Install httpd Ubuntu

Introduction to httpd

It is a software program that executes as a process in the background and places an important role of a server within the client-server model with the HTTPS or/and HTTP network protocol. The full form of httpd is the Hypertext Transfer Protocol daemon. The process waits for the client's requests, and for every request, it replies by answering every requested information, such as transferring the requested web resource or along with an HTTP error message. Usually, it is the primary software segment of an HTTP server, better called a web server.

A few generally used implementations are as follows:

TUX web server aka kHTTPd
Thttpd HTTP server
Httpd of OpenBSD
Reverse proxy server and Nginx HTTP
NCSA HTTPd HTTP server
Lighttpd HTTP server
Hiawatha HTTP server along with reverse proxy functionality
Cherokee HTTP server
CERN HTTPd HTTP server
BusyBox httpd

Apache HTTP Server (httpd)

This server offers an open-source HTTP server with modern HTTP standards. The httpd package offers the Apache HTTP Server in Red Hat Enterprise Linux. Execute the command, i.e., rpm -q httpd, to find if the httpd package is successfully installed. If it's not installed and we wish to utilize the Apache HTTP Server, we need to execute the below command has a root user for installing it:

SELinux and httpd

The httpd (Apache HTTP Server) executes confined when SELinux is activated. Confined processes execute in their domains and are isolated from other confined processes. If any confined process is accommodated by an attacker, relying on the SELinux policy configuration, the excess of an attacker to resources and the damage they can implement is limited.

SELinux policy describes how processes executing in confined domains (like httpd_t) negotiate with the system, files, and other processes in general. The files should be correctly labeled to permit access to them. For instance, httpd can read all files that are labeled with the type, i.e., httpd_sys_content_t, but can't write to them, even when Linux permissions permit write access.

Booleans should be enabled to permit certain behaviors, like permitting script network access, permitting httpd access to CIFS and NFS volumes, and httpd being permitted to run CGI (Common Gateway Interface) scripts.

The command, i.e., semanage, port should be used to include the fresh port number to the SELinux policy configuration when the /etc/httpd/conf/httpd.conf directory is set up so httpd can listen on a port rather than TCP ports 8443, 8009, 8008, 488, 443, or 80.

Types of httpd

In SELinux, the primary permission control approach targeted policy to offer advanced process separation is Type Enforcement. All processes and files are labeled with a type. The types describe a domain for all processes and a type for every file.

SELinux policy rules describe how types use each other, whether it may be a domain using a type or a domain using another domain. The access is permitted only if a particular SELinux policy rule is available that permits it.

A few of the types applied with httpd are listed below. Different types permit us to set up flexible access:

httpd_sys_script_exec_t
Apply this type for scripts we wish httpd to run. Commonly, this type is used for CGI (Common Gateway Interface) scripts in the directory, i.e., /var/www/cgi-bin/. SELinux policy, by default, prevents httpd from running CGI scripts. To permit it, label the scripts with the type, i.e., httpd_sys_exec-t, and enable the Boolean, i.e., httpd_enable_cgi. Scripts labeled with the httpd_sys_script_exec_t type execute inside the domain when run by httpd. The domain, i.e., httpd_sys_script_exec_t, has access to many system domains, like mysqld_t and postgresql_t.
httpd_sys_content_t
For static web content, like .html files utilized by a static website, we can use this type. Files are accessible to httpd, and scripts run by httpd labeled with this type. Directories and files by default labeled with this type can't be modified or written by httpd or any other process.

Note: Files copied into or created in the directory, i.e., /var/www/html/ labelled with the type, i.e., httpd_sys_content_t by default.

httpd_sys_rw_content_t
The files created with this type can be written by scripts that are labeled with the type, i.e., httpd_sys_script_exec_t, but can't be changed by scripts that are labeled with other types. We must apply the type, i.e., httpd_sys_rw_content_t, to label files that would be read from and specified by scripts that are labeled with the type, i.e., httpd_sys_script_exec_t.
httpd_sys_ra_content_t
Files that are labeled with this type could be appended via scripts labeled with the type, i.e., httpd_sys_script_exec_t, but can't be changed by scripts labeled with other types. We must apply the type, i.e., httpd_sys_ra_content_t, to label files that would be appended by and read from scripts that are labeled with the type, i.e., httpd_sys_script_exec_t.
httpd_uncondined_script_exec_t
Scripts that are labeled with this type execute without the protection of SELinux. We can use this type for complicated scripts only after exhausting every other option. It's better to utilize this type rather than deactivating the protection of SELinux for httpd or the whole system.

Booleans

SELinux works based on the least access level needed for a service to execute. Services can be executed in several ways; therefore, we need to define how we execute our services. It can be gained by Booleans that permit SELinux policy parts to be modified at runtime without the understanding of SELinux policy writing. It permits changes, like permitting services authorization to NFS volumes without recompiling or reloading the SELinux policy.

How to install Apache Web Server (httpd) in Ubuntu?

Httpd is the most widely used open-source web server which is supported on the majority of the operating systems, including Solaris, macOS, Windows, Linux, etc. It's highly customizable and could be developed with other modules. It's easier to install and configure Apache for a common setup. In this article, we will discuss the installation and configuration process of the httpd in the Ubuntu operating system.

Step 1: Updating the System

We will first need to update our system repository index for installing the latest Apache2 version. To do so, we need to launch our terminal by the Ctrl+Alt+T shortcut keys and run the below command:

Note: An authorized user can only update, install, or delete the packages from the Linux system

Step 2: Installing Apache2

In this step, we are going to install the Apache2 web server. We need to run the following command in the terminal window:

The system may ask for confirmation by giving us a Y/n option. We need to enter "Y" and then the Enter button to proceed. The Apache web server and its every dependency will be installed on our system.

When we install the Apache server, we can verify its version using the below command:

Firewall configuration

We will now need to open some ports on our system to access Apache externally. First, let's mention the application profiles that we will provide Apache access to. Execute the below command to do it:

We can see distinct Apache profiles in the following screenshot:

We will apply the highly restrictive 'Apache' profile to activate network connectivity on 80 port.

We can also see the status which will display Apache permitted in firewall using the following command:

Setting up Apache Web Server; Verify Apache Service

First, we will verify the Apache service is running before moving to the configuration process. We will run the following command in the terminal window to do so:

We can find the Apache service is running and active from the above result. Another method to verify the Apache service is activated is by claiming a web page through the Apache web server. We need to find our IP address with the below command to do so: