########################## HTTP and HTTPS using APACHE ###################################
#### basic HTTP configuration:
### install apache
apt install apache2
# configuration files are in /etc/apache2
# directories "-available" contain configuration files, directories "-enabled" contain links
# to those files in the respective "-available" directories. The links in the "-enabled"
# directories are the enabled configurations at the moment. For any changes on them to
# take effect, you need to restart the apache service.
# to access the automatic initial apache's page (right after installation), try to enter the
# IP of the server where you installed apache in your browser
# the location of the page's HTML files are defined in /etc/apache2/sites-available (confirm
# the name of the enabled file in /etc/apache2/sites-enabled), look for the line starting
# with "DocumentRoot"
# the standard file of the automatic initial apache's page is /var/www/html/index.html
# if you change content of that file, the page is updated, no need to restart the
# apache service
### to create many sites in the same server/IP:
## * first, confirm that the DNS has the pages configured at your 'db.example' file (see the DNS
## configuration guide on this site for more details)
## * then, configure the apache files creating a copy of the default HTTP configuration file, as
## many times you need:
cd /etc/apache2/sites-available
cp 000.default.conf 001-name_of_your_choice.conf
cp 000.default.conf 002-name_of_your_choice.conf
# the 001 and 002 on the name is only to order the files inside the directory
## in those files, update the local of the HTML files and add the line with your site's
## address/URL. Example in 001-name_of_your_choice.conf:
DocumentRoot /var/www/page1 #where the html/php/gif... files of your site will be saved
ServerName www.example.com #site's URL
## do the same on the other site's configuration file: 002-name_of_your_choice.conf
## create links on the "sites-enabled" directory to the files you created and want to enable
## in the "sites-available" directory:
cd /etc/apache2/sites-enabled
ln -s ../sites-available/001-name_of_your_choice.conf
ln -s ../sites-available/002-name_of_your_choice.conf
## restart apache
systemctl restart apache2
## create the content of the respective sites in the location you specified in the configuration
## files. Example:
mkdir /var/www/page1 #create the directory if it isn't alredy created
mkdir /var/www/page2 #//
nano /var/www/page1/index.html #paste the content of the first page of this site, then save it
nano /var/www/page2/index.html #paste the content of the first page of this site, then save it
# the name "index.html" will make it so that file is the first page loaded when someone tries
# to access your site's URL
# place all the other files that make up the content of those sites in the same respective directory
# if you try to access the configured URLs in a browser, now you should obtain the content for
# the respective site. If you want to make the default site unavailable (or any of the sites
# previously created), delete the respective link on the "sites-enabled" directory. This way
# you won't lose the configuration on "sites-available" if you wish to reactivate it later on.
# if the link to the default first page (000.default.conf) was removed, when someone tries to
# access the IP of the server in a browser, the first link in the "sites-enabled" directory,
# in alphabetic order, will be loaded; in this case it would be the site described in the file
# named 001-name_of_your_choice.conf.
#########################################################################################
#### basic HTTPS configuration:
# enable the HTTPS module (the ssl.conf and ssl.load in /etc/apache2/mods-enabled):
a2enmod ssl
# restart apache
systemctl restart apache2
# do the same process you did for the HTTP in "sites-available" and "sites-enabled", but
# use the default-ssl.conf file as base to copy from.
# also update this part on every new configuration file you created for SSL:
# remove this line:
<VirtualHost _default_:443>
# and replace it with this line:
<VirtualHost *:443>
# restart apache
systemctl restart apache2
#########################################################################################
#### enable PHP on the server:
# install PHP in the server:
apt install libapache2-mod-php
# restart apache
systemctl restart apache2
#########################################################################################
#### some SAFETY (optional) configuration:
### REMOVE SERVICE DETAILS from "page not found" messages:
## in the file /etc/apache2/conf-enabled/security.conf (editing it's content will update the
## original file in ../conf-available/, not the link itself), look for these tags:
## 'ServerTokens' and 'ServerSignature'.
## comment the ones in use and uncomment those:
ServerTokens Minimal
ServerSignature Off
## restart apache
systemctl restart apache2
### DISABLE DIRECTORY BROWSING/LISTING:
## in the file /etc/apache2/apache2.conf, look for this block (related to your directory):
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
## and remove the "Indexes" option. It should now look like this:
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
## restart apache
systemctl restart apache2
#########################################################################################
