16.1. Installing Apache Depending on the distribution, the package from which the Apache web server is installed may be called apache or httpd, and the documentation package may be called apache-docs or httpd-manual, respectively. In the first case, you will need to install the apache-common package containing

16.2. Apache setup. Configuration Files After installing Apache, you should edit the following files:? /etc/httpd/conf/httpd.conf - main configuration file. For Apache 2.x. this file may also be called httpd2.conf;? /etc/logrotate.d/apache or /etc/logrotate.d/httpd (in version 2.0) - rotation file

16.10. SSL and Apache 16.10.1. Installing SSL SSL (Secure Sockets Layer) is an encryption method developed by Netscape to ensure secure data transmission. This method supports multiple encryption methods and provides authentication at both the client and client level.

19.2. Bootloader Configuration Files Listing 19.1 shows the main GRUB2 configuration file - /boot/grub/grub.cfg. It cannot be edited manually. To create it, use the /usr/sbm/grub-mkconfig utility, which generates this configuration file on based on templates,

26.2.3. Server Configuration Files Server configuration files are located in the /etc/apache2 directory. The main configuration file is called apache2.conf. Its default settings will suit most users. If you plan to use the Web server not only locally (for

Source files and executable files Our wonderful program, despite its brevity and simplicity, is a completely meaningless set of symbols for a computer, since it “does not understand” directives like #include or printf. He only understands special language,

5.3.1. Configuration files All SSH protocol configuration files are located in the /etc/ssh directory. Here you can see the following list:? SSH server configuration file - sshd_config;? SSH client configuration file - ssh_config;? key files for various

Kernel Debugging Configuration Options There are several configuration options that assist in debugging and testing kernel code that are enabled at compile time. These options are available in the Kernel hacking item in the kernel configuration editor menu. All these

Apache is a web server.

Configuration files

By default, all configuration files are stored in the "conf" folder.

httpd.conf is main configuration file apache server. Changes made to this file require a restart of the apache server to take effect.

In the "extra" folder (inside the "conf" folder) are additional configuration files. If necessary, they can be connected inside the main configuration file.

Syntax of configuration files

There should be only one directive on one line. The \ (backslash) character can be used as the last character of a line to indicate that the directive continues on the next line. There must be no other whitespace characters after the \ character except the end of line character.

The directive and its arguments are separated by a space. The arguments themselves are also separated by spaces. If the argument contains spaces, it must be enclosed in quotes.

Directives are not case sensitive, but arguments, on the contrary, are case sensitive.

A line that begins with a # (hash) character is considered a comment and is ignored. A comment cannot be placed on the same line as a directive.

Whitespace characters, inserted before the directive are ignored, so they can be used to insert indentations to make the code easier to read. Blank lines are also ignored.

Modules

A module is simply a plug-in file that allows you to add additional functionality. All plugins are located in the "modules" folder by default.

Modules allow you to use directives that are not included in the Apache web server core.

.htaccess

Htaccess is an additional configuration file for the Apache web server, as well as similar servers. It allows you to configure functionality for individual directories, without changing the main configuration file, since access to it is most often prohibited.

The .htaccess file only affects the directory in which it is located and its child directories. The .htaccess file can be placed in any directory. The directives of this file affect all files in the current directory and all its subdirectories (unless these directives are overridden by the directives of underlying .htaccess files).

Changes made to the .htaccess file do not require a server restart.

If any error was made in the .htaccess file, for example, a directive or the value of a directive was written incorrectly, the server will return an error: Error 500.

The .htaccess file uses the same syntax as Apache configuration files.

You can see which directives can be located inside the .htaccess file in the directory of directives in the “Context” of a specific directive.

Concepts: configuration, directives. Configuration files, directives. Basic configuration directives. Server processes. Control access to directories and files.

Configuration (Latin configuratio - mutual arrangement) is a special logical and methodological technique, a mental technique for synthesizing knowledge of different subjects, different ideas about the same object.

Directives, g. (from Latin directio - direction). General guidance given by a higher authority to a subordinate (server for workstation etc.) .

Configuration file is a file with a fairly simple format. Each line represents a keyword and one or more arguments. For simplicity, most lines contain only one argument. Anything following the # symbol is a comment and is ignored.

Apache is configured by changing service files in the /etc/httpd/conf/ directory. The main configuration file of the web server is httpd.conf. Configuration directives can be placed in various files, which include file_name.conf in the main Include construct.

If the location of a file or directory is specified implicitly in the configuration file (explicit location begins at the root of the file system - with the "/" character), Apache uses the directory specified in the ServerRoot directive to determine the actual location of the target.

