Installation on Ubuntu

How To Set Up Apache Virtual Hosts on Ubuntu 14.04/16.04

1. Install apache2 (sudo apt-get install apache2)
2. Create the directory structure (sudo mkdir -p /var/www/example.com/public_html)
3. Grant Permissions (sudo chown -R $USER:$USER /var/www/example.com/public_html)
4. Create Demo Pages for Each Virtual Host (nano /var/www/example.com/public_html/index.html)
5. Create a virtual host (sudo nano /etc/apache2/sites-available/example.com.conf)
6. Enable a virtual host (sudo a2ensite example.com.conf)

Disable SSL

1. sudo nano /etc/apache2/sites-available/default-ssl.conf and change SSLEngine flag from on to off
2. sudo nano /etc/apache2/ports.conf and comment out sections containing port 443
3. sudo service apache2 restart

At this time, if I install Let's Encrypt I'll get an error message

$ sudo certbot --apache -d DOMAINAME
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for taichimd.us
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. DOMAINNAME (tls-sni-01): urn:acme:error:connection :: The server could not connect 
to the client to verify the domain :: Failed to connect to XX.XXX.XX.XX:443 for tls-sni-01 challenge

Domain: DOMAINNAME
   Type:   connection
   Detail:  Failed to connect to XX.XXX.XX.XX:443 for tls-sni-01
   challenge

To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

Apache with Let's Encrypt

It seems a real working domain is needed to install Let's Encrypt.

1. Download the Let’s Encrypt Client
2. Set Up the SSL Certificate
3. Set Up Auto Renewal

See Linux -> Let's encrypt.

Optimize Apache on Ubuntu

https://thishosting.rocks/how-to-install-optimize-apache-ubuntu/

• Check if Apache is running

systemctl status apache2

• check what version you’re using with

apachectl -V

• Update your firewall. To allow traffic through both the 80 (http) and 443 (https) ports.

ufw allow 'Apache Full'

Install common Apache modules

• Speed up your website with the PageSpeed module

wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
dpkg -i mod-pagespeed-stable_current_amd64.deb 
apt-get -f install
systemctl restart apache2

• Enable rewrites/redirects using the mod_rewrite module

a2enmod rewrite
systemctl restart apache2

• Secure your Apache with the ModSecurity module

apt-get install libapache2-modsecurity
systemctl restart apache2

• Block DDoS attacks using the mod_evasive module

apt-get install libapache2-mod-evasive
nano /etc/apache2/mods-enabled/evasive.conf

Optimize Apache with the Apache2Buddy script

apt-get install curl
curl -sL https://raw.githubusercontent.com/richardforth/apache2buddy/master/apache2buddy.pl | perl

CentOS

• Genome desktop + Development tools
• http://www.dataarchitect.cloud/how-to-install-apache-php-7-1-and-mysql-on-centos-7-3-lamp/

Apache2 Structure

/etc/apache2/
|-- apache2.conf
|-- envvars
|-- httpd.conf
|-- magic
|-- ports.conf
|-- conf-enabled
|       `-- *.conf
|-- mods-available
|       |-- *.load
|       `-- *.conf
|-- mods-enabled
|       |-- *.load
|       `-- *.conf
|-- sites-available
|       default, default-ssl
|-- sites-enabled
|       |-- 000-default  # points to ../sites-available/default
|       `-- default-ssl  # points to ../sites-available/default-ssl
|-- ssl
|       *.crt, *.key

• apache2.conf is the main configuration file. It puts the pieces together by including all remaining configuration files when starting up the web server.
• ports.conf is always included from the main configuration file. It is used to determine the listening ports for incoming connections, and this file can be customized anytime.
• Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ directories contain particular configuration snippets which manage modules, global configuration fragments, or virtual host configurations, respectively.
• They are activated by symlinking available configuration files from their respective *-available/ counterparts. These should be managed by using our helpers a2enmod, a2dismod, a2ensite, a2dissite, and a2enconf, a2disconf . See their respective man pages for detailed information.
• The binary is called apache2. Due to the use of environment variables, in the default configuration, apache2 needs to be started/stopped with /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not work with the default configuration.

Document Root

By default, Ubuntu does not allow access through the web browser to any file apart of those located in /var/www, public_html directories (when enabled) and /usr/share (for web applications). If your site is using a web document root located elsewhere (such as in /srv) you may need to whitelist your document root directory in /etc/apache2/apache2.conf.

