Setup Apache 2.4 + PHP 7.2 + CentOS 7 with Basic Security + SSL (HTTPS)

By | July 15, 2018

Bismillahi-r-Rahmani-r-Rahim (In the name of Allah, the most Compassionate, the most Merciful)

Assalamu alaikum wa rahmatullahi wa barakatuh (May the peace, mercy, and blessings of Allah be with you)

This is the ad hoc tutorial on how to setup Apache 2.4 / PHP 7.2 web server in CentOS, configure basic security and enable SSL (HTTPS). We will first prepare the system and configure the needed repositories. Next the Apache and PHP will be installed and configured. Finally, we will create our first website and enable SSL for it.

Below content is complementary to the video tutorial above.

Update the system, install some tools and packages and configure the repositories:

yum update -y && yum upgrade -y
yum -y install nano net-tools.x86_64 bind-utils
yum -y install epel-release
rpm -Uvh
rpm -Uvh

Set SELINUX=disabled:

nano /etc/selinux/config

Install Apache and PHP:

yum install httpd -y
yum install -y php72w php72w-fpm php72w-opcache php72w-xml php72w-soap php72w-xmlrpc php72w-mbstring php72w-mysqli php72w-json php72w-gd php72w-ldap php72w-intl php72w-bcmath php72w-mssql php72w-devel php72w-pear
httpd -v && php -v

Configure Apache:

nano /etc/httpd/conf/httpd.conf

Add following lines before IncludeOptional conf.d/*.conf line in httpd.conf file:

ServerTokens Prod
ServerSignature Off
FileETag None
TraceEnable off
HostnameLookups Off
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript

Configure PHP:

nano /etc/php.ini

Set the following parameter in php.ini:

short_open_tag = On
expose_php = Off
max_execution_time = 120
memory_limit = 512M
post_max_size = 50M
display_errors = Off
upload_max_filesize = 30M
max_file_uploads = 50

Start the services, add them to auto-start list and configure the firewall:

systemctl start httpd && systemctl enable httpd
systemctl start php-fpm && systemctl enable php-fpm
service httpd restart && service php-fpm restart
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

Alternatively, you may completely disable the firewall:

systemctl stop firewalld && systemctl disable firewalld

Setup and configure the first web site –

mkdir /var/www/html/$sitename
mkdir /var/www/html/$sitename/html
mkdir /var/www/html/$sitename/html/www
mkdir /var/www/html/$sitename/logs
mkdir /var/www/html/$sitename/tmp
chown -R apache:apache /var/www/html/$sitename/html/*
chown -R apache:apache /var/www/html/$sitename/logs
chown -R apache:apache /var/www/html/$sitename/tmp
chmod -R 775 /var/www/html/$sitename/html/*
echo '<?php phpinfo(); ?>'  > /var/www/html/$sitename/html/www/index.php

Create Apache configuration file for –

nano /etc/httpd/conf.d/$sitename.conf

Add the following lines to the conf file:

<VirtualHost *:80>
    DocumentRoot /var/www/html/adhoctuts1/html/www
    <Directory /var/www/html/adhoctuts1/html/www>
        Options -Indexes -FollowSymLinks -ExecCGI
        AllowOverride All
    ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://$1
    ErrorLog /var/www/html/adhoctuts1/logs/error.log
    php_admin_value upload_tmp_dir /var/www/html/adhoctuts1/tmp
    php_admin_value session.save_path /var/www/html/adhoctuts1/tmp

Reboot the CentOS.


On your PC, open CMD as administrator and run:

notepad %SystemRoot%\system32\drivers\etc\hosts

and add: YOUR_VM_IP

Enable secure (HTTPS) connection to web site:
Generate the SSL key files:

yum -y install mod_ssl openssl
mkdir /var/www/html/$sitename/ssl_keys
cd /var/www/html/$sitename/ssl_keys
sudo openssl genrsa -out $sitename.key 2048
sudo openssl req -new -key $sitename.key -out $sitename.csr
sudo openssl x509 -req -days 360 -in $sitename.csr -signkey $sitename.key -out $sitename.crt

Create Apache configuration file for the SSL version of

nano /etc/httpd/conf.d/$sitename.ssl.conf

Add the following file to SSL conf file:

<VirtualHost *:443>
    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCertificateFile /var/www/html/adhoctuts1/ssl_keys/adhoctuts1.crt
    SSLCertificateKeyFile /var/www/html/adhoctuts1/ssl_keys/adhoctuts1.key
    DocumentRoot /var/www/html/adhoctuts1/html/www
    <Directory /var/www/html/adhoctuts1/html/www>
        Options -Indexes -FollowSymLinks -ExecCGI
        AllowOverride All
    <FilesMatch "\.php$">
        SetHandler "proxy:fcgi://"
    LogLevel error
    ErrorLog /var/www/html/adhoctuts1/logs/error_ssl.log
    php_admin_value upload_tmp_dir /var/www/html/adhoctuts1/tmp
    php_admin_value session.save_path /var/www/html/adhoctuts1/tmp

Add rules for https redirection to initial conf file

nano /etc/httpd/conf.d/$sitename.conf

add following lines in VirtualHost:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}:443%{REQUEST_URI}
service httpd restart && service php-fpm restart

Now we will upload additional file via sftp:
1. Download FileZilla client or any other FTP client you prefer.
2. Create hello.php file with the content in below.
3. Connect to VM and upload newly created file to /var/www/html/adhoctuts1/html/www directory.


<!DOCTYPE html>
<meta charset="UTF-8">
<title>Ad Hoc Tutorials - Test Page</title>

<h1 style="color: <?= (rand() % 2 == 0)?'red':'green' ?>">Hello, Ad Hoc Tutorials!!!</h1>


Related resources: