The Apache HTTP Server is one of the most widely used web servers in the world, known for its robustness, flexibility, and extensive module support. It serves as the backbone for many websites, from small personal blogs to large-scale enterprise sites. Apache HTTP Server can handle a variety of tasks, including serving static content, running dynamic scripts, and managing secure connections with SSL/TLS certificates.
On Ubuntu 24.04, 22.04, or 20.04, Apache can be easily installed via the Ubuntu default repository, providing a stable and reliable version of the server. Additionally, setting up an SSL certificate for your Apache server is essential for securing data transmitted between your server and clients, ensuring that your website can handle HTTPS connections. This guide will walk you through the process of installing Apache via the command-line and creating a self-signed SSL certificate to secure your web traffic.
Install Apache via APT Default Repository
Update Ubuntu Before Apache Installation
Before you begin the installation process, you must update your Ubuntu operating system to ensure all existing packages are up to date. This helps you maintain a stable and secure environment.
To update your system, open the terminal and execute the following command:
sudo apt update && sudo apt upgrade
Install Apache APT Commands
When installing Apache on Ubuntu, you have two installation methods: the default Ubuntu repository or Ondrej Sury’s PPA.
Option 1: Install Apache with Ubuntu Default Repository
The first option to install Apache is to use the default Ubuntu repository. This method is practical for most users, providing a stable and secure version of Apache. To install Apache using the default repository, open your terminal and execute the following command:
sudo apt install apache2
After the installation is complete, verify its success by checking Apache’s build version:
apache2 --version
Option 2: Install Apache via PPA
Apache is available by default within Ubuntu’s software repositories, making installing it easy. However, like most repositories on Ubuntu LTS versions, it can often lag regarding the latest features and improvements, although security risks are usually addressed.
For those who want the most up-to-date version of Apache 2 with additional widely-used modules, it is recommended to install Ondřej Surý’s version of Apache 2. To do this, follow the steps below:
Add Ondřej Surý PPA for Ubuntu with the following command:
sudo add-apt-repository ppa:ondrej/apache2 -y
Update your package list to reflect the newly imported Apache repository:
sudo apt update
Install the Apache 2 package from Ondřej Surý’s repository:
sudo apt install apache2
Once installed, confirm the version by running the following command:
apache2 -v
Configure UFW Firewall for Apache
After installing the Apache web server, it’s essential to configure the UFW (Uncomplicated Firewall) rules to allow outside access to the default web ports. Apache conveniently registers itself with UFW during installation, providing several profiles to enable or disable access quickly and easily.
Check UFW Installation
Before configuring the UFW firewall, ensure that UFW is installed on your system. To check if UFW is installed, run the following command:
sudo ufw status
If UFW is not installed, you can install it with the following command:
sudo apt install ufw
After installing UFW, enable it with this command:
sudo ufw enable
List Available Application Profiles
First, list the application profiles to see the available Apache profiles by running the following command:
sudo ufw app list
Example output:
Available applications:
Apache
Apache Full
Apache Secure
From the output above, you have three profile options. To break it down, Apache runs on port 80 (HTTP), Apache Secure runs on port 443 (HTTPS), and Apache Full combines both. The most common choices are either Apache Full or Apache Secure.
Configure UFW Firewall Rules for Apache
For this tutorial, since we have not set up SSL, we will enable the Apache profile with the following command:
sudo ufw allow 'Apache'
Example output:
Rule added
Rule added (v6)
As shown above, the rules have been added for IPv4 and IPv6. Later, you can disable this profile and enable secure only or disable the Apache rule and use the Apache Full rule instead.
Whitelist IP Addresses and Ranges
You can also whitelist specific IP addresses, IP ranges, or local IP addresses to grant access to your Apache web server. To allow access from a single IP address, use the following command:
sudo ufw allow from <IP_ADDRESS>
Replace <IP_ADDRESS> with the actual IP address you want to whitelist.
To allow access from a range of IP addresses, use the following command:
sudo ufw allow from <IP_RANGE> to any port <PORT_NUMBER>
Replace <IP_RANGE> with the actual range of IP addresses (e.g., 192.168.1.0/24) and <PORT_NUMBER> with the appropriate port number (e.g., 80 for HTTP or 443 for HTTPS).
To allow access from a local IP address, use the following command:
sudo ufw allow from 192.168.1.0/24
This command will allow access from all IP addresses in the 192.168.1.0/24 subnet.
Following these steps, you will have successfully configured the UFW firewall rules for your Apache web server, ensuring a secure and controlled access environment.
