Setting up HTTPD can be a pain in the sphincter at the best of times. When using Varnish and SSL, the proverbial tends to hit the fan. For this reason, I have set up this repository to help speed up the process, thus avoiding premature hair loss, accelerated aging and an almost certain perilous death.

** Proceed with caution ** I am not in any way responsible if this somehow messes up your server configuration or causes any other damages to anything made by anyone ever in the concievable universe. My apologies for the brief, but necessary, introduction to Buzz Killington.

Yo, I see you. And I got you. Take it easy, yeah? Light the old fire place and prop your feet up. This should be a right laugh, mate.

You will need to be logged in as a sudoer, presumably root. Run su or sudo -i and fill in the correspoding password on prompt.

You will need Git, HTTPD, mod_ssl, Varnish and Certbot installed.

yum install git httpd mod_ssl varnish certbot -y

Open up ports 80 and 443 using the Centos 7 Firewall.

firewall-cmd --zone=public --permanent --add-service=http

firewall-cmd --zone=public --permanent --add-service=https

service firewalld restart

Our HTTPD configuration files assume that Varnish uses port 8080 for the backend and that Varnish itself is listening on port 6081. These are the default Varnish settings, but it can save you a lot of frustation by taking the time to verify these settings in /etc/varnish/default.vcl and /etc/varnish/varnish.params. Make changes where necessary.

If you have SELinux installed, you will need to modify some settings in order for this to work. If you are unsure as to whether or not you have SELinux installed, simply run:

yum list installed *selinux*

If you see Error: No matching Packages to list, skip to 1.5. Start and register services. Otherwise, perform the following steps:

1. Allow HTTPD to use proxy, use the -P flag for persistence:

setsebool -P httpd_can_network_connect 1

2. Allow HTTPD to write to /var/www/html

chcon -t httpd_sys_rw_content_t /var/www/html -R

3. Make sure HTTPD owns /var/www/html

chown -R apache:apache /var/www/html

Start httpd and varnish services and register them to auto start on reboot:

service httpd start

systemctl enable httpd

service varnish start

systemctl enable varnish

First of all, change into the HTTPD directory by running cd /etc/httpd. Keep in mind that /etc/httpd is not an empty directory. For this reason a standard git clone will not work, so use the steps below to "clone" our repo:

git init

git remote add origin [email protected]:freddyamsterdam/default-httpd-conf.git

git pull origin master

Alternatively, you could git clone into and empty directy and use mv to move the repository into the /etc/httpd. It is up to you. In my opinion, the method above works best.

Before we proceed, in the following segments, you will need to replace {yourdomain}, {youremail} and {yourip} with.. well whatever, you got it. The assumption is your are still in etc/httpd.

First off, set the correct IP address in the main HTTPD configuration file

sed -i 's/IP/{yourip}/g' conf/httpd.conf

Make a copy of the default configuration template:

cp sites-available/domain.conf.tpl sites-available/{yourdomain}.conf

Replace IP, DOMAIN and EMAIL with your server's public ip address, your domain and your email:

sed -i 's/DOMAIN/{yourdomain}/g' sites-available/{yourdomain}.conf

sed -i 's/EMAIL/{youremail}/g' sites-available/{yourdomain}.conf

sed -i 's/IP/{yourip}/g' sites-available/{yourdomain}.conf

Now create a directory for your web site:

mkdir /var/www/html/{yourdomain}/production

Create a symbolic link to the actual configuration file in sites-enabled:

ln -s /etc/httpd/sites-available/{yourdomain}.conf /etc/httpd/sites-enabled/{yourdomain}.conf

Remove default SSL configuration (very important):

rm -f conf.d/ssl.conf

Restart HTTPD:

service httpd restart

Assuming you have already modified your DNS zonefile to point to your servers public IP address and that your DNS has resolved, you can get a free SSL certificate:

certbot certonly --webroot -w /var/www/html/{yourdomain} -d {yourdomain}

Providing everything goes well, please uncomment line 18 in sites-available/{yourdomain}.conf, and then uncomment entire virtual host block which listens to port 433.

Restart HTTPD to allow your changes to take effect:

service httpd restart

Set up a cronjob to attempt to renew your certbot certificates every days.

echo "0 0 * * * root certbot renew" >> /etc/crontab

Run a test to make sure the renewal process actually works

certbot renew --dry-run

Double click the icon of your favourite web browser and pop over to your domain to verify that it works on both http and https.