The default Ubuntu document root is /var/www/html (Ubuntu 14.04) or /var/www (Ubuntu 12.04). You can make your own virtual hosts under /var/www. This is different to previous releases which provides better security out of the box. In my case, the document roots for http and https are specified in the files

• </etc/apache2/sites-available/default>
• </etc/apache2/sites-available/default-ssl>

Important files

• http://www.basicconfig.com/linuxnetwork/ubuntu_web_server_setup Good cover
• http://www.htpcbeginner.com/how-to-setup-apache-web-server-on-ubuntu/2/. It includes how to set up DNS, running multiple websites
• How To Set Up Apache Virtual Hosts on Ubuntu 12.04 LTS from digitalocean.com. It teaches how to create a new virtual host file (instead of using the default one).

/etc/apache2/apache2.conf (important)

Main configuration file

/etc/apache2/httpd.conf

By default, this file is empty

/etc/apache2/envvars

/etc/apache2/ports.conf (important)

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

/etc/apache2/mods-available/

Contains all the modules installed for your server.

/etc/apache2/mods-enabled/

Symbolic link in this directory that refers to the module file in /mods-available above to enable it.

/etc/apache2/sites-available/ (important)

Stores all the configuration files for the web sites serviced by Apache server. By default, only one file available, a default virtual host configuration file.

/etc/apache2/sites-available/default

This is the place to set up the document root for http port 80.

<VirtualHost *:80>
	ServerAdmin webmaster@localhost
        ServerName taichimd.us
	DocumentRoot /var/www/
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
...
</VirtualHost>

/etc/apache2/sites-available/default-ssl

This is the place to set up the document root for https port 443.

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName taichimd.us
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
...
        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on
        SSLCertificateFile    /FullPathTo/CAName.crt
        SSLCertificateKeyFile /FullPathTo/KeyName.key
        SSLCACertificateFile "/FullPathTo/bundle.crt"
...
</VirtualHost>

/etc/apache2/sites-enabled/

Create a symbolic link to enable sites in /etc/apache2/sites-available.

udooer@udoo:~$ ls -l /etc/apache2/sites-enabled/
total 0
lrwxrwxrwx 1 root root 35 Dec 24 13:44 000-default.conf -> ../sites-available/000-default.conf

/etc/apache2/conf-available/, /etc/apache2/conf-enabled/

In UDOO, the dashboard webpage is pre-installed and the directory /var/www/html is empty. In Beaglebone, the apache is pre-installed (http://localhost/bone101/Support/bone101/) and /var/www/html is empty.

These directories have the same relationship as the sites-available and sites-enabled directories, but are used to store configuration fragments that do not belong in a Virtual Host. Files in the conf-available directory can be enabled with the a2enconf command and disabled with the a2disconf command.

udooer@udoo:~$ ls -lah /etc/apache2/conf-enabled/
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 25 08:15 .
drwxr-xr-x 8 root root 4.0K Dec 24 13:44 ..
lrwxrwxrwx 1 root root   30 Dec 24 13:44 charset.conf -> ../conf-available/charset.conf
lrwxrwxrwx 1 root root   40 Dec 25 08:13 javascript-common.conf -> ../conf-available/javascript-common.conf
lrwxrwxrwx 1 root root   44 Dec 24 13:44 localized-error-pages.conf -> ../conf-available/localized-error-pages.conf
lrwxrwxrwx 1 root root   46 Dec 24 13:44 other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
lrwxrwxrwx 1 root root   33 Dec 25 08:15 phpmyadmin.conf -> ../conf-available/phpmyadmin.conf
lrwxrwxrwx 1 root root   31 Dec 24 13:44 security.conf -> ../conf-available/security.conf
lrwxrwxrwx 1 root root   36 Dec 24 13:44 serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf

See

• How To Install the Apache Web Server on Ubuntu 16.04
• conf-available vs sites-available. Both folders are loaded at startup of your apache. So you can place settings in both folders. The sites-enabled folder is more for Virtual-Host settings (subdomains, http/https) and the config-folder is for module configuration (can be as well webservices like owncloud or phpmyadmin that are available on a subfolder.