#### enable USERDIR on the server:
# enable userdir (to allow a different webpage for every user on the server):
a2enmod userdir
# restart apache
systemctl restart apache2
# create users with home directory
useradd -m user_name
# create the directory 'public_html' in the home directory of that user
mkdir /home/user_name/public_html
# copy the webpage files (.html/.gif/.php...) to that directory
# update the permissions of the directories and files to allow the apache user
# to read and execute them:
chmod 755 /home/user_name
chmod 755 /home/user_name/public_html
chmod 755 /home/user_name/public_html/*
# to access the webpage, enter on the browser:
server's_IP_number/~user_name
# (optional) to attribute an URL to the site, instead of using the server's IP:
# * see the steps of the basic HTTP configuration at the beginning of this guide.
#########################################################################################
#### set up a PASSWORD PROTECTION TO ACCESS THE WEBPAGE (example of configuration
#### thinking about the joint use with the userdir guide)
## in the site configuration file /etc/apache2/sites-enabled/000-default.conf, add the
## the following lines under the 'DocumentRoot' line:
<Directory /home/user_name/public_html>
AllowOverride AuthConfig
</Directory>
# the address in front of 'Directory' must be where your authentication file
# will be, usually in the same directory as your index.html file
## in that directory you defined, use this command:
cd /home/user_name/public_html
htpasswd -c access user_name #it will prompt you to create a password
# that will create the file 'access', with the chosen user_name and
# password encrypted in the same directory
## in the same directory, create the .htaccess file:
nano .htaccess
## add this content to it:
AuthName "Restricted access to users"
AuthType Basic
AuthUserFile /home/user_name/public_html/access
require valid-user
# restart apache
systemctl restart apache2
#########################################################################################
#### how to create a Self-Signed SSL CERTIFICATE (for HTTPS testing purposes or
#### internal usage):
## generate a private key (with minimum encryption of 2048 bits):
openssl genrsa -des3 -out server.key 2048
# you will be prompted to register a passphrase (password...)
## generate a CSR (Certificate Signinig Request):
openssl req -new -key server.key -out server.csr
# you will be prompted to inform a series of data that will be in the
# certificate (country, state, etc...)
## remove passphrase from key (so that Apache doesn't ask for it every time it restarts):
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
# the newly generated key has no passphrase in it!
## generate a Self-Signed Certificate (that lasts for 365 days):
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
## install the private key and the certificate [copy them, with other name (optional), to the
## Apache's configuration folder (which location in there: you decide)]:
cp server.crt /etc/apache2/ssl.crt
cp server.key /etc/apache2/ssl.key
## configure the key and certificate in the HTTPS configuration files of every webpage
## you wish to in this server. Example:
nano /etc/apache2/sites-available/name_of_the_SSL-HTTPS_page.conf
## update the lines with SSLCertificateFile and SSLCertificateKeyFile with the current
## correct location of those files:
SSLCertificateFile /etc/apache2/ssl.crt
SSLCertificateKeyFile /etc/apache2/ssl.key
## restart apache
systemctl restart apache2
#########################################################################################
#### how to create a free CA-Signed (by Let's Encrypt) SSL CERTIFICATE with CERTBOT:
## what you need to have ready an configured before doing it:
# a working DNS correctly configured for your domain;
# a registered domain issued by a Registrar;
# a webpage with, at least, HTTP correctly configured using the service of your choice (for
# this guide, we will use Apache);
# sudo or root access to the server where the webpage is available, in order to follow
# the next installation steps:
## install snapd (if you use Ubuntu Server 18.04 and above, it should already be installed):
systemctl status snapd #to confirm if you already have it installed
apt install snapd #if you need to install it
## install certbot using snap:
snap install --classic certbot
## prepare the certbot command:
ln -s /snap/bin/certbot /usr/bin/certbot
## install certbot for apache:
certbot --apache
# you will be prompted to register an e-mail, agree with terms of use and optionally
# register for newsletter during this configuration
# if it worked, you should get a message confirming it; if not, you should get an error
# message from the installation. In that case, do whatever you need to correct it, then
# continue the installation process from this step
## test automatic renewal
certbot renew --dry-run
# it will simulate a renewal and confirm you if everything is set. If it is, it should
# renew the certificate automatically before expiration
## test your https site!!
# try to access the https version of your site, the browser should have the "secure"
# symbol near the url from now on!
# (optional) for more information, check https://letsencrypt.org/ and https://certbot.eff.org/
#########################################################################################
ATTENTION: Always read a script before you run it!!!
To run a basic Apache configuration script, with one site available via HTTP and HTTPS, run the following command line in your server's terminal:
wget -nc https://www.maycke.com.br/guides/raw/apache.sh && chmod 700 apache.sh && sudo ./apache.sh && sudo rm apache.sh
#########################################################################################
📬 Contact