mod_ssl<\/code>, mod_proxy<\/code>, mod_rewrite<\/code>, and MPMs (worker models) that adapt to different workloads. It excels at .htaccess driven sites, legacy PHP apps, and complex rewrite rules.<\/p>\n\n\n\n![\"Use](\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-Apache-and-Why-Use-It.jpg\")
<\/figure>\n\n\n\nSearch intent for this topic is largely \u201chow to install and configure Apache<\/a>, create virtual hosts, enable HTTPS, and manage performance and security.\u201d We\u2019ll cover all of that with distro specific commands (Ubuntu\/Debian and RHEL\/CentOS\/AlmaLinux\/Rocky).<\/p>\n\n\n\nPrerequisites<\/h2>\n\n\n\n\n- A Linux server<\/a> (Ubuntu, Debian, CentOS, AlmaLinux, or Rocky Linux)<\/li>\n\n\n\n
- Root or sudo access<\/li>\n\n\n\n
- DNS A\/AAAA records pointing your domains to the server\u2019s IP<\/li>\n\n\n\n
- Port 80 (HTTP) and 443 (HTTPS) accessible<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nInstall Apache on Popular Linux Distributions<\/h2>\n\n\n\nUbuntu\/Debian (apache2)<\/h3>\n\n\n\nsudo apt update\nsudo apt install -y apache2\nsudo systemctl enable --now apache2\n\n# UFW firewall (if enabled)\nsudo ufw allow \"Apache Full\" # opens 80 and 443\nsudo ufw status<\/code><\/pre>\n\n\n\nUbuntu enables useful modules by default (e.g., mime<\/code>, status<\/code>). The default web root is \/var\/www\/html<\/code>, and the default site config lives in \/etc\/apache2\/sites-available\/000-default.conf<\/code>.<\/p>\n\n\n\nRHEL\/CentOS\/AlmaLinux\/Rocky (httpd)<\/h3>\n\n\n\nsudo dnf install -y httpd\nsudo systemctl enable --now httpd\n\n# Firewalld\nsudo firewall-cmd --add-service=http --add-service=https --permanent\nsudo firewall-cmd --reload\n\n# SELinux: ensure correct contexts for web content\nsudo semanage fcontext -a -t httpd_sys_content_t \"\/var\/www(\/.*)?\"\nsudo restorecon -Rv \/var\/www<\/code><\/pre>\n\n\n\nRHEL-based systems use \/etc\/httpd\/conf\/httpd.conf<\/code> plus additional configs in \/etc\/httpd\/conf.d\/<\/code>. The default web root is \/var\/www\/html<\/code>.<\/p>\n\n\n\nVerify Apache Is Running<\/h3>\n\n\n\nsystemctl status apache2 # Ubuntu\/Debian\nsystemctl status httpd # RHEL-based\n\n# Test locally\ncurl -I http:\/\/127.0.0.1\n# Expect: HTTP\/1.1 200 OK<\/code><\/pre>\n\n\n\nOpen your server\u2019s IP in a browser and you should see the Apache default page. If not, re-check firewall rules and service status.<\/p>\n\n\n\n
\n\n\n\nManage the Apache Service (systemd)<\/h2>\n\n\n\n# Start\/stop\/restart\nsudo systemctl start apache2 # or: httpd\nsudo systemctl stop apache2\nsudo systemctl restart apache2\n\n# Graceful reload after config changes\nsudo systemctl reload apache2\n\n# Test configuration syntax\nsudo apachectl configtest # or: sudo httpd -t<\/code><\/pre>\n\n\n\nCreate Name Based Virtual Hosts<\/h2>\n\n\n\n
Virtual Hosts let you run multiple websites on one server. Point each domain\u2019s DNS to your server, then create a vhost per site.<\/p>\n\n\n\n
Ubuntu\/Debian VirtualHost Example<\/h3>\n\n\n\nsudo mkdir -p \/var\/www\/example.com\/public_html\nsudo chown -R $USER:$USER \/var\/www\/example.com\/public_html\necho \"<h1>Hello from example.com<\/h1>\" | sudo tee \/var\/www\/example.com\/public_html\/index.html\n\nsudo tee \/etc\/apache2\/sites-available\/example.com.conf >\/dev\/null <<'EOF'\n<VirtualHost *:80>\n ServerName example.com\n ServerAlias www.example.com\n DocumentRoot \/var\/www\/example.com\/public_html\n\n ErrorLog ${APACHE_LOG_DIR}\/example.com-error.log\n CustomLog ${APACHE_LOG_DIR}\/example.com-access.log combined\n<\/VirtualHost>\nEOF\n\nsudo