Commands

sudo a2ensite default      # activate the default site /etc/apache2/sites-available/default 
sudo a2ensite domain2.com  # activate each virtual host
sudo service apache2 reload

service apache2 status     # check if apache2 is running 
sudo service apache2 start # run this if apache2 is not running

Register a new domain

List of Internet top-level domains

Free dynamic dns/domain name

• http://www.makeuseof.com/tag/5-best-dynamic-dns-providers-can-lookup-free-today/
• https://freedns.afraid.org/
• https://www.noip.com/
• http://www.dot.tk/en/index.html?lang=en

Some free domain service provided by dot.tk

• .cf
• .ga
• .gq
• .ma
• .ml
• .nr
• .tk

Misc

Restrict Apache Information Leakage

https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics

How to Check Which Apache Modules are Enabled/Loaded in Linux

http://www.tecmint.com/check-apache-modules-enabled/

Running different sites on different ports

http://httpd.apache.org/docs/2.2/vhosts/examples.html#port

.htaccess file

https://www.digitalocean.com/community/tutorials/how-to-use-the-htaccess-file

Set Up Mod_Rewrite

• https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_rewrite-page-2 It contains an example to add www to a url.
• http://xmodulo.com/how-to-enable-mod_rewrite-in-apache2-on-debian-ubuntu.html

Forbidden You don't have permission to access /xxx/yyy on this server.

When I add a symbolic link file in /var/www/html to link to a sub-directory /home/$USER/Downloads/xxx, it does not work.

The detail error can be found in /var/log/apache2/error.log

Error: Symbolic link not allowed or link target not accessible

This post gives an explanation.

The solution in this case is to run

chmod 755 ~/Downloads

The problem seems to be specific to the attribute of the Downloads folder. If we untar/unzip to the $HOME folder, it does not have this problem because the attribute is already 755. The default attribute of Downloads in my Debian 8.4 is 700.

Error. Could not determine the server’s fully qualified domain name

http://tuxtweaks.com/2009/07/how-to-configure-apache-linux/

echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn
sudo service apache2 reload

How to set up a secure Apache webserver on Ubuntu

http://xmodulo.com/secure-apache-webserver-ubuntu.html

• Update TimeZone and Check Correct Time
• Disable AppArmor Conflicts
• Stop DDoS Attacks
• Stop Slowloris Attacks
• Stop DNS Injection Attacks
• Turn off Server Signature

Redirecting entire website to https

http://www.tecmint.com/apache-htaccess-tricks/4/

A custom redirection example

http://www.tecmint.com/apache-htaccess-tricks/4/

How to Redirect Users to Maintenance Page

http://www.tecmint.com/apache-htaccess-tricks/4/

How to Perform Internal Redirection with mod_rewrite in Apache

http://www.tecmint.com/redirection-with-mod_rewrite-in-apache/

Redirect a Website URL from One Server to Different Server in Apache

http://www.tecmint.com/redirect-website-url-from-one-server-to-different-server/

Apache Virtual Hosting: IP Based and Name Based Virtual Hosts in RHEL/CentOS/Fedora

http://www.tecmint.com/apache-ip-based-and-name-based-virtual-hosting/

How To Enable And Run Multiple Websites Using Apache2

• https://www.liberiangeek.net/2015/07/how-to-enable-and-run-multiple-websites-using-apache2-on-ubuntu-15-04/
• How to Host multiple Websites on Apache2
• Simple commands to manage apache2 sites and Modules

we’re going to be using example.com and myexample.com domain names on a single Ubuntu server assigned IP address 192.168.20.1.

Note: As you can see from this exercise, it is perfectly OK to have multiple hostnames associated with the same IP4 address.

sudo apt-get install apache2
sudo mkdir -p /var/www/html/example.com/public_html
sudo mkdir -p /var/www/html/myexample.com/public_html

sudo vi /var/www/html/example.com/public_html/index.html
sudo vi /var/www/html/myexample.com/public_html/index.html
sudo chown www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example.com.conf
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/myexample.com.conf

# Change ServerName, ServerAlias and DocumentRoot entries
sudo vi /etc/apache2/sites-available/example.com.conf
sudo vi /etc/apache2/sites-available/myexample.com.conf

sudo a2dissite 000-default.conf
sudo a2ensite example.com.conf
sudo a2ensite myexample.com.conf
sudo service restart apache2

sudo apache2ctl -S  # Get a list of all virtual hosts which are defined in all apache configuration files
ls -l /etc/apache2/sites-enabled/

sudo nano /etc/hosts
# 192.168.20.1    example.com
# 192.168.20.1    myexample.com

