# yum -y install httpd httpd-tools mod_ssl
# vim /etc/httpd/conf.modules.d/00-mpm.conf
...
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
...
LoadModule mpm_event_module modules/mod_mpm_event.so
# vim /etc/httpd/conf.d/php.conf
...
#<FilesMatch \.php$>
# SetHandler application/x-httpd-php
#</FilesMatch>
#Proxy declaration
<Proxy "unix:/var/run/php-fpm/default.sock|fcgi://php-fpm">
#we must declare a parameter in here (doesn't matter which) or it'll not register the proxy ahead of time
ProxySet disablereuse=off
</Proxy>
# Redirect to the proxy
<FilesMatch \.php$>
SetHandler proxy:fcgi://php-fpm
</FilesMatch>
# mkdir /etc/httpd/sites-available
# mkdir /etc/httpd/sites-enabled
# vim /etc/httpd/conf/httpd.conf
...
# at the end add
IncludeOptional sites-enabled/*.conf
# vim /etc/httpd/sites-available/example.com.conf
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot "/home/example/prod/html"
ErrorLog /var/log/httpd/example.com-error.log
CustomLog /var/log/httpd/example.com-access.log combined
<Directory "/home/example/prod/html/">
Options -Indexes +FollowSymLinks
AllowOverride All
Order allow,deny
#Allow from all
Allow from <my_ip_address>
Require all granted
</Directory>
</VirtualHost>
# ln -s /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-enabled/example.com.conf
# vim /etc/group
...add apache group to example user...
# chmod 755 /home/example
# systemctl start httpd
# systemctl status httpd
# systemctl enable httpd
Obtain SSL certificate from Let's Encrypt (using getssl bash tool: https://github.com/srvrco/getssl):
# cd
# curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl
# ./getssl -c example.com
# vim ~/.getssl/example.com/getssl.cfg
CA="https://acme-staging.api.letsencrypt.org"
ACL=('/<full_path_to_web_root>/.well-known/acme-challenge')
USE_SINGLE_ACL="true"
DOMAIN_CERT_LOCATION="/etc/pki/tls/certs/example.com.crt"
DOMAIN_CHAIN_LOCATION="/etc/pki/tls/certs/example.com.chained.crt"
DOMAIN_KEY_LOCATION="/etc/pki/tls/private/example.com.key"
RELOAD_CMD="systemctl reload httpd"
# ./getssl example.com
# vim ~/.getssl/example.com/getssl.cfg
CA="https://acme-v01.api.letsencrypt.org"
# ./getssl example.com
# crontab -e
1 1 * * * /root/getssl -a -q
Apache config:
# yum -y install mod_ssl
# vim /etc/httpd/sites-available/example.conf
...
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot "/home/example/prod/html"
SSLEngine on
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCertificateFile /etc/pki/tls/certs/example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/example.com.chained.crt
ErrorLog /var/log/httpd/example.com-error.log
CustomLog /var/log/httpd/example.com-access.log combined
<Directory "/home/example/prod/html/">
Options -Indexes +FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
#Allow from ip_address
Require all granted
</Directory>
</VirtualHost>
Test website/server on https://www.ssllabs.com/ssltest/index.html (should be A rating) or https://ssldecoder.org/