a2ensite example.com.conf\nsudo a2dissite 000-default.conf\nsudo systemctl reload apache2<\/code><\/pre>\n\n\n\nRHEL\/CentOS\/AlmaLinux\/Rocky VirtualHost Example<\/h3>\n\n\n\nsudo mkdir -p \/var\/www\/example.com\/public_html\nsudo chown -R apache:apache \/var\/www\/example.com\/public_html\necho \"<h1>Hello from example.com<\/h1>\" | sudo tee \/var\/www\/example.com\/public_html\/index.html\n\nsudo tee \/etc\/httpd\/conf.d\/example.com.conf >\/dev\/null <<'EOF'\n<VirtualHost *:80>\n ServerName example.com\n ServerAlias www.example.com\n DocumentRoot \/var\/www\/example.com\/public_html\n\n ErrorLog logs\/example.com-error.log\n CustomLog logs\/example.com-access.log combined\n<\/VirtualHost>\nEOF\n\nsudo systemctl reload httpd<\/code><\/pre>\n\n\n\nIf SELinux is enforcing, ensure the document root has the correct context and allow Apache to connect to the network if using upstream services:<\/p>\n\n\n\n
sudo restorecon -Rv \/var\/www\nsudo setsebool -P httpd_can_network_connect on<\/code><\/pre>\n\n\n\n
\n\n\n\nEnable HTTPS with Let\u2019s Encrypt (Certbot)<\/h2>\n\n\n\n
HTTPS is essential for security and SEO. Let\u2019s Encrypt<\/a> provides free TLS certificates. Ensure DNS is in place and ports 80\/443 are open.<\/p>\n\n\n\nUbuntu\/Debian<\/h3>\n\n\n\nsudo apt install -y certbot python3-certbot-apache\nsudo certbot --apache -d example.com -d www.example.com\n\n# Auto-renewal is installed via systemd timer\/cron\nsudo certbot renew --dry-run<\/code><\/pre>\n\n\n\nRHEL\/CentOS\/AlmaLinux\/Rocky<\/h3>\n\n\n\nsudo dnf install -y certbot python3-certbot-apache\nsudo certbot --apache -d example.com -d www.example.com\nsudo systemctl list-timers | grep certbot<\/code><\/pre>\n\n\n\nCertbot can also configure HTTP to HTTPS redirection<\/a> automatically. For manual rewrites, enable mod_rewrite<\/code> and add a rule in your vhost.<\/p>\n\n\n\n# Ubuntu\/Debian\nsudo a2enmod rewrite headers http2 ssl\nsudo systemctl reload apache2\n\n# RHEL-based: ensure modules are loaded by default (ssl, http2)\n# Add rewrite rule inside your :443 vhost or a .htaccess if AllowOverride is set\nRewriteEngine On\nRewriteCond %{HTTPS} !=on\nRewriteRule ^ https:\/\/%{HTTP_HOST}%{REQUEST_URI} [R=301,L]<\/code><\/pre>\n\n\n\n
\n\n\n\nAdd PHP and Dynamic Apps (LAMP)<\/h2>\n\n\n\n
For PHP applications, use PHP-FPM with Apache\u2019s event<\/code> MPM for better concurrency. Avoid legacy mod_php<\/code> unless you have specific needs.<\/p>\n\n\n\nUbuntu\/Debian (PHP-FPM)<\/h3>\n\n\n\nsudo apt install -y php-fpm php-mysql\nsudo a2dismod mpm_prefork php*\nsudo a2enmod mpm_event proxy_fcgi setenvif\nsudo a2enconf php*-fpm\nsudo systemctl reload apache2<\/code><\/pre>\n\n\n\nRHEL-based (PHP-FPM)<\/h3>\n\n\n\nsudo dnf install -y php-fpm php-mysqlnd\nsudo systemctl enable --now php-fpm\n\n# In your vhost or a conf.d snippet:\n# Proxy PHP requests to PHP-FPM socket\n<FilesMatch \\.php$>\n SetHandler \"proxy:unix:\/run\/php-fpm\/www.sock|fcgi:\/\/localhost\/\"\n<\/FilesMatch>\n\nsudo systemctl reload httpd<\/code><\/pre>\n\n\n\nPlace a quick test file to verify PHP is working:<\/strong><\/p>\n\n\n\necho \"<?php phpinfo(); ?>\" | sudo tee \/var\/www\/example.com\/public_html\/info.php<\/code><\/pre>\n\n\n\n
\n\n\n\nSecurity Hardening Essentials<\/h2>\n\n\n\n\n- Hide version info: <\/strong>set
ServerTokens Prod<\/code> and ServerSignature Off<\/code>.<\/li>\n\n\n\n- Disable directory<\/a> listing: Options -Indexes.<\/li>\n\n\n\n
- Use HTTPS everywhere:<\/strong> enforce HTTP to HTTPS redirects<\/a> and enable HSTS via Header always set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload.<\/li>\n\n\n\n