Verify Apache Installation on Ubuntu
Now that you have installed and configured the UFW firewall, it’s time to test if Apache 2 is reachable and working correctly by requesting a page.
Find Your Server’s IP Address
You can access the default Apache landing page to check if the software runs correctly through your server’s IP address. If you don’t know your server’s IP address, you can find it using the following command:
hostname -I
You should receive the internal IP address of the server as an example:
###Example Only###
192.168.50.15
You may get 2 to 3 results back. Try each one until you find the correct IP address.
If you need your public IP address (external), use the following command instead:
curl -4 icanhazip.com
If the curl package is missing, you can install it by executing the following command:
sudo apt install curl -y
Access the Apache Landing Page
Once you have your server’s IP address, open your favorite internet browser and enter the following in the address bar:
http://your_server_ip
Replace your_server_ip with the actual IP address you retrieved earlier.
Verify the Apache Default Page
You should see the following page in your internet browser:
This page confirms that your Apache web server is up and running. This default page indicates that Apache 2 functions correctly and is reachable through the specified IP address.
Configure Virtual Hosts for Apache
Using the Apache web server, you can create virtual hosts to manage configurations for multiple domains on a single server. If you have used Nginx before, virtual hosts are the equivalent of server blocks. In the example below, we will create a domain example-domain.com, which you will replace with your domain name.
Create and Configure Directories for Apache
By default, Apache on Ubuntu has one server block enabled that is configured to serve documents from the /var/www/html directory. You can modify this server block to suit your needs if you operate one website. However, if you are hosting multiple websites, you need to create a new directory structure for your various domains.
First, leave the /var/www/html directory intact as the default directory. Then, create a new directory for example-domain.com, as shown below:
sudo mkdir /var/www/example_domain
Next, assign ownership of the directory with the $USER environment variable:
sudo chown -R $USER:$USER /var/www/example_domain
Usually, the web root permissions should be set correctly, and you can verify them using the ls -l command:
ls -l /var/www/
Example output:
drwxr-xr-x 2 joshua joshua 4096 Apr 18 15:25 example_domain drwxr-xr-x 2 root root 4096 Apr 18 15:23 html
As you can see, we have the permission of drwxr-xr-x, which is the equivalent of chmod 755. If you do not have this permission set, run the following command:
sudo chmod -R 755 /var/www/example_domain
Now create a sample index.html page using your favorite text editor. In this tutorial, we will use nano:
sudo nano /var/www/example_domain/index.html
In the file, copy and paste the following code:
<html>
<head>
<title>Welcome to Website!</title>
</head>
<body>
<h1>Success! The virtual host is working! You did not mess it up.</h1>
</body>
</html>
Save the file (CTRL+O), then exit (CTRL+X).
Create a Virtual Host for Apache
Now that you have created a landing page and set the correct ownership and permissions, you can create a virtual host file. By default, all virtual host files need to be located at /etc/apache2/sites-available/ directory.
First, use your favorite text editor to create a configuration file located at /etc/apache2/sites-available/example_domain.conf:
sudo nano /etc/apache2/sites-available/example_domain.conf
Now, copy and paste the following into the configuration block file, remembering to replace your ServerName, ServerAlias, and DocumentRoot with your own:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName example_domain
ServerAlias www.example_domain
DocumentRoot /var/www/example_domain
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Remember to change the required server directives to your own.
Save the configuration file using (CTRL+O) and exit with (CTRL+X).
Enable Virtual Host for Apache
Now that your virtual host configuration file is ready, it’s time to enable it. With Apache, unlike Nginx, where you would create a symlink using the ln -s command, Apache uses its tools, as demonstrated below:
First, disable the existing default installed server block file 000-default.conf with the a2dissite command:
sudo a2dissite 000-default.conf
Now enable your virtual host file with the a2ensite command:
sudo a2ensite example_domain.conf
Like most web server applications, Apache has a dry run function. Before making it live, test your configuration file using the following command:
sudo apache2ctl configtest
If everything is working correctly, the example output should be:
Syntax OK
Now restart the Apache web server to make your new virtual host live with the following command:
sudo systemctl restart apache2
Apache should currently serve the landing page you created for your new domain. To test this, open your internet browser and type in your domain name http://example_domain, where you should see the following landing page you created in the index.html file:
Secure Apache with Let’s Encrypt Free SSL Certificate
To enhance your website’s security and privacy, it is essential to run your Apache web server on HTTPS using an SSL/TLS certificate. One of the best ways to achieve this is by using Let’s Encrypt, a free, automated, and open certificate authority operated by the nonprofit Internet Security Research Group (ISRG).
