A no-frills checklist for installing and configuring Apache on Ubuntu 20.04.
Apache should be installed by default on Ubuntu but we can check if an updated version is available:
sudo apt update sudo apt upgrade apache2
The server can be managed using the following commands:
sudo service apache2 start sudo service apache2 stop sudo service apache2 restart
Apache is automatically configured on Ubuntu to restart itself each time the server reboots.
Create a directory for each site under the /var/www directory:
sudo mkdir -p /var/www/example.com sudo chown -R $USER:$USER /var/www/example.com
The second command sets the current user as owner of the new site directory.
Create a virtual host file for each site:
sudo vim /etc/apache2/sites-available/example.com.conf
Add the following content:
<VirtualHost *:80> DocumentRoot /var/www/example.com ServerName example.com ServerAlias www.example.com ServerAdmin webmaster@example.com ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Use the a2ensite tool to enable each site:
sudo a2ensite example.com.conf sudo service apache2 reload
The reload command instructs the application to reload its configuration files.
Apache automatically configures the logrotate utility to rotate the webserver's logs on a daily basis. This behaviour can be customized in the /etc/logrotate.d/apache2 file.
The following configuration will rotate the log files on a monthly basis:
/var/log/apache2/*.log {
monthly
missingok
rotate 12
compress
notifempty
create 640 root adm
sharedscripts
dateext
dateformat -%Y-%m
dateyesterday
postrotate
if /etc/init.d/apache2 status > /dev/null ; then \
/etc/init.d/apache2 reload > /dev/null; \
fi;
endscript
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi;
endscript
}
The good folks at the Let's Encrypt project have made supporting encrypted connections ridiculously easy.
First install Certbot, the Let's Encrypt client:
sudo apt install python-certbot-apache
Let Certbot obtain and install a domain-validation certificate for your site:
sudo certbot --apache
If you have multiple sites you can obtain a separate certificate for each site by running the following command once per site:
sudo certbot --apache -d example.com -d www.example.com
Let's Encrypt certificates last for 90 days but can be renewed automatically using the renew command:
sudo certbot renew
We can set up a cron job to run this command automatically. Edit the root user's crontab using:
sudo crontab -e
Add the following line:
30 0 * * * /usr/bin/certbot renew
This will run the renew command at 00:30 each day. Note that renew only renews certificates that are actually expiring so running the command daily does not place an unnecessary burden on the Let's Encrypt servers.