Apache config on Ubuntu 20.04

Posted under » Ubuntu » Apache updated on 1 September 2020

Ubuntu tries to improve things in their Apache config in their new version.

For eg. to make it common among the many linux distro.
This : ErrorLog /var/log/apache2/error.log has become
This : ErrorLog ${APACHE_LOG_DIR}/error.log

Directory access control are specified in the main apache2.conf file.

<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied
</Directory>

#<Directory /usr/share>
#	AllowOverride None
#	Require all granted
#</Directory>

<Directory /var/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>

It does not allow access to the root filesystem outside of /var/www. If your system is serving content from a sub-directory other than /var/www or in any related virtual host you must allow access here.

Includes to the apache config must have a .conf extension. This make things look neat and easy to understand.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf 

The sites-enabled www.conf file is now shorter.

<VirtualHost *:80>
  ServerName www.lkybast.com
	ServerAdmin webmaster@lkybast.com 
	DocumentRoot /var/www/lkybast

    Options -Indexes

	ErrorLog ${APACHE_LOG_DIR}/error-www-lkybast.log
	CustomLog ${APACHE_LOG_DIR}/access-www-lkybast.log combined

    ErrorDocument 404 /pagenotfound.php

</VirtualHost>

As compared to the original

<VirtualHost *:80>
  ServerName www.lkybast.com
	ServerAdmin webmaster@lkybast.com 
	DocumentRoot /var/www/lkybast

	<Directory /var/www/lkybast/>
		Options -Indexes
		AllowOverride All
		Order allow,deny
		allow from all
	</Directory>

	ErrorLog /var/log/apache2/error-www-lkybast.log
	CustomLog /var/log/apache2/access-www-lkybast.log combined

    ErrorDocument 404 /pagenotfound.php

</VirtualHost>

Security issues

• However the original www.conf allows you to use .htaccess files, you need to have "AllowOverride All" on the directory but this could lead to security issues.
• Another security issue is enabling the index or directory browsing. So don't forget to put "Options -Indexes" to be on the safe side.
• It is a good idea when in production or live server you turn off server signature found in
  /etc/apache2/conf-available/security.conf

You may wish to proceed in finetuning your LAMP config.
 

© 2009-2021 anoneh.com | Home | About | My Wordpress | Tumblr | Blogger | Gallery