Apache 2 on Ubuntu 20.04 + 30 Second SSL Configuration

The version of Ubuntu that I use is 20.04 LTS however most of these instructions will pertain to just about all Ubuntu Linux versions. Yes, there are thousands of these tutorials on the web and this could be a one line article:

  • apt install apache2

Even though that is correct, will 100% work, and will give you a working Apache 2 installation, I’m going to go over a few of the Ubuntu’isms and more detail on how the Ubuntu package from the repository for Apache 2 is configured, including some important files.

Once the installation completes open a browser on a computer attached to the same network as the server you just installed Apache 2 on. Enter the following to confirm the web server is serving:

  • http://computer-attached-to-same-network-as-apache-server or
  • http://xxx.xxx.xxx.xxx (IP Address of the new Apache Server)

You’ll know your web server is working if you get the “It WorksApache page.

After you’ve installed Apache 2 from the official and updated Ubuntu repositories (you did do apt update; apt upgrade -y prior to the installation didn’t you? Make that part of your administration duties to not only run those commands before installing something, but daily, every few days, or at a minimum weekly) I’ll now outline some specifics of the configuration.

First off, the primary web server directory, your webroot, has been default configured to display the active web site, basically that ‘Welcome to Apache‘ or ‘It Works‘ page which confirms the server is working and is located in the directory:

  • /var/www/html
  • /var/www/html/index.html (that’s the actual file being served in a new Apache 2 installation on Ubuntu)

The file that is the configuration for that default host:

  • /etc/apache2/sites-available/000-default.conf

At the moment, at least for this article, I’m going to go over the default straight from the Ubuntu repository configuration of Apache 2 which will start a non-encrypted/non-ssl server. I will cover the configuration of a secure https (ssl enabled) server in another article when I write up the details to get a free Let’s Encrypt ssl certificate and integrate that into your Apache 2 web server configuration. Though I will go ver a 30 second https SSL configuration below, it’s basically for more advanced administrators who want to play with https over SSL immediately and not wait to read another article. Additionally I will be assuming that only a single server will be running on this server so the above config file and directory location will be the important file/s and directory/ies. I will go over a multiple virtual host Apache 2 configuration in another article.

Hardcore, difficult, veteran and funny system administrators sometimes hate the over engineered configuration of the Ubuntu package for Apache. For example, after installing Apache 2, you get a configuration directory (/etc/apache2) which looks like the following:

-rw-r--r-- 1 root root  7263 Jul  6 19:05 apache2.conf
drwxr-xr-x 2 root root  4096 Sep 16 07:54 conf-available
drwxr-xr-x 2 root root  4096 Sep 16 07:02 conf-enabled
-rw-r--r-- 1 root root  1782 Apr 13  2020 envvars
-rw-r--r-- 1 root root 31063 Apr 13  2020 magic
drwxr-xr-x 2 root root 12288 Sep 11 07:55 mods-available
drwxr-xr-x 2 root root  4096 Dec 14  2020 mods-enabled
-rw-r--r-- 1 root root   320 Apr 13  2020 ports.conf
drwxr-xr-x 2 root root  4096 Sep 21 18:45 sites-available
drwxr-xr-x 2 root root  4096 Sep  1 00:10 sites-enabled

Look at that, in the old days, and in fact on other distributions of Linux the primary configuration file for Apache, 1 or 2, has always been httpd.conf. Though it has been consistently apache2.conf on Debian based systems. In keeping with the Ubuntu way of trying to make things as easy as possible under the Ubuntu package distribution for Linux the primary configuration file for the Apache 2 subsystem is named apache2.conf, as evidenced by the directory listing above. I’m sure they (Ubuntu or Debian standards configuration team, I guess) did that so that the primary Apache configuration file would be at the top of the listing so that it’s easy to find. Unless you’re a super hardcore command line warrior and always list directories with the -lat flags to ls, in which case you would get a reverse ordering and apache2.conf would be the last thing listed, which probably breaks someone’s theory, but let’s move on.

