- Ubuntu, Web

Install and configure apache2 and enable https on Ubuntu

Abstract

Apache2 is an open sourced http server project, which is widely used in plenty of websites and service. This article will record how to install and configure apache2 and enable https on Ubuntu, and commonly used commands will be listed as well.

Part 1. Install and test apache2

Step 1. Install apache2

Install apache2 with command below:

sudo apt install apache2

Step 2. Enable 80 port of the firewall

Use ufw to enable 80 port, which will be used to test default website on 80 port:

sudo ufw allow 80

Notice: For using ufw, please see my another article:

Use ufw to config the firewall on Debian

Step 3. Test default website

Access http://127.0.0.1/ in browser to test default website. If the apache2 installed successfully, the default website for apache2 will be shown like this:

Part 2. Configure apache2 on ubuntu

Before configure a website with an example, let us understand the file structure of the apache2 installed path “/etc/apache2/” first:

/etc/apache2/
├── apache2.conf	# Main settings for apache2, rarely modified.
├── conf-available
├── conf-enabled
├── envvars	# Environment variables for apache2, rarely modified.
├── magic
├── mods-available  # Installed apache2 modules, not running modules.
├── mods-enabled          # Enabled apache2 modules, running modules.
├── ports.conf	          # All the listening ports are in this file.
├── sites-available	      # All virtual host configuration files.
└── sites-enabled  # Enabled and running virtual host configurations.

Now we will configure an website with virtual host as an example. Assume a service has been deployed on 9264 port, and we want to access the service with the website http://service.example.com/, which the domain service.example.com has been resolved to the ubuntu server through the A record. We can configure a new .conf file with virtual host and enable it to achieve this.

Step 1. Create a new configuration file

Create a new configuration file named “service.conf” in “/etc/apache2/sites-available/”:

~$ cd  /etc/apache2/sites-available/
/etc/apache2/sites-available$ sudo vim service.conf

Step 2. Edit the configuration file

Edit the file with codes below:

<VirtualHost _default_:80>     # Create a virtual host listen 80 port.
    Servername service.example.com                      # Domain name.
    ProxyPass / http://localhost:9264/	# Forward access to port 9264.
    ProxyPassReverse / http://localhost:9264/	
                                # Forward reverse access to port 9264.
    ProxyPreserveHost On
</VirtualHost>

Save the file and exit.

Step 3. Enable the site and reload apache2

Enable the site with following command:

sudo a2ensite service.conf

Follow the guide to reload apache2:

sudo systemctl reload apache2

Notice: The apache2 is required to be reload when any file in the apache2 is modified, sometimes even required to restart the apache2 if the restart notice is shown in terminal.

After this, the service can be accessed with the website http://service.example.com/.

Step 4. Enable ssl module and restart apache2

To improve the safety of access the service, we can enable the https (default on 443 port). Before that, enable the ssl module with following command:

sudo a2enmod ssl

If success, the notice will say restart the apache2 service:

sudo systemctl restart apache2

Check the “/etc/apache2/ports.conf”, the 443 port is listened as default as usual. If not, add “Listen 443 https” in the file and reload the apache2.

Step 5. Enable https for the virtual host

Before modify the virtual host configuration file, a SSL certificate is required for the domain. To apply a free SSL certificate, please see my another article:

Apply the wildcard SSL certificate of Let’s Encrypt

Modify the configuration file and add the virtual host for listening 443 port and enable SSL verification:

<VirtualHost _default_:443>   # Create a virtual host listen 443 port.
    Servername service.example.com
    SSLEngine on                                         # Enable SSL.
    SSLCertificateFile /path/to/certificate/file
    SSLCertificateKeyFile /path/to/certificate/key/file

    ProxyPass / http://localhost:9264/	# Forward access to port 9264.
    ProxyPassReverse / http://localhost:9264/	
                                # Forward reverse access to port 9264.
    ProxyPreserveHost On
</VirtualHost>

Save and exit the file, and reload the apache2:

sudo systemctl reload apache2

Step 6. Enable the 443 port on firewall with ufw

Enable 443 port in the firewall with ufw:

sudo ufw allow 443

After this we can access the service with the website https://service.example.com/.

Part 3. Commonly used commands

Switch of the service

sudo systemctl start apache2		# Start apache2 service
sudo systemctl stop apache2		# Stop apache2 service
sudo systemctl reload apache2		# Reload apache2 service
sudo systemctl restart apache2		# Restart apache2 service

Enable/Disable virtual host configuration

sudo a2ensite <.conf file>
sudo a2dissite <.conf file>

Enable/Disable apache2 module

sudo a2enmod <module name>
sudo a2dismod <module name>

Related Posts

Solve the problem that the jump address appears inconsistent with the client’s target address during the reverse proxy of Apache

June 12, 2020

Apply the wildcard SSL certificate of Let’s Encrypt

December 29, 2019

Install OpenCV Environment on Ubuntu 16.04

December 28, 2019

Solve loop in removed slice user slice of gdm

December 6, 2019

Compile and debug C++ project with Visual Studio Code on Ubuntu

November 22, 2019

About Ziqi.Yang394

Read All Posts By Ziqi.Yang394

Leave a Reply

Your email address will not be published. Required fields are marked *