How to Install & Configure Apache with Let’s Encrypt TLS/SSL on Ubuntu 20.04

Apache, also known as Apache HTTP server, has been one of the most widely used web server applications globally for the past few decades. It is a free and open-source web application software maintained by the Apache Software Foundation. Apache provides some powerful features with dynamically loadable modules, easy integration with other software, and handling of static files, among other popular features.

In the following tutorial, you will learn how to Install Apache Web Server on Ubuntu 20.04.

Prerequisites

  • Recommended OS: Ubuntu 20.04 – optional (Ubuntu 21.04 and Linux Mint 20)
  • User account: A user account with sudo or root access.

Updating Operating System

First, before anything, update your Ubuntu operating system to make sure all existing packages are up to date:

sudo apt update && sudo apt upgrade -y

Root or Sudo Access

By default, the account created with Ubuntu was giving sudo status. Still, suppose you need to provide additional accounts sudo/root access. In that case, you must either have access to the root password to use the su command or visit our tutorial on How to Add a User to Sudoers on Ubuntu.

Method 1. Install Apache from Ubuntu Repository

The first option to install Apache is to use the default Ubuntu repository. This is more practical for most users as it is very stable and secure.

To install Apache, open your terminal and execute the following command:

sudo apt install apache2 -y

Next, verify the installation was successful by verifying Apache’s build version:

sudo apache2 --version

Example output:

Server version: Apache/2.4.51

Check to see if Apache2 is running correctly using the following systemctl command:

systemctl status apache2

Example output if everything is ok:

How to Install & Configure Apache with Let’s Encrypt TLS/SSL on Ubuntu 20.04

Method 2. Install Latest Apache from Ondřej Surý PPA

By default, Apache is available within Ubuntu’s software repositories, making it easy to install. However, like most repositories on Ubuntu LTS versions, it can often be lacking behind what is current, not so much for security risks. Still, the newer features and improvements are missing.

It is recommended for Ubuntu to install Ondřej Surý’s version of Apache 2, which is the most up-to-date and pre-built with extra widely used modules.

First, add Ondřej Surý PPA for Ubuntu as follows:

sudo add-apt-repository ppa:ondrej/apache2 -y && sudo apt update

Now, you can install Apache 2 package with the following command:

sudo apt install apache2

The installation will install all dependencies needed.

If you do not want to use the PPA, you can skip adding it and install Apache 2 from Ubuntu’s repository.

Once installed, confirm the version running the following command:

apache2 -v

Example output:

Server version: Apache/2.4.51 (Ubuntu)

Note that both repositories are on the same version at the time of the tutorial due to an URGENT CVE update. Normally, Ondřej Surý PPA is ahead of the default Ubuntu 20.04 at all times.

Check to see if Apache2 is running correctly using the following systemctl command:

sudo systemctl status apache2

Example output if everything is ok:

How to Install & Configure Apache with Let’s Encrypt TLS/SSL on Ubuntu 20.04

Configure UFW Firewall for Apache

After installing Apache 2 web server, you will need to modify the UFW rules to allow outside access to the default web ports. Luckily, during the installation, Apache registers itself with UFW to provide a few profiles that can be used to enable or disable access, making it easy and quick to configure.

First, list the application profiles to see the Apache profiles that are available by the following command:

sudo ufw app list

Example output:

Available applications:
  Apache
  Apache Full
  Apache Secure

From the output above, you have three profile options to choose from. To break it down, Apache runs on port 80 (HTTP), Apache Secure runs on port 443 (HTTPS), and Apache Full is a combination of allowing both. The most common is either Apache Full or Apache Secure.

For the tutorial, since we have not set up SSL, we will enable (Apache) profile with the following command:

sudo ufw allow 'Apache'

Example output:

Rule added
Rule added (v6)

As above, the rules have been added for both IPV4 and IPV6. Later on, you can disable this profile and enable secure only or disable the Apache rule and use the Apache Full rule instead.

Verify Apache Web Server

Now that you have installed and configured the UFW firewall, it is time to test out to see if Apache 2 is reachable and is working correctly by requesting a page.

You can access the default Apache landing page to check if the software runs correctly through your server’s IP address. To find this out, if you do not know, use the following command below:

hostname -I

You should get back the internal IP address the server is on as an example:

###Example Only###
192.168.50.15 

You may get 2 to 3 results back. Try each one until you find the correct IP address.

If you require your public IP address (external), use the following command instead:

curl -4 icanhazip.com

You may need to install the CURL package if it is missing. To do this, execute the following command:

sudo apt install curl -y

Once you have your servers IP address, open up your favorite Internet Browser and enter the following:

http://your_server_ip

You should get the following page in your Internet Browser:

How to Install & Configure Apache with Let’s Encrypt TLS/SSL on Ubuntu 20.04

Congratulations, you have installed Apache 2 web server and are currently working.

The next step is to set up virtual hosts.

Create and or Configure Virtual Hosts for Apache

Using the Apache web server, you can create virtual hosts to manage configurations for more than one domain running on a single server. If you have used Nginx before, it is the equivalent of server blocks. In the example below, the tutorial will create a domain example-domain.com which you will replace with your domain name.

By default, Apache on Ubuntu 20.04 has one server block enabled by default that is configured to serve documents from the /var/www/html directory. If you are operating one website, you can modify this server block to suit your own. However, if you are hosting multiple websites, you need to create a new directory structure for your various domains.

