Apache Web Server on Ubuntu 15

Summary

Another release of Ubuntu means an updated tutorial for installing Apache. Although not much has changed on how the installation and configuration of Apache is done, if you haven’t updated in a while, there are a few major changes you will want to be aware of. One those changes is the introduction of SystemD. It is a different way of managing your system the is completely separate from how we did it using Init. Thankfully, a lot of mapping has been done in Ubuntu, and other converts, that allow your to execute older init-style commands.

 

Installing Apache

For those who want a stable release of Apache, it is available from the default software repository. Keep in mind that Ubuntu uses relatively newer releases of software. You won’t have the most bleeding edge version of Apache, but it is still a fairly new release. The following instructions will show you how to install it onto your server or on desktop from a terminal.

  1. Log onto the server with an account that has sudo rights.
  2. Run the following command to install Apache version 2.
    sudo apt-get install apache2

 

Firewalls and Services

During the Apache installation process on Ubuntu, when done through Aptitude, a lot of additional work is done for you. This includes opening up the basic firewall ports for HTTP traffic, starting the Apache2 service and enabling the service to run at boot. With that said, we can move onto configuring the server basics.

 

Configuring Apache

There are a few settings that you should consider changing after any new installation of Apache. Some of these are for administration purposes, some are for performance and others for security.

Security

Unlike other distros and versions of Apache compiled from source, Ubuntu’s package separates the different areas of the configuration into different files. This will make things a little easier to find.

In a production environment, you want to make some changes in the way Apache behaves. Some of these or more obfiscation than security and people do argue against it, however, it’s always good to eliminate white noise. A lot of attacks are done against low hanging fruit, which are servers that can easily be identified.

  1. Open the security configuration file for Apache into a text editor.
    vi /etc/apache2/conf-enabled/security
  2. Find ServerTokens and change its value to Prod.
    ServerTokens Prod
    
  3. If you expect that Git will be used for version control, prevent access to anything under a “.git” directory.
    <DirectoryMatch "/\.git">
         Require all denied
    </DirectoryMatch>
    
  4. If you expect SVN will be used for version control, prevent access to anything under a “.svn” directory. To this, find and uncomment the following lines in the configuration file.
    <DirectoryMatch "/\.svn">
         Require all denied
    </DirectoryMatch>
    
  5. Save your changes and exit the text editor.
  6. Restart the Apache service to apply the new settings.
    sudo service apache2 restart