Description of Apache modules and configuration directives

Directives can be used at the following levels:

A server configuration level - the directive can only be used in the main configuration file.

Level V - the directive can be used differently for different virtual hosts.

D level - for any directory, you can set your own settings using a directive of this level.

H level of .htaccess files - the directive is allowed to be used in .htaccess files in places where they are allowed by the server.

At any point, the use of the filename parameter in the directive specifies an absolute (starting with "/") or relative path to the file from the ServerRoot directory.

CORE - web server core (Apache core module)

AccessConfig filename

Sets the location of the configuration file. The default system configuration file is conf/access.conf; To cancel reading this file, it is recommended to set /dev/null.

AccessFileName file file ...

Sets the names of the access files used to configure on-the-fly configuration by default - .htaccess.

AddModule module module ... [A]

Activates a dynamically loaded module supplied as a separate library file.

AddModule module module ...

Activates a dynamically loaded module, supplied as a separate library file or compiled inside the main httpd module.

AllowOverride param param ...

Sets the rules by which Apache uses directives in internal .htaccess files;

None - ignores;

All - uses all directives;

Options - allows the use of Options and XBitHack;

Indexes - directory indexing management directives;

FileInfo - directives for managing file types and their handlers;

AuthConfig - directives for accessing Auth* directories;

Limit - allow/deny/order directives.

AuthName realm

AuthType type

Used to specify a method for requesting and transmitting a username and password to access website directories. Most often they use Basic, less often - Digest and others.

BindAddress address [A]

Specifies the address at which Apache will accept connections. You can use hostname, IP address or *.

ClearModuleList[A]

The directive clears the list of loaded modules. After this directive, you need to use AddModule directives to work with the necessary modules.

ContentDigest on|off

Enables or disables MD5 data hash forwarding. It is calculated for all transmitted pages and is not cached.

CoreDumpDirectory dirname [A]

Points Apache to the directory in which memory dump files (core) created in case of emergency errors will be saved.

DefaultType mimetype

Sets the MIME type sent to clients if Apache cannot determine the type via the mime.types file or AddType directives. Default is set to text/plain.

...

Combines a group of directives that specify Apache's behavior when accessing documents located in a given directory. It is allowed to use name masks - symbols *, ? according to shell rules. If a mask is used, a tilde ~ is placed in front of the name.

...

Defines a group of directories specified by a regular expression and sets the rules for Apache to work with directories and files in this group.

DocumentRoot dirname

Indicates to the server the location of the root of the directory tree below which is the web server's data structure.

ErrorDocument filename|string|URL

In case of an error, it redirects to the specified pages. You can also set a comment to the situation that has arisen, which should begin with a single quotation mark. Example:

ErrorDocument 500 http://foo.example.com/cgi-bin/tester

ErrorDocument 404 /cgi-bin/bad_urls.pl

ErrorDocument 401 /subscription_info.html

ErrorDocument 403 "Sorry can"t allow you access today"

ErrorLog filename

Error log file name. If the parameter line begins with (/), then the path to the file must be specified from ServerRoot; if it begins with (|), then error messages are passed to the specified command on standard input. In particular, in this way, for example, you can implement saving the log directly in the SQL DBMS or save them immediately compressed, transferring, for example, to gzip. Apache versions 1.3 and later output messages to syslog by default if the system supports this feature; but this can be disabled using syslog:facility.

...

File access control. Sections are processed in the same order as in the configuration file, after the directive sections have been read and .htaccess files, but before the directory sections are read . The argument must contain the file name or a mask containing "?" - any character, "*" - any string. With the additional ~ symbol, extended regs can be used. expressions (see REGULAR EXPRESSIONS section in grep(1)) For example: will correspond to those commonly used on the Internet graphic files.

...

Same as , but uses regular expressions.

It only relates to starting Apache and forking processes in the environment and with the rights corresponding to the given name.

HostNameLookups on|off|double

Controls the ability to determine the visitor's hostname using reverse DNS. It works slowly and is considered disabled by default. Double indicates that the host name should be subject to additional checking to ensure that the name matches the IP address of the host that sent the request.

IdentityCheck on|off

Enable RFC1413 authentication. Enabling the function will significantly increase the server access time.

...

And should only be performed if this parameter defined in Apache internal structures. The [!] sign preceding a parameter indicates that the directive block will be read only if the parameter is not defined.

...

