Apache Guide: The Versatile HTTP Server
Apache HTTP Server (httpd) has powered the web for decades. Its module system, .htaccess support, and broad OS compatibility make it a common choice for shared hosting, legacy applications, and environments that need runtime configuration flexibility.
Installation
# Debian/Ubuntu
sudo apt update
sudo apt install apache2
sudo systemctl enable --now apache2
# RHEL/CentOS/Fedora
sudo dnf install httpd
sudo systemctl enable --now httpd
# Verify
curl -I http://localhost
Configuration Files
On Debian-based systems, the main config is /etc/apache2/apache2.conf.
On RHEL-based systems, it is /etc/httpd/conf/httpd.conf.
Debian uses a modular layout with helper commands:
# Enable a module
sudo a2enmod rewrite
sudo a2enmod ssl
sudo a2enmod headers
# Enable a site
sudo a2ensite example.com.conf
# Disable a site
sudo a2dissite 000-default.conf
# Test configuration
sudo apachectl configtest
# Reload
sudo systemctl reload apache2
VirtualHost Configuration
# /etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/html
<Directory /var/www/example.com/html>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
</VirtualHost>
AllowOverride All permits .htaccess files in that directory tree.
Set it to None for better performance if .htaccess is not needed.
.htaccess and mod_rewrite
.htaccess files provide per-directory configuration without editing the
main server config. The most common use is URL rewriting:
# /var/www/example.com/html/.htaccess
RewriteEngine On
# Redirect HTTP to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Pretty URLs -- route everything to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [L]
Performance note: Apache checks for .htaccess in every directory along
the path for every request. Disable AllowOverride in production and move
rules into the VirtualHost block when possible.
mod_ssl -- HTTPS with Apache
<VirtualHost *:443>
ServerName example.com
DocumentRoot /var/www/example.com/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
<Directory /var/www/example.com/html>
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Multi-Processing Modules (MPMs)
Apache offers three MPMs that control how it handles connections:
| MPM | Model | Best For |
|---|---|---|
| prefork | One process per connection | Legacy PHP (mod_php) |
| worker | Threads within processes | Thread-safe apps, moderate traffic |
| event | Async with dedicated listener | High concurrency, keep-alive heavy |
Switch MPMs on Debian:
sudo a2dismod mpm_prefork
sudo a2enmod mpm_event
sudo systemctl restart apache2
Tune the event MPM in /etc/apache2/mods-available/mpm_event.conf:
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
Useful Modules
| Module | Purpose |
|---|---|
mod_rewrite |
URL rewriting and redirects |
mod_ssl |
TLS termination |
mod_headers |
Set/modify HTTP headers |
mod_proxy |
Reverse proxy |
mod_deflate |
Response compression |
mod_security |
Web application firewall |
mod_expires |
Cache control headers |
Common Troubleshooting
# Check syntax
sudo apachectl configtest
# View error log
sudo tail -f /var/log/apache2/error.log
# List loaded modules
apache2ctl -M
# List enabled sites
ls /etc/apache2/sites-enabled/
Return to the Web Servers hub or continue to Nginx Guide and SSL/TLS Setup.