A question about Apache.

Issues related to configuring your network
hack3rcon
Posts: 507
Joined: 2014/11/24 11:04:37

A question about Apache.

Post by hack3rcon » 2020/06/26 06:31:16

Hello,
For install some framework like WordPress, some people using "httpd.conf" and others create a .conf file under the "/etc/httpd/conf.d/" directory.
What is the difference between "/etc/httpd/conf/httpd.conf" and "/etc/httpd/conf.d/" directories?

Thank you.

User avatar
TrevorH
Forum Moderator
Posts: 29140
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: A question about Apache.

Post by TrevorH » 2020/06/26 08:23:12

You should avoid modifying httpd.conf if at all possible. The last line in it includes all files in /etc/httpd/conf.d/*.conf so you can add individual files there to amend the configuration. Use those.
What is the difference between "/etc/httpd/conf/httpd.conf" and "/etc/httpd/conf.d/" directories?
The first is a file, the 2nd is a directory containing files.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

hack3rcon
Posts: 507
Joined: 2014/11/24 11:04:37

Re: A question about Apache.

Post by hack3rcon » 2020/06/26 09:23:31

Then why for add some security features, all tutorials editing "httpd.conf"?

User avatar
TrevorH
Forum Moderator
Posts: 29140
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: A question about Apache.

Post by TrevorH » 2020/06/26 09:31:44

You shouldn't follow random tutorials. The reason you don't touch httpd.conf is that that file is owned by the httpd package so any changes that Red Hat make to it will either replace the copy installed on your system, thus backing out your changes, or will create an httpd.conf.rpmnew file that you will need to inspect and discover what changed so that you can manually make the same changes to your modified httpd.conf. For ease of use, it should be left unchanged so that the package updates replace it as newer versions come out.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

hack3rcon
Posts: 507
Joined: 2014/11/24 11:04:37

Re: A question about Apache.

Post by hack3rcon » 2020/06/26 11:24:11

TrevorH wrote:
2020/06/26 09:31:44
You shouldn't follow random tutorials. The reason you don't touch httpd.conf is that that file is owned by the httpd package so any changes that Red Hat make to it will either replace the copy installed on your system, thus backing out your changes, or will create an httpd.conf.rpmnew file that you will need to inspect and discover what changed so that you can manually make the same changes to your modified httpd.conf. For ease of use, it should be left unchanged so that the package updates replace it as newer versions come out.
The name must "httpd.conf.rpmnew"?

User avatar
TrevorH
Forum Moderator
Posts: 29140
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: A question about Apache.

Post by TrevorH » 2020/06/26 11:30:52

httpd.conf.rpmnew is the name that a package update will give to a file that it controls (and is marked as a config file) but that has been modified by you. As it cannot replace teh config file safely as it only knows it's different than it should be, it installs the new file as .rpmnew. It's your job to look at those and work out if the upstream changes need to be made to your modified copy.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

hack3rcon
Posts: 507
Joined: 2014/11/24 11:04:37

Re: A question about Apache.

Post by hack3rcon » 2020/06/26 11:46:22

TrevorH wrote:
2020/06/26 11:30:52
httpd.conf.rpmnew is the name that a package update will give to a file that it controls (and is marked as a config file) but that has been modified by you. As it cannot replace teh config file safely as it only knows it's different than it should be, it installs the new file as .rpmnew. It's your job to look at those and work out if the upstream changes need to be made to your modified copy.
Thus, when I create that file and write my own config then update Apache via yum then no problem happened?

User avatar
TrevorH
Forum Moderator
Posts: 29140
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: A question about Apache.

Post by TrevorH » 2020/06/26 11:50:04

I think you're not understanding.

The file /etc/httpd/conf/httpd.conf is the default config file and is owned by the httpd package. It is marked as "config,noreplace" in the package spec so that if that file is changed by you, a package update will not replace it. Instead, if and only if that file is modified, it will create /etc/httpd/conf/httpd.conf.rpmnew containing the new default file supplied by the package. It will not overwrite your modified copy in case it has changes that will gbe backed out. The rpmnew file is not used by anything and should not be. It's purely there so you can look at it and work out what changes the package maintainers have made that you do not (yet) have implemented in your modified copy. You should not create the .rpmnew file, an update will do that for you if the conditions for doing so are met.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

hack3rcon
Posts: 507
Joined: 2014/11/24 11:04:37

Re: A question about Apache.

Post by hack3rcon » 2020/06/26 11:56:57

If you want to add below configuration to Apache then How you do it?

Code: Select all

SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

LoadModule reqtimeout_module modules/mod_reqtimeout.so
RequestReadTimeout body=10,MinRate=1000

ServerSignature Off

Timeout 60
Please tell me step by step.

User avatar
TrevorH
Forum Moderator
Posts: 29140
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: A question about Apache.

Post by TrevorH » 2020/06/26 12:06:20

The module is already loaded for you from /etc/httpd/conf.modules.d/00-base.conf

The cipher suite used is set from the system crypto policies, see man crypto-policies and man update-crypto-policies

The serversignature is not set by default so you can put that in a /etc/httpd/conf.d/*.conf file
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 8 - Networking Support”