a2enmod module
; to disable a module, the command is a2dismod module
. These programs actually only create (or delete) symbolic links in /etc/apache2/mods-enabled/
, pointing at the actual files (stored in /etc/apache2/mods-available/
).
/etc/apache2/ports.conf
), and serves pages from the /var/www/html/
directory (as configured in /etc/apache2/sites-enabled/000-default.conf
).
mod_ssl
) required for secure HTTP (HTTPS) out of the box. It just needs to be enabled with a2enmod ssl
, then the required directives have to be added to the configuration files. A configuration example is provided in /etc/apache2/sites-available/default-ssl.conf
.
SSLCertificateFile /etc/letsencrypt/live/DOMAIN/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/DOMAIN/chain.pem SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt
mod_gnutls
, which is shipped with the libapache2-mod-gnutls package and enabled with the a2enmod gnutls
command. Unfortunately the version packaged for Debian had serious issues and even security implications and is therefor not part of the Debian Bullseye release.
/etc/apache2/sites-enabled/000-default.conf
file; this virtual host will be used if no host matching the request sent by the client is found.
/etc/apache2/sites-available/
. Setting up a website for the falcot.org
domain is therefore a simple matter of creating the following file, then enabling the virtual host with a2ensite www.falcot.org
.
Example 11.13. The /etc/apache2/sites-available/www.falcot.org.conf
file
<VirtualHost *:80> ServerName www.falcot.org ServerAlias falcot.org DocumentRoot /srv/www/www.falcot.org </VirtualHost>
CustomLog
directives in the definitions of the virtual hosts). It therefore makes good sense to customize the format of this log file to have it include the name of the virtual host. This can be done by creating a /etc/apache2/conf-available/customlog.conf
file that defines a new format for all log files (with the LogFormat
directive) and by enabling it with a2enconf customlog
. The CustomLog
line must also be removed (or commented out) from the /etc/apache2/sites-available/000-default.conf
file.
Directory
blocks; they allow specifying different behaviors for the server depending on the location of the file being served. Such a block commonly includes Options
and AllowOverride
directives.
Example 11.15. Directory block
<Directory /srv/www> Options Includes FollowSymlinks AllowOverride All DirectoryIndex index.php index.html index.htm </Directory>
DirectoryIndex
directive contains a list of files to try when the client request matches a directory. The first existing file in the list is used and sent as a response.
Options
directive is followed by a list of options to enable. The None
value disables all options; correspondingly, All
enables them all except MultiViews
. Available options include:
ExecCGI
indicates that CGI scripts can be executed.
FollowSymlinks
tells the server that symbolic links can be followed, and that the response should contain the contents of the target of such links.
SymlinksIfOwnerMatch
also tells the server to follow symbolic links, but only when the link and its target have the same owner.
Includes
enables Server Side Includes (SSI for short). These are directives embedded in HTML pages and executed on the fly for each request.
IncludesNOEXEC
allows Server Side Includes (SSI) but disables the exec
command and limits the include
directive to text/markup files.
Indexes
tells the server to list the contents of a directory if the HTTP request sent by the client points at a directory without an index file (i.e., when no files mentioned by the DirectoryIndex
directive exists in this directory).
MultiViews
enables content negotiation; this can be used by the server to return a web page matching the preferred language as configured in the browser.
AllowOverride
directive lists all the options that can be enabled or disabled by way of a .htaccess
file. A common use of this option is to restrict ExecCGI
, so that the administrator chooses which users are allowed to run programs under the web server's identity (the www-data
user).
mod_auth*
modules.
/etc/apache2/authfiles/htpasswd-private
file contains a list of users and passwords; it is commonly manipulated with the htpasswd
command. For example, the following command is used to add a user or change their password:
#
htpasswd /etc/apache2/authfiles/htpasswd-private user
New password: Re-type new password: Adding password for user user
Require
directive controls access restrictions for a directory (and its subdirectories, recursively).
Require
directives are combined within a RequireAll
block.
/etc/awstats/awstats.conf
file. The Falcot administrators keep it unchanged apart from the following parameters:
LogFile="/var/log/apache2/access.log" LogFormat = "%virtualname %host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot" SiteDomain="www.falcot.com" HostAliases="falcot.com REGEX[^.*\.falcot\.com$]" DNSLookup=1 LoadPlugin="tooltips"
LogFile
and LogFormat
parameters describe the location and format of the log file and the information it contains; SiteDomain
and HostAliases
list the various names under which the main web site is known.
DNSLookup
should usually not be set to 1
; for smaller sites, such as the Falcot one described above, this setting allows getting more readable reports that include full machine names instead of raw IP addresses.
/etc/awstats/awstats.www.falcot.org.conf
.
Example 11.18. AWStats configuration file for a virtual host
Include "/etc/awstats/awstats.conf" SiteDomain="www.falcot.org" HostAliases="falcot.org"
/usr/share/awstats/icon/
directory. In order for these icons to be available on the web site, the Apache configuration needs to be adapted to include the following directive (check out /usr/share/doc/awstats/examples/apache.conf
for a more detailed example):
Alias /awstats-icon/ /usr/share/awstats/icon/