Ubuntu Server25.10 : WEB Server(Apache)

Contents

Apache2

Apache2

Allow http:80 port and https:443 port in UFW first.

# ufw allow http
# ufw allow https
# ufw reload

# ufw allow http

# ufw allow https

# ufw reload

1. Apache2 Install

# apt -y install apache2

1	# apt -y install apache2

2.Apache2 Basic Settings

# vi /etc/apache2/conf-enabled/security.conf
# Line 12：change
ServerTokens 　Prod

# vi /etc/apache2/conf-enabled/security.conf

# Line 12：change

ServerTokens 　Prod

# vi /etc/apache2/mods-enabled/dir.conf
# Line 1：Check file names accessible by directory name only
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm

# vi /etc/apache2/mods-enabled/dir.conf

# Line 1：Check file names accessible by directory name only

DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm

# vi /etc/apache2/apache2.conf
# Line 70：Server name added
ServerName [FQDN]
# Line 172：change
AllowOverride ALL

# vi /etc/apache2/apache2.conf

# Line 70：Server name added

ServerName [FQDN]

# Line 172：change

AllowOverride ALL

# vi /etc/apache2/sites-available/000-default.conf
# Line 11：Administrator address change
ServerAdmin [your mailaddress]

# vi /etc/apache2/sites-available/000-default.conf

# Line 11：Administrator address change

ServerAdmin [your mailaddress]

Apache Restart

# systemctl enable apache2
Synchronizing state of apache2.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable apache2

# systemctl restart apache2

# systemctl enable apache2

Synchronizing state of apache2.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.

Executing: /usr/lib/systemd/systemd-sysv-install enable apache2

# systemctl restart apache2

Apache Startup Verification

# systemctl status apache2

1	# systemctl status apache2

Indicates content

● apache2.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
Active: active (running) since Sat 2026-01-10 13:01:08 JST; 2min 4s ago
Invocation: 2a478e223e1e41e49aebf2ff43004ec0
Docs: https://httpd.apache.org/docs/2.4/
Main PID: 9728 (apache2)
Tasks: 55 (limit: 3911)
Memory: 4.8M (peak: 5.3M)
CPU: 31ms
CGroup: /system.slice/apache2.service
├─9728 /usr/sbin/apache2 -k start
├─9730 /usr/sbin/apache2 -k start
└─9731 /usr/sbin/apache2 -k start

Jan 10 13:01:08 Lepard systemd[1]: Starting apache2.service - The Apache HTTP Server…
Jan 10 13:01:08 Lepard systemd[1]: Started apache2.service - The Apache HTTP Server.

3. Apache2 Operation Verification

http://[server IP address] If you access this URL and see the Ubuntu Apache2 Default Page as shown below, it's OK.

Hide the default page, create a new index.html file as a Test Page, and verify Apache operation
Rename the default page

# mv /var/www/html/index.html /var/www/html/index.html.bak

1	# mv /var/www/html/index.html /var/www/html/index.html.bak

Create an HTML test page

# vi /var/www/html/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Apache Test Page
</div>
</body>
</html>

# vi /var/www/html/index.html

<html>

<body>

Apache Test Page

</div>

</body>

</html>

http://[server IP address] If the Test Page appears as shown below when you access it, you're good to go.

4. Apache2 : Virtual Host Configuration

①Copy the default configuration file (name it whatever you like; for this example, use vhost.conf) and configure the virtual host.

# cd /etc/apache2/sites-available/
# cp 000-default.conf vhost.conf

1 2	# cd /etc/apache2/sites-available/ # cp 000-default.conf vhost.conf

②Edit the created configuration file
The document root is set to /var/www/html/[FQDN]/

# vi vhost.conf
<VirtualHost *:80>
～omission～
ServerName [FQDN]
ServerAdmin [Administrator's email address]
DocumentRoot /var/www/html/[FQDN]/
～omission～
ErrorLog ${APACHE_LOG_DIR}/[FQDN].error.log
CustomLog ${APACHE_LOG_DIR}/[FQDN].access.log combined
～omission～
</VirtualHost>

# vi vhost.conf

～omission～

ServerName [FQDN]

ServerAdmin [Administrator's email address]

DocumentRoot /var/www/html/[FQDN]/

～omission～

ErrorLog ${APACHE_LOG_DIR}/[FQDN].error.log

CustomLog ${APACHE_LOG_DIR}/[FQDN].access.log combined

～omission～

</VirtualHost>

③Symbolic link to the configuration file to disable the default configuration file

# cd /etc/apache2/sites-available/
# a2ensite vhost.conf
# a2dissite 000-default.conf　　Disable default settings Restart Apache
# systemctl restart apache2

# cd /etc/apache2/sites-available/

# a2ensite vhost.conf

# a2dissite 000-default.conf　　Disable default settings Restart Apache

# systemctl restart apache2

④Edit hosts file

# vi /etc/hosts
Add the following around the third line.
127.0.0.1  <FQDN>

# vi /etc/hosts

Add the following around the third line.

