How to Install and Configure Apache as a Web Server on Ubuntu 16.04+
Intro
You’ve probably heard the word “Apache” thrown around in: the tech industry, your CS classes, or just from that one friend who speaks in binary; but you never wanted to ask what it actually is, because everyone knows Apache…right?
If this sounds familiar, then hopefully this brief tutorial will give you a bit more of an idea as to what Apache is, how to install it on your Ubuntu (or other Debian-based distro) machine, and how you can configure it to carry out your site-serving bidding.
Apache HTTP Server is a free and open-source, cross-platform web server software. It played a key role in the growth of the internet and is still widely used today, with about a third of all websites utilizing it in some fashion.
This article will go over some of the basics of getting Apache HTTP Server up and running on your Ubuntu instance, along with giving you some insight on the default configuration options it has.
Install Apache
First, open up the terminal on whichever Ubuntu machine you wish to be your web server and then run the two lines of code below. The first line updates our package lists to make sure we have the most up-to-date versions of software packages available to us, and the second will…do exactly what it says.
sudo apt update
sudo apt install apache2Setting Up a Basic Firewall
Now we can move on to the most important thing to do to any server that will be exposing itself to the big, bad internet — securing it!
If you don’t already have ufw (Uncomplicated Firewall) installed on your system, you can install it with:
sudo apt install ufwThe “Uncomplicated Firewall” is essentially a command-line interface that is designed to be an easy way to configure your system’s firewall with a limited number of simple commands.
If you enable ufw now and you are currently using ssh to interface with a cloud (or local, headless) server, your ssh session will most likely be closed and you’ll need to find a workaround to get back in and disable ufw. This is because ufw doesn’t come with connections allowed on port 22 out-of-the-box. To ensure that you’re ssh connection will continue smoothly, we’ll want to allow connections on port 22 before we enable ufw.
To configure ufw to allow for ssh connections, run:
sudo ufw allow sshor equivalently:
sudo ufw allow 22The SSH daemon listens on port 22 by default, which is why these two commands are interchangeable.
Now that we’ve ensured that you won’t be cyberbullying me due to me locking you out of your cloud server, we can safely enable ufw.
sudo ufw enableNow that we have ufw installed and enabled, we can check to see what application profiles (pre-configured Apache server settings for specific applications) it currently has. To check this, enter the below command in terminal :
sudo ufw app listYou’ll most likely get something that looks like this:
Available applications:
Apache
Apache Full
Apache Secure
OpenSSHLooking at the output above, we see three profiles available for Apache:
- Apache: This profile manages only port 80 (unencrypted web traffic)
- Apache Full: This profile manages both port 80 and port 443 (TLS/SSL encrypted traffic)
- Apache Secure: This profile manages only port 443
- OpenSSH: This profile manages port 22 (Again, be careful with this one, as if you are connected to your server via ssh and you choose to deny this profile, you will be disconnected from your server)
For most purposes, we will need Apache to accept connections on port 80 and 443, so we will choose ‘Apache Full’.
Enter the line below to confirm that configuration:
sudo ufw allow 'Apache Full'Verify that the configuration has been accepted by entering:
sudo ufw status verboseThe verbose option just gives us a bit more detailed output.
It should then return the current rules that ufw has in place:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skipTo Action From
-- ------ ----
80,443/tcp (Apache Full) ALLOW IN Anywhere
80,443/tcp (Apache Full (v6)) ALLOW IN Anywhere (v6)
We can see that ufw is allowing connections to ‘Apache Full’ (on ports 80 and 443) from any IP addresses using both IPv4 and IPv6.
Now your server will only allow requests on ports 80 and 443 (and maybe 22).
This is by no means an exhaustive list of steps you should take to secure your web server, but setting up a basic firewall should be done at the very least. If you want to take a deeper dive into learning how to protect your server, check out this tutorial or to learn more about ufw specifically, read this.
Back to Apache
Next, let’s make sure that the server is running. Enter the following to check the status of Apache:
sudo systemctl status apache2Then you should see:
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enable
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Sun 2020-03-01 00:50:44 PST; 4 days ago
Main PID: 1658 (apache2)
Tasks: 6 (limit: 4915)
CGroup: /system.slice/apache2.service
├─ 1658 /usr/sbin/apache2 -k start
├─20339 /usr/sbin/apache2 -k start
├─20340 /usr/sbin/apache2 -k start
├─20341 /usr/sbin/apache2 -k start
├─20342 /usr/sbin/apache2 -k start
└─20344 /usr/sbin/apache2 -k startThe main thing to check for here is the part in bold.
Although this gives us a good indication that everything is most likely in order, the best way to determine that is to actually request a page from Apache.
To do this, you will need the public IP address of your server (or domain name if you already have that set up). To find the public IP of your server, enter this into your server’s terminal:
hostname -IYou should see a list of addresses separated by spaces returned to you — try them out in your web browser to see if they work. You’ll know if Apache is running correctly if you see something like this in your browser:
If you see this, congrats! You didn’t break everything!
This page is being displayed because currently Apache is using the default Virtual Host file, which tells Apache to point requests on port 80 to /var/www/html. If no specific file is specified in the config, Apache will look for an index.html file, which by default is the html page you see above.
Next, we’ll go over some of the basics of configuring the server.
Configuration
Below we can see some of the default Virtual Host file. It can be found in /etc/apache2/sites-available/ directory.
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>This default configuration is designed to handle requests on port 80. This can be seen at the top of the file, in the declaration header. The asterisk indicates that this is run on any interface (unless there is another, more specific Virtual Host file. In which case, that file would override this one as Apache is designed to use the Virtual Host file that matches the request most accurately)
Top Level Configuration
These are the options that are direct children of the Virtual Host tag, outside of any of the other lower sub-declarations.
- ServerAdmin: This option specifies the email address to contact should there be any server issues.
- DocumentRoot: This option specifies where the content of the site will be located.
- ServerName/ServerAlias: Although not in the default config file, these are options that you would add if you have a specific domain name or IP address that you would want Apache to handle requests to. ServerAlias is used to define alternate names that would be hosting the same content. An example could look like the following:
ServerName example.com
ServerAlias www.example.comDirectory Definitions
This is where the rules on how certain directories within the server's file system will be handled by Apache. By default, Apache does not set up any access restrictions, so it is recommended that you add some — possibly something like this:
<Directory />
Options FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from All
</Directory>This specifies the access restrictions on the root directory (as seen by the “/” in the opening Directory tag). If you want to learn more about directory directives, go here.
Enabling and Disabling Sites
When you’ve created a Virtual Host configuration that meets all of your needs, you’ll need to enable your site for it to actually be served by Apache.
When enabled, Apache will create a symbolic link to your config file in the ‘sites-enabled’ directory. In order to do this, run:
sudo a2ensite your_virtual_host_file_nameAfter this, you will need to either restart or reload Apache, so that it can re-read it’s config files. To do this, run:
sudo systemctl restart apache2or
sudo service apache2 reloadIf you want to disable a site (remove its symbolic link form ‘sites-enabled’), run:
sudo a2dissite your_virtual_host_file_nameand then restart/reload Apache again.
Enabling and Disabling Modules
Apache also employs modules, which extend onto the core abilities of Apache to do things like: improve server security, optimize your content via compression or caching, or allowing for reverse proxy functionality.
Specific modules can be enabled by running:
sudo a2enmod module_nameor disabled by:
sudo a2dismod module_nameI won’t go into specific modules, but a list and their respective functions can be found here.
Conclusion
This was a very generic overview of how to get Apache up and running and it should not be the only resource you consult when setting up your server. Apache is quite modular, and you will most likely find additional configurations that will more closely suit the needs of your setup.
I hope this gave you a bit better understanding of what Apache is, what its used for, and what some of its main configuration options are out of the box. If you want to learn more about Apache HTTP Server, take a look at the official documentation.
