Skip to content

X386 – Ubuntu & Python

Ubuntu and Python Documentation

  • Home
  • About
  • Contact
  • License
  • Privacy Policy

Apache On Ubuntu

Posted on 24/05/2020 - 31/03/2021 by exforge

ApacheOnUbuntu: Apache 2 Tutorial on Ubuntu 20.04

Copyright (C) 2020 Exforge exforge@x386.xyz

# This document is free text: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
# This document is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.
 

Specs

# Apache 2 Installation, configuration, sample sites, enablement of PHP, SSL etc
#   on Ubuntu 20.04 Server
# Based on the book Mastering Ubuntu Server 2nd Ed. by Jay LaCroix
#   This book hes introduced me to Ubuntu Server and I have to thank him for this
#   excellent book. 
https://www.packtpub.com/networking-and-servers/mastering-ubuntu-server-second-edition
# srv1.x11.xyz, srv2.x11.xyz and srv3.x11.xyz all have the ip of my server
 

1. Apache Installation

# 1.1. Install
sudo apt install apache2
#
# 1.2. Check status, it must be working with the test page
systemctl status apache2
#
# 1.3. Default document root
sudo nano /var/www/html/index.html
#
# 1.4. Configuration files for different sites exist as .conf files
#   in /etc/apache2/sites-available directory
#
# 1.5. # Main Apache2 config file
sudo nano /etc/apache2/apache2.conf
#
# 1.6. All available sites are in
#   /etc/apache2/sites-available
sudo nano /etc/apache2/sites-available/000-default.conf
#
# 1.7. Creating Virtual Hosts
#   For virtual hosts we need to create a new conf as say 000-virtual-hosts.conf
sudo nano /etc/apache2/sites-available/000-virtual-hosts.conf
# Sample content for 2 virtual hosts
#______________________________________-
<VirtualHost *:80>
    ServerAdmin webmaster@x11.xyz	
    ServerName srv1.x11.xyz
    ServerAlias srv1
    DocumentRoot /var/www/srv1
    ErrorLog ${APACHE_LOG_DIR}/srv1.x11.xyz-error.log
    CustomLog ${APACHE_LOG_DIR}/srv1.x11.xyz-access.log combined
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin webmaster@x11.xyz	
    ServerName srv2.x11.xyz
    ServerAlias srv2
    DocumentRoot /var/www/srv2
    ErrorLog ${APACHE_LOG_DIR}/srv2.x11.xyz-error.log
    CustomLog ${APACHE_LOG_DIR}/srv2.x11.xyz-access.log combined
</VirtualHost>
#______________________________________
# 1.8. We need to enable the new conf to make it active
sudo a2ensite 000-virtual-hosts.conf
#   We can disable it again whenever we want
sudo a2dissite 000-virtual-hosts.conf
#   And reload Apache
sudo systemctl reload apache2
#   Remember to copy sites' pages on DocumentRoot Directories
 

2. Apache Additional Modules

# 2.1. List of Apache modules
apt search libapache2-mod
#
# 2.3. Modules mut be enabled by a2enmod after installing
#   then can be disabled by a2dismod
#
# 2.4. List of build in modules of Apache2
apache2 -l
#
# 2.5. All installed and ready to be enabled modules
a2enmod
#
# 2.6. Enable proxy module
sudo a2enmod proxy
#
# 2.7. Disable proxy module
sudo a2dismod proxy
 

3. Adding SSL to Apache

# 3.1. Enable ssl
sudo a2enmod ssl
#
# 3.2. Restart apache needed
sudo systemctl restart apache2
#
# 3.3. Makeup place for certificates
sudo mkdir /etc/apache2/certs
#
# 3.4. Create self signed certificate files for srv1
sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/apache2/certs/srv1.key -out /etc/apache2/certs/srv1.crt
#
# 3.5. To get a formal certificate, create a certificate signing request
sudo openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
#
# 3.6. Create a conf file for ssl site
sudo nano /etc/apache2/sites-available/000-virtual-ssl.conf
#____________________________________________
<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName srv1.x11.xyz:443
        ServerAdmin webmaster@x11.xyz
        DocumentRoot /var/www/srv1
        ErrorLog ${APACHE_LOG_DIR}/srv1.x11.xyz-error.log
        CustomLog ${APACHE_LOG_DIR}/srv.x11.xyz-access.log combined
        SSLEngine on
        SSLCertificateFile	/etc/apache2/certs/srv1.crt
        SSLCertificateKeyFile	/etc/apache2/certs/srv1.key
        <FilesMatch ".(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>
    </VirtualHost>
</IfModule>
#____________________________________________
# 3.7. Enable new ssl site
sudo a2ensite 000-virtual-ssl.conf
#
# 3.8. Reload apache - SSL Site is ready
sudo systemctl reload apache2
 

4. Auto http–>https redirect

# 4.1. http://srv1.x11.xyz automatically redirects to https://srv1.x11.xyz
#    First we need to enable rewrite mode
sudo a2enmod rewrite.load
# 4.2. Modify conf file of the site to redirect (last 3 lines to be added)
#______________________________________________________________________________
<VirtualHost *:80>
    ServerAdmin webmaster@x11.xyz
    ServerName srv1.x11.xyz
    DocumentRoot /var/www/srv1
    ErrorLog ${APACHE_LOG_DIR}/srv1-error.log
    CustomLog ${APACHE_LOG_DIR}/srv1-access.log combined
    #redirection
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =srv1.x11.xyz
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permane$
</VirtualHost>
#______________________________________________________________________________
# 4.3. Reload apache
sudo systemctl reload apache2
 

