Linux7 min read

Setting up Apache on Ubuntu

linuxapacheweb-serverubuntu

Apache has been serving websites since 1995 and it’s still one of the most common web servers on Linux. It’s flexible, well-documented, and available in every distribution’s package manager.

Installation

sudo apt install apache2
sudo systemctl enable apache2
sudo systemctl start apache2

Check it’s running:

systemctl status apache2
curl -I localhost

You should see the default Apache welcome page at http://your-server-ip.

Directory structure

  • /etc/apache2/ — configuration root
  • /etc/apache2/apache2.conf — main config file
  • /etc/apache2/ports.conf — listening ports
  • /etc/apache2/sites-available/ — virtual host configs
  • /etc/apache2/sites-enabled/ — enabled sites (symlinks to sites-available)
  • /etc/apache2/mods-available/ — available modules
  • /etc/apache2/mods-enabled/ — enabled modules
  • /var/www/html/ — default document root

Virtual hosts

Virtual hosts let you serve multiple sites from one server.

Create a config file:

sudo nano /etc/apache2/sites-available/mysite.conf
<VirtualHost *:80>
    ServerName mysite.com
    ServerAlias www.mysite.com
    DocumentRoot /var/www/mysite
    
    <Directory /var/www/mysite>
        AllowOverride All
        Require all granted
    </Directory>
    
    ErrorLog ${APACHE_LOG_DIR}/mysite-error.log
    CustomLog ${APACHE_LOG_DIR}/mysite-access.log combined
</VirtualHost>

Enable the site:

sudo a2ensite mysite.conf
sudo systemctl reload apache2

Disable the default site:

sudo a2dissite 000-default.conf

Modules

Apache’s functionality is modular. Enable and disable modules:

sudo a2enmod rewrite      # enable URL rewriting
sudo a2enmod ssl           # enable HTTPS
sudo a2enmod headers       # enable header manipulation
sudo a2dismod status       # disable status module

After enabling modules, restart Apache:

sudo systemctl restart apache2

Common modules:

  • mod_rewrite — URL rewriting (almost always needed)
  • mod_ssl — HTTPS support
  • mod_proxy — reverse proxy
  • mod_headers — HTTP header manipulation
  • mod_expires — cache control

.htaccess

.htaccess files allow per-directory configuration without editing the main config. They’re slower than main config changes because Apache reads them on every request.

Enable .htaccess in the virtual host config:

<Directory /var/www/mysite>
    AllowOverride All
</Directory>

Common .htaccess uses:

# Redirect to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Block access to .htaccess itself
<Files ".htaccess">
    Require all denied
</Files>

For production, prefer virtual host config over .htaccess for performance.

Security basics

Disable directory listing:

<Directory /var/www/mysite>
    Options -Indexes
</Directory>

Hide Apache version:

ServerTokens Prod
ServerSignature Off

Add to /etc/apache2/conf-enabled/security.conf.

Disable unnecessary modules. Every module is potential attack surface.

HTTPS with Let’s Encrypt

Install certbot:

sudo apt install certbot python3-certbot-apache

Get a certificate:

sudo certbot --apache -d mysite.com -d www.mysite.com

Certbot modifies your Apache config to use HTTPS and sets up automatic renewal.

Test renewal:

sudo certbot renew --dry-run

Performance tuning

KeepAlive (persistent connections):

KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5

MPM (Multi-Processing Module). Check which you’re using:

apache2ctl -V | grep MPM

For mpm_prefork (default, process-based):

<IfModule mpm_prefork_module>
    StartServers 5
    MinSpareServers 5
    MaxSpareServers 10
    MaxRequestWorkers 150
    MaxConnectionsPerChild 0
</IfModule>

For higher traffic, consider switching to mpm_event or mpm_worker (thread-based).

Log files

  • /var/log/apache2/access.log — all requests
  • /var/log/apache2/error.log — errors and warnings

Monitor in real time:

sudo tail -f /var/log/apache2/access.log

Common mistakes

Forgetting to reload after config changes. sudo systemctl reload apache2 or sudo systemctl restart apache2.

Not enabling mod_rewrite. WordPress, Laravel, and most frameworks need it. sudo a2enmod rewrite.

DocumentRoot permissions. Apache needs read access to the document root. Check file permissions if you get 403 errors.

Using .htaccess in production. It works but adds overhead. Move rules to the virtual host config.

Remarks

Apache is battle-tested and flexible. The a2ensite/a2dissite/a2enmod commands make management straightforward. For simple sites, the defaults work fine. For production, enable only the modules you need, use the event MPM for better performance, and prefer virtual host config over .htaccess.

Related Posts