Apache Webserver

Russell Bateman
November 2013
last update:

This changes over the years, so keep looking at everything I've got here.

Install and run... (deprecated)
  1. apt-get install apache2
  2. Set up vhost files.
  3. Set up modules you want.
  4. service apache2 status|start|stop|restart

Want only to publish local notes to teammates (behind firewall)? Go do this:

# cd /var/www
# mv html html.sav
# ln -s /home/russ/dev/notes ./html

In browser, type http://host-ip-address.

More? See HTTPD - Apache2 Web Server

Install on Ubuntu Server 22.04...
  1. apt-get update
  2. apt-get install apache2
  3. Enable the firewall:
    # ufw enable
    Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
    Firewall is active and enabled on system startup
    # ufw app list
    Available applications:
      Apache Full
      Apache Secure
    # ufw allow 'Apache Full'
    Rule added
    Rule added (v6)
    # ufw status
    Status: active
    To                         Action      From
    --                         ------      ----
    Apache Full                ALLOW       Anywhere
    Apache Full (v6)           ALLOW       Anywhere (v6)
  4. Inspect the Apache webserver service's status:
    # systemctl status apache2
     apache2.service - The Apache HTTP Server
         Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
         Active: active (running) since Wed 2022-06-22 22:03:37 UTC; 6min ago
           Docs: https://httpd.apache.org/docs/2.4/
       Main PID: 2004 (apache2)
          Tasks: 55 (limit: 38302)
         Memory: 5.3M
            CPU: 41ms
         CGroup: /system.slice/apache2.service
                 ├─2004 /usr/sbin/apache2 -k start
                 ├─2005 /usr/sbin/apache2 -k start
                 └─2006 /usr/sbin/apache2 -k start
    Jun 22 22:03:37 russ-microservices systemd[1]: Starting The Apache HTTP Server...
    Jun 22 22:03:37 russ-microservices apachectl[2003]: AH00558: apache2: Could not reliably determine the server's fully q>
    Jun 22 22:03:37 russ-microservices systemd[1]: Started The Apache HTTP Server.
  5. Now that it's obvious it's running, hit the webserver's splash page from any browser:

Want only to publish local notes to teammates (behind firewall)? Go do this:

# cd /var/www
# mv html html.sav
# ln -s /home/russ/notes ./html

In browser, type http://host-ip-address. When you first do this, you must restart Apache:

# systemctl restart apache2

Setting up a virtual host...

If you wish to set up full, raging virtual hosts, check out Step 5 — Setting up Virtual Hosts.

  1. Create a directory for the domain, assign ownership and set permissions:
    # mkdir /var/www/domainname
    # chown -R www-data:www-data /var/www/domainname
    # chmod -R u=rwxr,g=xr,0=rx /var/www/domainname      # (or 755)
  2. If your domain has no index.html, create one that will come up and reassure you that your domain works. For example, put this file on the path, /var/www/domainname/index.html:
        <title>Welcome to your domain!</title>
        <h1>The virtual host you set up is working!</h1>
  3. Now create a virtual host file. Name this file, domainname.conf and drop it into /etc/apache2/sites-available:
    <VirtualHost *:80>
        ServerAdmin  webmaster@localhost
        ServerName   domainname
        ServerAlias  www.domainname
        DocumentRoot /var/www/domainname
        ErrorLog     ${APACHE_LOG_DIR}/error.log
        CustomLog    ${APACHE_LOG_DIR}/access.log combined
  4. Enable your new site thus:
    # a2ensite domainname.conf
  5. ...and disable the default configuration there since Apache was installed:
    # a2dissite 000-default.conf
  6. Use Apache to test for any configuration errors in your virtual host file:
    # apache2ctl configtest
    . . .
    Syntax OK
  7. Bounce Apache:
    # systemctl restart apache2
  8. Then head (in a browser) to your domain:
    ...where you should see something like this:

    The virtual host you set up is working!

Apache Webserver on SuSE Linux

It is unfortunate that the Apache webserver is installed and configured with dramatic difference across even modern Linux platforms. Here’s what I’m seeing for SuSE 10 right now (at work; at home I have 10.1 and we’ll see how different that is). It is quite literally a pain in the kazoo as compared to what I experienced 5 or 6 years ago on RedHat 7.1. However, I don’t dare go against the grain because there are benefits to doing things the right way on your platform.

See docs at http://httpd.apache.org/docs/2.2/.

Install and run...

