Install and Configure
With Ubuntu installing is very straightforward,
sudo apt-get install apache2
Apache 2.x is now installed.
Test
Verify that the Apache Web Server is running first by hitting your server's IP Address. If you do not know your ip address, at the console type,
ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 40:40:39:1b:ec:30 brd ff:ff:ff:ff:ff:ff inet 173.203.126.225/24 brd 173.203.126.255 scope global eth0 inet6 fe80::4240:39ff:fe1b:ec30/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 40:40:33:6c:9d:19 brd ff:ff:ff:ff:ff:ff inet 10.179.62.235/19 brd 10.179.63.255 scope global eth1 inet6 fe80::4240:33ff:fe6c:9d19/64 scope link valid_lft forever preferred_lft forever
Sometimes you may get back more than one IP address if you have more than one Ethernet card. If you are unsure, just try them one at a time in the next step. In this case mine is 173.203.126.225.
Then launch a browser and enter your ip address into the browser.
You should see a webpage show up saying "It works!".
Stopping, Starting, Restarting and Reload
You should know the basic commands to running Apache 2. Go ahead and try them. Note ignore the warning message about "fully qualified domain name" as that is covered in the next section.
As of Ubuntu 12, the following the basic commands to manage Apache2 are,
sudo service apache2 stop sudo service apache2 start sudo service apache2 restart sudo service apache2 reload # Somebody explain the difference. I know but don't have the energy tonight.
Before Ubuntu12,
sudo /etc/init.d/apache2 stop sudo /etc/init.d/apache2 start sudo /etc/init.d/apache2 restart sudo /etc/init.d/apache2 reload
Provide Server Name
Apache is working fine, but during restart you will get the warning message, "apache2: Could not reliably determine the server's fully qualified domain name, using ...".
Most websites have a domain name attached to them. Apache is looking for this on start-up. Depending on the version of Apache and Ubuntu this can be resolved by adding the ServerName Directive with the hostname.
You can determine hostname by typing,
hostname
As of Jan 3, 2015 and recent build of Ubuntu 14.04 and Apache 2.4.7 the recommendation to to include an entry into the Global Configuration.
This method ensures that the change will persist even if Apache is upgraded,
# create the configuration file in the "available" section echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/servername.conf # enable it by creating a symlink to it from the "enabled" section sudo a2enconf servername
As of June 5, 2012 the more recent build of Ubuntu 12 and Apache 2.2.22 add an entry into the file called name,
sudo echo "ServerName $(bash -c "hostname")" >> /etc/apache2/conf.d/name"
Restart Apache to confirm you do not get the warning messages,
sudo service apache2 restart
With older versions of Apache and Ubuntu (I need to track down when this changed) I traditionally (still to determine if conf.d/name would still work) add the entry to httpd.conf,
sudo echo "ServerName $(bash -c "hostname")" >> /etc/apache2/httpd.conf"
Apache Basic Server Hardening
Here are some of the basic hardening steps I take today.
As with any security notes, I will write a disclaimer that there are more advanced ways to secure Apache. You can go as far as compiling your own custom version but that's out of scope for now.
Edit /etc/apache2/conf.d/security
set ServerTokens Prod - This turns off all the extra header information sent by Apache. Primarily, it would let a client know what version of Apache is being used. The information could be used to look up vulnerabilities on the particular version of Apache you are running.
set ServerSignatures Off - Removes footer information from default apache pages. For example, page not found.
Optional Optimization
I found that you can save (according to htop about 3MB) of memory if the status apache module is disabled,
sudo a2dismod Your choices are: alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex cgid deflate dir env filter jk mime negotiation proxy proxy_http rewrite setenvif status substitute Which module(s) do you want to disable (wildcards ok)? status Module status disabled. To activate the new configuration, you need to run: service apache2 restart sudo service apache2 restart
That is for now. I might flush this section out a bit more later. Surprisingly, the default Apache configuration is very robust that I rarely need optimization. Instead, we focus optimization efforts on application servers which usually give us the biggest improvements.
References
http://cloudservers.mosso.com/index.php/Ubuntu_-_Apache_configuration#Security_Settings - Rackspace wiki on hardening Apache Web Server.