

Alias /icons/ /var/www/icons/

<Directory "/var/www/icons">
  Options Indexes MultiViews FollowSymLinks
  AllowOverride None
  Order allow,deny
  Allow from all
<Directory>

Allow: The Allow directive allows you to specify which clients have permission to access a given directory. It takes the following form:

Allow from client…

The client can be a domain name, an IP address (both full and partial), a network/netmask pair, or all for all clients.

Example 18. Using the Allow directive

Allow from 192.168.1.0/255.255.255.0

AllowOverride: The AllowOverride directive allows you to specify which directives in a .htaccess file can override the default configuration. It takes the following form:

AllowOverride type…

The type has to be one of the available grouping options as described in Available AllowOverride options.

Table 4. Available AllowOverride options
Option	Description
`All`	All directives in `.htaccess` are allowed to override earlier configuration settings.
`None`	No directive in `.htaccess` is allowed to override earlier configuration settings.
`AuthConfig`	Allows the use of authorization directives such as `AuthName`, `AuthType`, or `Require`.
`FileInfo`	Allows the use of file type, metadata, and `mod_rewrite` directives such as `DefaultType`, `RequestHeader`, or `RewriteEngine`, as well as the `Action` directive.
`Indexes`	Allows the use of directory indexing directives such as `AddDescription`, `AddIcon`, or `FancyIndexing`.
`Limit`	Allows the use of host access directives, that is, `Allow`, `Deny`, and `Order`.
`Options`=option,…	Allows the use of the `Options` directive. Additionally, you can provide a comma-separated list of options to customize which options can be set using this directive.

Example 19. Using the AllowOverride directive

AllowOverride FileInfo AuthConfig Limit

BrowserMatch: The BrowserMatch directive allows you to modify the server behavior based on the client’s web browser type. It takes the following form:

BrowserMatch pattern variable…

The pattern is a regular expression to match the User-Agent HTTP header field. The variable is an environment variable that is set when the header field matches the pattern.

By default, this directive is used to deny connections to specific browsers with known issues, and to disable keepalives and HTTP header flushes for browsers that are known to have problems with these actions.

Example 20. Using the BrowserMatch directive

BrowserMatch "Mozilla/2" nokeepalive

CacheDefaultExpire: The CacheDefaultExpire option allows you to set how long to cache a document that does not have any expiration date or the date of its last modification specified. It takes the following form:

CacheDefaultExpire time

The time is specified in seconds. The default option is 3600 (that is, one hour).

Example 21. Using the CacheDefaultExpire directive

CacheDefaultExpire 3600

CacheDisable: The CacheDisable directive allows you to disable caching of certain URLs. It takes the following form:

CacheDisable path

The path must be relative to the directory specified by the DocumentRoot directive (for example, /files/).

Example 22. Using the CacheDisable directive

CacheDisable /temporary

CacheEnable: The CacheEnable directive allows you to specify a cache type to be used for certain URLs. It takes the following form:

CacheEnable type url

The type has to be a valid cache type as described in Available cache types. The url can be a path relative to the directory specified by the DocumentRoot directive (for example, /images/), a protocol (for example, ftp://), or an external URL such as http://example.com/.

Table 5. Available cache types
Type	Description
`mem`	The memory-based storage manager.
`disk`	The disk-based storage manager.
`fd`	The file descriptor cache.

Example 23. Using the CacheEnable directive

CacheEnable disk /

CacheLastModifiedFactor: The CacheLastModifiedFactor directive allows you to customize how long to cache a document that does not have any expiration date specified, but that provides information about the date of its last modification. It takes the following form:

CacheLastModifiedFactor number

The number is a coefficient to be used to multiply the time that passed since the last modification of the document. The default option is 0.1 (that is, one tenth).