127.0.0.1 <FQDN>

⑤Directory Create

# mkdir /var/www/html/<FQDN>

1	# mkdir /var/www/html/<FQDN>

⑥Create test pages and check operation

# vi /var/www/html/<FQDN>/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Virtual Host Test Page
</div>
</body>
</html>

# vi /var/www/html/<FQDN>/index.html

<html>

<body>

Virtual Host Test Page

</div>

</body>

</html>

⑦If you access "http://[FQDN]/index.html" in your browser, the following screen should appear

5. Apache2 : Using Perl Scripts

Enable CGI to make Perl scripts available
①Perl Install

# apt -y install perl

1	# apt -y install perl

②Enable CGI module and restart

# a2enmod cgid
# systemctl restart apache2

1 2	# a2enmod cgid # systemctl restart apache2

③Confirm CGI module is enabled
Create test scripts

# cat > /usr/lib/cgi-bin/test_script <<'EOF'
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello CGI\n";
EOF

# cat > /usr/lib/cgi-bin/test_script <<'EOF'

#!/usr/bin/perl

print "Content-type: text/html\n\n";

print "Hello CGI\n";

EOF

Authorize the script file

# chmod 705 /usr/lib/cgi-bin/test_script

1	# chmod 705 /usr/lib/cgi-bin/test_script

operation check

# curl http://localhost/cgi-bin/test_script

Hello CGI

# curl http://localhost/cgi-bin/test_script

Hello CGI

6. Apache2 : Using PHP Scripts

①PHP Install

# apt -y install php php-cgi libapache2-mod-php php-common php-pear php-mbstring

1	# apt -y install php php-cgi libapache2-mod-php php-common php-pear php-mbstring

②Apache2 Configuration

# a2enconf php8.4-cgi
Enabling conf php8.4-cgi.
To activate the new configuration, you need to run:
  systemctl reload apache2

# a2enconf php8.4-cgi

Enabling conf php8.4-cgi.

To activate the new configuration, you need to run:

systemctl reload apache2

# vi /etc/php/8.4/apache2/php.ini

1	# vi /etc/php/8.4/apache2/php.ini

[php.ini] Edited Content

Line 699 : Change
#post_max_size = 8M
post_max_size = 300M

Line 851 : Change
#upload_max_filesize = 2M
upload_max_filesize = 200M

Line 966：Disable comments and set time zone
date.timezone = "Asia/Tokyo"

Apache Restart

# systemctl restart apache2

1	# systemctl restart apache2

③Create a PHP test page and check its operation

# vi /var/www/html/<FQDN>/test.php
<?php phpinfo(); ?>

1 2	# vi /var/www/html/<FQDN>/test.php <?php phpinfo(); ?>

If you access http://[FQDN]/test.php with a browser and the following screen appears, success!

7. Digest authentication with Apache2

Since Basic Authentication, a well-known authentication authentication method for http, transmits authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.
On the other hand, Digest Authentication encrypts the authentication information and sends it in encrypted form, so there is almost no risk of information leakage.

7.1 Create password file for Digest authentication

Specify an authenticated area called realm. This realm allows the same directory to be accessed as authenticated.
As an example, we will create a user named "secretuser" in the "DigestAuth" realm.
Execute the following command and enter the "secretuser" password.

# /usr/bin/htdigest -c /etc/apache2/.digestauth "DigestAuth" secretuser

1	# /usr/bin/htdigest -c /etc/apache2/.digestauth "DigestAuth" secretuser

Confirmation

# cat /etc/apache2/.digestauth
secretuser:DigestAuth:********************************

1 2	# cat /etc/apache2/.digestauth secretuser:DigestAuth:********************************

As above, secretuser and encrypted password are created

7.2 Edit Apache configuration file

Specify the directory to which Digest authentication will be applied. (In this case, specify the secret directory.)

# vi /etc/apache2/apache2.conf

1	# vi /etc/apache2/apache2.conf

Add the following at the end

<Directory /var/www/html/[FQDN]/secret>
AuthType Digest
AuthName "DigestAuth"
AuthDigestDomain /secret/
AuthUserFile /etc/apache2/.digestauth
Require valid-user
</Directory>

AuthType Digest

AuthName "DigestAuth"

AuthDigestDomain /secret/

AuthUserFile /etc/apache2/.digestauth

Require valid-user

</Directory>

Create a directory for Digest authentication

# mkdir  /var/www/html/[FQDN]/secret

1	# mkdir /var/www/html/[FQDN]/secret

Enable Digest authentication and restart

# a2enmod auth_digest
# systemctl restart apache2

1 2	# a2enmod auth_digest # systemctl restart apache2

When accessing http://[FQDN]/secret with a browser, a screen appears asking for "user name" and "password".

Go to top