How To Securely Manage Secrets with HashiCorp Vault on Ubuntu 16.04
0

A earlier model of this tutorial was written by Justin Ellingwood

Introduction

The Apache HTTP server is essentially the most widely-used net server on this planet. It offers many highly effective options together with dynamically loadable modules, strong media assist, and intensive integration with different in style software program.

On this information, we’ll clarify easy methods to set up an Apache net server in your Ubuntu 18.04 server.

Conditions

Earlier than you start this information, it is best to have an everyday, non-root person with sudo privileges configured in your server. Moreover, you have to to allow a fundamental firewall to dam non-essential ports. You possibly can discover ways to configure an everyday person account and arrange a firewall in your server by following our preliminary server setup information for Ubuntu 18.04.

When you may have an account accessible, log in as your non-root person to start.

Step 1 — Putting in Apache

Apache is obtainable inside Ubuntu’s default software program repositories, making it potential to put in it utilizing typical package deal administration instruments.

Let’s start by updating the native package deal index to replicate the newest upstream modifications:

Then, set up the apache2 package deal:

After confirming the set up, apt will set up Apache and all required dependencies.

Step 2 — Adjusting the Firewall

Earlier than testing Apache, it is necessary to change the firewall settings to permit outdoors entry to the default net ports. Assuming that you simply adopted the directions within the conditions, it is best to have a UFW firewall configured to limit entry to your server.

Throughout set up, Apache registers itself with UFW to offer a couple of software profiles that can be utilized to allow or disable entry to Apache by means of the firewall.

Checklist the ufw software profiles by typing:

You will note a listing of the appliance profiles:

Output

Accessible functions: Apache Apache Full Apache Safe OpenSSH

As you possibly can see, there are three profiles accessible for Apache:

  • Apache: This profile opens solely port 80 (regular, unencrypted net visitors)
  • Apache Full: This profile opens each port 80 (regular, unencrypted net visitors) and port 443 (TLS/SSL encrypted visitors)
  • Apache Safe: This profile opens solely port 443 (TLS/SSL encrypted visitors)

It is strongly recommended that you simply allow essentially the most restrictive profile that can nonetheless permit the visitors you've got configured. Since we have not configured SSL for our server but on this information, we'll solely want to permit visitors on port 80:

You possibly can confirm the change by typing:

It's best to see HTTP visitors allowed within the displayed output:

Output

Standing: energetic To Motion From -- ------ ---- OpenSSH ALLOW Anyplace Apache ALLOW Anyplace OpenSSH (v6) ALLOW Anyplace (v6) Apache (v6) ALLOW Anyplace (v6)

As you possibly can see, the profile has been activated to permit entry to the net server.

Step 3 — Checking your Web Server

On the finish of the set up course of, Ubuntu 18.04 begins Apache. The online server ought to already be up and operating.

Test with the systemd init system to verify the service is operating by typing:

  • sudo systemctl standing apache2

Output

● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Drop-In: /lib/systemd/system/apache2.service.d └─apache2-systemd.conf Energetic: energetic (operating) since Tue 2018-04-24 20:14:39 UTC; 9min in the past Primary PID: 2583 (apache2) Duties: 55 (restrict: 1153) CGroup: /system.slice/apache2.service ├─2583 /usr/sbin/apache2 -k begin ├─2585 /usr/sbin/apache2 -k begin └─2586 /usr/sbin/apache2 -k begin

As you possibly can see from this output, the service seems to have began efficiently. Nevertheless, one of the best ways to check that is to request a web page from Apache.

You possibly can entry the default Apache touchdown web page to verify that the software program is operating correctly by means of your IP tackle. When you have no idea your server's IP tackle, you will get it a couple of alternative ways from the command line.

Attempt typing this at your server's command immediate:

You're going to get again a couple of addresses separated by areas. You possibly can attempt every in your net browser to see in the event that they work.

Another is typing this, which ought to offer you your public IP tackle as seen from one other location on the web:

When you may have your server's IP tackle, enter it into your browser's tackle bar:

http://your_server_ip

It's best to see the default Ubuntu 18.04 Apache net web page:

Apache default page

This web page signifies that Apache is working appropriately. It additionally contains some fundamental details about essential Apache recordsdata and listing places.

Step 4 — Managing the Apache Course of

Now that you've your net server up and operating, let's go over some fundamental administration instructions.

To cease your net server, sort:

  • sudo systemctl cease apache2

To start out the net server when it's stopped, sort:

  • sudo systemctl begin apache2

To cease after which begin the service once more, sort:

  • sudo systemctl restart apache2

If you're merely making configuration modifications, Apache can usually reload with out dropping connections. To do that, use this command:

  • sudo systemctl reload apache2

By default, Apache is configured to begin mechanically when the server boots. If this isn't what you need, disable this conduct by typing:

  • sudo systemctl disable apache2

To re-enable the service to begin up at boot, sort:

  • sudo systemctl allow apache2

Apache ought to now begin mechanically when the server boots once more.

When utilizing the Apache net server, you should use digital hosts (just like server blocks in Nginx) to encapsulate configuration particulars and host multiple area from a single server. We'll arrange a site known as instance.com, however it is best to change this with your personal area identify. To study extra about establishing a site identify with DigitalOcean, see our Introduction to DigitalOcean DNS.

Apache on Ubuntu 18.04 has one server block enabled by default that's configured to serve paperwork from the /var/www/html listing. Whereas this works effectively for a single web site, it could possibly turn into unwieldy in case you are internet hosting a number of websites. As a substitute of modifying /var/www/html, let's create a listing construction inside /var/www for our instance.com web site, leaving /var/www/html in place because the default listing to be served if a consumer request would not match some other websites.

