Install Apache

Overview

Debian / Ubuntu

Install Apache web server on Debian or Ubuntu and complete the initial configuration.

Assumptions

• Initial server setup completed.
• Logged in as administrative user.
• Domain whereistherum.com is used as the example in this bit.

Update

Before getting started, update package repositories.

# Debian
sudo apt update

Install Apache

Naturally, the first step in using Apache on your server is installing it. Do this using apt.

sudo apt install apache2

Apache is enabled by default, meaning it will automatically start when the system is booted. Check that the Apache service is running.

sudo systemctl status apache2

If all is well, the status should resemble the following.

● apache2.service - The Apache HTTP Server
  Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Active: active (running) since Fri 2021-04-02 02:22:20 EST; 6min ago
  Docs: https://httpd.apache.org/docs/2.4/
  Main PID: 19741 (apache2)
  Tasks: 11 (limit: 1137)
  Memory: 6.0M
  CGroup: /system.slice/apache2.service
  ├─30536 /usr/sbin/apache2 -k start
  └─30539 /usr/sbin/apache2 -k start

Configure Apache

Once Apache is installed, there are a few basic configuration steps to complete.

security.conf

Web servers, by nature, are often public facing elements of your network. Some Apache configurations should by modified from their default state for optimal security. Open Apache’s security.conf file in your text editor of choice.

sudo nano /etc/apache2/conf-available/security.conf

By default, Apache will publicly display some sensitive information about your server including Apache version and OS type. Apache will also respond to TRACE requests by default, which can expose your web server to cross-site tracing (XST) .

Find the directives ServerTokens, ServerSignature, and TraceEnable and define them accordingly.

ServerTokens Prod
ServerSignature Off
TraceEnable Off

Set the headers X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection so that they will be applied to all virtual hosts by default. These can be overridden on a per-host basis, but most times there will be no reason to.

X-Content-Type-Options is used to disable MIME type sniffing.

X-Frame-Options is used to prevent your sites content from being loaded in third party iframes or embeds, to prevent click-jacking.

X-XSS-Protection enables XSS filtering, this is the default behavior on modern browsers and is included for legacy support.

Header set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options: "sameorigin"
Header set X-XSS-Protection "1; mode=block"

Enable the Apache headers module for the above headers to be effective.

sudo a2enmod headers

Restart Apache to apply all changes made.

sudo systemctl restart apache2

Firewall

Apache will use whatever ports you define in /etc/apache2/ports.conf. For most use cases, you will be allowing connections on port 80 (HTTP) and port 443 (HTTPS). Allow port 80 now, as HTTPS has not yet been configured.

sudo ufw allow 80/tcp

Check the firewall status to see what connections are currently being accepted.

sudo ufw status

The UFW status output should now include the port 80 definition.

Status: active

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW       Anywhere
80/tcp (v6)                ALLOW       Anywhere (v6)

Virtual Hosts

Apache virtual hosts allow you to have different Apache configurations for multiple sites. This provides the ability to host more than one domain on a single web server. Even if the server will only host one website, having a virtual host allows the configuration for the host to be edited easily. This makes both continued administration and future scaling a painless task.

Create Web Directory

Apache website files should be stored in the /var/www/ directory. Create a directory named after your domain whereistherum.com, and a directory to actually store your website files within it public. The document root for the website will be /var/www/whereistherum.com/public/, this is where your website’s files will go.

sudo mkdir -p /var/www/whereistherum.com/public

Set the directory owner to your server user, and the directory group to the apache group www-data.

sudo chmod -R $USER:www-data /var/www/whereistherum.com

Set the directory permissions so that the owner can read / write / execute, and the group can read / execute. If your web application requires apache to modify web files, grant the group the same permissions as the owner.

sudo chown -R 750 /var/www/whereistherum.com

Configure Virtual Host

Create a new virtual host configuration file in the /etc/apache2/sites-available/ directory.

sudo nano /etc/apache2/sites-available/whereistherum.com.conf

Define the virtual host settings for HTTP port 80. Apache can use name-based routing, allowing you to have multiple websites on the same port as long as you define ServerName.

<VirtualHost *:80>
  ServerAdmin [email protected]
  ServerName whereistherum.com
  ServerAlias www.whereistherum.com
  DocumentRoot /var/www/whereistherum.com/public
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  
  <Directory /var/www/whereistherum.com/public/>
    Options -Indexes -FollowSymLinks
    Order deny,allow
    AllowOverride none
  </Directory>
</VirtualHost>

Enable Virtual Host

Once the virtual host is configured, it can be enabled using Apache’s a2ensite command.

sudo a2ensite whereistherum.com.conf

Disable the default host configuration using Apache’s a2dissite command.

sudo a2dissite 000-default.conf

Test the Apache configuration. If all is well, the output should include Syntax OK.

sudo apache2ctl configtest

Finally, restart Apache and your site’s initial setup will be complete!

sudo systemctl restart apache2