How to create multiple virtual hosts

• http://codingpad.maryspad.com/2012/03/14/how-to-create-multiple-virtual-hosts-in-ubuntu/
• http://httpd.apache.org/docs/2.2/vhosts/examples.html Virtual host examples for different scenarios
• http://www.tecmint.com/apache-ip-based-and-name-based-virtual-hosting/
• https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-wordpress-sites-on-a-single-ubuntu-vps
• http://www.unixmen.com/setup-virtual-hosts-apache-ubuntu-14-04-lts/

25 Apache Interview Questions for Beginners and Intermediates

http://www.tecmint.com/apache-interview-questions/

Redirecting a non-www URL to a www URL

http://www.tecmint.com/apache-htaccess-tricks/3/

Add www to your domain name for your website

https://www.linux.com/learn/tutorials/464510:weekend-project-create-virtual-hosts-with-apache Using ServerAlias or creating multiple virtualhost.

Disable directory browsing

• http://www.linuxscrew.com/2008/06/03/faq-how-to-disable-directory-browsing-in-apachehttpd/

Remove word Indexes from the following line in the file </etc/apache2/sites-available/default> & </etc/apache2/sites-available/default-ssl>

Options Includes Indexes FollowSymLinks MultiViews

Or try the following commands

sudo a2dismod autoindex
sudo service apache2 restart

List of all virtual hosts

apache2ctl -S

Diable a website through virtual host

• http://manpages.ubuntu.com/manpages/hardy/man8/a2ensite.8.html

sudo a2dissite 000-default

Show all loaded modules

apache2ctl -M

/usr/sbin/apache2ctl: 87: ulimit: error setting limit (Operation not permitted)
Loaded Modules:
 core_module (static)
 log_config_module (static)
 logio_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 alias_module (shared)
 auth_basic_module (shared)
 authn_file_module (shared)
 authz_default_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 php5_module (shared)
 reqtimeout_module (shared)
 setenvif_module (shared)
 ssl_module (shared)
 status_module (shared)
Syntax OK

favicon.ico

For some reason, if I just rename an animated gif file to <favicon.ico>, the file can be viewed locally and works when I put it on /var/www (http). For https, the default favicon does not show up and I have to manually put the favicon in the index.html file (good if you wish your pages to use different favicon sets).

<head>
...
<link rel="icon" href="yinyang_rot.gif" type="image/x-icon">
</head>

For mediawiki, I don't need to rename to <favicon.ico>.

See also Create an animated gif file on how I create an animated gif file from a single png file.

Note that chrome browser does not support animated gif favicons. IE does not support either. Firefox does support animated gif favicons.

Reverse proxy

The goal is to use http://address instead of http://address:port.

Nginx

Use proxy_pass in /etc/nginx/sites-available/default

• Create a portable battery and solar powered Raspberry Pi Zero web server, especially step 3 for accessing the monitoring page without an ugly port number.

Apache

Use ProxyPass and ProxyPassReverse in /etc/apache2/sites-available/default

• https://serverfault.com/questions/472482/proxypass-redirect-directory-url-to-non-standard-port
• https://stackoverflow.com/questions/8541182/apache-redirect-to-another-port
• hide port from URL of Rails server?
• VirtualHost Examples
• Apache Module mod_proxy
• How To Use Apache HTTP Server As Reverse-Proxy Using mod_proxy Extension

Monitor Apache

• 3 Ways to Check Apache Server Status and Uptime in Linux
  • Apachectl Utilities (Works, based on mod_status module which was enabled by default in Ubuntu, show server uptime and server load and how many requests currently being processed). Command line method (need to install lynx first): apachectl status. GUI method: http://localhost/server-status
  • Systemctl Utility (systemctl is not in Ubuntu 14.04 by default)
  • ps Utility (not useful)
• How to Monitor Apache Web Server Load and Page Statistics: mod_status module
• https://blog.serverdensity.com/monitor-apache/. The apache-top utility is cool! It can display the requested IP and the website. Use 'q' and wait 1-2 seconds for it to quit. (Don't use the one installed through apt-get)

wget https://raw.githubusercontent.com/fr3nd/apache-top/master/apache-top.py
python apache-top.py -u http://192.168.X.XXX/server-status

• Monitoring Apache with mod_status
• AWStats. AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically.