Tag: apache

Setting Up Apache2 with Advanced Features on Ubuntu

In the modern world of web development, Apache2 stands as one of the most robust, reliable, and widely used web servers. This blog post aims to guide you through the installation and configuration of Apache2 on an Ubuntu system, enabling a range of advanced features to maximize its capabilities.

Prerequisites

  • Ubuntu Server (18.04/20.04/22.04 LTS recommended)
  • Terminal access (SSH or direct)
  • Sudo privileges

Step 1: Installing Apache2

Open your terminal and run the following command to install Apache2:

apt-get -y install apache2

The -y flag automatically confirms the installation, saving you from having to do so manually.

Step 2: Enabling Modules

Apache2 is highly modular, allowing you to enable or disable various features according to your needs. To enable a range of advanced modules, execute the following commands:

sudo a2enmod proxy
sudo a2enmod ssl
sudo a2enmod proxy_http
sudo a2enmod proxy_ajp
sudo a2enmod rewrite
sudo a2enmod deflate
sudo a2enmod headers
sudo a2enmod proxy_balancer
sudo a2enmod proxy_connect
sudo a2enmod proxy_html
sudo a2enmod remoteip
sudo a2enmod proxy_fcgi
sudo a2enmod proxy_wstunnel
sudo a2enmod expires

Important: Remember to restart the Apache server after installing new modules for the changes to take effect

Step 3: Editing Configuration File

To apply custom configurations to Apache2, you’ll need to edit its main configuration file. Use the nano editor to open it:

nano /etc/apache2/apache2.conf

Here you can add or modify directives according to your specific needs. After making the desired changes, save and exit the file.

Step 4: Managing the Apache2 Service

After making all the changes, it’s important to restart the Apache2 service for the new configurations to take effect:

sudo systemctl restart apache2

Additionally, you can stop or start Apache2 using the following commands:

  • To stop the service: 
    sudo systemctl stop apache2
  • To start the service: 
    sudo systemctl start apache2

Conclusion

You’ve successfully installed Apache2 and enabled a host of advanced features, setting a solid foundation for whatever web-based projects you plan to host. This flexible, modular setup ensures you have all the tools you need to build a robust, high-performance web server.

Redirect HTTP to HTTPS Using .htaccess

In today’s world, security is of paramount importance when it comes to web applications. One of the simplest ways to enhance your website’s security is by enforcing HTTPS, which stands for Hypertext Transfer Protocol Secure. HTTPS ensures that all communication between your browser and the website are encrypted.

When a user visits your website using an unsecured HTTP connection, we would ideally want to redirect them to the secure HTTPS version. This is where the Apache’s .htaccess file comes into play.

In Apache web servers, the .htaccess (hypertext access) file is a directory-level configuration file that allows for decentralized management of web server configuration. You can use .htaccess to rewrite URLs, password-protect directories, enable/disable additional functionalities, and much more. In this blog post, we’ll focus on how to use .htaccess to redirect all HTTP traffic to HTTPS.

The .htaccess File

The .htaccess file should be located in the root directory of your website. If the file doesn’t already exist, you can create it using a plain text editor. Note that the file has no name and the extension is .htaccess.

Now, let’s dive into the code to achieve this HTTP to HTTPS redirect.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Here’s what each line does:

  1. RewriteEngine On: This line enables the runtime rewriting engine. Essentially, it tells the server to start interpreting the rewrite rules that follow.
  2. RewriteCond %{HTTPS} off: This is a condition that checks if the HTTPS is off for the current request. If it is, the following RewriteRule will be executed.
  3. RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]: This is the rule that will be executed if the preceding condition is met. In essence, it tells the server to redirect all traffic ((.*)) to the same host (%{HTTP_HOST}) and the same requested resource (%{REQUEST_URI}), but over HTTPS. The [R=301,L] flag indicates that it is a permanent redirect (301) and this should be the last rule processed (L).

By incorporating these lines of code into your .htaccess file, you can ensure that all incoming HTTP traffic is seamlessly redirected to HTTPS, hence making your website more secure.

With a little knowledge of how .htaccess works and some simple code, you can significantly improve your website’s security and user trust in a short amount of time.

Enable HTTP/2 in Apache Web Server on Ubuntu 22.04

sudo apt-get install php8.1-fpm
sudo a2dismod php8.1
sudo a2enconf php8.1-fpm
sudo a2enmod proxy_fcgi
sudo a2dismod mpm_prefork

sudo a2enmod mpm_event

sudo a2enmod ssl

sudo a2enmod http2

sudo systemctl restart apache2

After enabling and loading necessary Apache modules, navigate to your Apache configuration directory and edit Apache configuration.

To enable HTTP/2 on your Apache web server add one of the following to your global Apache configuration or inside of a particular virtual host.