I followed an article by my old friend, Kevin Millecam, (Google “apache linux millecam”) a little bit before it started deviating from what I could relate to. Kevin wrote this article to rave reviews a few years ago—back before SuSE 10. What is even more useful, once I get to it, is the coverage of PHP and MySQL. I have so far climbed the PHP mountain, although not really since SuSE’s Apache2 simply came already installed with it. (I mean, when I loaded my box in January 2006, I specifically asked for Apache2 to get installed during the initial installation because I knew that sooner or later I would need to use it.

I found in SuSE 10 that Yast doesn’t mention Apache by name, but instead calls it the http server. Okay, I’m clever enough to guess that “http server’ refers to the Apache web server because the Apache Software Foundating is bigger than just their webserver. And, Yast is handy in expert mode once you get there, for setting up Apache in the respective boot levels, but that is all it does for you.

Where’s my stuff?

RedHat installs Apache across /var/local and /usr/local which is where you’d install it if you were compiling it for yourself from Apache sources.

SuSE comes with Apache 2 and if you let Yast take care of the problem for you, it gets installed who knows where. I haven’t found all the places it goes, but I can tell you that it isn’t in /usr/local presumably because SuSE considers it system software.

It has been asserted to me that Yast can configure things like Document Roots. I was looking forward to this since the last time I messed with those, for my Apache server running on NetWare (whence you are reading this very document), I failed to perform the configuration correctly (and, my hand was being held by Novell’s Apache guy too). However, I did not find this to be true in the version of Yast installed on my SuSE 10. On SuSE 10.1, it happens under Yast for http server.

What’s more, I haven’t yet figured out how to muck with /etc/apache2/httpd.conf directly because that file now asks one not to muck with it. So, I’m still looking for how and where to do that. There are very unclear suggestions in that file, but some refer to files that don’t exist on my SuSE host. (But, more on this topic in the next section.)

Disconcertingly, path ~/public_html is useless to the Apache server on my host—a very convenient phenomenon that Kevin’s article had led me to believe would work. I would love to be able to put my stuff there.

Yast or not to Yast?

At work, I’ve found that SuSE 10’s Yast doesn’t provide for as much cool configuration as the SuSE 10.1/2 I have at home (I installed 10.1, but some things have been upgraded to 10.2, something I didn’t do on purpose, but happened already prior to my installation of 10.1 or as part of an automatic upgrade I tried to set up and which may have worked).

In particular, I find that at work I have to modify /etc/sysconfig/apache2 by hand to get APACHE_CONF_INCLUDE_FILES set to /etc/apache2/mod_userdir.conf in support of using ~/public_html use as a document root.

As you might guess, at work now (10.0) I restarted the dæmon with the change just described and it now works. I hate having to learn a new way to do things each release. There should be a best practices and then we’re done.

Populating the document root...

At this point, I can only say that /srv/www/htdocs is where I found what is displayed when, from a browser on any host here at my work, you type http://taliesin.vintela.com/. This is not to say that this path isn’t an eminently wonderful place for a webserver’s documents to go, it just seems very specific to SuSE.

I placed the following PHP content there and got what I was looking for once I did it. I called the document, info.php and reached it thus: http://taliesin.vintela.com/info.php

	<?php phpinfo(); ?>

This magically causes a page from php.net to come up with system information on it (quite useful).

PHP works, therefore, if not where I would prefer to see it (on ~/public_html where Kevin put his).

Virtual hosts...

In Apache, the term virtual host refers to being able to host more than one web site or domain name on the same server. This seems obvious, but you have to think about it.

It is possible to assign one IP address per domain or, more frequently, overload the one IP address you have with several domains, what Apache calls name-based hosting.

Setting up a subdomain using vhost files

Imagine a new subdomain, deck added to windofkeltia.com. Create a virtual hosts file with the following for the new subdomain.

    <VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName deck.windofkeltia.com
        DocumentRoot /home/websites/windofkeltia.com/deck
        ErrorLog /home/websites/log/windofkeltia.log
        <Directory /home/websites/windofkeltia.com>
            AllowOverride all
            Options Indexes FollowSymLinks MultiViews

    <VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile      /etc/ssl/STAR_zzt_net.crt
        SSLCertificateKeyFile   /etc/ssl/STAR_zzt_net.key
        SSLCertificateChainFile /etc/ssl/cacertfiles.cabundle
        ServerAdmin [email protected]
        ServerName deck.windofkeltia.com
        DocumentRoot /home/websites/windofkeltia.com/deck
        ErrorLog /home/websites/log/windofkeltia.log
        CustomLog /home/websites/log/windofkeltia.log combined
        <Directory /home/websites/windofkeltia.com>
            AllowOverride all
            Options  Indexes FollowSymLinks MultiViews

Use of CNAME for subdomains

The following illustrates the addition of "deck .... @" to CNAME entries to enable the subdomain addition addressed in the earlier section.

New for Apache 2.4

Changes that significantly affect the otherwise simplicty and habits of running a webserver.

  1. vhost files must have names ending in .conf; nothing else will do.
  2. In order not to get "You don't have permission to access / on this server" You must fix /etc/apache2.conf from:
    # These were the factory settings:
    <Directory />
           Options FollowSymLinks
           AllowOverride None
           Require all denied


    # To fix the problem: You don't have permission to access / on this server,
    # These settings from:
    # http://stackoverflow.com/questions/10873295/error-message-forbidden-you-dont-have-permission-to-access-on-this-server
    <Directory />
            #Options FollowSymLinks
            Options Indexes FollowSymLinks Includes ExecCGI
            AllowOverride All
            Require all granted
            #a note lower down reminded readers that these settings are obsolete
            #Order deny,allow
            #Allow from all

How to password-protect a site using Apache2

I started by reading this article.

Notice that this method only protects directories and not individual files. If a directory is accessible, all files (and subdirectories) are accessible. Also, usernames and passwords are transmitted in the clear, so someone sniffing can capture them. Therefore, don't use this for serious password protection.

  1. Enable .htaccess processing. This is done by editing the vhost file /etc/apache2/sites-available/000-default, which will look something like this:
            <Directory /var/www/>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride None         # → AllowOverride All
                    Order allow,deny
                    allow from all
                    # Uncomment this directive is you want to see apache2's
                    # default start page (in /apache2-default) when you go to /
                    #RedirectMatch ^/$ /apache2-default/

    Then restart Apache2:

    # service apache2 restart
    Note, however, that by Apache 2.4, this had changed. The file is /etc/apache2/sites-available/000-default.conf and it no longer includes a <Directory> section and you can only make the change in that context. So, to the <VirtualHost> section, add this:
    <Directory "/var/www">
        AllowOverride All
    Of course, if your content isn't on the path /var/www, then you need to add a different path, for instance /home/websites/blah.com.

  2. Create .htaccess containing something like:
    AuthName "name"
    AuthType Basic
    AuthUserFile /path/.htpasswd
    Require Valid-User
    1. AuthName can be anything you like; it's displayed when the browser prompts for the password. It could simply be "Members only."

    2. AuthType and Require —leave as-is.

    3. AuthUserFile is the password file named .htpasswd. Don't put this file in any general area reachable by other than an administrator.

  3. Put .htaccess in the subdirectory (could be deeper than the root of your website documents) you wish to protect from access.

  4. Set up the password file, .htpasswd. This isn't a file you create directly by hand, but it would be somewhat orthogonal to create it in the same place as the .htaccess file. Do this:
    1. The very first time, use
      # htpasswd -c .htpasswd username
      to create this file (because it likely doesn't exist.

    2. username need not be a user on the Apache2 host computer. In fact, it shouldn't be.

    3. The command will cause you to create a password.

    4. Do
      # htpasswd .htpasswd username
      to add more users.
    5. The resulting file contains usernames in clear text with encoded, unrecoverable passwords.

    6. You might ensure that .htpasswd has permissions thus:
      # chmod 644 .htpasswd

Setting up Apache 2 web server on Ubuntu (Linux Mint desktop)

Latest steps to set up a webserver on Linux Mint (Ubuntu) the last time I did it. This was in the days of Ubuntu 18.04 Bionic and Mint Sonya.

$ sudo bash
# apt-get update
# apt-get install apache2
# cd /etc/apache2/sites-available
# vim 000-default.conf
    #ServerAdmin webmaster@localhost
    ServerAdmin russ@localhost
# vim default-ssl.conf
    #ServerAdmin webmaster@localhost
    ServerAdmin russ@localhost
Because I want to point lamely at my notes subdirectory:
# cd /var/www
# mv html ohtml
# ln -s /home/russ/dev/notes ./html
# systemctl restart apache2
# ifconfig
    enp0s3  Link encap:Ethernet...
            inet add: ...
In browser, do:

Despite readable, many images don't display (403 Forbidden)

This may happen when subdirectories with images in them have bad permissions. The correct permission is 755, not 744:

# ll -d .
drwxr--r-- 2 russ russ 4096 Sep 28 01:55 ./
# stat -c "%a %n" .
744 .
# ll -d .
drwxr-xr-x 2 russ russ 4096 Sep 28 01:55 ./
# stat -c "%a %n" .
755 .

For some reason, .html files do not seem to suffer from this phenomenon.