Documentation
System StatusPortal Login
Start typing to search…

Install Apache and PHP on CentOS 7 and actively maintained successors

📘

Note on CentOS 7: CentOS 7 reached end-of-life on June 30, 2024. This guide _has _been updated to cover CentOS 7 as well as its actively maintained successors — AlmaLinux 8/9, Rocky Linux 8/9, and RHEL 8/9. Commands are compatible across all of them unless noted otherwise.

Prerequisites

  • A server running CentOS 7, AlmaLinux 8/9, Rocky Linux 8/9, or RHEL 8/9.
  • Root or sudo access
  • Basic familiarity with the terminal

Prerequisites for CentOS 7(EOL).

❗️

Note :-

CentOS7 removed mirrorlist repos after June 30, 2024. You must use vault.centos.org.

Below example are only valid if those are available on official opensource platforms like fedora.

Fix Repositories (CentOS 7 – After EOL)

Quick fix

$ sudo sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/CentOS-*.repo
$ sudo sed -i 's/^#.*baseurl=http/baseurl=https/g' /etc/yum.repos.d/CentOS-*.repo
$ sudo sed -i 's/^mirrorlist=http/#mirrorlist=https/g' /etc/yum.repos.d/CentOS-*.repo
❗️

Note :-

You may need to manually add the Releaserver as per your destro version. example Like below,

$ sudo cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

$ sudo sed -i 's/$releasever/7.9.2009/g' /etc/yum.repos.d/CentOS-*.repo
❗️

Note :-

You will also need to install the EPEL but those are obsolute and can only found in archives now.

Here is a workaround for time being using "archives.fedoraproject.org".

$ sudo cat /etc/yum.repos.d/epel.repo
 [epel]
 name=Extra Packages for Enterprise Linux 7 - $basearch
 # It is much more secure to use the metalink, but if you wish to use a local mirror
 # place its address here.
 baseurl=https://archives.fedoraproject.org/pub/archive/epel/7.9/$basearch
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch&infra=$infra&content=$contentdir
 failovermethod=priority
 enabled=1
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
 
 [epel-debuginfo]
 name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
 # It is much more secure to use the metalink, but if you wish to use a local mirror
 # place its address here.
 baseurl=https://archives.fedoraproject.org/pub/archive/epel/7.9/$basearch/debug
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch&infra=$infra&content=$contentdir
 failovermethod=priority
 enabled=0
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
 gpgcheck=1
 
 [epel-source]
 name=Extra Packages for Enterprise Linux 7 - $basearch - Source
 # It is much more secure to use the metalink, but if you wish to use a local mirror
 # place it's address here.
 baseurl=https://archives.fedoraproject.org/pub/archive/epel/7.9/source/tree/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch&infra=$infra&content=$contentdir
 failovermethod=priority
 enabled=0
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
 gpgcheck=1

Then refresh yum:

$ sudo yum clean all
$ sudo yum makecache

Installing Apache (httpd)

Install Apache

❗️

CentOS removed mirrorlist repos after June 30, 2024. You must use vault.centos.org. Below example are only valid if those are available on official opensource platforms like fedora.

Please check "Prerequisites for CentOS 7( EOL) Section if you encounter any issue while installing httpd and php.

$ sudo dnf install httpd -y
$ sudo yum install httpd -y

Start and Enable Apache

$ sudo systemctl enable --now httpd
$ sudo systemctl status httpd

You should see Active: active (running) in the output.

Allow Web Traffic Through the Firewall (If using OS firewall)

If firewalld is active, open ports 80 (HTTP) and 443 (HTTPS):

$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https
$ sudo firewall-cmd --reload

Confirm the rules are applied:

$ sudo firewall-cmd --list-services

Installing PHP

CentOS 7

CentOS 7's default repositories offer PHP 5.4, which is too old for modern applications.