Install Certbot for Apache
First, you must install the certbot package, which automates obtaining and installing SSL/TLS certificates from Let’s Encrypt. Execute the following command:
sudo apt install python3-certbot-apache -y
Create and Configure SSL Certificate for Apache
Once you have installed certbot, run the following command to create your SSL/TLS certificate and configure it with your Apache web server:
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com
This command includes options for:
- Force HTTPS 301 redirects (–redirect)
- Strict-Transport-Security header (–hsts)
- OCSP Stapling (–staple-ocsp)
Adjust the email address and domain name to match your requirements.
Verify SSL Configuration with Apache
Now, your website’s URL should be https://www.example.com instead of http://www.example.com. If you attempt to access the website using the old HTTP URL, it will automatically redirect to HTTPS, ensuring a secure connection.
You can verify the SSL configuration by visiting your website and checking for the padlock symbol in your browser’s address bar. This symbol indicates that the connection is secure and encrypted.
Automate Certificate Renewal
Let’s Encrypt certificates, which are valid for 90 days, so it is crucial to set up automated renewal. By default, Certbot includes a cron job or systemd timer to handle renewals automatically. To test the renewal process manually, run the following command:
sudo certbot renew --dry-run
This command performs a dry run of the renewal process, checking whether the renewal will work without actually renewing the certificate. If the test is successful, you can be confident that your certificate will be renewed automatically before it expires.
Apache Management on Ubuntu
Now that your Apache web server is successfully running on your server, it’s essential to understand some key management aspects. This section will discuss managing server logs and basic Apache commands for day-to-day management.
Apache Server Logs
Analyzing and searching Apache logs is essential for identifying issues, monitoring user activity, and gaining insights into the server’s performance. In this section, we’ll provide examples of Linux commands you can use to search and analyze Apache logs.
Display the last few lines of a log file:
The tail command allows you to view the last few lines of a log file. This can be useful for monitoring recent activity or errors.
tail /var/log/apache2/access.log
tail /var/log/apache2/error.log
Monitor log file in real-time:
Use the tail -f command to monitor log files in real-time, which is helpful for observing live user activity or troubleshooting issues as they occur.
tail -f /var/log/apache2/access.log
tail -f /var/log/apache2/error.log
Search for specific keywords in log files:
The grep command allows you to search for specific keywords or patterns in log files. For example, you can search for occurrences of the “404” error code in the error log:
grep "404" /var/log/apache2/error.log
Count the occurrences of a specific keyword or pattern:
You can use grep in combination with the -c flag to count the occurrences of a specific keyword or pattern in log files. For example, to count the number of “500” error codes in the error log:
grep -c "500" /var/log/apache2/error.log
Display unique IP addresses that have accessed the server:
Use the awk command to display unique IP addresses that have accessed your server by analyzing the access log:
awk '{print $1}' /var/log/apache2/access.log | sort | uniq
These are just a few examples of using Linux commands to search and analyze Apache logs.
Common Apache Commands
The following are some of the most common Apache commands you will use for day-to-day management when working with the Apache web server:
Stop Apache web server:
sudo systemctl stop apache2
Start Apache web server:
sudo systemctl start apache2
Restart Apache web server:
sudo systemctl restart apache2
Reload Apache web server: (For minor changes that don’t require a complete restart)
sudo systemctl reload apache2
Disable Apache on server boot:
sudo systemctl disable apache2
Enable Apache on server boot: (Automatically enabled upon installation)
sudo systemctl enable apache2
Additional Commands for Apache
Update Apache
Keeping your Apache server up-to-date is crucial to ensure security and optimal performance. To check for updates and apply them when necessary, follow these steps:
Check for available updates:
Before updating Apache, you should check for available updates for your system:
sudo apt update
Upgrade Apache:
If an Apache update is available, you can upgrade it using the following command:
sudo apt upgrade
Note that it’s always a good idea to create backups or server images if your Apache service is running critical applications. While most updates are safe, occasional issues can arise during upgrades.
Remove Apache
If you no longer require Apache on your server, you can remove it using the following steps:
To uninstall Apache, execute the command:
sudo apt remove apache2
This command will also remove any unused dependencies that were installed alongside Apache.
Conclusion
With Apache HTTP Server installed and an SSL certificate configured on your Ubuntu system, you can securely serve web content to users with the confidence that their data is protected. The ease of installation through the Ubuntu default repository ensures a smooth setup process, while creating a self-signed SSL certificate allows you to implement HTTPS quickly. Regularly maintaining your Apache server and updating your SSL certificates will help keep your web services secure and performant on Ubuntu.