How to use Apache on a Linux server: install Apache (apache2/httpd), allow ports 80/443 in the firewall, start and enable the service, create VirtualHosts for your domains, deploy site files to the document roots, enable HTTPS with Let’s Encrypt, and tune modules, logging, and performance (MPM, caching, PHP-FPM) for your workload.
Apache on Linux Server is a robust, flexible web server stack used to host websites, APIs, and applications. In this guide, I’ll show you exactly how to install, configure, secure, and optimize Apache on popular Linux distributions, using beginner-friendly steps and production-proven practices from 12+ years of hosting and server management experience at YouStable.
What Is Apache and Why Use It?
Apache HTTP Server (often just “Apache”) is a modular, open-source web server known for stability, extensive documentation, and unmatched flexibility through modules like mod_ssl, mod_proxy, mod_rewrite, and MPMs (worker models) that adapt to different workloads. It excels at .htaccess-driven sites, legacy PHP apps, and complex rewrite rules.
Search intent for this topic is largely “how to install and configure Apache, create virtual hosts, enable HTTPS, and manage performance and security.” We’ll cover all of that with distro-specific commands (Ubuntu/Debian and RHEL/CentOS/AlmaLinux/Rocky).
Prerequisites
- A Linux server (Ubuntu, Debian, CentOS, AlmaLinux, or Rocky Linux)
- Root or sudo access
- DNS A/AAAA records pointing your domains to the server’s IP
- Port 80 (HTTP) and 443 (HTTPS) accessible
Install Apache on Popular Linux Distributions
Ubuntu/Debian (apache2)
sudo apt update
sudo apt install -y apache2
sudo systemctl enable --now apache2
# UFW firewall (if enabled)
sudo ufw allow "Apache Full" # opens 80 and 443
sudo ufw statusUbuntu enables useful modules by default (e.g., mime, status). The default web root is /var/www/html, and the default site config lives in /etc/apache2/sites-available/000-default.conf.
RHEL/CentOS/AlmaLinux/Rocky (httpd)
sudo dnf install -y httpd
sudo systemctl enable --now httpd
# Firewalld
sudo firewall-cmd --add-service=http --add-service=https --permanent
sudo firewall-cmd --reload
# SELinux: ensure correct contexts for web content
sudo semanage fcontext -a -t httpd_sys_content_t "/var/www(/.*)?"
sudo restorecon -Rv /var/wwwRHEL-based systems use /etc/httpd/conf/httpd.conf plus additional configs in /etc/httpd/conf.d/. The default web root is /var/www/html.
Verify Apache Is Running
systemctl status apache2 # Ubuntu/Debian
systemctl status httpd # RHEL-based
# Test locally
curl -I http://127.0.0.1
# Expect: HTTP/1.1 200 OKOpen your server’s IP in a browser and you should see the Apache default page. If not, re-check firewall rules and service status.
Manage the Apache Service (systemd)
# Start/stop/restart
sudo systemctl start apache2 # or: httpd
sudo systemctl stop apache2
sudo systemctl restart apache2
# Graceful reload after config changes
sudo systemctl reload apache2
# Test configuration syntax
sudo apachectl configtest # or: sudo httpd -tCreate Name-Based Virtual Hosts
Virtual Hosts let you run multiple websites on one server. Point each domain’s DNS to your server, then create a vhost per site.
Ubuntu/Debian VirtualHost Example
sudo mkdir -p /var/www/example.com/public_html
sudo chown -R $USER:$USER /var/www/example.com/public_html
echo "<h1>Hello from example.com</h1>" | sudo tee /var/www/example.com/public_html/index.html
sudo tee /etc/apache2/sites-available/example.com.conf >/dev/null <<'EOF'
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
</VirtualHost>
EOF
sudo a2ensite example.com.conf
sudo a2dissite 000-default.conf
sudo systemctl reload apache2RHEL/CentOS/AlmaLinux/Rocky VirtualHost Example
sudo mkdir -p /var/www/example.com/public_html
sudo chown -R apache:apache /var/www/example.com/public_html
echo "<h1>Hello from example.com</h1>" | sudo tee /var/www/example.com/public_html/index.html
sudo tee /etc/httpd/conf.d/example.com.conf >/dev/null <<'EOF'
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog logs/example.com-error.log
CustomLog logs/example.com-access.log combined
</VirtualHost>
EOF
sudo systemctl reload httpdIf SELinux is enforcing, ensure the document root has the correct context and allow Apache to connect to the network if using upstream services:
sudo restorecon -Rv /var/www
sudo setsebool -P httpd_can_network_connect onEnable HTTPS with Let’s Encrypt (Certbot)
HTTPS is essential for security and SEO. Let’s Encrypt provides free TLS certificates. Ensure DNS is in place and ports 80/443 are open.
