Apache2 is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache2.
By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately, and added at any time using the LoadModule directive. Otherwise, Apache2 must be recompiled to add or remove modules.
Ubuntu compiles Apache2 to allow the dynamic loading of modules. Configuration directives may be conditionally included on the presence of a particular module by enclosing them in an
Installing and handling modules
You can install additional Apache2 modules and use them with your web server. For example, run the following command at a terminal prompt to install the Python 3 WSGI module:
sudo apt install libapache2-mod-wsgi-py3
The installation will enable the module automatically, but we can disable it with
sudo a2dismod wsgi sudo systemctl restart apache2.service
And then use the
a2enmod utility to re-enable it:
sudo a2enmod wsgi sudo systemctl restart apache2.service
/etc/apache2/mods-available directory for additional modules already available on your system.
Configure Apache2 for HTTPS
mod_ssl module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL, the
https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar.
mod_ssl module is available in the
apache2-common package. Run the following command at a terminal prompt to enable the
sudo a2enmod ssl
There is a default HTTPS configuration file in
/etc/apache2/sites-available/default-ssl.conf. In order for Apache2 to provide HTTPS, a certificate and key file are also needed. The default HTTPS configuration will use a certificate and key generated by the
ssl-cert package. They are good for testing, but the auto-generated certificate and key should be replaced by a certificate specific to the site or server.
For more information on generating a key and obtaining a certificate see Certificates.
To configure Apache2 for HTTPS, enter the following:
sudo a2ensite default-ssl
/etc/ssl/privateare the default locations. If you install the certificate and key in another directory make sure to change SSLCertificateFile and SSLCertificateKeyFile appropriately.
With Apache2 now configured for HTTPS, restart the service to enable the new settings:
sudo systemctl restart apache2.service
Note that depending on how you obtained your certificate, you may need to enter a passphrase when Apache2 restarts.
You can access the secure server pages by typing
https://your_hostname/url/ in your browser address bar.
Sharing write permission
For more than one user to be able to write to the same directory you will need to grant write permission to a group they share in common. The following example grants shared write permission to
/var/www/html to the group “webmasters”.
sudo chgrp -R webmasters /var/www/html sudo chmod -R g=rwX /var/www/html/
These commands recursively set the group permission on all files and directories in
/var/www/html to allow reading, writing and searching of directories. Many admins find this useful for allowing multiple users to edit files in a directory tree.
apache2daemon will run as the
www-datauser, which has a corresponding
www-datagroup. These should not be granted write access to the document root, as this would mean that vulnerabilities in Apache or the applications it is serving would allow attackers to overwrite the served content.
The Apache2 Documentation contains in depth information on Apache2 configuration directives. Also, see the apache2-doc package for the official Apache2 docs.
O’Reilly’s Apache Cookbook is a good resource for accomplishing specific Apache2 configurations.
For Ubuntu specific Apache2 questions, ask in the
#ubuntu-serverIRC channel on libera.chat.