- Limit .htaccess: <\/strong>prefer vhost configs; if needed, set
AllowOverride<\/code> narrowly (e.g., AllowOverride FileInfo<\/code>).<\/li>\n\n\n\n- Permissions:<\/strong> web files owned by a deploy user, readable by Apache; avoid 777.<\/li>\n\n\n\n
- WAF: consider
mod_security<\/code> + OWASP CRS; rate-limit with Fail2ban.<\/li>\n\n\n\n- Keep Apache, OpenSSL, PHP, and system packages updated regularly.<\/li>\n<\/ul>\n\n\n\n
# Ubuntu\/Debian hardening snippet (add to vhost or a conf.d file)\nsudo tee \/etc\/apache2\/conf-available\/security-hardening.conf >\/dev\/null <<'EOF'\nServerTokens Prod\nServerSignature Off\nTraceEnable Off\n\n# Disable legacy protocols where possible (TLS only)\nSSLProtocol all -SSLv3 -TLSv1 -TLSv1.1\nSSLCipherSuite HIGH:!aNULL:!MD5:!3DES\nSSLHonorCipherOrder on\n\nHeader always set X-Content-Type-Options \"nosniff\"\nHeader always set X-Frame-Options \"SAMEORIGIN\"\nHeader always set Referrer-Policy \"strict-origin-when-cross-origin\"\nEOF\n\nsudo a2enconf security-hardening\nsudo a2enmod headers ssl\nsudo systemctl reload apache2<\/code><\/pre>\n\n\n\nPerformance Tuning Basics<\/h2>\n\n\n\n\n- MPM: use event<\/strong> with PHP-FPM for high concurrency; avoid prefork<\/strong> unless required.<\/li>\n\n\n\n
- KeepAlive:<\/strong> enable with sensible
KeepAliveTimeout<\/code> (2\u20135s) and MaxKeepAliveRequests<\/code> (100\u2013200).<\/li>\n\n\n\n- Compression:<\/strong> enable
mod_deflate<\/code> (gzip) or mod_brotli<\/code> if available.<\/li>\n\n\n\n- Caching:<\/strong> set far-future cache headers for static assets using
mod_expires<\/code>.<\/li>\n\n\n\n- HTTP\/2: <\/strong>enable for TLS virtual hosts to improve multiplexing.<\/li>\n\n\n\n
- Logs:<\/strong> rotate and compress logs to prevent disk I\/O bottlenecks.<\/li>\n<\/ul>\n\n\n\n
# Ubuntu\/Debian enable modules\nsudo a2enmod http2 deflate headers expires brotli\nsudo systemctl reload apache2\n\n# Example tuning snippet\nsudo tee \/etc\/apache2\/conf-available\/perf.conf >\/dev\/null <<'EOF'\nProtocols h2 http\/1.1\nH2ModernTLSOnly on\n\nKeepAlive On\nMaxKeepAliveRequests 200\nKeepAliveTimeout 3\n\n<IfModule mod_deflate.c>\n AddOutputFilterByType DEFLATE text\/html text\/plain text\/xml text\/css application\/javascript application\/json\n<\/IfModule>\n\n<IfModule mod_expires.c>\n ExpiresActive On\n ExpiresByType text\/css \"access plus 7 days\"\n ExpiresByType application\/javascript \"access plus 7 days\"\n ExpiresByType image\/* \"access plus 30 days\"\n<\/IfModule>\nEOF\n\nsudo a2enconf perf\nsudo systemctl reload apache2<\/code><\/pre>\n\n\n\n
\n\n\n\nLogging, Monitoring, and Troubleshooting<\/h2>\n\n\n\n\n- Log locations:<\/strong>\n
\n- Ubuntu\/Debian:<\/strong>
\/var\/log\/apache2\/access.log<\/code>, \/var\/log\/apache2\/error.log<\/code><\/li>\n\n\n\n- RHEL-based:<\/strong>
\/var\/log\/httpd\/access_log<\/code>, \/var\/log\/httpd\/error_log<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n- Tail logs during deploys: <\/strong>
sudo tail -f \/var\/log\/apache2\/error.log<\/code><\/li>\n\n\n\n- Check service state:<\/strong>
systemctl status apache2|httpd<\/code>, journalctl -u apache2 -b<\/code><\/li>\n\n\n\n- Validate config:<\/strong>
apachectl configtest<\/code> or httpd -t<\/code><\/li>\n\n\n\n- Firewall\/SELinux: <\/strong>confirm ports 80\/443 are open; on RHEL, use
restorecon<\/code> and semanage<\/code> for contexts.<\/li>\n<\/ul>\n\n\n\n# Quick health check\ncurl -I https:\/\/example.com\n# Expect: HTTP\/2 200 or 301 (if redirecting to HTTPS)<\/code><\/pre>\n\n\n\nScaling and Deployment Tips<\/h2>\n\n\n\n