Indicates that directives placed inside a block formed by a pair of directives And should only be performed if this module compiled in Apache. The [!] sign preceding the module indicates that the directive block will be read only if the parameter is not defined.

Include filename [A]

The directive allows you to include configuration files in the server configuration.

KeepAlive on|off [A]

Allows a client to request multiple files sequentially without breaking the TCP connection.

KeepAliveTimeout sec [A]

Specifies the time (in seconds) before the TCP connection is closed that Apache will wait for the next request from the client.

...

Allows you to specify which HTTP method (for example GET or POST) the contents placed inside belong to. ... access restriction commands.

The following methods can be used: GET, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK.

Listen port [A]

Forces Apache to listen to the specified addresses and ports. For example, to force the server to listen on ports 80 and 8000, use:

To make Apache run on different interfaces with specified port numbers, use:

Listen 192.170.2.1:80

Listen 192.170.2.5:8000

ListenBacklog length [A]

The maximum length of the connection processing queue.

...

Details in apache-manual :)

...

Details in apache-manual

Lockfile filename [A]

The directive sets the path to the lockfile.

LogLevel emerg|alert|crit|error|warn|notice|info|debug

Sets the level of information content of the protocol (log file of the server operation). Recommended use: at least level crit.

MaxClients count [A]

The directive sets a limit on the number of simultaneous requests to the server. In fact, this number cannot exceed the number of child processes of the server, which by default cannot be more than 256. To correct the situation, edit HARD_SERVER_LIMIT in httpd.h and compile it.

MaxKeepAliveRequest count [A]

Allows the client to sequentially request the specified number of files without breaking the TCP connection if KeepAlive is enabled. If the parameter is set to 0, then Apache will only close the connection based on the KeepAliveTimeout parameter.

MaxRequestsPerChild count [A]

The directive sets a limit on the number of requests that an individual child process can handle. If MaxRequestsPerChild is set to 0, the number of requests is unlimited.

MaxSpareServers count [A]

The directive sets the desired maximum number of inactive server processes. The directive is useless if the Microsoft Windows version of Apache is used.

MinSpareServers count [A]

The directive sets the desired minimum number of inactive server processes. The directive is useless if the Microsoft Windows version of Apache is used.

NameVirtualHost port [A]

Indicates that requests to this port-name should be separated by the name of the host being accessed (the HTTP "Host:" header). Allows you to define multiple virtual hosts for one IP address.

Options param param...

Defines Apache action settings for the specified content. All possible settings are described in detail in the apache-manual. Frequently used: Indexes - turns on displaying the contents of the directory if the index file is not found in it (DirectoryIndex directive); ExecCGI - enables the ability to place executable files (cgi, perl scripts) in this directory; Includes - enables the ability to place files in the SSI directory. Each setting is supported by the corresponding module that uses it and may not work if the required module is not loaded. Each Options directive is considered to be in addition to the already known Options defined for the parent directories. Each setting can be prefixed with + or - to enable or disable it in a given context.

PidFile filename [A]

The directive sets the name of the file in which the server writes the process identifier.

Specifies the Apache port - a number from 0 to 65535 (note that some ports may be used by other protocols, see /etc/servises). The standard port for the http protocol is 80.

require userid|groupid|valid-user|file-owner|group-owner [A]

Determines which users have access to the directory.

Require user userid - only these users have access

Require group group-name [group-name] - all users of these groups

Require valid-user - all valid users.

ResourceConfig filename [A]

The server reads further directives from this file after reading httpd.conf. The file name is set relative to ServerRoot. Can be disabled: ResourceConfig /dev/null

RLimitCPU max|sec[ max|sec] [A]

RLimitMEM max|bytes[ max|bytes] [A]

RLimitNPROC max|count[ max|count] [A]

Satisfy any|all [A]

Defines the access policy if Allow and Require are used simultaneously. Used when access to the area is limited by name/password and client address. In this case, the default ("all") requires the client to be verified at the address and enter the correct username and password. In the case of the "any" parameter, the client will gain access if he entered the correct name and password or passed the host restriction. Can be used to restrict access through a password, but allow clients from a specific address without a password.

ScoreBoardFile filename [A]

The directive is required to specify the file name used by the server for communication between child and mother processes. You can find out if this file is required by running Apache and seeing if it creates a file with the given name. If yes, then you need to make sure that it is used by only one copy of Apache.

SendBufferSize bytes [A]

Sets the TCP buffer size.

ServerAdmin email

Sets the email address that the server shows to the client in error messages.

ServerAlias ​​hostname

Specifies an alternative virtual host name.

