Note:
This documentation has moved to a new home! Please update your bookmarks to the new URL for the up-to-date version of this page.
Apache2 is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache2.
By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately, and added at any time using the LoadModule directive. Otherwise, Apache2 must be recompiled to add or remove modules.
Ubuntu compiles Apache2 to allow the dynamic loading of modules. Configuration directives may be conditionally included on the presence of a particular module by enclosing them in an <IfModule>
block.
Installing and handling modules
You can install additional Apache2 modules and use them with your web server. For example, run the following command at a terminal prompt to install the Python 3 WSGI module:
sudo apt install libapache2-mod-wsgi-py3
The installation will enable the module automatically, but we can disable it with a2dismod
:
sudo a2dismod wsgi
sudo systemctl restart apache2.service
And then use the a2enmod
utility to re-enable it:
sudo a2enmod wsgi
sudo systemctl restart apache2.service
See the /etc/apache2/mods-available
directory for additional modules already available on your system.
Configure Apache2 for HTTPS
The mod_ssl
module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL, the https://
prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar.
The mod_ssl
module is available in the apache2-common
package. Run the following command at a terminal prompt to enable the mod_ssl
module:
sudo a2enmod ssl
There is a default HTTPS configuration file in /etc/apache2/sites-available/default-ssl.conf
. In order for Apache2 to provide HTTPS, a certificate and key file are also needed. The default HTTPS configuration will use a certificate and key generated by the ssl-cert
package. They are good for testing, but the auto-generated certificate and key should be replaced by a certificate specific to the site or server.
Note:
For more information on generating a key and obtaining a certificate see Certificates.
To configure Apache2 for HTTPS, enter the following:
sudo a2ensite default-ssl
Note:
The directories/etc/ssl/certs
and/etc/ssl/private
are the default locations. If you install the certificate and key in another directory make sure to change SSLCertificateFile and SSLCertificateKeyFile appropriately.
With Apache2 now configured for HTTPS, restart the service to enable the new settings:
sudo systemctl restart apache2.service
Note that depending on how you obtained your certificate, you may need to enter a passphrase when Apache2 restarts.
You can access the secure server pages by typing https://your_hostname/url/
in your browser address bar.
Sharing write permission
For more than one user to be able to write to the same directory you will need to grant write permission to a group they share in common. The following example grants shared write permission to /var/www/html
to the group “webmasters”.
sudo chgrp -R webmasters /var/www/html
sudo chmod -R g=rwX /var/www/html/
These commands recursively set the group permission on all files and directories in /var/www/html
to allow reading, writing and searching of directories. Many admins find this useful for allowing multiple users to edit files in a directory tree.
Warning:
Theapache2
daemon will run as thewww-data
user, which has a correspondingwww-data
group. These should not be granted write access to the document root, as this would mean that vulnerabilities in Apache or the applications it is serving would allow attackers to overwrite the served content.
Further reading
-
The Apache2 Documentation contains in depth information on Apache2 configuration directives. Also, see the apache2-doc package for the official Apache2 docs.
-
O’Reilly’s Apache Cookbook is a good resource for accomplishing specific Apache2 configurations.
-
For Ubuntu specific Apache2 questions, ask in the
#ubuntu-server
IRC channel on libera.chat.