Note
20/9/2024: Certbot updated.
30/7/2020: Updated to use Python3.
6/1/2020: Updated.
8/5/2019: More explanation on default configuration given. "gksudo gedit" changed to "sudo gedit" as Ubuntu 18.04 dropped "gksudo".
11/4/2018: "apache2" changed to "apache2.service" when used in conjunction with systemctl.
25/12/2014: First created.
Intro
Apache2 web server provides web page services.
Prepare
Define hosts:
$ sudo gedit /etc/hosts
Specify:
127.0.0.1 kctang.com.hk <computer name> localhost 127.0.1.1 <computer name>
Define hostname:
$ sudo gedit /etc/hostname
Specify a line to contain:
<computer name>
Install
Install:
$ sudo apt install apache2
or before Ubuntu 16.04:
$ sudo apt-get install apache2
Start service:
$ sudo systemctl start apache2.service
or:
$ sudo service apache2 start
Set the internet router to re-direct http connections to server port 80.
(The following added, 8/5/2019)
Edit the enabled configuration file:
$ sudo gedit /etc/apache2/sites-enabled/000-default.conf
("ls -ls" changed to "gedit", 6/1/2020)
The file is symbolic linked to the actual location at /etc/apache2/sites-available/000-default.conf.
The file includes the following:
#ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html
Leave the ServerName to the HTTPS setting below.
Change the ServerAdmin email address to the correct address, or add that address when setting up the email server.
The DocumentRoot tells that the website directories and files will be stored under /var/www/html.
Note that previously the DocumentRoot was at /var/www. The change from /var/www/html would affect the installation of Drupal as explaned on that web page.
Serf to https://www.kctang.com.hk or https://kctang.com.hk on web browser, the following page (var/www/html/index.html) will be displayed to indicate successful installation:
(end of add)
Configure to use HTTPS
This is optional. Starting to use on 6 April 2018.
When the Apache2 server is configured to use HTTPS, and when "https://" is used as the prefix to the website address URL (Uniform Resource Locator) in the web browser navigation bar, encrypted communications will be used with the Apache2 server. This will enhance security.
To do this, enable the mod_ssl module:
$ sudo a2enmod ssl
In order for Apache2 to use HTTPS service, a certificate and a key file are needed. Use EFF's Certbot to automatically deploy Let's Encrypt certificates and enable HTTPS.
Certbot is downloadable at:
https://certbot.eff.org/
No need to download from there.
(revised 8/5/2019)
Install certbot and configure Apache2:
$ sudo apt update $ sudo apt install software-properties-common $sudo add-apt-repository ppa:certbot/certbot(outdated and not necessary) $sudo apt update$ sudo apt install python3-certbot-apache (may not be required) $ sudo certbot --apache $ sudo certbot renew (for renewal only)
(python changed to python3, 30/7/2020)
When answering questions
- enter "kctang.com.hk" for name to activate HTTPS
- decide whether to re-install certificate or renew and replace
- select to redirect HTTP traffic to HTTPS.
(added, 8/5/2019).
The following will happen:
- /etc/letsencrypt directory created to contain certificate and key obtained from Let's Encrypt:
- /etc/letsencrypt/live/kctang.com.hk/fullchain.pem
- /etc/letsencrypt/live/kctang.com.hk/privkey.pem
- (these two files can also be used by the email server)
- A file /etc/apache2/sites-available/000-default-le-ssl.conf added and enabled.
(revised, 8/5/2019)
(rfile names stated, 20/9/2024)
- The following lines inserted in /etc/apache2/sites-available/000-default.conf to enforce the use of "https://":
RewriteEngine on RewriteCond %{SERVER_NAME} =kctang.com.hk RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
- A cron job created to renew the certificate which lasts for 90 days before expiry.
Enable new module and disable default module if not already automatically done:
$ sudo a2ensite 000-default-le-ssl $ sudo a2dissite default-ssl $ sudo systemctl restart apache2.service