• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • Let’s learn how to install Apache HTTP server and secure that with the Let’s Encrypt Certificate.

    Introduction

    Apache is one of the most widely used HTTP webservers. Setting up the apache and secure it with an SSL cert is the first step you need to do for your web applications.

    In this tutorial, you will learn how to set up Apache for your website on Ubuntu and CentOS. I’ve tested this on DigitalOcean VM.

    For the demonstration purpose. I’m going to use the test domain name test.sanakil.xyz, which is supercharged by Cloudflare.

    Don’t forget to replace the test.sanakil.xyz domain with your actual domain. 📢

    DNS record creation

    Login to Cloudflare or your domain registrar (if not Cloudflare) and create an A record to point the domain to the cloud VM’s IP.

    Log in to your cloud server via SSH.

    Installing Apache(Ubuntu)

    To update the available packages up-to-date

    sudo apt-get update

    Install apache

    sudo apt-get install apache2

    Allow ports 80 and 443 in your firewall for the HTTP server.

    sudo ufw allow 'Apache Full'

    Check that your installed apache running correctly

    sudo systemctl status apache2

    Installing Apache(CentOS)

    Update the available packages up-to-date.

    sudo yum update

    Install Apache

    sudo yum install httpd

    Add ports 80 and 443 in the firewall to access the web app.

    sudo firewall-cmd --permanent --add-service=http
    sudo firewall-cmd --permanent --add-service=https
    sudo firewall-cmd --reload

    Start apache and check the running status

    sudo systemctl start httpd
    sudo systemctl status httpd

    Create VirtualHost for the website

    A virtual host can be created in two ways depending upon which type of web app/ website we serve.

    Suppose If the application already has a web server like Node running on a port. We can use a proxy to serve it in apache. Or if the app is just serving the files like static sites. We can specify the path of the application to serve in apache.

    Create a Virtual host file in apache – the configuration file can be in any name. But keeping it with the domain name which we are going to serve the web app will be better for easy identification.

    Additional setup for CentOS

    In CentOS(SELinux), not everything is enabled default like Ubuntu.

    We have to create sites-enabled and sites-available folders in apache.

    sites-enabled – tells apache to serve visitor with the conf files in it

    sites-available – store the virtual host conf files

    sudo mkdir /etc/httpd/sites-available /etc/httpd/sites-enabled

    Now tell the apache to read the conf file in the sites-enabled folder.

    sudo vi /etc/httpd/conf/httpd.conf

    Add the below line at the end of the file

    IncludeOptional sites-enabled/*.conf

    Configure Apache to serve files

    • Create a folder for serving your web app
    sudo mkdir -p /var/www/test.sanakil.xyz/webapp
    sudo vi /var/www/test.sanakil.xyz/webapp/index.html
    • Paste the below HTML snippet for testing
    <!DOCTYPE html>
    <html lang="en">
    <head>
    <title>Apache webapp</title>
    </head>
    <body>
    <h1>My Apache webapp is working in test.sanakil.xyz</h1>
    </body>
    </html>
    • Create a folder to generate and store logs
    sudo mkdir -p /var/www/test.sanakil.xyz/log
    sudo touch /var/www/test.sanakil.xyz/request.log
    sudo touch /var/www/test.sanakil.xyz/log/error.log
    Virtual host configuration
    • Open conf file(Ubuntu)
    sudo vi /etc/apache2/sites-available/test.sanakil.xyz.conf
    • Open conf file(CentOS)
    sudo vi /etc/httpd/sites-available/test.sankil.xyz.conf
    • Paste the below conf snippet by changing your-domain-name
    <VirtualHost *:80>
    ServerName test.sanakil.xyz
    ServerAlias test.sanaki.xyz
    DocumentRoot /var/www/test.sanakil.xyz/webapp
    ErrorLog /var/www/test.sankil.xyz/log/error.log
    CustomLog /var/www/test.sanakil.xyz/log/requests.log combined
    </VirtualHost>
    • Give required permission for your folder.
    sudo chown -R $USER:$USER /var/www/test.sanakil.xyz
    sudo chmod -R 755 /var/www/test.sanakil.xyz
    Enable your virtual host config file in apache(Ubuntu)
    sudo a2ensite test.sanakil.xyz.conf

    Disable the default conf file for security reason

    sudo a2dissite 000-default.conf

    Restart apache to make changes to take effect.

    sudo systemctl restart apache2

    Enable your virtual host config file in apache(CentOS)

    Create a symbolic link for apache

    sudo ln -s /etc/httpd/sites-available/test.sanakil.xyz.conf 
    /etc/httpd/sites-enabled/test.sanakil.xyz.conf

    Restart apache to make changes to take effect.

    sudo systemctl restart httpd

    Enabling HTTPS

    Enabling HTTPS in apache webserver in Ubuntu has been made easy by using certbot and Let’s Encrypt. 

    Let’s Encrypt is a non-profit organization which provided SSL certificate for millions of website free.

    Certbot is software that will automatically set up HTTPS for our website using let’s encrypt.

    Add and install certbot for apache(Ubuntu)

    sudo add-apt-repository ppa:certbot/certbot
    sudo apt install python-certbot-apache

    Add and install certbot for apache(CentOS)

    sudo yum install epel-release
    sudo yum install certbot python2-certbot-apache mod_ssl

    Get SSL certificate

    sudo certbot --apache -d your-domain-name

    If all the verification is done by certbot without any issues.

    It will ask for HTTPS redirection. Select option 2 and enter.

    That’s it.

    If everything works correctly, https://test.sanakil.xyz will show a basic HTML index page that we have created.

    Conclusion

    I hope this gives you an idea about installing and implement an SSL certificate on Apache.

    Next, find out how to implement a certificate in Nginx.