Apache Notes

Table of Contents

Directories

apache config dir - /etc/httpd or /etc/apache2
default base dir - /var/www/html
Apache config /etc/httpd/conf

Config lines

In /etc/apache2/apache2.conf
  or
   /etc/apache2/sites-enabled/*

ServerRoot "/path/to/svr/root"
ServerName url.domain.com 
DocumentRoot /var/www/ (usually in sites-enabled)
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

Getting rid of ServerSignature and ServerTokens

ServerSignature configures the footer on server-generated documents. Just like example 401 error page for invalid authentication/authorization.

ServerTokens configures the Server HTTP response header. You can test the ServerTokens using:

telnet <server> 80
HEAD / HTTP/1.0 <enter><enter>

One way to get rid of them is to put

ServerTokens ProductOnly
ServerSignature Off

in the /etc/apache2/apache2.conf file and service apache2 restart

Configuring a custom error message

Consider putting a

ErrorDocument 401 "<html><head><title>401 Authorization Required</title></head><body><h1>Authorization Required</h1><p>This server could not verify that you are authorized to access the document requested.  Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p></body></html>"

in the bottom of your /etc/apache2/sites-enabled/000-default file after the <Directory> and before the </VirtualHost>

Remember to do a service apache2 restart

Getting basic site login to work

in your /etc/apache2/sites-enabled/000-default file, set the following section to be something like:

<Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride AuthConfig
    Order allow,deny
    allow from all
<Directory>

Set up your .htaccess file in the directory you are protecting to be something like:

AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/htpasswd/.htpasswd
AuthGroupFile /dev/null
require valid-user

Remember to do a service apache2 restart

Do something like a htpasswd -c /etc/htpasswd/.htpasswd user1
For subsequent users, do something like a htpasswd /etc/htpasswd/.htpasswd user2

Basic Authentication with .htaccess (Redhat/Centos)

http://tecadmin.net/configure-basic-authentication-in-apache-using-htaccess/

In .htaccess file

AuthType Basic
AuthName "Secure Content"
AuthUserFile /etc/httpd/conf/.htpasswd
require valid-user

Create .htpasswd file

htpasswd -c /etc/httpd/conf/.htpasswd username

Cfg Apache to allow .htaccess based authentication

in httpd.conf:

AllowOverride AuthConfig (not in default section, but below in specific exception)

restart Apache

service httpd restart

Setting up HTTPS (Ubuntu/Apache)

https://help.ubuntu.com/lts/serverguide/certificates-and-security.html
https://help.ubuntu.com/14.04/serverguide/httpd.html#https-configuration

Generate a Certificate Signing Request

openssl genrsa -des3 -out server.key 2048

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

openssl req -new -key server.key -out server.csr

Creating a Self-Signed Cert

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Installing the Cert

sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

https configuration

sudo aw2enmod ssl (enable mod_ssl module)
sudo a2ensite default-ssl
sudo service apache2 restart