Prasanna Natarajan

Configuring Apache2 webserver - notes

Intro

I was setting up Docuwiki and during the course, I learned a bit more about the Apache2 webserver.

The notes

apache is a parent service with multiple children services.

use apachectl script to control the service. This is the main script that apache comes with. You can stop/start/restart/graceful-stop the server using apachectl. This can be wrapped in any kind of systemd or systemd or upstart kind of init scripts.


command apachectl -V gives the details of the installed apache (which config file, path, version etc):

pnatarajan@cashier-staging-app-i0215c1e3d1c887213:/etc/apache2$ apachectl -V
Server version: Apache/2.4.18 (Ubuntu)
Server built:   2019-04-03T13:34:47
Server's Module Magic Number: 20120211:52
Server loaded:  APR 1.5.2, APR-UTIL 1.5.4
Compiled using: APR 1.5.2, APR-UTIL 1.5.4
Architecture:   64-bit
Server MPM:     worker
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"

Directives

DocumentRoot "/usr/web" - then an access to http://my.example.com/index.html refers to /usr/web/index.html. If the directory-path is not absolute then it is assumed to be relative to the ServerRoot.


.htaccess files can also be used to configure the server (at dir level). It is read at every request, and so doesn’t require restart. But it’s not recommended as it makes the server slow to respond.

To enable this, we should have the AllowOverride All option set in the Directory directive for the path where our website is served.

 <Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

Can be configured by modules too.

  • Static modules are included during compiling and are always loaded.
  • Shared (Dynamic) mods are added without compilation. Can be turned on/off.

apachectl -t -D DUMP_MODULES - lists all modules configured.

Enable/disable a module using a2enmod/a2dismod cmds and then restart the server using service apache2 graceful.


https

To enable https in any of the sites deployed using apache, first make sure port 443 is open for incoming traffic.

My experience was using LetsEncrypt to setup https. Following the steps mentioned in their sites, I saw that there were 2 changes made by the LetsEncrypt script.

<VirtualHost *:80>
        DocumentRoot /var/www/example.com
 	ServerName example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

The script added the 3 Rewrite lines. This re-routes any non-https traffic to https traffic.

The script also created this apache site conf and also enabled it. This is specifically for https:

<IfModule mod_ssl.c>
	<VirtualHost *:443>
		DocumentRoot /var/www/example.com
		ServerName example.com

		SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
		SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
		Include /etc/letsencrypt/options-ssl-apache.conf
	</VirtualHost>
</IfModule>

So, this means letsencrypt created the necessary certificate files and placed there in our server and also enabled them by linking them using the SSLCertificateFile and SSLCertificateKeyFile directives.

This could be useful if we decide to use some non-LetsEncrypt ssl providers.