$ sudo yum install php php-cli php-fpm php-mysqlnd php-zip php-devel \
     php-gd php-mbstring php-curl php-xml php-pear php-bcmath php-json -y

AlmaLinux / Rocky Linux / RHEL 8+

  • PHP 8.x is available via the AppStream module system. Enable the version you want before installing:
$ sudo dnf module list php
$ sudo dnf module enable php:8.2 -y
$ sudo dnf install php php-cli php-fpm php-mysqlnd php-zip php-gd \
     php-mbstring php-curl php-xml php-bcmath php-json -y
  • Verify PHP Installation
$ sudo php -v
PHP 8.2.30 (cli) (built: Dec 16 2025 17:18:12) (NTS gcc x86_64)
Copyright (c) The PHP Group
Zend Engine v4.2.30, Copyright (c) Zend Technologies
    with Zend OPcache v8.2.30, Copyright (c), by Zend Technologies

Connecting PHP to Apache

  • Restart Apache to load the PHP module.
$ sudo systemctl restart httpd

Test PHP Processing

  • Create a test file in your web root:
$ sudo echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php

Open http://your-server-ip/info.php in a browser. You should see the PHP information page, which confirms the version, loaded extensions, and configuration.

Security reminder: Remove/add IP based restriction to this file once you've confirmed PHP is working. It exposes sensitive server information.

https://docs.rackspace.com/docs/configure-vhosts-on-a-lamp-stack - Review this for Ip based restriction.

$ sudo rm /var/www/html/info.php

PHP-FPM (Recommended for Production)

For better performance and security, run PHP through PHP-FPM rather than the traditional mod_php module. This separates PHP processes from Apache and allows per-site configuration.

$ sudo dnf install php-fpm -y
$ sudo systemctl enable --now php-fpm
$ sudo yum install php-fpm -y
$ sudo systemctl enable --now php-fpm

Configure Apache to Use PHP-FPM

Create or edit a proxy configuration file:

$ sudo nano /etc/httpd/conf.d/php-fpm.conf

Add the following:

<FilesMatch \.php$>
    SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>

Restart Apache to apply:

$ sudo systemctl restart httpd

Virtual Hosts

Please follow the articles below per your requirements.

Common Troubleshooting

Apache won't start — port already in use

Check what's using port 80:

$ sudo ss -tulnp | grep :80

Permission denied errors on your document root

If SELinux is enforcing, apply the correct context to your web directory:

$ sudo chcon -Rt httpd_sys_content_t /var/www/yourdomain.com/html

PHP changes not reflected after editing php.ini

Restart PHP-FPM and Apache:

$ sudo systemctl restart php-fpm httpd

Configuration File Reference

| File / Directory            | Purpose                                        |
|-----------------------------|------------------------------------------------|
| /etc/httpd/conf/httpd.conf  | Main Apache configuration                      |
| /etc/httpd/conf.d/          | Drop-in config files (virtual hosts, modules)  |
| /etc/php.ini                | Main PHP configuration                         |
| /etc/php-fpm.d/www.conf     | PHP-FPM pool configuration                     |
| /var/www/html/              | Default web root                               |
| /var/log/httpd/             | Apache access and error logs                   |
| /var/log/php-fpm/           | PHP-FPM logs                                   |

Best practices

  • Apache best practices
    • Hiding version info, disabling directory listing, restricting HTTP methods, protecting .htaccess, enabling mod_security WAF, and tuning KeepAlive and request size limits.
  • PHP best practices
    • Hardening php.ini (disabling dangerous functions, restricting file paths, hiding version exposure), keeping PHP updated, and enabling OPcache for performance.
  • SSL/TLS best practices
    • Enforcing TLS 1.2/1.3 only, strong cipher suites, and all the important HTTP security headers (HSTS, X-Frame-Options, CSP, etc.).
  • System-level best practices
    • Automated backups, log monitoring, and setting up dnf-automatic for security patches.

Updated about 1 hour ago