DevOps & Cloud63 entries
Apache HTTP Server
Virtual hosts, modules, SSL, .htaccess, reverse proxy, and performance tuning
1Service Management
sudo systemctl start apache2 | Start Apache service |
sudo systemctl stop apache2 | Stop Apache service |
sudo systemctl restart apache2 | Restart Apache (drops connections) |
sudo systemctl reload apache2 | Graceful reload (no downtime) |
sudo systemctl enable apache2 | Enable Apache on boot |
sudo systemctl status apache2 | Check Apache service status |
apachectl configtest | Test configuration syntax |
apachectl -V | Show version and build parameters |
apachectl -t -D DUMP_MODULES | List all loaded modules |
apachectl -S | Show parsed virtual host settings |
2Virtual Hosts
<VirtualHost *:80> | Define a virtual host on port 80 |
ServerName example.com | Set primary domain for vhost |
ServerAlias www.example.com | Add alternate domain name |
DocumentRoot /var/www/html | Set root directory for content |
ErrorLog ${APACHE_LOG_DIR}/error.log | Set error log path |
CustomLog ${APACHE_LOG_DIR}/access.log combined | Set access log with format |
sudo a2ensite example.conf | Enable a virtual host config |
sudo a2dissite example.conf | Disable a virtual host config |
3Modules
sudo a2enmod rewrite | Enable mod_rewrite for URL rewriting |
sudo a2dismod autoindex | Disable directory listing module |
sudo a2enmod ssl | Enable SSL/TLS module |
sudo a2enmod headers | Enable HTTP headers module |
sudo a2enmod proxy | Enable reverse proxy module |
sudo a2enmod proxy_http | Enable HTTP proxy support |
sudo a2enmod expires | Enable cache expiry headers |
sudo a2enmod deflate | Enable gzip compression |
apache2ctl -M | List all enabled modules |
4SSL / HTTPS
sudo a2enmod ssl | Enable SSL module |
SSLEngine on | Enable SSL for a virtual host |
SSLCertificateFile /path/cert.pem | Set SSL certificate path |
SSLCertificateKeyFile /path/key.pem | Set SSL private key path |
SSLCertificateChainFile /path/chain.pem | Set certificate chain file |
sudo certbot --apache -d example.com | Install Let's Encrypt cert |
Header always set Strict-Transport-Security "max-age=31536000" | Enable HSTS header |
5.htaccess & Rewrite Rules
RewriteEngine On | Enable URL rewriting in .htaccess |
RewriteCond %{HTTPS} off | Condition: if not HTTPS |
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] | Redirect HTTP to HTTPS |
RewriteRule ^old-page$ /new-page [R=301,L] | Permanent redirect (301) |
RewriteRule ^api/(.*)$ index.php?route=$1 [QSA,L] | Route API requests to index.php |
Options -Indexes | Disable directory listing |
AllowOverride All | Allow .htaccess to override config |
ErrorDocument 404 /404.html | Custom 404 error page |
6Reverse Proxy
ProxyPass / http://localhost:3000/ | Forward all requests to backend |
ProxyPassReverse / http://localhost:3000/ | Adjust response headers for proxy |
ProxyPreserveHost On | Pass original Host header to backend |
ProxyPass /ws ws://localhost:3000/ws | Proxy WebSocket connections |
<Proxy balancer://mycluster> | Define a load balancer cluster |
BalancerMember http://server1:8080 | Add backend server to balancer |
7Security & Access Control
Require all denied | Deny access to directory (2.4+) |
Require ip 192.168.1.0/24 | Allow access from IP range |
Require all granted | Allow access to all |
ServerTokens Prod | Hide Apache version in headers |
ServerSignature Off | Remove server info from error pages |
Header set X-Content-Type-Options "nosniff" | Prevent MIME type sniffing |
Header set X-Frame-Options "SAMEORIGIN" | Prevent clickjacking |
8Logging & Performance
LogLevel warn | Set log verbosity (emerg to trace8) |
tail -f /var/log/apache2/error.log | Stream error log in real-time |
ExpiresActive On | Enable cache expiry headers |
ExpiresByType image/png "access plus 1 month" | Cache images for 1 month |
AddOutputFilterByType DEFLATE text/html text/css | Enable gzip for HTML/CSS |
KeepAlive On | Enable persistent connections |
MaxKeepAliveRequests 100 | Max requests per connection |
KeepAliveTimeout 5 | Timeout for keep-alive (seconds) |