Apache and firewall

Firewall settings by default

By default the firewall is not configured to allow Apache’s traffic, you can check which services are on the firewall exception list using the following CLI command.

firewall-cmd --zone=public --list-all
Firewall exception list

As you can see in the image above, there are only two services on the firewall exception list, DHCPv6-client and SSH, we want to have there also HTTP and HTTPS the last one will be included when configuring the certificates, by now, just adding “http” we’ll be fine.

Adding Apache to the firewall

You can permanently add an entry for Apache running the following CLI command.

firewall-cmd --zone=public --permanent --add-service=http
Adding Apache “http” to the firewall exception list

Reload firewall to activate changes

In order to activate the changes you must reload the firewall, and for that you can run the following CLI command:

firewall-cmd --reload
Reloading firewall

Firewall settings after adding “http”

Let’s check now once again to see if “http” was actually added as an exception to the firewall.

firewall-cmd --zone=public --list-all
Apache “http” was successfully added to the Firewall

You can also add “https” following the same procedure, in our case we are going to do that in a further article, when configuring the certificates.

Apache is now working fine

Now that you know Apache service is up and running and the firewall is configured properly, try again to open the Apache’s Test Page using your browser and the IP Address of your CentOS Virtual Machine, you must be able to see the following page:

Apache Test Page

Where to go next?

You can now move forward to the most important topic you’ll find when it comes to Apache’s capabilities, I’m talking about Virtual Hosts.