ServerName hostname

The directive sets the server name; used in link creation. If a name is not specified, the server will try to obtain it from its own IP address.

ServerPath path

The directive sets the legacy pathname for the host.

ServerRoot path [A]

Sets the directory where the server lives. Typically contains conf/ and logs/ subdirectories. Paths for other configuration files are built relative to this directory.

ServerSignature on|ff|mail

Configures the line at the bottom of the server-generated document. Disabled by default, On - shows the server version and ServerName of the virtual host, Email adds a mailto: link to ServerAdmin

ServerTokens Minimal|OS|Full [A]

Controls the header sent to the client by the server describing the server OS and compiled modules.

ServerType standalone|inetd [A]

Determines how the server is started by the system. inetd - runs from the inetd system process. standalone - like a daemon process.

StartServers count [A]

Sets the number of child processes created at startup. The number changes dynamically depending on the load anyway, there is usually no reason to change this setting.

The time that Apache will wait for: receiving a GET request, receiving TCP packets on POST and PUT requests, pause between ACKs when transmitting TCP packets in responses.

UseCanonicalName on|off

Causes Apache to generate the names of the pages it creates using the SERVER_NAME values ​​with SERVER_PORT.

User username

Sets the userid by which the server will respond to requests. To use the directive, the server must be running as root.

...[A]

Directives placed inside a block formed by a pair of directives And I determine the configuration of a given virtual host. Each virtual host must have a unique IP address, port number, or hostname. It makes sense to use this directive if, for example, the server has a network interface for the internal network and another interface for the external network.

mod_env - sets and passes variables for processing in CGI/SSI files

PassEnv variable[ variable] ...

Passes an environment variable (eg HOME) to handlers.

SetEnv variable value

Writes the specified value to the specified environment variable.

UnsetEnv variable[ variable] ...

Resets a variable, making it impossible to read it from handlers.

mod_setenvif - uses conditional expressions to set environment variables

BrowserMatch regex env-variable[=value] ] ... [A]

Uses the passed regular expression as a filter for the User-Agent header from the client browser. On a successful hit, initializes the variable with the given value. If only the variable name is specified, it is initialized with the number 1. If a variable is specified with a preceding "!" - the variable is reset.

BrowserMatchNoCase regex env-variable[=value] ] ... [A]

Acts similarly to BrowserMatch, allowing for differences in character case between the passed User-Agent value and the regular expression used as a filter.

SetEnvIf attribute regex env-variable[=value] ] ... [A]

The action performed by the directive is completely similar to BrowserMatch, but instead of User-Agent any other header can be used: Remote_Host; Remote_Addr; Remote_User; Request_Method; Request_URI; Referrer

SetEnvIfNoCase attribute regex env-variable[=value] ] ... [A]

The difference from SetEnvIf is the same as that of BrowserMatchNoCase from BrowserMatch above.

mod_unique_id - generating a unique environment variable UNIQUE_ID

The variable is generated randomly from the server's IP address, the number of the running process, timestamps and additional internal counters.

The variable is intended for use in compound documents when it is not possible to track the same request using other methods.

mod_mime - designed to determine the mime type of a file when transferring it to the client

AddCharset charset extension ...

For the specified file extensions, tells Apache to pass this charset when responding to the client.

AddEncoding MIME-enc extension ...

For the specified file extensions, tells Apache to transfer the file using the desired MIME encoding.

AddHandler handler-name extension ...

Tells Apache that files with given extensions should be passed to a specific handler. The handler can be either internal (cgi-script and others) or external, described earlier by the Action directive.

AddLanguage MIME-lang extension ...

Establishes a relationship between file extensions and the language code sent in the response.

AddType MIME-type extension ...

Updates the MIME type table with a new mapping of file extensions and MIME code for the response to the client.

DefaultLanguage MIME-lang

Sets the response language to always be sent if this cannot be done by other means.

ForceType MIME-type

Forces a response with the given MIME type in the directory to which the given directive is assigned.

RemoveEncoding extension ...

Removes the MIME encoding code in the response for files with these extensions.

RemoveHandler extension ...

Tells Apache not to run handlers for files with these extensions.

RemoveType extension ...

Resets the MIME type in the response to the client to the default MIME type

SetHandler handler

Forces the call of this handler for all files to which this directive is assigned.

TypesConfig filename [A]

Specifies the location of the MIME type mapping table. Default - conf.mime.types

mod_mime_magic - a module that uses complex rules to determine the MIME type of the file sent in the response

MimeMagicFile filename

Activates a module action using the specified file on a given document area of ​​the web server or on all documents available to Apache.

mod_negotiation - providing negotiation of transmitted data types between the client and server

CacheNegotiatedDocs [A]

Allows caching of documents with consistent content on intermediate proxy servers and the client computer.

