Skip to content

Apache2

Installing Apache2

Install straight from the Ubuntu repositories:

sudo apt update && sudo apt install apache2

and enable:

sudo systemctl enable apache2 --now

Apache Configuration

Open the ports configuration file:

sudo nano /etc/apache2/ports.conf

Make sure the only listen directive is the following:

Listen 8080

Disable the SSL module as we won't be needing it:

sudo a2dismod ssl

Enable the RemoteIP module:

sudo a2enmod remoteip

Create a directory for our first website and apply initial permissions:

sudo mkdir -p /var/www/example.com/html
sudo chown -R user:www-data /var/www/example.com
sudo chmod -R 750 /var/www/example.com

Set the html folder so future contents will inherit owner and group:

sudo chmod g+s /var/www/example.com/html

Set the default permission of all future contents of the html folder to 750 for folders and 640 for files:

sudo setfacl -d -m g::r-X /var/www/example.com/html
sudo setfacl -d -m o::--- /var/www/example.com/html

Create the index.htm file:

nano /var/www/example.com/html/index.htm

<html>
<head>
<title>Welcome to example.com!</title>
</head>
<body>
<h1>You are running example.com on Ubuntu 20.04!</h1>
</body>
</html>

Create the virtualhost:

sudo nano /etc/apache2/sites-available/example.com.conf

<VirtualHost 127.0.0.1:8080>

    ServerAdmin admin@example.com
    ServerName example.com
    ServerAlias example.com
    DocumentRoot /var/www/example.com/html

    <Directory /var/www/example.com/html>
        Options -Indexes +FollowSymLinks +MultiViews
        AllowOverride All
        Require all granted
    </Directory>

    RemoteIPHeader X-Forwarded-For
    RemoteIPTrustedProxy 127.0.0.1

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

Amend the log format:

sudo nano /etc/apache2/apache2.conf

Change %h to %a in the combined log format:

LogFormat "%a %l %u %t \"%r\" %\>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

and save.

Now we can remove potentially sensitive server info displayed to the end-user in the security.conf file:

sudo nano /etc/apache2/conf-available/security.conf

Set the following values:

ServerTokens Prod
ServerSignature Off

and save the file. Now enable the site:

sudo a2ensite example.com.conf

Disable the Apache2 default sites:

sudo a2dissite 000-default
sudo a2dissite 000-default-ssl

Restart Apache2:

sudo systemctl restart apache2

Check the config:

sudo apache2ctl configtest