Posted under » Ubuntu » Apache » LAMP Security updated on 1 September 2020
Ubuntu tries to improve things in their Apache config in their new version.
For eg. to make it common among the many linux distro.
This : ErrorLog /var/log/apache2/error.log has become
This : ErrorLog ${APACHE_LOG_DIR}/error.log
Directory access control are specified in the main apache2.conf file.
<Directory /> Options FollowSymLinks AllowOverride None Require all denied </Directory> #<Directory /usr/share> # AllowOverride None # Require all granted #</Directory> <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory>
It does not allow access to the root filesystem outside of /var/www. If your system is serving content from a sub-directory other than /var/www or in any related virtual host you must allow access here.
Includes to the apache config must have a .conf extension. This make things look neat and easy to understand.
# Include generic snippets of statements IncludeOptional conf-enabled/*.conf # Include the virtual host configurations: IncludeOptional sites-enabled/*.conf
The sites-enabled www.conf file may look like this
<VirtualHost *:80> ServerName www.lkybast.com ServerAlias lkybast.com ServerAdmin webmaster@lkybast.com DocumentRoot /var/www/lkybast <Directory /var/www/lkybast/> Options -Indexes AllowOverride All Order allow,deny allow from all ServerSignature Off </Directory> ErrorLog ${APACHE_LOG_DIR}/error-www-lkybast.log CustomLog ${APACHE_LOG_DIR}/access-www-lkybast.log combined ErrorDocument 404 /pagenotfound.php </VirtualHost>
If somehow you have access issues, instead of
<Directory /var/www/lkybast/> Order allow,deny allow from all </Directory>
Do this instead
<Directory /var/www/lkybast/> Require all granted </Directory>
Security issues
You may test if your config is working by
$ apachectl configtest
You may enable config in the conf-available directory by
$ sudo a2enconf mod-wsgi
You may enable site in the sites-available directory by
$ sudo a2ensite waklu.conf
To disable,
$ sudo a2dissite waklu.conf
You may wish to proceed in finetuning your LAMP config.