Protocols h2 http/1.1

Here is the minimal virtual server configuration that can be used to enable HTTP/2 in some virtual host:

<VirtualHost *:443>
  ServerName example.com
  ServerAlias www.example.com
  DocumentRoot /var/www/public_html/example.com
  SSLEngine on
  SSLCertificateKeyFile /path/to/private.pem
  SSLCertificateFile /path/to/cert.pem
  SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
  Protocols h2 http/1.1
</VirtualHost>

References
https://www.howtoforge.com/how-to-enable-http-2-in-apache

Configure Shadowsocks + V2ray + TLS + Apache + CDN on Ubuntu

Shadowsocks

nano /etc/shadowsocks/config.json
{
    "server":"127.0.0.1",
    "server_port":10001,
    "password":"password",
    "mode":"tcp_only",
    "timeout":300,
    "method":"chacha20-ietf-poly1305",
    "plugin":"v2ray-plugin_linux_amd64",
    "plugin_opts":"server;path=/ss;loglevel=none", # loglevel=debug
    "nameserver":"1.1.1.1"
}

Apache

nano /etc/apache2/apache2.conf
<VirtualHost *:80>
    Servername example.com
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URL} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    # change your domain
    ServerName example.com
    # you may have a different root
    DocumentRoot /var/www/

    # the SSL configuration enable https for your site and it’s also required by shadowsocks + v2ray
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/example.com/privkey.pem

    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3
    SSLCipherSuite HIGH:!aNULL

    <Location "/ss">
    ProxyPass ws://127.0.0.1:10001/ss
    ProxyAddHeaders Off
    ProxyPreserveHost On
    RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
    </Location>
</VirtualHost>

 

References
https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration
https://big533.cc/wordpress/index.php/2020/01/03/v2ray-setup-with-websocket-tls-using-apache/
https://github.com/KonaisPC/v2ray-apache-ws/blob/master/v2ray-apache.sh

.NET core app with SignalR with SSL with Apache Reverse Proxy Configuration

<IfModule mod_ssl.c>
<VirtualHost *:443>
  RewriteEngine On
  ProxyPreserveHost On
  ProxyRequests Off

  # allow for upgrading to websockets
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://localhost:5000/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)           http://localhost:5000/$1 [P,L]


  ProxyPass "/" "http://localhost:5000/"
  ProxyPassReverse "/" "http://localhost:5000/"

  ProxyPass "/chatHub" "ws://localhost:5000/chatHub"
  ProxyPassReverse "/chatHub" "ws://localhost:5000/chatHub"

  ServerName site.com
  
SSLCertificateFile /etc/letsencrypt/live/site.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

References
https://gist.github.com/technoknol/f21ae396f463e78e431bd89cc41b83ee
https://stackoverflow.com/questions/43552164/websocket-through-ssl-with-apache-reverse-proxy

Add Expires Headers to .htaccess File in WordPress

Making sure mod_expires is enabled

sudo a2enmod expires
systemctl restart apache2

Add Expires Headers to .htaccess

To add Expires Headers to your site, you need to edit the .htaccess file.

Simply download the .htaccess file from the root of your host (it may be hidden) and add the code below:

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
## EXPIRES CACHING ##

References
https://electrictoolbox.com/apache-mod-expires-browser-caching/
https://betterstudio.com/blog/add-expires-headers-htaccess/

Disable Directory Browsing In WordPress

To disable directory browsing in WordPress all you need to do is add a single line of code in your WordPress site’s .htaccess file located in the root directory of your website.
Once connected to your website, you will find a .htaccess file in your site’s root directory. .htaccess is a hidden file, and if you can not find it on your server, you need to make sure that you have enabled your FTP client to show hidden files.
Now at the end of your WordPress generated code in the .htaccess file simply add this line at the bottom:

Options All -Indexes

References
https://bloggingwizard.com/disable-directory-browsing-wordpress/
https://www.wpbeginner.com/wp-tutorials/disable-directory-browsing-wordpress/

Host ASP.NET Core on Linux with Apache

dotnet add package Microsoft.AspNetCore.HttpOverrides

Configure a proxy server

Invoke the UseForwardedHeaders method at the top of Startup.Configure before calling other middleware. Configure the middleware to forward the X-Forwarded-For and X-Forwarded-Proto headers:

// using Microsoft.AspNetCore.HttpOverrides;

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});

app.UseAuthentication();
// using System.Net;

services.Configure<ForwardedHeadersOptions>(options =>
{
    options.KnownProxies.Add(IPAddress.Parse("10.0.0.100"));
});

Forwarded Headers Middleware order

Forwarded Headers Middleware should run before other middleware. This ordering ensures that the middleware relying on forwarded headers information can consume the header values for processing. Forwarded Headers Middleware can run after diagnostics and error handling, but it must be run before calling UseHsts:

using Microsoft.AspNetCore.HttpOverrides;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddRazorPages();
builder.Services.Configure<ForwardedHeadersOptions>(options =>
{
    options.ForwardedHeaders =
        ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});

var app = builder.Build();

if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    app.UseForwardedHeaders();
    app.UseHsts();
}
else
{
    app.UseDeveloperExceptionPage();
    app.UseForwardedHeaders();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseAuthorization();

app.MapRazorPages();

app.Run();

Alternatively, call UseForwardedHeaders before diagnostics:

using Microsoft.AspNetCore.HttpOverrides;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddRazorPages();
builder.Services.Configure<ForwardedHeadersOptions>(options =>
{
    options.ForwardedHeaders =
        ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});

var app = builder.Build();

app.UseForwardedHeaders();

if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseAuthorization();

app.MapRazorPages();

app.Run();

Forwarded Headers Middleware options

using System.Net;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddRazorPages();
builder.Services.Configure<ForwardedHeadersOptions>(options =>
{
    options.ForwardLimit = 2;
    options.KnownProxies.Add(IPAddress.Parse("127.0.10.1"));
    options.ForwardedForHeaderName = "X-Forwarded-For-My-Custom-Header-Name";
});

var app = builder.Build();

app.UseForwardedHeaders();

if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseAuthorization();

app.MapRazorPages();

app.Run();

References
https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-apache?view=aspnetcore-5.0
https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-6.0