Understanding Apache Web Server Configuration [Beginner Guide]

Understanding Apache Web Server Configuration

In this tutorial, I will explain why a particular block of code is used in the apache configuration file, explaining each rule and code with a short note. So that you can understand the basics of common settings before implementing any changes on the configuration file.

Apache service is called httpd on Centos and apache2 on Debian/Ubuntu.

Generally, the main apache configuration file on Centos and Debian/Ubuntu are found at:

Centos: /etc/httpd/conf/httpd.conf
Debian/Ubuntu: /etc/apache2/conf/apache2.conf

Set of rules or code blocks in Apache configuration is called a directive. So, in this tutorial you may find directive, setting, code or rule used interchangeably.
Note: directive and directory (folder) are two different things.

Main Configuration File Detail

For this tutorial, let’s go through line by line of Apache configuration file on the Centos system.

To view the main configuration, enter less /etc/httpd/conf/httpd.conf in terminal.

  • All lines starting with pound/hash sign (#) are comments for user information and the system doesn’t care about these lines.
  • ServerRoot "/etc/httpd" #Location of server’s configuration and log file. And, all other relative location paths in this configuration will be respective to the path defined in ServerRoot.
  • Listen 80 #Defining port to listen from Apache server. You can also specify a specific IP address if you have more than one IP and want to associate only specific IP.
  • Include conf.modules.d/*conf # Includes all .conf configuration file from conf.modules.d directory.
    Note: all relative directory/folder in apache configuration will be respective to ServerRoot location. So, the absolute path of conf.modules.d directory is /etc/httpd/conf.modules.d [Absolute path starts with forward-slash(/), the relative path doesn’t.]
    The configuration inside here is used for adding support of Dynamic Shared Object (DSO). DSO is the component that extends the functionality of a web server by adding support for different technologies like adding support for PHP.
  • LoadModule is used to load the DSO module.
  • User apache #This defines the user that apache web server runs.
    Group apache #This defines the group that apache webserver runs.
    Anything you want to serve with Web Server needs to be accessible to the user and group defined here.

Main Server Configuration Section

It is the default configuration for the webserver that responds to all requests that aren’t handled by the virtual host definition. Also, it is the default configuration value for the virtual host.

  • ServerAdmin root@localhost #Email Address that server displays in error messages to send server related information (problems, error).
  • ServerName example.com:80 #Server uses to identify itself. It is optional as server can automatically determine it.
  • <Directory /> #Starting point of configuration setting block for root (/) directory
    AllowOverride none #Other Configuration (from .htaccess) for root folder can’t override the configuration setting of this block.
    [ AllowOverride setting is valid only in <Directory> block specified without regular expressions. In simple term, AllowOverride controls whether a particular setting on that block for a specified folder can be overridden from .htaccess or not.]
    Require all denied # All are denied to access the root folder from Web.
    </Directory> #Closing of Directory block .
    This block of codes means, No one can access the root folder through Web Service and this setting can’t be changed from other configurations.
<Directory /> 
 AllowOverride none
 Require all denied
</Directory>
  • DocumentRoot "/var/www/html" #This tells the server where to look for sites files in the server. [WebRoot Directory].
  • <Directory "/var/www"> #Starting point of configuration setting for /var/www/ folder
    Require all granted #Access is allowed unconditionally.
    This means /var/www folder and its content can be accessed from web services which was initially blocked while blocking access to the root folder and its content.
<Directory "/var/www">
 AllowOverride none
 Require all granted
</Directory> 
  • <Directory "/var/www/html"> #Starting point of configuration block for /var/www/html folder
    Options Indexs FollowSymLinks # Indexes tells the server to list all files in the directory if it can’t find an index page (index.htm, index.html) & FollowSymLinks enables server to have a symlink (symbolic links) in your webroot (/var/www/html) and it’s children directory pointing to some other file/directory.
<Directory "/var/www/html">
 Options Indexs FollowSymLinks
 AllowOverride None
 Require all granted
</Directory>
  • <IfModule [!]module-file|module-identifier> ... </IfModule> IfModule is used for conditionally executing code block if certain module is loaded. You can find list of all available apache module here.
<IfModule dir_module>
  DirectoryIndex index.html
  #Another index example
  # DirectoryIndex index.html index.htm index.php
</IfModule>

<IfModule dir_module> # Executes the following code block if mod_dir module is loaded in apache. dir_module is module identifier for Apache Module mod_dir.
DirectoryIndex index.html #This sets the index file for server. Means if no particular file is requested, it will be served. Generally, in addition to index.html , index.htm, index.php are also used as index file.
</IfModule> #Closes the conditional block.

