DEV Community

Cover image for Build a Secure Web Server on Red Hat Linux
shamain anjum
shamain anjum

Posted on

Build a Secure Web Server on Red Hat Linux

Today’s challenge marks the beginning of the final project phase day 25 of my 30-day Red Hat Linux learning journey — with each day now focusing on a full mini-project that strengthens RHCSA exam skills.

🔧 Objective

Set up and secure an Apache web server on Red Hat Linux.

We’ll cover:

  • Installing Apache (httpd)
  • Managing the service with systemctl
  • Configuring firewalld to open port 80
  • Adjusting SELinux to allow web content
  • Verifying the server works via browser or curl

📚 RHCSA Skills Covered

✔ Software installation with dnf

✔ Service management with systemctl

✔ Firewall rules with firewalld

✔ SELinux configuration with semanage and restorecon

✔ Log and permission troubleshooting


1️⃣ Install Apache (httpd)

sudo dnf install -y httpd

Verify installation:

httpd -v

Image description

2️⃣ Enable and Start Apache

sudo systemctl enable httpd
sudo systemctl start httpd

Image description

Check status:

sudo systemctl status httpd

Image description

3️⃣ Configure firewalld to Allow Web Traffic

Allow HTTP (port 80):

sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

Verify:
sudo firewall-cmd --list-all

Image description

4️⃣ Create a Test Web Page

echo "Welcome to my Red Hat Web Server!" | sudo tee /var/www/html/index.html

Test locally:

curl http://localhost

You should see the welcome message.

Image description

5️⃣ Adjust SELinux (If Needed)

Check SELinux status:

sestatus

Image description

If the page doesn't load from another machine:

📍 Allow Apache to serve content:

sudo setsebool -P httpd_read_user_content 1

📍 Or label custom content:

sudo chcon -Rt httpd_sys_content_t /var/www/html

📍 To persist labels:

sudo restorecon -Rv /var/www/html

6️⃣ Verify from a Browser or Remote Host

If your machine has a static IP, visit:

http://

You should see the message:

"Welcome to my Red Hat Web Server!"

Image description

🧪 Try It Yourself

  • Replace index.html with a real HTML page
  • Enable HTTPS with a self-signed cert
  • Test a custom SELinux context with ls -Z
  • Block/reopen the port using firewalld and observe behavior
  • Add a systemd restart condition (e.g., restart on failure)

✅ Recap

Task Tool/Command
Install Apache dnf install httpd
Enable and start service systemctl enable --now httpd
Open port 80 firewall-cmd --add-service=http
Check SELinux status sestatus, ls -Z, restorecon
Serve content index.html in /var/www/html

🎯 Why This Matters (RHCSA)

This project simulates real-world service deployment, and tests you on:

  • Managing packages and services
  • Configuring security (firewalld + SELinux)
  • Troubleshooting access and logs
  • These are core RHCSA exam objectives, especially for tasks involving web, FTP, or custom service exposure.

Top comments (0)