Centos – How to find out what file Apache is serving when a port is hit

You can see where httpd is configured to look for it's configuration files using the -V switch:

$ httpd -V
Server version: Apache/2.2.15 (Unix)
Server built:   Feb 13 2012 22:31:42
Server's Module Magic Number: 20051115:24
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

You can also use the command lsof to see what files a Unix process is accessing. My version of httpd is using the stock port 80 so change the 80 to 8443 in your case!

$ netstat -tapn|grep ::80
tcp        0      0 :::80                       :::*                        LISTEN      5338/httpd     

You can now run lsof to find out where the log files are getting written to:

$ lsof -p 5338|grep log
httpd   5338 root  mem    REG  253,0    10440   3141 /usr/lib64/httpd/modules/mod_logio.so
httpd   5338 root  mem    REG  253,0    27200   3139 /usr/lib64/httpd/modules/mod_log_config.so
httpd   5338 root    2w   REG  253,0     2014 395029 /var/log/httpd/error_log
httpd   5338 root    7w   REG  253,0     4140 394789 /var/log/httpd/access_log

You should be able to determine the location of the access_log as well as the configuration files and look through them to determine the "Directory" and "Location" directives. These specify what local directories to use when telling Apache what files to serve.

Now what?

I would then look through the access_log to make sure that there are entries in there that correspond to accesses against the server. What I mean by this is if I browse the server at http://www.somedom.com/somefile I should see this access recorded in the access_log file like this:

192.168.1.110 - - [17/Jul/2013:14:39:50 -0400] "GET /somefile HTTP/1.1" 200 4303 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/5
37.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36"

Where are the files?

You can take the above knowledge that we've acquired and start to apply it like so:

These bits from httpd -V tells us Apache's root:

-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

So we know the main config file is here: /etc/httpd/conf/httpd.conf. So look through that file for these lines:

$ grep -E "DocumentRoot|Directory \"|^Include" /etc/httpd/conf/httpd.conf |grep -v "^#"
Include conf.d/*.conf
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
<Directory "/var/www/icons">
<Directory "/var/www/cgi-bin">
    <Directory "/var/www/error">

So I now know that these directories are potential sources for the file we saw in the access_log. The DocumentRoot and Directories I'd look through for the file, somefile. If it isn't in any of these locations then I'd next focus on the Include directory mentioned above in the grep output, /etc/httpd/conf.d/*.conf.

These files are additional configurations that Apache uses so you'd need to repeat the steps using the grep to look through these files as well.