Ubuntu/Debian
sudo apt install -y certbot python3-certbot-apache
sudo certbot --apache -d example.com -d www.example.com
# Auto-renewal is installed via systemd timer/cron
sudo certbot renew --dry-runRHEL/CentOS/AlmaLinux/Rocky
sudo dnf install -y certbot python3-certbot-apache
sudo certbot --apache -d example.com -d www.example.com
sudo systemctl list-timers | grep certbotCertbot can also configure HTTP to HTTPS redirection automatically. For manual rewrites, enable mod_rewrite and add a rule in your vhost.
# Ubuntu/Debian
sudo a2enmod rewrite headers http2 ssl
sudo systemctl reload apache2
# RHEL-based: ensure modules are loaded by default (ssl, http2)
# Add rewrite rule inside your :443 vhost or a .htaccess if AllowOverride is set
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Add PHP and Dynamic Apps (LAMP)
For PHP applications, use PHP-FPM with Apache’s event MPM for better concurrency. Avoid legacy mod_php unless you have specific needs.
Ubuntu/Debian (PHP-FPM)
sudo apt install -y php-fpm php-mysql
sudo a2dismod mpm_prefork php*
sudo a2enmod mpm_event proxy_fcgi setenvif
sudo a2enconf php*-fpm
sudo systemctl reload apache2RHEL-based (PHP-FPM)
sudo dnf install -y php-fpm php-mysqlnd
sudo systemctl enable --now php-fpm
# In your vhost or a conf.d snippet:
# Proxy PHP requests to PHP-FPM socket
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost/"
</FilesMatch>
sudo systemctl reload httpdPlace a quick test file to verify PHP is working:
echo "<?php phpinfo(); ?>" | sudo tee /var/www/example.com/public_html/info.phpSecurity Hardening Essentials
- Hide version info: set
ServerTokens ProdandServerSignature Off. - Disable directory listing: Options -Indexes.
- Use HTTPS everywhere: enforce HTTP to HTTPS redirects and enable HSTS via Header always set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload.
- Limit .htaccess: prefer vhost configs; if needed, set
AllowOverridenarrowly (e.g.,AllowOverride FileInfo). - Permissions: web files owned by a deploy user, readable by Apache; avoid 777.
- WAF: consider
mod_security+ OWASP CRS; rate-limit with Fail2ban. - Keep Apache, OpenSSL, PHP, and system packages updated regularly.
# Ubuntu/Debian hardening snippet (add to vhost or a conf.d file)
sudo tee /etc/apache2/conf-available/security-hardening.conf >/dev/null <<'EOF'
ServerTokens Prod
ServerSignature Off
TraceEnable Off
# Disable legacy protocols where possible (TLS only)
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLHonorCipherOrder on
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
EOF
sudo a2enconf security-hardening
sudo a2enmod headers ssl
sudo systemctl reload apache2Performance Tuning Basics
- MPM: use event with PHP-FPM for high concurrency; avoid prefork unless required.
- KeepAlive: enable with sensible
KeepAliveTimeout(2–5s) andMaxKeepAliveRequests(100–200). - Compression: enable
mod_deflate(gzip) ormod_brotliif available. - Caching: set far-future cache headers for static assets using
mod_expires. - HTTP/2: enable for TLS virtual hosts to improve multiplexing.
- Logs: rotate and compress logs to prevent disk I/O bottlenecks.