  • Protecting .htaccess and .htpasswd
    <Files ".ht*">
    Require all denied
    </Files> #Prevents .htaccess and .htpasswd files from being viewed by web clients.
  • ErrorLog "logs/error_log" #The default location of the error log file. If virtualhost doesn’t define the error log location , error message related to thjat virtual host will be logged here.
  • ErrorLog "logs/error_log" #The default location of the error log file. If virtualhost doesn’t define the error log location , error message related to thjat virtual host will be logged here.
  • <IfModule alias_module> #Alias module provides ability to set different alias path, redirect option for URL path.
    # Redirect permanent /foo http://example.com/bar #Redirects webaddress/foo to example/bar permanently (301 redirect)
    # Alias /webpath /another/lengthy/path # Maps webpath to /another/lengthy/path. Means When visiting webpath document of /another/lengthy/path will be served
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" #Same as Alias but files in the target directory are treated as application and runs by server instead of serving to client.
    </IfModule> #This setting block is executed only if alias_module is loaded in apache.
  • <IfModule mime_module> #mime_module provides ability to set what type of file is being served based on extension like .jpg is image, .zip is compressed file and more so that browser knows what is it receiving and interpret received data correctly in client side.
    TypesConfig /etc/mime.type #Default mapping of common file extension to MIME-type.
    #AddType application/x-gzip .tgz #AddType is used for mapping other certain file extension to MIME-type.
    #AddEncoding x-compress .z #This provides information so that certain browser can decode data on the fly.
    #AddHandler type-map var #Handlers and filters tell the server how to process information before it sends it.
    </IfModule>
  • AddDefaultCharset UTF-8 #Default charset for all content served.
  • ErrorDocument 500 "Error Message"
    ErrorDocument 404 /notfound.html # ErrorDocument sets the error response based on error type (with error code.) We can set three type of response: Plain text, redirect to local file, and redirect to external file.
  • #EnableNMAP off
    EnableSendfile on # EnableNMAP and EnableSendfile tweaks how server serves the file. Used to improve server performance but mustn’t be used in all server like network-mounted filesystems.
  • IncludeOptional conf.d/*.conf #Loads all config files in “/etc/httpd/conf.d” directory

Scope of Directives

  • <Directory directory-path> ... </Directory> Configuration defined inside <Directory> is applied to the mention directory [directory-path], sub-directories of that directory, and the files within the respective directories. It is used in server config, virtual host.
  • <DirectoryMatch regex> ... </DirectoryMatch> Same as <Directory> but it takes regular expression instead of absolute directory path. It is used in server config, virtual host.
  • <Files filename> ... </Files> Configuration defined inside <Files> only only applied to filename mentioned. It is used in server config, virtual host, directory, .htaccess.
  • <FilesMatch regex> ... </FilesMatch> Same as <Files> but takes regular expression. It is used in server config, virtual host, directory, .htaccess.
  • <Location URL-path|URL> ... </Location> Configuration defined inside <Location> is applied to mentioned URL. It is used in server config, virtual host.
  • <LocationMatch regex> ... </LocationMatch> Same as <Location> but it takes regular expression. It is used in server config, virtual host.
  • <VirtualHost addr[:port] [addr[:port]] ...> ... </VirtualHost> Configuration defined inside <VirtualHost> only applied mentioned hostname or IP address. It is used in server config.

Other Important Notes:

  • <Directory>is used to define setting based on the servers path and <Location> is used to define setting based on URL.
  • Configuration placed in .htaccess files apply to the directory where you place the file, and all sub-directories.
  • To check which module is loaded in web server, run httpd -M, apachectl -M, orapachectl configtest command in terminal. To check the module compiled into apache software run httpd -l
  • Require is used for configuring Access controls. [Tests whether an authenticated user is authorized according to a particular authorization provider and the specified restrictions] . It is same as old ways of access control using order, deny, allow. Here are some equivalent examples of old [on apache 2.2] and new ways [on apache 2.4] to do the same access control.
    To deny all request:
    On 2.2 configuration:
    Order deny,allow
    Deny from all
    On 2.4 configuration:
    Require all denied
    To allow all requests
    On 2.2 configuration:
    Order allow,deny
    Allow from all
    On 2.4 configuration:
    Require all granted
    To allow access for all hosts in the example.org domain but deny all other hosts.
    On 2.2 configuration:
    Order Deny,Allow
    Deny from all
    Allow from example.org
    On 2.4 configuration:
    Require host example.org

Reference:


If you have any questions following this tutorial or any topics on Nil Tutorial, don’t hesitate to ask in the comment section. You can also reach me on Twitter.

Leave a Reply

Your email address will not be published.