Apache config on Ubuntu 20.04

Posted under » Ubuntu » Apache » LAMP Security updated on 1 September 2020

Ubuntu tries to improve things in their Apache config in their new version.

For eg. to make it common among the many linux distro.
This : ErrorLog /var/log/apache2/error.log has become
This : ErrorLog ${APACHE_LOG_DIR}/error.log

Directory access control are specified in the main apache2.conf file.

<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied

#<Directory /usr/share>
#	AllowOverride None
#	Require all granted

<Directory /var/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted

It does not allow access to the root filesystem outside of /var/www. If your system is serving content from a sub-directory other than /var/www or in any related virtual host you must allow access here.

Includes to the apache config must have a .conf extension. This make things look neat and easy to understand.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf 

The sites-enabled www.conf file may look like this

<VirtualHost *:80>
  ServerName www.lkybast.com
  ServerAlias lkybast.com 
	ServerAdmin webmaster@lkybast.com 
	DocumentRoot /var/www/lkybast

	<Directory /var/www/lkybast/>
		Options -Indexes
		AllowOverride All
		Order allow,deny
		allow from all
		ServerSignature Off

	ErrorLog ${APACHE_LOG_DIR}/error-www-lkybast.log
	CustomLog ${APACHE_LOG_DIR}/access-www-lkybast.log combined

    ErrorDocument 404 /pagenotfound.php


If somehow you have access issues, instead of

  <Directory /var/www/lkybast/>
    Order allow,deny
    allow from all

Do this instead

  <Directory /var/www/lkybast/>
    Require all granted

Security issues

You may test if your config is working by

$ apachectl configtest

You may enable config in the conf-available directory by

$ sudo a2enconf mod-wsgi

You may enable site in the sites-available directory by

$ sudo a2ensite waklu.conf

To disable,

$ sudo a2dissite waklu.conf

You may wish to proceed in finetuning your LAMP config.

web security linux ubuntu python django git Raspberry apache mysql php drupal cake javascript css AWS