Images in this 9 year old article have been lost.
The previous article in my Ubuntu Server Project series covered the installation of Apache. Now it’s time for some configuration. I’ll start off by looking around the Apache installation ten make some minor configuration changes.
The Apache config folder is /etc/apache2 which contains the following files & folders:
The names in blue are folders.
The sites-available folder has what it says, the sites that are available. But just because they’re available doesn’t mean they’re enabled. There’s one site in the sites-available folder, the default site.
To check which sites are actually enabled I view the contents of the sites-enabled folder:
This folder contains symlinks back to the sites-available folder for the enabled sites. As expected, the default site is already enabled. If a domain points to the server but doesn’t have a configuration files the first enabled sight (alphabetically) will be used. So by having the name 000-default this site is likely to be used.
The mods-available and mods-enabled folders work the same way. They contain the modules that are available and those that are enabled. These are the available modules with the default installation:
While these are the modules that are enabled by default:
There are four commands that make managing the enabled sites and modules easier than having to create the symlinks manually by using ln -s. They are:
a2ensite and a2dissite enabled and disable a site.
a2enmod and a2dismod will enable and disable a module.
So to disable the default site I run:
sudo a2dissite default
and get the following message:
Site default disabled; run /etc/init.d/apache2 reload to fully disable.
I gracefully reload Apache (so existing connections aren’t killed) with:
sudo apache2ctl graceful
When I try to access the site via by browser I get a 404 not found error instead of the “It Works” message. I also see that the symlink is gone from the site-enabled folder.
To enable the site again I execute:
sudo a2ensite default
sudo apache2ctl graceful
And the “It works” message returns. Now that I’ve looked around the structure of Apache it’s time to look at the configuration.
By default Apache will listen on port 80 for http and port 443 for https (ssl). These are set in /etc/apache2/ports.conf, the contents of which are:
There’s no need for me to change anything.
Timeout & KeepAlive Configuration
The main Apache configuration file is /etc/apache2/apache2.conf which I open in the nano editor:
sudo nano /etc/apache2/apache2.conf
I scroll down the file and look at the various parameters. The first one I change is the timeout value, the default of which is 300 seconds. I change it to 45 seconds.
Next up is KeepAlives, which are on by default (
KeepAlive On). This allows persistent connections for a client so that each request (image, file, etc) doesn’t require a new connection. There are some additional KeepAlive parameters.
MaxKeepAliveRequests is described as “the maximum number of requests to allow during a persistent connection. Set to 0 to allow an unlimited amount. We recommend you leave this number high, for maximum performance”. I keep the default
KeepAliveTimeout is described as “the number of seconds to wait for the next request from the same client on the same connection”. The default value is a rather high 15 seconds. There’s not a lot of interactivity on my pages so I’ll lower it to 3 seconds. If no new requests come in during that time the connection will be dropped. I change this to
During the installation I selected Pre-fork MPM (apache2-mpm-prefork) which is described in the Apache documentation. I’ll keep these settings at the default. The related settings are shown below.
ServerTokens determines what information is set in the headers concerning products and modules installed. The default is Full which sends a lot of information. While it doesn’t actually make things more secure there’s no sense broadcasting the information so I change it to
ServerTokens Prod which will just include
Apache in the header.
By default, server generated pages such as the 404 error page include a footer with server information.
Again, it won’t make things more secure but there’s no sense providing this information. I change ServerSignature to
Virtual Host File
Each virtual host also has a configuration file which could overwrite the main configuration file. In this can the ServerSignature setting doesn’t work because it’s also set in the virtual host file. So I save the main config file and open the virtual host file.
sudo nano /etc/apache2/sites-available/default
I change the ServerSignature parameter to Off just like I did in the main file.
I do a graceful restart of Apache with
sudo apache2ctl graceful and test the change. Now there’s no footer in my 404 page.
This completes the configuration of the server software that can serve as a training platform and a solid test bed for my WordPress test environment. Next on the agenda is coming up with a directory structure for my web sites and setting up the virtual hosts.