Depending on your backup strategy you might run into difficulties backing up the entire /etc directory. Running a default installation of Apache on CentOS you will have the log directory of Apache linked from within the /etc/httpd/ directory. If your backup solution backed-up those as well, the backups would contain the logs and quickly become huge.
Changing the log path
Starting from the default configuration, it is very simple to replace “logs/” with the real path “/var/log/httpd/” without a symbolic link. After doing so, the link from /etc/httpd/ to the log directory is removed. The following commands will create a backup copy of the apache config files and then replace the original log path with the direct one. After that, the last command is removing the link from the /etc/httpd/ directory:
$ cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.original $ cat /etc/httpd/conf/httpd.conf.original | sed 's/logs\//\/var\/log\/httpd\//' >/etc/httpd/conf/httpd.conf $ cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.original $ cat /etc/httpd/conf.d/ssl.conf.original | sed 's/logs\//\/var\/log\/httpd\//' >/etc/httpd/conf.d/ssl.conf $ rm /etc/httpd/logs
Setup SSL certificates
After you have uploaded SSL certificate files and restarted the web-server you might run into the following error that prevents Apache from starting:
[Sun Sep 08 18:42:17 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0 [Sun Sep 08 18:42:17 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sun Sep 08 18:42:17 2013] [error] (13)Permission denied: Init: Can't open server certificate file /etc/cert/path/cert_filename.crt
These lines in the Apache error_log show that SELinux jumped in and blocked access to the certificate file. This is because you probably uploaded the file(s) first to one of your home directories and then moved them somewhere in the /etc directory. To correct the context of this file, execute the following command. This will set the context so Apache is allowed to access it:
$ restorecon -RvF /etc/cert/ restorecon reset /etc/cert/path/cert_filename.crt context unconfined_u:object_r:user_home_t:s0->system_u:object_r:etc_t:s0
If you start Apache now, it will start and access the certificate files as expected. The same issue might happen with uploaded content in the /var/www/html directory. To correct the SELinux context for the web-content as well, execute “restorecon” with the path to the web-content:
$ restorecon -RvF /var/www/html
Read more of my posts on my blog at http://blog.tinned-software.net/.
