Use these instructions to configure a CentOS/RHEL virtual machine (VM) as a web server in Microsoft Azure. This simple web server can process HTTP requests.
So we are using the below environment for the purpose of this post.
- Microsoft Azure
- CentOS/RHEL 6 or 7 VM (Cloud Access or Azure On-Demand)
- Apache httpd
Installing an Apache httpd Web Server
Before You Begin
Installing an Apache httpd web server requires access to certain RHEL repositories. Make sure you have access to EPEL repositories which generally is available in all Azure CentOS VMs. In case if you are using RHEL VM all necessary repositories are available in the Azure Red Hat Update Infrastructure (RHUI).
Installing the Web Server
1. Install the Apache httpd package.
$ sudo yum install httpd
2. Verify that httpd is listening on a public interface. The following example shows that httpd is listening for traffic over port 80.
$ sudo cat /etc/httpd/conf/httpd.conf ...omitted # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the
# directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # #Listen 126.96.36.199:80 Listen 80 ...omitted
3. Start the httpd service and enable it to start at boot.
$ sudo systemctl start httpd.service $ sudo systemctl enable httpd.service
$ sudo service start httpd $ sudo chkconfig httpd on
Enabling HTTP Traffic
For inbound HTTP traffic to reach the web server successfully, the CentOS/RHEL firewall and Azure network security groups must allow HTTP traffic. Use the following steps to verify and enable HTTP traffic over port 80.
Adjusting CentOS/RHEL Firewall Settings
The following procedure applies only to Cloud Access VMs. If the VM is an Azure On-Demand VM, go to Network Security Groups Settings. The CentOS/RHEL firewall is disabled by default for Azure On-Demand VMs.
1. List services that are allowed through the RHEL firewall.
$ sudo firewall-cmd --get-services
Look for http in the list of services displayed. If http is listed, go to Network Security Groups Settings. If not, complete Step 2.
$ sudo iptables -L
Look for tcp dpt:http in the Chain INPUT (policy ACCEPT) table displayed. If tcp dpt:http is listed, go to Network Security Groups Settings. If not, complete Step 2.
2. Enter the appropriate firewall or iptables command to allow port 80 traffic through the RHEL firewall.
$ sudo firewall-cmd --add-service http --zone=public --permanent $ sudo firewall-cmd --reload
$ sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT $ sudo service iptables save
Adjusting Network Security Groups Settings
In addition to the CentOS/RHEL Firewall, HTTP traffic must also be allowed within Microsoft Azure. You can either enable port 80 traffic using the Azure portal or by using an Azure CLI 2.0 command. Both require that you know the name of the resource group and network security group. To get these names, open the Azure portal and identify the resource group where the VM is located. The resource group properties pane lists all resources, including the network security group.
1. Using the Azure Portal
Perform the following steps to enable HTTP port 80 traffic using the Azure portal.
1. Select the resource group where the VM is located.
2. Select the appropriate Network Security Group from the list of resources.
3. Select Inbound Security Rules from the left navigation pane (under Settings).
4. Click Add and complete the following actions.
- Enter a Name for the rule (for example, allow-http).
- From the Service list, select HTTP.
- Click OK.
2. Using the CLI
To enable port 80 traffic using Azure CLI 2.0, enter the following command. Replace [resource-group] and [network-security-group] with the actual names for these resources.
$ az network nsg rule create -g [resource-group] --nsg-name [network-security-group] -n allow-http --priority 100 --access Allow --direction Inbound --protocol Tcp --destination-port-range 80