Overview
Apache HTTP Server, colloquially known as Apache, is a free and open-source cross-platform web server software that’s widely used to deliver content on the Internet. When you set up Apache, understanding its default configuration files is crucial for effective web server management. The most critical of these configuration files include httpd.conf, httpd-vhosts.conf, and httpd-ssl.conf.
httpd.conf: The Main Configuration File
This is the primary configuration file for Apache HTTP server. It controls the server-wide settings and is located in the conf directory of your Apache installation. For example:
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin [email protected]
<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>In the above snippet, ‘ServerRoot’ defines the directory in which the server-specific files like logs and configuration files reside. ‘Listen’ defines the port Apache listens on, and ‘ServerAdmin’ sets the contact email for server error messages.
Configuration Sections
The httpd.conf file contains several sections marked by , , , and more. These sections apply configuration directives to specific directories, files, or URLs. For example:
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>The above section controls the behavior of the server when handling requests for the specified directory path.
Module Loading
Modules enhance the functionality of Apache. You can load modules using the ‘LoadModule’ directive within the httpd.conf file:
LoadModule authz_core_module modules/mod_authz_core.soHere:
LoadModule: This is the directive used in Apache’s configuration files to load a module during the startup process.authz_core_module: This is the identifier for theauthz_coremodule. This module provides core authorization capabilities to Apache, enabling you to control access to website resources based on characteristics of the request, such as the user’s credentials or IP address.modules/mod_authz_core.so: This specifies the path to the module’s shared object file (mod_authz_core.so) relative to the server root. This file is the actual compiled code for the module.
httpd-vhosts.conf: Managing Virtual Hosts
Virtual hosts allow you to host multiple websites on a single server. The configuration for virtual hosts is generally found in httpd-vhosts.conf, located within the extra subdirectory inside ‘conf’. An example virtual host setup is as follows:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
DocumentRoot "/var/www/example.com"
ErrorLog "logs/example.com-error_log"
CustomLog "logs/example.com-access_log" common
# Other directives might go here
</VirtualHost>
In this context:
<VirtualHost *:80>: This line begins the definition of a virtual host on port 80 (the standard port for HTTP). The asterisk*means the virtual host is listening on all available IP addresses.ServerName: Specifies the base domain for the virtual host.ServerAlias: Defines additional names that should match as if they were the base name.DocumentRoot: Sets the directory from which Apache will serve files for this host.ErrorLogandCustomLog: Configure the locations and formats of the log files.
Names and Ports
You can specify a unique ‘ServerName’ for each virtual host, alongside a ‘ServerAlias’, which allows for alternative names. ‘DocumentRoot’ dictates the directory from which Apache will serve files for this host.
httpd-ssl.conf: Configuring SSL/TLS
Securing data transmission over the web is crucial, hence the need for configuring HTTPS via SSL/TLS. This is primarily handled by httpd-ssl.conf, often located in the same ‘extra’ subdirectory where ‘httpd-vhosts.conf’ is found. A snippet example for a secure virtual host might include:
<VirtualHost *:443>
ServerName www.secure-example.com
DocumentRoot "/var/www/secure-example.com"
SSLEngine on
SSLCertificateFile "/path/to/secure-example.com.crt"
SSLCertificateKeyFile "/path/to/secure-example.com.key"
# Include the SSLCertificateChainFile only if your certificate provider requires it
# SSLCertificateChainFile "/path/to/secure-example.com.chain.pem"
# Other directives might go here, like custom log files, server aliases, etc.
</VirtualHost>
Key points:
<VirtualHost *:443>: Indicates that this virtual host listens on all interfaces (*) on port 443, which is the standard port for HTTPS.SSLEngine on: Enables SSL/TLS for this virtual host.SSLCertificateFileandSSLCertificateKeyFile: These directives point to your SSL certificate and private key files, respectively.SSLCertificateChainFile(optional): If your SSL provider has given you a chain file (sometimes called intermediate certificate), you should include it. Note that in Apache 2.4.8 and later, theSSLCertificateChainFiledirective became obsolete, and you can concatenate the chain certificates to the end of the server certificate file instead.
Remember to replace the paths to the certificate and key with the actual paths where your SSL files are stored. After updating the configuration, always check the syntax with apachectl configtest and restart Apache to apply the changes. Additionally, ensure that your firewall and security group settings (if applicable) allow traffic on port 443.
Conclusion
Understanding the Apache HTTP server’s default configuration files is key to managing a successful web server setup. Start by familiarizing yourself with each file’s syntax and structure, tweaking it to suit your server’s specific requirements. An effective configuration ensures high performance, security, and the capability to handle multiple sites with varied needs.
Note that after making any changes to these configuration files, you will need to restart your Apache server for the changes to take effect. Always remember to back up your current configuration files before making any alterations, to avoid downtime due to unforeseen errors.