LanguagePriority MIME-lang... [A]

Determines the priority of the languages ​​used in the response to the client when it is not possible to precisely determine or find the document language requested by the client.

mod_alias - allows you to place documents in web server directories in a more arbitrary manner

Alias ​​URL-path filesystem-path

Tells Apache that documents located "below" the given URL should be searched "below" the given location in file system.

AliasMatch URL-regexp filesystem-path

Defines more complex rules for searching data in the file system by comparing URLs with a regular expression.

Redirect URL-path URL

In response to the request, the URL-path and the documents "below" returns the specified response code (302 by default) and redirects the client to another URL. The status can be specified as a number or symbolically: permanent (301), temp (302), seeother (303), gone (410). For a 410 response code, the response URL must be omitted.

RedirectMatch URL-regexp URL

Similar to Redirect, using a specified regular expression rather than an exact match to compare the passed URL.

RedirectTemp URL-path URL

Similar to Redirect using 302 response code.

RedirectPermanent URL-path URL

Similar to Redirect using 301 response code.

ScriptAlias ​​URL-path filesystem-path

Works similarly to Alias ​​but automatically sets the cgi-handler handler to run for all files inside the target directory.

ScriptMatch URL-regexp filesystem-path

Similar to ScriptAlias, with URL checking using a regular expression.

mod_rewrite - controls the location of documents on the server

In a brief collection of descriptions of Apache directives, it is difficult to describe the tasks solved by this complex module. As a guide to action, it is best to use the special sections of the apache-manual "Module mod_rewrite URL Rewriting Engine" and "URL Rewriting Guide". The easiest way to learn how to use this module is to consider specific problems and their solutions using it.

There is a single main (parent) process that is responsible for creating child processes, which in turn listen to connections and process client requests. Apache always tries to keep a few unused server processes in reserve that are ready to process incoming requests. Thus, clients do not have to wait for new child processes to be created that will be forked before their request is serviced. The StartServers, MinSpareServers, MaxSpareServers, and MaxClients directives control how the parent process creates child processes to service requests.

In general, Apache is very self-contained, so for most websites there is no need to change these directives from their default values.

For sites that must serve more than 256 simultaneous requests, MaxClients may need to be increased, and for sites located on servers with limited memory, MaxClients may need to be lowered to avoid forcing the server to swap memory to disk and back), which will lead to severe slowdowns in work.

Choosing modules is one of the most important steps in ensuring good Apache Web server security. We should be guided by one good rule: the less the better. To enable the functionality we need and provide good protection, the following modules must be enabled:

httpd_core - Apache core, required with every Apache installation.

mod_access - Controls access to server directories depending on the client's IP address or hostname.

mod_auth - Required to authorize users using text files.

mod_dir - Required to look for index files: "index.html", "default.html", etc.

mod_log_config - Provides logging of requests sent to the server. mod_mime - Contains directives that facilitate the organization of various MIME types on the server.

All other Apache modules must be disabled. We can safely turn them off because we won't need them. By disabling unnecessary modules, we prevent an attacker from exploiting a vulnerability that was found in one of these modules.

It is also worth noting that two Apache modules (mod_autoindex and mod_info) are the most dangerous. The first module allows you to automatically index the directory and is enabled by default. To see how it works, enter, for example, http://server_name/icons/ and if there are no index files in this directory, the contents of the entire directory will be displayed. The second module, mod_info, should never be accessible over the Internet because it exposes the entire Apache Web server configuration.

The next question is how to compile modules. It seems to me that the static method is the best (codes are embedded in executable files) rather than the dynamic method (codes are collected at the time the program is launched). By choosing a static method, we also eliminate the need for yet another module, mod_so.

Independent work: Working with the database server MySQL data. Creating tables. Inserting, retrieving and updating data in a database.

Laboratory work No. 12. Installing and configuring the Apache web server.

Independent work: Working with the MySQL database server.

Apache is the most popular web server on the Internet, serving more than half of active sites.

In this article we will look at common configuration files and basic Apache settings on Ubuntu/Debian system

Note: Apache files differ depending on the distribution, so this article is not suitable for RHEL users.

Installing Apache on Ubuntu/Debian

If the Apache web server is not yet installed, use the commands:

sudo apt-get update
sudo apt-get install apache2

To verify that the installation was successful, open your browser to the IP address of your server. The Apache welcome page should appear on your screen:

It works!
This is the default web page for this server.
The web server software is running but no content has been added, yet.

Apache File Hierarchy

On Ubuntu and Debian, Apache stores configuration files in the /etc/apache2 folder.

cd /etc/apache2
ls -F
apache2.conf envvars magic mods-enabled/sites-available/
conf.d/ httpd.conf mods-available/ ports.conf sites-enabled/

This folder contains a number of simple text files and subdirectories. The most important of them:

• apache2.conf: main server configuration file. Almost all configurations can be performed in it.
• ports.conf: This file specifies the ports that virtual hosts listen on. Check this file when setting up SSL.
• conf.d/: This directory controls certain aspects of Apache configuration. For example, it is often used to define SSL configuration and standard security policies.
• sites-available/: This directory stores all available virtual hosts, which determine what content will be served on the site. These hosts are not active.
• sites-enabled/: This directory defines active virtual hosts. Typically it contains symbolic links to files defined in the sites-available directory.
• mods-/: These directories work in the same way as sites-available and sites-enabled. They store modules.

As you can see, Apache configurations are not limited to the main configuration file, but are distributed across several files and directories. This configuration structure can be expanded with new files.

Apache configuration file

Basic Apache settings are stored in /etc/apache2/apache2.conf.

This file contains three main sections: Apache global settings, default server settings, and virtual host configurations.

On Ubuntu and Debian, most of the file is dedicated to global settings, and the default server configuration and virtual host settings are handled at the end of the file using the Include directive.

At the end of the file you will find many Include settings. They define modules, add a ports.conf document, certain files from the conf.d/ directory, and virtual host settings from the sites-enabled/ directory.

Let's focus on the global settings of the Apache web server.

Apache Global Settings

This section examines important parameters global settings Apache.

Timeout

By default, this parameter is set to 300. This means that the server has a maximum of 300 seconds to complete each request. In most cases, this value is very large, and it is recommended to reduce it to 30-60 seconds.

KeepAlive

If this setting is On, the server will allow the client to request multiple objects within a single connection. If the parameter has Off value, then each new request will create an individual connection. This behavior can lead to overload of a site with high traffic.

MaxKeepAliveRequests

This setting allows you to define the maximum number of requests per connection. This allows you to increase Apache performance.

A value of 0 will allow the web server to process an unlimited number of requests within a single connection.

KeepAliveTimeout

This parameter sets the time interval between requests. If the client has not created another request within the specified time. The web server will terminate the connection. If this client subsequently makes a request, the server will create a new connection.

MPM Settings

To find out which modules Apache was compiled with, open a terminal and type:

apache2 -l
Compiled in modules:
core.c
mod_log_config.c
mod_logio.c
prefork.c
http_core.c
mod_so.c

As you can see, in this case the web server is compiled with the prefork.c module and the apache2.conf file.

Virtual Host Configurations

The default virtual host is located in the default file in the sites-available directory.

To see the general virtual host format, open this file:

sudo nano /etc/apache2/sites-available/default

ServerAdmin webmaster@localhost
DocumentRoot /var/www

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all

. . .

By default, the virtual host processes requests on port 80.

This does not mean that the web server will necessarily process every request on that port. Apache can override configurations.

Top Level Virtual Host Settings

These settings are set in the Virtual Host section and apply to the entire virtual host.

The ServerAdmin parameter specifies the contact email address to use if problems occur on the server. This address can be pasted into the error page. To do this, the ServerSignature parameter (in the /etc/apache2/conf.d/security file) must be set to Email.

The ServerName directive specifies the domain name or IP address of the server. This is a per-virtual host setting that can override the default settings if it matches the ServerName value.

The ServerAlias ​​parameter allows you to add site aliases - alternative names and paths leading to the same content. For example, a domain alias is often set to www.

DocumentRoot specifies the directory in which the web server stores the content of this virtual host. On Ubuntu, the default for this is /var/www.

Directory settings

The virtual host configuration has a special section for configuring the processing of individual file system directories. These settings can also be overridden.

First, the virtual host proposes a set of rules for the / directory (root directory). This section will provide basic virtual host configuration as it relates to all files that are served on the file system.

By default, Ubuntu does not impose any restrictions on the file system. Apache recommends adding a few standard access restrictions, for example:

Options FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from All

This will block access to all content unless subsequent directory definitions indicate otherwise.

The AllowOverride parameter allows you to override configurations using .htaccess files. To override settings, the .htaccess file must be in the content directory. By default this feature is disabled.

Alias ​​and ScriptAlias ​​settings

Sometimes the Alias ​​and ScriptAlias ​​parameters appear before the Directory section.

The Alias ​​directive allows directories outside of DocumentRoot to be added to the content being served.

ScriptAlias ​​works in a similar way, but contains the path to the directories with executable files.

For example, such a line in the virtual host for example.com will allow access to content in the /path/to/content/ directory when requesting example.com/content/.

Alias ​​/content/ /path/to/content/

Remember that when opening access to additional directories, you need to set limited privileges on them.

Enabling Sites and Modules in Apache

Once you have created the virtual host file, you can enable it. To do this, you need to create a symbolic link to a file in the sites-enabled directory:

sudo a2ensite virtualhostfile

Once your site is enabled, restart Apache to allow the web server to re-read the configurations:

sudo service apache2 reload

To disable the virtual host, you need to remove the symbolic link from sites-enabled:

sudo a2dissite virtualhostfile

After this you need to restart the web server again:

sudo service apache2 reload

You can enable and disable the Apache module using the following commands (respectively):

a2enmod
a2dismod

They work the same as the previously mentioned a2ensite and a2dissite commands. After enabling or disabling the module, you need to restart the web server.

Conclusion

This article only covers basic settings Apache web server files. Apache's feature set can be greatly expanded using modules.

If you need Additional Information about the web server, please contact

Apache is the most popular free web server. As of 2016, it is used on 33% of all Internet sites, which is approximately 304 billion sites. This web server was developed back in 1995 as a replacement for the popular NCSA that server and fixed many of its problems. Rumor has it that his name comes from a patchy, as he was fixing NCSA errors. Now, it is a cross-platform program that supports Windows, Linux and MacOS and provides sufficient flexibility, customization and functionality. The program has a modular structure, which allows you to expand its functionality almost indefinitely using modules.

You can install Apache on Linux using a few commands, but the program provides a very large number of settings that can be changed, as well as modules that, when enabled, will work better. This article will cover installing and configuring Apache, we will use Ubuntu as the main system, but you can repeat these steps in any other distribution. We will look at not only installing the program itself, but also how to configure it, setting up apache virtual hosts, as well as the most useful modules.

On this moment, the most a new version programs 2.4; therefore, setting up Apache 2.4 will be considered. As I already said, in Linux program installs in literally a couple of commands. To install on Ubuntu, first update the system to the latest version:

sudo apt update
$ sudo apt upgrade

Then install apache2:

sudo apt install apache2

In other distributions, the program package is called either this or httpd and installing it will not cause you any difficulties.

After installation is complete, you need to add the web server to startup so as not to start it manually after turning on the computer:

sudo systemctl enable apache2

Apache setup

Gone are the days when Apache configuration was stored in a single file. But it’s correct: when everything is distributed in its own directories, it’s easier to navigate the configuration files.

All settings are contained in the /etc/apache/ folder:

• File /etc/apache2/apache2.conf responsible for basic settings
• /etc/apache2/conf-available/* - additional settings web server
• /etc/apache2/mods-available/*- module settings
• /etc/apache2/sites-available/*- virtual host settings
• /etc/apache2/ports.conf- ports on which apache runs
• /etc/apache2/envvars

As you noticed, there are two folders for conf, mods and site. These are available and enabled. When you enable a module or host, a symbolic link is created from the available folder to the enable folder. Therefore, it is better to perform settings in the available folders. Generally speaking, you could do without these folders, take everything and dump everything into one file the old fashioned way, and everything would work, but no one does that now.

First let's look at main file configurations:

vi /eta/apache2/apache2.conf

Timeout- indicates how long the server will try to continue the interrupted transmission or reception of data. 160 seconds will be enough.

Keep Alive On- a very useful parameter, it allows you to transfer several files in one connection, for example, not only the html page, but also images and css files.

MaxKeepAliveRequests 100- maximum number of requests per connection, the more, the better.

KeepAliveTimeout 5- connection timeout, usually 5-10 seconds are enough to load a page, so you don’t need to set any more, but you also don’t need to break the connection before all the data has loaded.

User, Group- user and group on behalf of which the program will run.

HostnameLookups- write to logs instead of IP addresses domain names, it is better to disable it to speed up the work.

LogLevel- level of error logging. By default, warn is used, but to make the logs fill out more slowly, just enable error

Include- all include directives are responsible for connecting the configuration files discussed above.

Directory directives are responsible for setting access rights to a particular directory in the file system. The syntax here is:

Parameter value

The following basic options are available here:

AllowOverride- indicates whether .htaccess files should be read from this directory; these are the same settings files and have the same syntax. All - allow everything, None - do not read these files.

DocumentRoot- sets from which folder documents should be taken to be displayed to the user

Options- indicates which web server features should be allowed in this folder. For example, All - allow everything, FollowSymLinks - follow symbolic links, Indexes - display the contents of the directory if there is no index file.

Require- sets which users have access to this directory. Require all denied - deny everyone, Require all granted - allow everyone. You can use the user or group directive instead of all to explicitly specify the user.

Order- allows you to control access to the directory. Accepts two values: Allow,Deny - allow for everyone except those specified or Deny,Allow - deny for everyone except those specified..ru.

All these directives are not used here, since we are happy with the default values, but in .htaccess files they can be very useful.

We are left with the /etc/apache2/ports.conf file:

It contains only one directive, Listen, which tells the program which port it should work on.

The last file is /etc/apache2/envvars, you are unlikely to use it, it contains variables that can be used in other configuration files.

Setting up an Apache server via htaccess

.htaccess files allow you to configure your Ubuntu web server to behave in a specific directory. All instructions specified in this file are executed as if they were wrapped in a tag if they were in the main file.

It is important to note that in order for the server to read instructions from .htaccess, the settings for this folder in the main or virtual host file must not contain AllowOverride None for all settings to work you need AllowOverride All.

Otherwise, any configuration of the Apache server can be done here, from enabling modules to simply changing folder access. Since we have already considered all the parameters, let’s just give a couple of examples:

Order Deny,Allow
Deny from all

Denies everyone access to this folder, important to apply for configuration folders. Most often, .htaccess is used to work with the mod_rewrite module, which allows you to change requests on the fly:

RewriteEngine on
RewriteRule ^product/([^/\.]+)/?$ product.php?id=$1 [L]

But this is a very broad topic and is beyond the scope of this article.

Configuring Apache Modules

As I already said, Apache - modular program, its functionality can be expanded using modules. All available loader modules and module configuration files are located in the /etc/apache/mods-available folder. And activated in /etc/apache/mods-enable.

But you don't have to analyze the contents of these folders. Configuring Apache 2.4 by adding modules is done using special commands. You can view all running modules with the command:

You can enable the module with the command:

sudo a2enmod module_name

And disable:

sudo a2dismod module_name

After enabling or disabling modules, you need to restart apache:

sudo systemctl restart apache2

When one of these commands is executed, a symbolic link to a module file with the extension load is created or deleted in the mods-available directory. You can look at the contents of this file, there is only one line. For example:

vi /etc/apache2/mods-available/deflate.load

This means that the module could be activated simply by adding this line to the apache2.conf file. But it is customary to do just that to avoid confusion.

The module settings are located in the same folder, only in a file with the .conf extension instead of load. For example, let's look at the settings of the same module for deflate compression:

vi /etc/apache2/mods-available/deflate.conf

The files in the conf-available folder are the same modules, only they are installed separately from apache, these can be configuration files to enable the php module or any other programming language. Everything works exactly the same here, only the commands for enabling and disabling these modules are slightly different:

a2enconf module_name

a2disconf module name

As you have seen, enabling modules is very simple. Let's enable a few necessary but not enabled by default modules:

sudo a2enmod expires
$ sudo a2enmod headers
$ sudo a2enmod rewrite
$ sudo a2enmod ssl

The expires and headers modules reduce the load on the server. They return a Not Modified header if the document has not changed since the last request. The expiries module allows you to set the time for which the browser should cache the received document. Rewrite allows you to change requested addresses on the fly, very useful when creating CNC links, etc. And the last one to enable support for SSL encryption. Don't forget to restart apache2 after completing the settings.

Configuring Apache Virtual Hosts

It would not be entirely convenient if only one website could be hosted on one physical machine. Apache can support hundreds of sites on a single computer and serve the correct content for each one. Virtual hosts are used for this. The server determines which domain the request is coming to and serves the required content from the folder of this domain.

Apache hosts settings are located in the /etc/apache2/hosts-available/ folder. To create a new host, just create a file with any name (it’s better to end with the host name) and fill it with the necessary data. You need to wrap all these parameters in a directive VirtualHost. In addition to the parameters discussed here, the following will be used:

• ServerName- primary domain name
• ServerAlias- additional name by which the site will be accessible
• ServerAdmin - Email administrator
• DocumentRoot- folder with documents for this domain

For example:

vi /etc/apache2/sites-available/test.site.conf