Create the listing for instance.com as follows, utilizing the -p flag to create any crucial guardian directories:

sudo mkdir -p /var/www/instance.com/html

Subsequent, assign possession of the listing with the $USER environmental variable:

  • sudo chown -R $USER:$USER /var/www/instance.com/html

The permissions of your net roots needs to be right if you have not modified your unmask worth, however you can also make certain by typing:

  • sudo chmod -R 755 /var/www/instance.com

Subsequent, create a pattern index.html web page utilizing nano or your favourite editor:

  • nano /var/www/instance.com/html/index.html

Inside, add the next pattern HTML:

/var/www/instance.com/html/index.html

<html>
    <head>
        <title>Welcome to Instance.com!</title>
    </head>
    <physique>
        <h1>Success!  The instance.com server block is working!</h1>
    </physique>
</html>

Save and shut the file if you end up completed.

To ensure that Apache to serve this content material, it is necessary to create a digital host file with the proper directives. As a substitute of modifying the default configuration file situated at /and many others/apache2/sites-available/000-default.conf immediately, let's make a brand new one at /and many others/apache2/sites-available/instance.com.conf:

  • sudo nano /and many others/apache2/sites-available/instance.com.conf

Paste within the following configuration block, which is analogous to the default, however up to date for our new listing and area identify:

/and many others/apache2/sites-available/instance.com.conf

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName instance.com
    ServerAlias www.instance.com
    DocumentRoot /var/www/instance.com/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/entry.log mixed
</VirtualHost>

Discover that we have up to date the DocumentRoot to our new listing and ServerAdmin to an e mail that the instance.com web site administrator can entry. We have additionally added two directives: ServerName, which establishes the bottom area that ought to match for this digital host definition, and ServerAlias, which defines additional names that ought to match as in the event that they had been the bottom identify.

Save and shut the file if you end up completed.

Let's allow the file with the a2ensite instrument:

  • sudo a2ensite instance.com.conf

Disable the default web site outlined in 000-default.conf:

  • sudo a2dissite 000-default.conf

Subsequent, let's take a look at for configuration errors:

  • sudo apache2ctl configtest

It's best to see the next output:

Output

Syntax OK

Restart Apache to implement your modifications:

  • sudo systemctl restart apache2

Apache ought to now be serving your area identify. You possibly can take a look at this by navigating to http://instance.com, the place it is best to see one thing like this:

Apache virtual host example

Step 6 – Getting Accustomed to Vital Apache Information and Directories

Now that you understand how to handle the Apache service itself, it is best to take a couple of minutes to familiarize your self with a couple of essential directories and recordsdata.

Content material

  • /var/www/html: The precise net content material, which by default solely consists of the default Apache web page you noticed earlier, is served out of the /var/www/html listing. This may be modified by altering Apache configuration recordsdata.

Server Configuration

  • /and many others/apache2: The Apache configuration listing. The entire Apache configuration recordsdata reside right here.
  • /and many others/apache2/apache2.conf: The principle Apache configuration file. This may be modified to make modifications to the Apache international configuration. This file is chargeable for loading lots of the different recordsdata within the configuration listing.
  • /and many others/apache2/ports.conf: This file specifies the ports that Apache will hear on. By default, Apache listens on port 80 and moreover listens on port 443 when a module offering SSL capabilities is enabled.
  • /and many others/apache2/sites-available/: The listing the place per-site digital hosts may be saved. Apache is not going to use the configuration recordsdata discovered on this listing until they're linked to the sites-enabled listing. Sometimes, all server block configuration is finished on this listing, after which enabled by linking to the opposite listing with the a2ensite command.
  • /and many others/apache2/sites-enabled/: The listing the place enabled per-site digital hosts are saved. Sometimes, these are created by linking to configuration recordsdata discovered within the sites-available listing with the a2ensite. Apache reads the configuration recordsdata and hyperlinks discovered on this listing when it begins or reloads to compile a whole configuration.
  • /and many others/apache2/conf-available/, /and many others/apache2/conf-enabled/: These directories have the identical relationship because the sites-available and sites-enabled directories, however are used to retailer configuration fragments that don't belong in a digital host. Information within the conf-available listing may be enabled with the a2enconf command and disabled with the a2disconf command.
  • /and many others/apache2/mods-available/, /and many others/apache2/mods-enabled/: These directories comprise the accessible and enabled modules, respectively. Information in ending in .load comprise fragments to load particular modules, whereas recordsdata ending in .conf comprise the configuration for these modules. Modules may be enabled and disabled utilizing the a2enmod and a2dismod command.

Server Logs

  • /var/log/apache2/entry.log: By default, each request to your net server is recorded on this log file until Apache is configured to do in any other case.
  • /var/log/apache2/error.log: By default, all errors are recorded on this file. The LogLevel directive within the Apache configuration specifies how a lot element the error logs will comprise.

Conclusion

Now that you've your net server put in, you may have many choices for the kind of content material you possibly can serve and the applied sciences you should use to create a richer expertise.

If you would like to construct out a extra full software stack, you possibly can take a look at this text on easy methods to configure a LAMP stack on Ubuntu 18.04.

Linux watch Command Tutorial for Newcomers (5 Examples)

Previous article

The way to Set up WordPress in Sentora with Sentastico module

Next article

You may also like

Comments

Leave a reply

Your email address will not be published. Required fields are marked *

More in Apache