# Ubuntu/Debian enable modules
sudo a2enmod http2 deflate headers expires brotli
sudo systemctl reload apache2
# Example tuning snippet
sudo tee /etc/apache2/conf-available/perf.conf >/dev/null <<'EOF'
Protocols h2 http/1.1
H2ModernTLSOnly on
KeepAlive On
MaxKeepAliveRequests 200
KeepAliveTimeout 3
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/json
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css "access plus 7 days"
ExpiresByType application/javascript "access plus 7 days"
ExpiresByType image/* "access plus 30 days"
</IfModule>
EOF
sudo a2enconf perf
sudo systemctl reload apache2Logging, Monitoring, and Troubleshooting
- Log locations:
- Ubuntu/Debian:
/var/log/apache2/access.log,/var/log/apache2/error.log - RHEL-based:
/var/log/httpd/access_log,/var/log/httpd/error_log
- Ubuntu/Debian:
- Tail logs during deploys:
sudo tail -f /var/log/apache2/error.log - Check service state:
systemctl status apache2|httpd,journalctl -u apache2 -b - Validate config:
apachectl configtestorhttpd -t - Firewall/SELinux: confirm ports 80/443 are open; on RHEL, use
restoreconandsemanagefor contexts.
# Quick health check
curl -I https://example.com
# Expect: HTTP/2 200 or 301 (if redirecting to HTTPS)Scaling and Deployment Tips
- Reverse proxy: use
mod_proxyto front Node.js, Python (Gunicorn), or Go services. - Load balancing: mod_proxy_balancer with sticky sessions for multi-node backends.
- Zero-downtime reloads: use
systemctl reloadafter config changes. - CI/CD: template vhosts with Ansible; store configs in version control.
- Backups: regularly archive
/etc/apache2or/etc/httpdand your site roots.
If you prefer a managed setup, YouStable’s VPS and Dedicated plans ship with optimized LAMP stacks, free SSL, global CDN pairing, and 24×7 support. We handle security updates, monitoring, and performance tuning so you can focus on your application.
Common Apache Commands Cheat Sheet
# Ubuntu/Debian module and site helpers
sudo a2enmod rewrite ssl http2 headers
sudo a2dismod mpm_prefork
sudo a2ensite example.com.conf
sudo a2dissite 000-default.conf
sudo apachectl configtest
sudo systemctl reload apache2
# RHEL-based
sudo httpd -M | sort
sudo systemctl reload httpd
sudo httpd -tYou now know how to use Apache on a Linux server, from installation and vhosts to TLS, security, and tuning. Build confidently, keep configs versioned, and consider managed hosting from YouStable when you’re ready to focus purely on growth.
FAQs: How to Use Apache on Linux Server
Is Apache or Nginx better, and when should I use Apache?
Apache is ideal for .htaccess-heavy sites, complex rewrites, and legacy PHP apps. Nginx often excels at static file throughput and as a reverse proxy. With PHP-FPM and the event MPM, Apache handles high concurrency well. Choose based on your app’s needs, team familiarity, and existing tooling.
How do I redirect HTTP to HTTPS in Apache?
Enable mod_rewrite and add a 301 rule in your port 80 vhost or use Certbot’s auto-redirect. Example:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Where are Apache configuration files on Ubuntu vs. CentOS?
Ubuntu/Debian: /etc/apache2/ with sites-available, sites-enabled, and mods-available. RHEL-based: /etc/httpd/ with conf/httpd.conf and per-site files in conf.d/. Logs live in /var/log/apache2/ (Ubuntu) or /var/log/httpd/ (RHEL).
How do I enable .htaccess and what are the risks?
Set AllowOverride for the directory that needs it (e.g., AllowOverride FileInfo). .htaccess adds per-request file lookups and can be misused. Prefer placing rules in the main vhost whenever possible for performance and security.
How many websites can Apache host on one server?
Technically hundreds or thousands via VirtualHosts. The real limit is CPU, RAM, storage IOPS, and your application stack (PHP workers, databases). Monitor load, memory, and connection counts; scale vertically or horizontally (load balancer) as traffic grows.