Create and or Configure Directories

Firstly, leave /var/www/html directory intact as the default directory, then create a new directory, for example-domain.com, as below:

sudo mkdir /var/www/example_domain

The next step is to assign ownership of the directory with the $USER environment variable:

sudo chown -R $USER:$USER /var/www/example_domain

Usually, the web roots permissions should be set correctly, and you can verify using the -ls l command:

-ls l /var/www/example_domain
ls -l /var/www/example_domain

Example output:

drwxr-xr-x 2 joshua joshua 4096 Oct 10 11:46 example_domain

As you can see, we have the permission of drwxr-xr-x, which is the equivalent of chmod 755. If you do not have this permission set, run the following command:

sudo chmod -R 755 /var/www/example_domain

Now create a sample page index.html using your favorite text editor. The tutorial will use nano as below:

sudo nano /var/www/example_domain/index.html

In the file, copy and paste the following code:

<html>
    <head>
        <title>Welcome to Website!</title>
    </head>
    <body>
        <h1>Success! The virtual host is working! You did not mess it up.</h1>
    </body>
</html>

Save the file (CTRL+O), then exit (CTRL+X).

Create Virtual Host

Now that you have created a landing page and set correct ownership and permissions. You can now proceed to create a virtual host file. By default, all virtual host files will need to be located at /etc/apache2/sites-available/ directory.

First, use your favorite text editor to create a configuration file located at /etc/apache2/sites-available/example_domain.conf as below:

sudo nano /etc/apache2/sites-available/example_domain.conf

Now, copy and paste the following into the configuration block file, note to replace your ServerName, ServerAlias, and Document root with your own:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName example_domain
    ServerAlias www.example_domain
    DocumentRoot /var/www/example_domain
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Note, remember do not forget to change the required Server directives to your own.

Save the configuration file using (CTRL+O) and exit with (CTRL+X).

Enable Virtual Host

Now that you have your virtual host configuration file ready, it is time to enable it. With Apache, unlike Nginx, where you would create a symlink using the ln -s command, Apache uses its tools, as the tutorial will show below:

First, disable the existing default installed server block file 000-default.conf with the a2dissite command:

sudo a2dissite 000-default.conf

Now enable your virtual host file with the a2ensite command:

sudo a2ensite example_domain.conf

Now, like most web server applications, Apache has a dry run function. Before making live, test your configuration file using the following command:

sudo apache2ctl configtest

If everything is working correctly, example output should be:

Syntax OK

Now restart the Apache webserver to make your new virtual host live with the following command:

sudo systemctl restart apache2

Apache should currently be serving the landing page you created for your new domain. To test this, open your Internet Browser and type in your domain name HTTP://example_domain where you should get the following landing page you created in the index.html file:

How to Install & Configure Apache with Let’s Encrypt TLS/SSL on Ubuntu 20.04

Congratulations, you have successfully created your virtual host and made it work successfully on your domain.

Secure Apache with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Apache on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

First, install the certbot package as follows:

sudo apt install python3-certbot-apache -y

Once installed, run the following command to start the creation of your certificate:

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

This is the ideal setup that includes force HTTPS 301 redirects, Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be https://www.example.com instead of HTTP://www.example.com.

Note, if you use the old HTTP URL, it will automatically redirect to HTTPS.

Managing Apache Service

Now that you have Apache running on your server successfully, some management keynotes are as follows.

Apache Server Logs

Apache server logs can be found in the directory /var/log/apache2/ with access.log and error.log respectfully being the default access and error names given. This can be changed to other names in your virtual host configuration file in the future.

Apache Commands

The following commands that you will undoubtedly use in your day-to-day management when working with Apache. Some of the most common are:

To stop Apache webserver:

sudo systemctl stop apache2

To start Apache webserver:

sudo systemctl start apache2

To restart Apache webserver:

sudo systemctl restart apache2

To reload Apache webserver (For more minor changes not requiring a restart):

sudo systemctl reload apache2

To disable Apache on server boot:

sudo systemctl disable apache2

To start Apache on server boot (Automatically enabled on installation):

sudo systemctl enable apache2

How to Update Apache

To update Apache in the future, this is done with the command you used to check if your system is up to date. Note, always create backups or images if you have an Apache service running critical services. Usually, it’s pretty safe to upgrade, but sometimes bugs can occur like any software upgrade.

To update Apache, use the following command:

sudo apt update

If an Apache upgrade is available, use the command:

sudo apt upgrade

How to Remove (Uninstall) Apache

To remove Apache if you no longer use it, this can be done using the following command:

sudo apt autoremove apache2 --purge

This command will also remove any unused dependencies that came with the installation.

Comments and Conclusion

In the tutorial, you have learned how to install Apache 2 either using the Ubuntu default repository or the recommended updated Apache 2 using the PPA by Ondřej Surý. Overall, Apache has been the most used web application server in the World for decades. However, Nginx has finally overtaken the lead just slightly. Apache is still one of the most deployed and recognized web applications, especially with combing LAMP stack, which is often used for back-end web servers. You will find more friendly options for Apache than Nginx, leading newer users to get into hosting their web server, perhaps to try Apache over Nginx as the first step.



Follow LinuxCapable.com!

Like to get automatic updates? Follow us on one of our social media accounts!