Install Apache
Updated: 2022.12.15Overview
Debian / Ubuntu
Install Apache web server on Debian or Ubuntu and complete the initial configuration.
Assumptions
- Initial server setup completed.
- Logged in as administrative user.
- Domain
whereistherum.com
is used as the example in this bit.
Update
Before getting started, update package repositories.
# Debian
sudo apt update
Install Apache
Naturally, the first step in using Apache on your server is installing it. Do this using apt
.
sudo apt install apache2
Apache is enabled by default, meaning it will automatically start when the system is booted. Check that the Apache service is running.
sudo systemctl status apache2
If all is well, the status should resemble the following.
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-04-02 02:22:20 EST; 6min ago
Docs: https://httpd.apache.org/docs/2.4/
Main PID: 19741 (apache2)
Tasks: 11 (limit: 1137)
Memory: 6.0M
CGroup: /system.slice/apache2.service
├─30536 /usr/sbin/apache2 -k start
└─30539 /usr/sbin/apache2 -k start
Configure Apache
Once Apache is installed, there are a few basic configuration steps to complete.
security.conf
Web servers, by nature, are often public facing elements of your network. Some Apache configurations should by modified from their default state for optimal security. Open Apache’s security.conf
file in your text editor of choice.
sudo nano /etc/apache2/conf-available/security.conf
By default, Apache will publicly display some sensitive information about your server including Apache version and OS type. Apache will also respond to TRACE requests by default, which can expose your web server to cross-site tracing (XST) .
Find the directives ServerTokens
, ServerSignature
, and TraceEnable
and define them accordingly.
ServerTokens Prod
ServerSignature Off
TraceEnable Off
Set the headers X-Content-Type-Options
, X-Frame-Options
, and X-XSS-Protection
so that they will be applied to all virtual hosts by default. These can be overridden on a per-host basis, but most times there will be no reason to.
X-Content-Type-Options
is used to disable MIME type sniffing.
X-Frame-Options
is used to prevent your sites content from being loaded in third party iframes or embeds, to prevent click-jacking.
X-XSS-Protection
enables XSS filtering, this is the default behavior on modern browsers and is included for legacy support.
Header set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options: "sameorigin"
Header set X-XSS-Protection "1; mode=block"
Enable the Apache headers module for the above headers to be effective.
sudo a2enmod headers
Restart Apache to apply all changes made.
sudo systemctl restart apache2
Firewall
Apache will use whatever ports you define in /etc/apache2/ports.conf
. For most use cases, you will be allowing connections on port 80 (HTTP) and port 443 (HTTPS). Allow port 80 now, as HTTPS has not yet been configured.
sudo ufw allow 80/tcp
Check the firewall status to see what connections are currently being accepted.
sudo ufw status
The UFW status output should now include the port 80 definition.
Status: active
To Action From
-- ------ ----
80/tcp ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
Virtual Hosts
Apache virtual hosts allow you to have different Apache configurations for multiple sites. This provides the ability to host more than one domain on a single web server. Even if the server will only host one website, having a virtual host allows the configuration for the host to be edited easily. This makes both continued administration and future scaling a painless task.
Create Web Directory
Apache website files should be stored in the /var/www/
directory. Create a directory named after your domain whereistherum.com
, and a directory to actually store your website files within it public
. The document root for the website will be /var/www/whereistherum.com/public/
, this is where your website’s files will go.
sudo mkdir -p /var/www/whereistherum.com/public
Set the directory owner to your server user, and the directory group to the apache group www-data
.
sudo chmod -R $USER:www-data /var/www/whereistherum.com
Set the directory permissions so that the owner can read / write / execute, and the group can read / execute. If your web application requires apache to modify web files, grant the group the same permissions as the owner.
sudo chown -R 750 /var/www/whereistherum.com
Configure Virtual Host
Create a new virtual host configuration file in the /etc/apache2/sites-available/
directory.
sudo nano /etc/apache2/sites-available/whereistherum.com.conf
Define the virtual host settings for HTTP port 80. Apache can use name-based routing, allowing you to have multiple websites on the same port as long as you define ServerName
.
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName whereistherum.com
ServerAlias www.whereistherum.com
DocumentRoot /var/www/whereistherum.com/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/whereistherum.com/public/>
Options -Indexes -FollowSymLinks
Order deny,allow
AllowOverride none
</Directory>
</VirtualHost>
Enable Virtual Host
Once the virtual host is configured, it can be enabled using Apache’s a2ensite
command.
sudo a2ensite whereistherum.com.conf
Disable the default host configuration using Apache’s a2dissite
command.
sudo a2dissite 000-default.conf
Test the Apache configuration. If all is well, the output should include Syntax OK
.
sudo apache2ctl configtest
Finally, restart Apache and your site’s initial setup will be complete!
sudo systemctl restart apache2