Example 24. Using the CacheLastModifiedFactor directive

CacheLastModifiedFactor 0.1

CacheMaxExpire: The CacheMaxExpire directive allows you to specify the maximum amount of time to cache a document. It takes the following form:

CacheMaxExpire time

The time is specified in seconds. The default option is 86400 (that is, one day).

Example 25. Using the CacheMaxExpire directive

CacheMaxExpire 86400

CacheNegotiatedDocs: The CacheNegotiatedDocs directive allows you to enable caching of the documents that were negotiated on the basis of content. It takes the following form:

CacheNegotiatedDocs option

The option has to be a valid keyword as described in Available CacheNegotiatedDocs options. Since the content-negotiated documents may change over time or because of the input from the requester, the default option is Off.

Table 6. Available CacheNegotiatedDocs options
Option	Description
`On`	Enables caching the content-negotiated documents.
`Off`	Disables caching the content-negotiated documents.

Example 26. Using the CacheNegotiatedDocs directive

CacheNegotiatedDocs On

CacheRoot: The CacheRoot directive allows you to specify the directory to store cache files in. It takes the following form:

CacheRoot directory

The directory must be a full path to an existing directory in the local file system. The default option is /var/cache/mod_proxy/.

Example 27. Using the CacheRoot directive

CacheRoot /var/cache/mod_proxy

CustomLog: The CustomLog directive allows you to specify the log file name and the log file format. It takes the following form:

CustomLog path format

The path refers to a log file, and must be relative to the directory that is specified by the ServerRoot directive (that is, /etc/httpd/ by default). The format has to be either an explicit format string, or a format name that was previously defined using the LogFormat directive.

Example 28. Using the CustomLog directive

CustomLog logs/access_log combined

DefaultIcon: The DefaultIcon directive allows you to specify an icon to be displayed for a file in server-generated directory listings when no other icon is associated with it. It takes the following form:

DefaultIcon path

The path refers to an existing icon file, and must be relative to the directory specified by the DocumentRoot directive (for example, /icons/unknown.png).

Example 29. Using the DefaultIcon directive

DefaultIcon /icons/unknown.png

DefaultType: The DefaultType directive allows you to specify a media type to be used in case the proper MIME type cannot be determined by the server. It takes the following form:

DefaultType content-type

The content-type has to be a valid MIME type such as text/html, image/png, application/pdf, etc.

Example 30. Using the DefaultType directive

DefaultType text/plain

Deny: The Deny directive allows you to specify which clients are denied access to a given directory. It takes the following form:

Deny from client…

The client can be a domain name, an IP address (both full and partial), a network/netmask pair, or all for all clients.

Example 31. Using the Deny directive

Deny from 192.168.1.1

DirectoryIndex: The DirectoryIndex directive allows you to specify a document to be served to a client when a directory is requested (that is, when the URL ends with the / character). It takes the following form:

DirectoryIndex filename…

The filename is a name of the file to look for in the requested directory. By default, the server looks for index.html, and index.html.var.

Example 32. Using the DirectoryIndex directive

DirectoryIndex index.html index.html.var

DocumentRoot: The DocumentRoot directive allows you to specify the main directory from which the content is served. It takes the following form:

DocumentRoot directory

The directory must be a full path to an existing directory in the local file system. The default option is /var/www/html/.

Example 33. Using the DocumentRoot directive

DocumentRoot /var/www/html

ErrorDocument: The ErrorDocument directive allows you to specify a document or a message to be displayed as a response to a particular error. It takes the following form:

ErrorDocument error-code action

The error-code has to be a valid code such as 403 (Forbidden), 404 (Not Found), or 500 (Internal Server Error). The action can be either a URL (both local and external), or a message string enclosed in double quotes (that is, ").