Let’s talk about those directories and files in the /etc/apache2 directory. Each one of those files and directories contain the directives and or configuration settings for some part of the Apache 2 subsystem. In the old days, or other distributions, or whatever, all of those files and the files in those directories actually were settings, clauses, and or directives contained in and to be used as part of, or section, of the primary configuration file, httpd.conf. Just so I’m sure that I’m making myself clear, there was a time when apache2.conf (httpd.conf) had all the configuration directives and settings and was the only configuration file for Apache you had to deal with. There were no separate files or directories for the envars, and magic, and available/enabled and ports.conf. All of that information was kept in a single, monolithic configuration file named httpd.conf. As such, the primary Apache configuration file sometimes was huge. I mean hundreds to sometimes thousands of lines long, depending on options, the number of virtual hosts, which application servers were in use (php, perl, tomcat, whatever) etc etc ad infinitum, basically the information in all of the files and files in the directories you now see in the /etc/apache2 configuration directory, which again, as listed above. As such, except for in the most extreme situations you no longer have to touch the primary Apache 2 configuration file unless you’re modifying actual server functionality. On Ubuntu most of the items in apache2.conf is for configuring the options of the Apache server itself, however options may be set in the ‘new’ or ‘expanded’ set of configuration files found in the various available/enabled directories and will override the apache2.conf settings and you will normally set those on a per host, or per virtual host configuration file.

Older system admins may hate it, I’ve grown to accept it, and it’s debatable whether a full blown directory structure with numerous configuration files is easier than a single monolithic configuration file. Either way, as I am in the accepting crowd I thought I might provide some historical information that might explain why things are the way they are on Ubuntu, though it’s probably more of a Debian thing in this case, at least for the Apache 2 subsystem. I could be wrong, but probably not on all points. Please comment and correct as appropriate in the comments and I will update or re-educate myself as necessary.

I’m going to cut the diatribe short now and get into some of the details of how Apache 2 is configured on Ubuntu Linux and where you might find things plus the directories and other subsystems installing Apache 2 might touch. As part of using the apt package to install packages on Ubuntu invariably other subsystems may be touched or updated or modified including the following:

  • /etc/cron.daily/apache2
  • /etc/default/apache-htcacheclean
  • /etc/init.d/apache-htcacheclean
  • /etc/init.d/apache2
  • /etc/logrotate.d/apache2
  • /etc/ufw/applications.d/apache2-utils.ufw.profile

I’m not going to go into the fine grained details of each of these files but I will touch on them. Veteran administrators will immediately know what they are from their locations and names and amateur or home system administrators quite frankly shouldn’t touch those files until you learn exactly what they are. However, I will quickly go over each. The cron.daily entry is the configuration and setting for daily management tasks, in this case calling the apache-htcacheclean process, as also evidenced above. The init.d entries are the startup file entries. The logrotate.d is for log rotation, and that final ufw entry is for Apache integration into the ufw firewall management system. Again, under normal operation neither veteran nor new administrators need ever or at least rarely touch or modify these files.

Okay, I think that will do it for the information I wanted to pass on about Apache 2 as it runs under Ubuntu Linux, version 20.04 LTS in my case. Following this article will be articles on installing PHP and MySQL, to complete the so called LAMP stack. Stay tuned.

30 Second SSL configuration with the default from repository configuration and files:

  • a2ensite default-ssl.conf # enables the default included ssl configuration in Apache 2
  • a2enmod ssl # enable ssl module in Apache 2
  • systemctl reload apache2 # restart Apache 2

Now go to https://ip.apache.server. You’re going to get a security certificate warning. Just click the button or link to bypass. SSL is working now if you get the certificate error however because of the self signed untrusted temporary ssl certificates the the Apache 2 package installs by default it bugs you the certificate is from an untrusted source. I’ll leave it up to the reader as an exercise to set up a trusted certificate store and import a certificate as there are many other articles out there on that subject, however I just ignore the security certificate warning or if it’s a site actually on the internet with a domain name then I just properly configure it with a free Let’s Encrypt SSL certificate.

Please visit my Patreon page if you’re so inclined or make a donation. Or you may click the coffee cup in the bottom right corner of the screen and Buy Me A Coffee. Thank you!


Leave a Reply

Your email address will not be published. Required fields are marked *