Apache Cheatsheet

A no-frills checklist for installing and configuring Apache on Ubuntu 20.04.

Install Apache

Apache should be installed by default on Ubuntu but we can check if an updated version is available:

sudo apt update
sudo apt upgrade apache2

The server can be managed using the following commands:

sudo service apache2 start
sudo service apache2 stop
sudo service apache2 restart

Apache is automatically configured on Ubuntu to restart itself each time the server reboots.

Create Site Directories

Create a directory for each site under the /var/www directory:

sudo mkdir -p /var/www/example.com
sudo chown -R $USER:$USER /var/www/example.com

The second command sets the current user as owner of the new site directory.

Create Virtual Host Files

Create a virtual host file for each site:

sudo vim /etc/apache2/sites-available/example.com.conf

Add the following content:

<VirtualHost *:80>
    DocumentRoot /var/www/example.com
    ServerName example.com
    ServerAlias www.example.com
    ServerAdmin webmaster@example.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Enable Virtual Host Files

Use the a2ensite tool to enable each site:

sudo a2ensite example.com.conf
sudo service apache2 reload

The reload command instructs the application to reload its configuration files.

Configure Logrotate

Apache automatically configures the logrotate utility to rotate the webserver's logs on a daily basis. This behaviour can be customized in the /etc/logrotate.d/apache2 file.

The following configuration will rotate the log files on a monthly basis:

/var/log/apache2/*.log {
    monthly
    missingok
    rotate 12
    compress
    notifempty
    create 640 root adm
    sharedscripts
    dateext
    dateformat -%Y-%m
    dateyesterday
    postrotate
        if /etc/init.d/apache2 status > /dev/null ; then \
            /etc/init.d/apache2 reload > /dev/null; \
        fi;
    endscript
    prerotate
        if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
            run-parts /etc/logrotate.d/httpd-prerotate; \
        fi;
    endscript
}

Enable HTTPS

The good folks at the Let's Encrypt project have made supporting encrypted connections ridiculously easy.

First install Certbot, the Let's Encrypt client:

sudo apt install python-certbot-apache

Let Certbot obtain and install a domain-validation certificate for your site:

sudo certbot --apache

If you have multiple sites you can obtain a separate certificate for each site by running the following command once per site:

sudo certbot --apache -d example.com -d www.example.com

Let's Encrypt certificates last for 90 days but can be renewed automatically using the renew command:

sudo certbot renew

We can set up a cron job to run this command automatically. Edit the root user's crontab using:

sudo crontab -e

Add the following line:

30 0 * * * /usr/bin/certbot renew

This will run the renew command at 00:30 each day. Note that renew only renews certificates that are actually expiring so running the command daily does not place an unnecessary burden on the Let's Encrypt servers.