Example 34. Using the ErrorDocument directive

ErrorDocument 403 "Access Denied"
ErrorDocument 404 /404-not_found.html

ErrorLog: The ErrorLog directive allows you to specify a file to which the server errors are logged. It takes the following form:

ErrorLog path

The path refers to a log file, and can be either absolute, or relative to the directory that is specified by the ServerRoot directive (that is, /etc/httpd/ by default). The default option is logs/error_log

Example 35. Using the ErrorLog directive

ErrorLog logs/error_log

ExtendedStatus: The ExtendedStatus directive allows you to enable detailed server status information. It takes the following form:

ExtendedStatus option

The option has to be a valid keyword as described in Available ExtendedStatus options. The default option is Off.

Table 7. Available ExtendedStatus options
Option	Description
`On`	Enables generating the detailed server status.
`Off`	Disables generating the detailed server status.

Example 36. Using the ExtendedStatus directive

ExtendedStatus On

Group: The Group directive allows you to specify the group under which the httpd service will run. It takes the following form:

Group group

The group has to be an existing UNIX group. The default option is apache.

Note that Group is no longer supported inside <VirtualHost>, and has been replaced by the SuexecUserGroup directive.

Example 37. Using the Group directive

Group apache

HeaderName: The HeaderName directive allows you to specify a file to be prepended to the beginning of the server-generated directory listing. It takes the following form:

HeaderName filename

The filename is a name of the file to look for in the requested directory. By default, the server looks for HEADER.html.

Example 38. Using the HeaderName directive

HeaderName HEADER.html

HostnameLookups: The HostnameLookups directive allows you to enable automatic resolving of IP addresses. It takes the following form:

HostnameLookups option

The option has to be a valid keyword as described in Available HostnameLookups options. To conserve resources on the server, the default option is Off.

Table 8. Available HostnameLookups options
Option	Description
`On`	Enables resolving the IP address for each connection so that the hostname can be logged. However, this also adds a significant processing overhead.
`Double`	Enables performing the double-reverse DNS lookup. In comparison to the above option, this adds even more processing overhead.
`Off`	Disables resolving the IP address for each connection.

Note that when the presence of hostnames is required in server log files, it is often possible to use one of the many log analyzer tools that perform the DNS lookups more efficiently.

Example 39. Using the HostnameLookups directive

HostnameLookups Off

Include: The Include directive allows you to include other configuration files. It takes the following form:

Include filename

The filename can be an absolute path, a path relative to the directory specified by the ServerRoot directive, or a wildcard expression. All configuration files from the /etc/httpd/conf.d/ directory are loaded by default.

Example 40. Using the Include directive

Include conf.d/*.conf

IndexIgnore: The IndexIgnore directive allows you to specify a list of file names to be omitted from the server-generated directory listings. It takes the following form:

IndexIgnore filename…

The filename option can be either a full file name, or a wildcard expression.

Example 41. Using the IndexIgnore directive

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

IndexOptions: The IndexOptions directive allows you to customize the behavior of server-generated directory listings. It takes the following form:

IndexOptions option…

The option has to be a valid keyword as described in Available directory listing options. The default options are Charset=UTF-8, FancyIndexing, HTMLTable, NameWidth=*, and VersionSort.

Table 9. Available directory listing options
Option	Description
`Charset`=encoding	Specifies the character set of a generated web page. The encoding has to be a valid character set such as `UTF-8` or `ISO-8859-2`.
`Type`=content-type	Specifies the media type of a generated web page. The content-type has to be a valid MIME type such as `text/html` or `text/plain`.
`DescriptionWidth`=value	Specifies the width of the description column. The value can be either a number of characters, or an asterisk (that is, `*`) to adjust the width automatically.
`FancyIndexing`	Enables advanced features such as different icons for certain files or possibility to re-sort a directory listing by clicking on a column header.
`FolderFirst`	Enables listing directories first, always placing them above files.
`HTMLTable`	Enables the use of HTML tables for directory listings.
`IconsAreLinks`	Enables using the icons as links.
`IconHeight`=value	Specifies an icon height. The value is a number of pixels.
`IconWidth`=value	Specifies an icon