Apache (the webserver) is a [https://www.apache.org/free/ freely licensed] project of the Apache Software Foundation.
== Docs ==
In addition to the extensive [http://httpd.apache.org online documentation of the Apache project], you should consult the local documentation on your system under /usr/share/doc/apache2.2-common or similar
The [https://help.ubuntu.com/lts/serverguide/httpd.html Ubuntu Server Guide] is also a helpful documentation source. == Canonical Domain ==
Here is how we use Apache to answer requests to our multiple registered TLDs, but direct everything to our canonical "bare" domain.
<source lang="apache">
RewriteRule ^/?(.*) https://equality-tech.com/$1 [L,R=301,NE]
</source>
* Flags: No Case, Last, Redirect permanent, No Escape <ref>https://httpd.apache.org/docs/current/rewrite/flags.html#flag_ne</ref>
* Response Code: 301 = Permanent <ref>https://tools.ietf.org/html/rfc2616</ref>
*Flags: No Case, Last, Redirect permanent, No Escape <ref>https://httpd.apache.org/docs/current/rewrite/flags.html#flag_ne</ref>*Response Code: 301 = Permanent <ref>https://tools.ietf.org/html/rfc2616</ref> ==Rewrites==Use .htaccess ONLY for testing rules on-the-fly during developmentso that you don't have to constantly reload Apache. Once the rule is tested and works, it should be placed into theproper Virtual Host configuration file.e.g. /etc/apache2/sites-available/foo.conf This is because the conf gets loaded into memory once duringstartup whereas the .htaccess file needs to be loadedFROM DISK on every single request. This slows a webserver. So, don't even leave .htaccess files lying aroundempty. Nuke 'em. See https://httpd.apache.org/docs/2.4/rewrite/tech.htmlabout the differences between per-directory context.Basically, the path as seen in .conf will start with /whereas the path as seen by .htaccess in / will have theleading slash stripped already. That's why we use <code>^/?</code>to make rules work in both contexts. But rules further downthe filesystem hierarchy will have a greater differencebetween the .conf version and the .htaccess version (or you can place the rules in a <directory> stanza) == Secure Server ==
These notes illustrate what I did for my Ubuntu system and are based on an instructional video from Linux Journal for RedHat systems see http://www.linuxjournal.com/video/set-secure-virtual-host-apache
</source>
== SSL Providers ==Check your domain registrar for their services or products around SSL certificates. There are a lot of Certificate Authorities to choose from. Plus a lot of options on those certificates. You can still get a free SSL certificate from StartSSL.com. However, a new and very interesting service is available from We use the [[TLS|Lets Encrypt]] project: They automate free certificate installation, making TLS security accessible to all. If you want expert help in getting your site secured, contact {{CompanyName}}
== Security ==
Check out the NIST and DISA checklist and STIG docs, they are good places to start - their checks are based on industry best practices and Apache httpd CVEs.
Thank the US tax payers =)
== Support / Customization ==
There is a presentation on http://OutOfOrder.cc about Mass Virtual Hosting approaches that is worth a look if you're considering that. OutOfOrder.cc is a collaborative effort between Paul Querna and Edward Rudd -- two guys who have a lot of experience with Apache.
==Quick Check==
You have a bunch of virtual hosts configured by various files in your Apache's configuration directories. Since you can output them all with <code>apache2ctl -S</code>, you can also do a bit more parsing of the output to be able to quickly check if they're all responding.
<source lang="bash">
for x in `apachectl -S 2>&1 | awk '/default server / { g=$3; print g} /namevhost / { g=$4; print g } /alias/ { g=$2; print g }' | sort -u`; do echo "checking $x"; curl --head --location http://$x; done
</source>
Who are the zombies trying to crack your WordPress site?
<source lang="awk">
awk '$6 ~ "POST" && $7 ~ "wp-login" { ips[$1]++ } END {for (ip in ips) { print ip, " ", ips[ip], " POSTs" }}' /var/log/apache2/access.log
</source>
or,
<source lang="bash">
grep POST /var/log/apache2/access.log | cut -d ' ' -f 1 | sort | uniq -c
</source>
{{References}}
[[Category:Security]]
[[Category:Company]]
[[Category:Webserver]]