How to Install and Configure Apache on Debian 10
Abstract: MD5 After making changes restart the Apache service to apply new configuration. sudo systemctl reload apache2.servicestart or restart Apache service v
You must have SSH with sudo privileges access to server for the Apache web server installation on Debian 10.
Install Apache on Debian 10First of all, Login to your Debain 10 system via SSH and update the Apt cache. Then install Apache2 HTTP server packages as below:
sudo apt update sudo apt install apache2Manage Apache Service
Apache service is managed with systemctl command line. After installation, use the following command to check the status of Apache service.
sudo systemctl status apache2.service
Here is the other commands to stop, start or restart Apache service via command line.
sudo systemctl stop apache2.service sudo systemctl start apache2.service sudo systemctl restart apache2.serviceTest Apache Setup
You can view the installed Apache version details using the following command.
apache2 -v Server version: Apache/2.4.38 (Debian) Server built: 2019-10-15T19:53:42
Now access your Apache server using the server’s IP address or a domain pointed to the server IP. You will see a default Apache page on web browser. It means Apache web server has successfully installed on your Debian 10 system.
Create Virtual HostsLet’s create the first virtual host on your Apache server. For the tutorial, we are using sample domain 「example.com」. Here we will create a Virtual host for example.com on port 80.
Create a sample index file in a directory:
sudo mkdir -p /var/www/example.com sudo echo "hello example.com" > /var/www/example.com/index.html
Then create Virtualhost configuration file and edit in editor:
sudo vim /etc/apache2/sites-available/example.com.conf
Add the following content in configuration file. You may change the domain name as per your domain.
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /var/www/example.com ServerName example.com ServerAlias www.example.com <Directory /var/www/example.com> #Allowoverride all ###Uncomment if required </Directory> ErrorLog ${APACHE_LOG_DIR}/example.com_error.log CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined </VirtualHost>123456789101112<VirtualHost *:80> ServerAdmin admin@example.com DocumentRoot /var/www/example.com ServerName example.com ServerAlias www.example.com <Directory /var/www/example.com> #Allowoverride all ###Uncomment if required </Directory> ErrorLog ${APACHE_LOG_DIR}/example.com_error.log CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined</VirtualHost>Save the Virtualhost configuration file, then enable Virtualhost and reload the Apache service using the following commands:
sudo a2ensite example.com sudo systemctl reload apache2.serviceConfigure SSL VirtualHost
You can skip this step if you don’t need SSL. But the security is always the primary concert for any website.
The default Apache https listen on port 443. Make sure no other services using the same port. Now, you need to enable Apache ssl module, which is disabled by default.
sudo a2enmod ssl
For the tutorial, I have followed these instructions to generate a self signed SSL certificate for our domain.
Then create a new Virtual host file and edit it:
sudo vim /etc/apache2/sites-available/example.com_ssl.conf
with the following content:
<VirtualHost *:443> ServerAdmin [email protected] DocumentRoot /var/www/example.com ServerName example.com ServerAlias www.example.com <Directory /var/www/example.com> #Allowoverride all ###Uncomment if required </Directory> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined </VirtualHost>123456789101112131415161718<VirtualHost *:443> ServerAdmin admin@example.com DocumentRoot /var/www/example.com ServerName example.com ServerAlias www.example.com <Directory /var/www/example.com> #Allowoverride all ###Uncomment if required </Directory> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined</VirtualHost>Here is three terms used to configure SSL virtualhost:
- SSLEngine – Set this to 「on」
- SSLCertificateFile – Set the path of your SSL certificate
- SSLCertificateKeyFile – This is the private key files used to generate SSL certificate
After that enable the Virtualhost and reload the Apache service using the following commands:
sudo a2ensite example.com_ssl sudo systemctl reload apache2.serviceSecure Apache Server
Edit the Apache security configuration file
sudo vim /etc/apache2/conf-enabled/security.conf
Here is the multiple security related settings. Add or Update the following settings. We are not going in detailed discriptions about it but these settings are very useful for the production servers.
ServerTokens Prod ServerSignature Off TraceEnable Off Header always append X-Frame-Options SAMEORIGIN Header always set X-XSS-Protection: "1; mode=block" Header always set X-Content-Type-Options: "nosniff" Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure12345678ServerTokens ProdServerSignature OffTraceEnable OffHeader always append X-Frame-Options SAMEORIGINHeader always set X-XSS-Protection: "1; mode=block"Header always set X-Content-Type-Options: "nosniff"Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;SecureNow edit SSL configuration file. Here you can set the server wide SSL protocol and SSLCipherSuite to use secure Cipers to serve your website.
sudo vim /etc/apache2/mods-enabled/ssl.confSSLProtocol -all +TLSv1.2 SSLCipherSuite HIGH:!aNULL:!MD512SSLProtocol -all +TLSv1.2SSLCipherSuite HIGH:!aNULL:!MD5
After making changes restart the Apache service to apply new configuration.
sudo systemctl reload apache2.serviceConclusion
All done, You have a secured Apache server running on your Debian 10 Linux system.