5. Enable PHP on Apache2

# 5.1. Install php and apache php mod
sudo apt install php libapache2-mod-php
# 5.2. If you have mysql - mariadb, you can install php
#    extensions for them too
sudo apt install php-mysql
#  Restart apache
sudo systemctl restart apache
#  Create a test file
sudo nano /var/www/srv1/info.php
#__________________________________
<?php
phpinfo();
#__________________________________
#  Test your page 
http://srv1.x11.xyz/info.php
 

6. Some Sample Apache Confs

# 6.1. 3 different sites on 1 server in 1 conf file
#_____________________________________________________________________
<VirtualHost *:80>
    ServerAdmin webmaster@x11.xyz	
    ServerName srv1.x11.xyz
    DocumentRoot /var/www/srv1
    ErrorLog ${APACHE_LOG_DIR}/srv1.x11.xyz-error.log
    CustomLog ${APACHE_LOG_DIR}/srv1.x11.xyz-access.log combined
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin webmaster@x11.xyz	
    ServerName srv2.x11.xyz
    DocumentRoot /var/www/srv2
    ErrorLog ${APACHE_LOG_DIR}/srv2.x11.xyz-error.log
    CustomLog ${APACHE_LOG_DIR}/srv2.x11.xyz-access.log combined
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin webmaster@x11.xyz	
    ServerName srv3.x11.xyz
    DocumentRoot /var/www/srv3
    ErrorLog ${APACHE_LOG_DIR}/srv3.x11.xyz-error.log
    CustomLog ${APACHE_LOG_DIR}/srv3.x11.xyz-access.log combined
</VirtualHost>
#_____________________________________________________________________
#
# 6.2. A server with only local access, to be used for configuration
#_____________________________________________________________________
<VirtualHost 127.0.0.1:80>
    ServerAdmin webmaster@x11.xyz	
    ServerName srv3.x11.xyz
    DocumentRoot /var/www/localhost
    ErrorLog ${APACHE_LOG_DIR}/localhost-error.log
    CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined
</VirtualHost>
#_____________________________________________________________________
#
# 6.3. This server allows letsencrypt's acme challenge, otherwise redirects to
#   https. You are going to need to enable rewrite module with:
sudo a2enmod rewrite
#
#_____________________________________________________________________
<VirtualHost *:80>
    ServerAdmin webmaster@x11.xyz	
    ServerName srv1.x11.xyz
    DocumentRoot /var/www/srv1
    # Force redirect to HTTPS unless the request is for Let's Encrypt
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301]
    <Directory "/var/www/srv1">
        Options None
        AllowOverride None
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/public_unencrypted.error.log
</VirtualHost>
#_____________________________________________________________________
#
# 6.4. A site with auto https redirection. Rewrite module is needed again.
#_____________________________________________________________________
<VirtualHost *:80>
   ServerAdmin webmaster@x11.xyz	
   ServerName srv1.x11.xyz
   ServerAlias www.x11.xyz
   DocumentRoot /var/www/srv1
   ErrorLog ${APACHE_LOG_DIR}/srv1-error.log
   CustomLog ${APACHE_LOG_DIR}/srv1-access.log combined
   RewriteEngine on
   RewriteCond %{SERVER_NAME} =srv1.x11.xyz [OR]
   RewriteCond %{SERVER_NAME} =www.x11.xyz
   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
#_____________________________________________________________________
#
# 6.5. A site only allowing 2 IPs to connect, all others are refused
<VirtualHost *:80>
    <Directory "/var/www/srv1">
        Require ip 195.174.209.24
        Require ip 138.199.28.46
    </Directory>
    ServerAdmin postmaster@x11.xyz
    ServerName srv1.x11.xyz
    DocumentRoot /var/www/srv1
    ErrorLog ${APACHE_LOG_DIR}/srv1-error.log
    CustomLog ${APACHE_LOG_DIR}/srv1-access.log combined
</VirtualHost>
#_____________________________________________________________________
#
# 6.6. Reverse Proxy Configuration
# Assume that we have a program on server which runs a web server, serving
#   some content at some specific port and only allows connections from 
#   localhost. That means, we cannot access it from other computers.
# Apache allows us using it as a reverse proxy. That way we can connect that
#   web server using apache.
# Rspamd is a good example of that kind of a program. It runs a web server at
#   port 11334, and only allows connections from the computer itself.
# We need to enable 2 Apache mods for the configuration:
a2enmod proxy_http
a2enmod rewrite
# And our configuration:
#_____________________________________________________________________
<VirtualHost *:80>
    <Location /reverse>
        Require all granted
    </Location>
    RewriteEngine On
    RewriteRule ^/reverse$ /reverse/ [R,L]
    RewriteRule ^/reverse/(.*) http://localhost:11334/$1 [P,L]
    ServerAdmin webmaster@x11.xyz
    ServerName srv1.x11.xyz
    DocumentRoot /var/www/srv1
    ErrorLog ${APACHE_LOG_DIR}/srv1-error.log
    CustomLog ${APACHE_LOG_DIR}/srv1-access.log combined
</VirtualHost>
 

7. Free SSL Certificates

# You can use free, autorenewing SSL certificates from Letsencrypt.org 
#   with Certbot tool from EFF. Check it out at my CertbotOnUbuntu Tutorial.
 

Posted in Ubuntu

Post navigation

Certbot On Ubuntu
Proudly powered by WordPress | Theme: micro, developed by DevriX.