How to Install Apache HTTP Server on RHEL 7

How to Install Apache HTTP Server on RHEL 7

Apache HTTP Server is one of the most widely deployed web servers in the world, powering millions of websites and applications. On Red Hat Enterprise Linux 7, Apache (referred to in the package system as httpd) is available directly from the default RHEL repositories, making installation straightforward. This tutorial guides you through installing Apache, starting and enabling the service, configuring the firewall, reviewing the default configuration, understanding the document root structure, and handling SELinux contexts to ensure your web files are served correctly.

Prerequisites

• A RHEL 7 server with root or sudo access
• An active Red Hat subscription or access to a RHEL 7-compatible repository
• Basic familiarity with the Linux command line and text editors
• An active network connection

Step 1: Install the Apache HTTP Server Package

Apache is packaged as httpd in RHEL 7 repositories. Install it using yum:

sudo yum install httpd -y

To also install common Apache utility packages and documentation:

sudo yum install httpd httpd-tools mod_ssl -y

Verify the installed version:

httpd -v

Expected output:

Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
Server built:   Nov  5 2023 06:02:50

Step 2: Start and Enable Apache

Use systemctl to start the Apache service and configure it to start automatically at boot:

sudo systemctl start httpd
sudo systemctl enable httpd

Verify the current service status:

sudo systemctl status httpd

The output should show active (running). You will also see details such as the process ID, the path to the configuration file Apache loaded, and recent journal entries. If Apache fails to start, the journal output here will often point directly to the cause.

Step 3: Configure the Firewall for HTTP and HTTPS

RHEL 7 uses firewalld to manage iptables rules. Allow HTTP (port 80) and HTTPS (port 443) traffic permanently and reload the firewall to apply the changes:

sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --reload

Confirm the services are now permitted:

sudo firewall-cmd --zone=public --list-services

The output should include both http and https. You can also verify with:

sudo firewall-cmd --zone=public --list-all

Step 4: Explore the Apache Configuration Structure

The primary Apache configuration file on RHEL 7 is located at /etc/httpd/conf/httpd.conf. This file controls the global server settings. Open it to review key directives:

sudo cat /etc/httpd/conf/httpd.conf | less

Important directives in this file include:

• ServerRoot "/etc/httpd" — The base directory for the Apache installation.
• Listen 80 — Apache listens for connections on port 80.
• DocumentRoot "/var/www/html" — The directory from which Apache serves files by default.
• DirectoryIndex index.html — The file Apache looks for when a directory is requested.
• IncludeOptional conf.d/*.conf — Additional configuration files in /etc/httpd/conf.d/ are automatically loaded.

Avoid modifying httpd.conf directly for site-specific configuration. Instead, place custom configuration files in /etc/httpd/conf.d/ to keep the main file clean and organized.

Step 5: Place Files in the Document Root

By default, Apache serves files from /var/www/html. Create a simple test page to verify Apache is serving content:

echo "<h1>Apache is running on RHEL 7</h1>" | sudo tee /var/www/html/index.html

Now open a browser or use curl to test:

curl http://localhost

You should see the HTML you just created returned in the response.

Step 6: Review Apache Log Files

Apache writes logs to /var/log/httpd/. The two main log files are:

• Access log: /var/log/httpd/access_log — Records all HTTP requests including method, URL, status code, response size, and user agent.
• Error log: /var/log/httpd/error_log — Records errors, warnings, and startup/shutdown messages.

Monitor the access log in real time:

sudo tail -f /var/log/httpd/access_log

Monitor errors:

sudo tail -f /var/log/httpd/error_log

When diagnosing issues with virtual hosts, permissions, or module behavior, the error log is always the first place to look.

Step 7: Understand SELinux and Web File Contexts

RHEL 7 enforces SELinux in enforcing mode by default. SELinux uses security contexts to control which processes can access which files. For Apache to serve files from a directory, those files must have the httpd_sys_content_t SELinux type.

Files placed directly in /var/www/html inherit the correct context automatically. However, if you place web files in a non-standard directory or copy files from another location, you may need to set the context manually.

Check the current SELinux context of a file:

ls -Z /var/www/html/index.html

You should see output like:

-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/index.html

If the context is wrong (for example, default_t or user_home_t), Apache will receive a permission denial even if standard Linux file permissions appear correct. Use chcon to fix the context on a specific file:

sudo chcon -t httpd_sys_content_t /path/to/yourfile.html

To apply the correct context recursively to an entire directory:

sudo chcon -R -t httpd_sys_content_t /path/to/your/webroot/

To make the label change persistent across relabeling operations, use semanage to add a file context rule and then restorecon to apply it:

sudo semanage fcontext -a -t httpd_sys_content_t "/path/to/webroot(/.*)?"
sudo restorecon -Rv /path/to/webroot/

If you have moved files or copied them from home directories, you may encounter Permission denied entries in the Apache error log. Always check SELinux audit messages with:

sudo ausearch -m avc -ts recent | tail -20

Or use sealert for a human-readable explanation:

sudo sealert -a /var/log/audit/audit.log

Step 8: Test the Configuration Syntax

Before reloading or restarting Apache after configuration changes, always validate the syntax:

sudo apachectl configtest

Or equivalently:

sudo httpd -t

A successful test returns:

Syntax OK

If errors are found, the output will include the file name and line number of the problem. Fix all reported errors before proceeding with a reload or restart.

Step 9: Reload and Restart Apache

After making configuration changes, reload Apache to apply them without interrupting active connections:

sudo systemctl reload httpd

For a full restart (which does briefly interrupt active connections):

sudo systemctl restart httpd

Conclusion

You have successfully installed Apache HTTP Server on RHEL 7, opened the necessary firewall ports, reviewed the configuration structure, and learned how to manage SELinux file contexts for web content. Apache is now running and ready to serve your web applications. The next steps typically involve creating virtual host configuration files in /etc/httpd/conf.d/ to host multiple websites on the same server, configuring SSL/TLS certificates for HTTPS, and tuning the KeepAlive and MaxRequestWorkers settings in httpd.conf to match your expected traffic load.