Apache config on Ubuntu 22.04

Posted under » Ubuntu » Apache » LAMP Security updated on 1 July 2022

Ubuntu tries to improve things in their Apache config in their new version.

For eg. to make it common among the many linux distro.
This : ErrorLog /var/log/apache2/error.log has become
This : ErrorLog ${APACHE_LOG_DIR}/error.log

Directory access control are specified in the main /etc/apache2/apache2.conf file.

By default yout files are at /var/www/html but if you want to have it elsewhere, you need to amend the /etc/apache2/apache2.conf file and go the line where "/var/www/" can be edited.

<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied

<Directory /var/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted

It does not allow access to the root filesystem outside of /var/www. If your system is serving content from a sub-directory other than /var/www or in any related virtual host you must allow access here.

You may also see this error on your logs.

'AH01797: client denied by server configuration'
To fix this go to the v config and change from
  <Directory /var/www/lkybast/>
    Order allow,deny
    allow from all

To this instead.

  <Directory /var/www/lkybast/>
    Require all granted
<Directory /home/anoneh/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted

Putting your virtual host on your /home/ folder is tricky because you will get a 'Apache: (filesystem path '/home/anoneh/www') because search permissions are missing on a component of the path' error. Path component means either 'anoneh' and/or 'www' is not accessible.

The home folder is suppose to private and can only be read by you. To fix this you need to recursively chmod 755 or chmod +x the 'home' directory. Check that 'anoneh' and 'www' directory is also 755 so that the 'others' or public group is able to read it.

It is also good to make anoneh part of the www-data usergroup.

Includes to the apache config must have a .conf extension. This make things look neat and easy to understand.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf 

The sites-enabled www.conf file may look like this

<VirtualHost *:80>
  ServerName www.lkybast.com
  ServerAlias lkybast.com 
	ServerAdmin webmaster@lkybast.com 
	DocumentRoot /var/www/lkybast

	<Directory /var/www/lkybast/>
		Options -Indexes
		AllowOverride All
		Order allow,deny
		allow from all
		ServerSignature Off

	ErrorLog ${APACHE_LOG_DIR}/error-www-lkybast.log
	CustomLog ${APACHE_LOG_DIR}/access-www-lkybast.log combined

    ErrorDocument 404 /pagenotfound.php


Of course, it could just be a simple typo of the folder.

Security issues

You may test if your config is working by

$ apachectl configtest

You may enable config in the conf-available directory by

$ sudo a2enconf mod-wsgi

You may enable site in the sites-available directory by

$ sudo a2ensite waklu.conf

To disable,

$ sudo a2dissite waklu.conf

To check the apache status like sites enabled and the ports that are in use,

$ apache2ctl -S
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server mth107-adles.nus.edu.sg (/etc/apache2/sites-enabled/mth107.conf:12)
         port 443 namevhost mth107-adles.nus.edu.sg (/etc/apache2/sites-enabled/mth107.conf:12)
*:80                   is a NameVirtualHost
         default server (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost cbquery.anoneh.com (/etc/apache2/sites-enabled/cbquery.conf:1)
ServerRoot: "/etc/apache2"

For more info on system status and restart

You may wish to proceed in install PHP libraries and install Apache mod rewrite.

Or change MySQL root password.

web security linux ubuntu python django git Raspberry apache mysql php drupal cake javascript css AWS data