Apache config on Ubuntu 22.04

Posted under » Ubuntu » Apache » LAMP Security updated on 1 July 2022

Ubuntu tries to improve things in their Apache config in their new version.

For eg. to make it common among the many linux distro.
This : ErrorLog /var/log/apache2/error.log has become
This : ErrorLog ${APACHE_LOG_DIR}/error.log

Directory access control are specified in the main apache2.conf file.

<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied
</Directory>

<Directory /var/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>

It does not allow access to the root filesystem outside of /var/www. If your system is serving content from a sub-directory other than /var/www or in any related virtual host you must allow access here.

<Directory /home/anoneh/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>

Putting your virtual host on your /home/ folder is tricky because you will get a 'Apache: (filesystem path '/home/anoneh/www') because search permissions are missing on a component of the path' error. Path component means either 'anoneh' and/or 'www' is not accessible.

The home folder is suppose to private and can only be read by you. To fix this you need to recursively chmod 755 or chmod +x the 'home' directory. Check that 'anoneh' and 'www' directory is also 755 so that the 'others' or public group is able to read it.

It is also good to make anoneh part of the www-data usergroup.

Includes to the apache config must have a .conf extension. This make things look neat and easy to understand.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf 

The sites-enabled www.conf file may look like this

<VirtualHost *:80>
  ServerName www.lkybast.com
  ServerAlias lkybast.com 
	ServerAdmin webmaster@lkybast.com 
	DocumentRoot /var/www/lkybast

	<Directory /var/www/lkybast/>
		Options -Indexes
		AllowOverride All
		Order allow,deny
		allow from all
		ServerSignature Off
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error-www-lkybast.log
	CustomLog ${APACHE_LOG_DIR}/access-www-lkybast.log combined

    ErrorDocument 404 /pagenotfound.php

</VirtualHost>

If somehow you have have, 'AH01797: client denied by server configuration' instead of

  <Directory /var/www/lkybast/>
    Order allow,deny
    allow from all
  </Directory>

Do this instead.

  <Directory /var/www/lkybast/>
    Require all granted
  </Directory>

Of course, it could just be a simple typo of the folder.

Security issues

• For using .htaccess files or mod-rewrite, read this.
• Another security issue is enabling the index or directory browsing. So don't forget to put "Options -Indexes" to be on the safe side.
• It is a good idea when in production server you turn off server signature server wide by putting the "server signature off" at the main apache2.conf
  

You may test if your config is working by

$ apachectl configtest

You may enable config in the conf-available directory by

$ sudo a2enconf mod-wsgi

You may enable site in the sites-available directory by

$ sudo a2ensite waklu.conf

To disable,

$ sudo a2dissite waklu.conf

You may wish to proceed in install PHP libraries and install Apache mod rewrite.

Or change MySQL root password.
 

© 2009-2023 anoneh.com | Home | About | My Wordpress | Tumblr | Blogger | Gallery