This tutorial will help you to install and secure Apache web server on Ubuntu 18.04 LTS Linux operating system.
Prerequsities
- SSH access to Ubuntu 18.04
- SUDO privilege
Install Apache on Ubuntu 18.04
First of all, Login to your Ubuntu 18.04 system via SSH and update the Apt cache. Then install Apache2 HTTP server packages as following:
sudo apt update sudo apt install apache2
To install most latest version of Apache use the following PPA.
sudo add-apt-repository ppa:ondrej/apache2 sudo apt update sudo apt install apache2
Manage Apache Service
Apache service is managed with systemctl command line. After installation, use the following command to check the status of Apache service.
sudo systemctl status apache2.service
Here is the other commands to stop, start or restart Apache service via command line.
sudo systemctl stop apache2.service sudo systemctl start apache2.service sudo systemctl restart apache2.service
Test Apache Setup
Use the following command to view the installed Apache version on your Ubuntu 18.04 Linux system.
apache2 -v Server version: Apache/2.4.41 (Ubuntu) Server built: 2019-10-15T19:53:42
Now access your Apache server using the server’s IP address or a domain pointed to the server IP. You will see a default Apache page on web browser. It means Apache web server has successfully installed on your Ubuntu 18.04 system.
Create New VirtualHost
Let’s create the first virtual host on your Apache server. For the tutorial, we are using sample domain “example.com”. Here we will create a Virtual host for example.com on port 80.
Create a directory and create a sample index file in a directory:
sudo mkdir -p /var/www/example.com sudo echo "Welcome" > /var/www/example.com/index.html
Then create Virtualhost configuration file and edit in editor:
sudo vim /etc/apache2/sites-available/example.com.conf
Add the following content in configuration file. You may change the domain name as per your domain.
1 2 3 4 5 6 7 8 9 10 11 12 | <VirtualHost *:80> ServerAdmin admin@example.com DocumentRoot /var/www/example.com ServerName example.com ServerAlias www.example.com <Directory /var/www/example.com> #Allowoverride all ###Uncomment if required </Directory> ErrorLog ${APACHE_LOG_DIR}/example.com_error.log CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined </VirtualHost> |
Save the Virtualhost configuration file, then enable Virtualhost and reload the Apache service using the following commands:
sudo a2ensite example.com sudo systemctl reload apache2.service
Configure SSL VirtualHost
You can skip this step if you don’t need SSL. But the security is always the primary concert for any website.
The default Apache https listen on port 443. Make sure no other services using the same port. Now, you need to enable Apache ssl module, which is disabled by default.
sudo a2enmod ssl
For the tutorial, I have followed these instructions to generate a self signed SSL certificate for our domain.
Then create a new Virtual host file and edit it:
sudo vim /etc/apache2/sites-available/example.com_ssl.conf
with the following content:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | <VirtualHost *:443> ServerAdmin admin@example.com DocumentRoot /var/www/example.com ServerName example.com ServerAlias www.example.com <Directory /var/www/example.com> #Allowoverride all ###Uncomment if required </Directory> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined </VirtualHost> |
Here is three terms used to configure SSL virtualhost:
- SSLEngine – Set this to “on”
- SSLCertificateFile – Set the path of your SSL certificate
- SSLCertificateKeyFile – This is the private key files used to generate SSL certificate
After that enable the Virtualhost and reload the Apache service using the following commands:
sudo a2ensite example.com_ssl sudo systemctl reload apache2.service
Secure Apache Server
Edit the Apache security configuration file
sudo vim /etc/apache2/conf-enabled/security.conf
Here is the multiple security related settings. Add or Update the following settings. We are not going in detailed discriptions about it but these settings are very useful for the production servers.
1 2 3 4 5 6 7 8 | ServerTokens Prod ServerSignature Off TraceEnable Off Header always append X-Frame-Options SAMEORIGIN Header always set X-XSS-Protection: "1; mode=block" Header always set X-Content-Type-Options: "nosniff" Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure |
Now edit SSL configuration file. Here you can set the server wide SSL protocol and SSLCipherSuite to use secure Cipers to serve your website.
sudo vim /etc/apache2/mods-enabled/ssl.conf
1 2 | SSLProtocol -all +TLSv1.2 SSLCipherSuite HIGH:!aNULL:!MD5 |
After making changes restart the Apache service to apply new configuration.
sudo systemctl reload apache2.service
Conclusion
All done, You have installed and secured Apache server on your Ubuntu 18.04 Bionic Linux system.