1

I am not new to Apache but nor am I an expert (by any means). I've run sveral versions of WAMP and XAMP server set-ups. Most of my Apache configurations are simple. I usually run a default master configuration file (httpd.conf or apache.conf) and one or two includes (with a different port, for example) and some site-specific virtual host files.

Recently, I set up a server to use HTTPS. I bought certificate and set it up. It wasn't too bad, but it got me thinking. Each Apache configuration I set up seems to be a bit different. I don't apply any best practices; just bits and pieces built up from a default installation using only those changes to make my application run.

This is now bothering me. I run Apache 2.2 currently and I would like to adopt a convention for myself with which I can keep consistent, one that I could more easily deploy to more servers in a quicker fashion.

So my question is, what files should I use and how should they interact? For example, I think most people agree that loading up your main Apache configuration with tweaks is a bad idea. So should you strip it down to the bare minimum and implement multiple includes? How do you properly set up the sites-available directory (sites-enabled filled with symlinks)? Because there are many ways to do things and since Apache allows for directives to be used in multiple places with the same affect, I find that bits and pieces get spread out over all these files, including using something like mod_rewrite in an .htaccess file (which I'm starting to believe is a bad idea unless you are on shared hosting where that's the only way).

For SSL, do you set up a default-ssl file or project-ssl. How many virtual hosts do I run on one server?

I understand that my question is somewhat subjective. There is probably not an objective answer. But my my goal is to get as close to an objective answer as possible.

Then there is WSGI. If you deploy Django sites, this further complicates things. Should I use /home/user/project/project/wsgi.py or /var/www/project/index.wsgi? How do these files interact with the Apache configuration?

Here is a list of files that I'm concerned with:

/etc/apache2/apache.conf
/etc/apache2/httpd.conf
/etc/apache2/ports.conf
/etc/apache2/envvars (mostly self explanatory)
/etc/apache2/conf.d/project.conf
/etc/apache2/conf.d/security
/etc/apache2/sites-available/default
/etc/apache2/sites-available/default-ssl
/etc/apache2/sites-available/project
/etc/apache2/sites-available/project-ssl

Why do some Apache installations have an Apache main configuration with modules included and others have mods-available and mods-enabled?

Like I said above, there seems to be a lot of overlap so I'm not surprised that this is a tricky topic to master.

Alternatively, if anyone knows a good reference that steps through this, I'd be interested in seeing it. I have a couple older Apache books and they just don't break it down. They assume you are complete beginner and that you leave the default alone. The Apache docs are pretty good and I go to them often, but a comprehensive source for what I'm looking for doesn't seem to exist (or, I haven't found the best search terms to find it).

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
nicorellius
  • 565
  • 2
  • 5
  • 23

2 Answers2

1

I like the following setup. It works well for me and my situation and for most of the work I've done. I don't currently use site-enabled / site-available. I also don't like using .htaccess files if possible.. My main goal is to keep all the configuration for a site as close as it can be to the rest of that sites config. That way if I set up another server the same way I can just pop in the vhost file and be done.

httpd.conf: I keep this neat, only loading modules and includes.

httpd-ssl.conf: I just add the stuff that has to be in there for any ssl to work.

AddType application/x-x509-ca-cert .crt 
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex  "file:/var/run/ssl_mutex"

httpd-vhosts: I try to keep everything i need for each site totally contained within the VirtualHost tags.

Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
ServerAdmin christopher.donald.jones@gmail.com
ServerName test.org
SSLEngine on
SSLCertificateFile /etc/ssh/test.org.crt
SSLCertificateKeyFile /etc/ssh/test.key
SSLCertificateChainFile /etc/ssh/test.crt
ErrorLog "/var/log/test.org-error_log
ProxyPreserveHost on
ProxyPass / http://127.0.0.1:2368/ retry=0
</VirtualHost>          

<VirtualHost *:443>
ServerAdmin christopher.donald.jones@gmail.com
DocumentRoot /usr/local/www/tinyrss/data             
ServerName test2.domaintest.org
SSLEngine on
SSLCertificateFile /etc/ssh/test2.crt
SSLCertificateKeyFile /etc/ssh/test2.key
ErrorLog "/var/log/test2.domaintest.org-error_log"
</VirtualHost>
CJONES
  • 317
  • 2
  • 11
1

The obvious reference would of course be the manual.

  • Simply put: the name/location of the main apache configuration file is a compile time option, typically a file called httpd.conf.
  • The name/location of that default location for the configuration file can be overriden by the -f commandline switch if you so desire.
  • The configuration file contains 1 directive per line.
  • The apache configuration file is parsed from top to bottom

  • You can put all directives used to configure apache in that single file.

  • You may use the Include or IncludeOptional directives in the main httpd.conf to include directives from other files.

    The included file is parsed at the location of the Include directive and it is parsed in order from top to bottom. At the end of the Include apache will return to the main httpd.conf configuration and the next directive will be parsed.

    In case the Include directive contains a wild card, the Included files will be parsed in lexicographical order.

Both the single configuration file or nesting using includes allow you to reach the same end-state. Whatever works best for you.

Compare the single configuration file:

#httpd.conf
Directive 1
Directive 2
Directive 3 
Directive 4

to a main http.conf

#httpd.conf
Directive 1
Include other.conf 
Directive 4

and the included file:

#other.conf
Directive 2
Directive 3 

Both result in exactly the same configuration, there is no "best" in that regard.

If you maintain a single configuration, by hand, then a single file may actually work best. You can easily read it from top to bottom and that makes it unlikely that you get surprised by the ordering of directives making your life difficult.

If you have a configuration management system that makes it easy to remove of deploy whole files, but has difficulties with changing parts of a configuration file, then using an Include dir/*.conf might make a whole lot more sense.

A single file, explicit Includes or wild card Includes it is mostly a question of personal preference and/or making the best use of your tooling.

The sites-available sites-enabled seems a Debian / Ubuntu convention.


The last section is the AllowOverride directive which allows locally overruling the settings made in the Apache configuration file(s) above by use of the .htaccess file. This provides flexibility as you don't need to restart apache for changes in configuration to take effect, but will generate extra overhead as for each web request all directories between the DocumentRoot and the requested file will need to be scanned for the presence of a potential .htaccess file.

HBruijn
  • 72,524
  • 21
  • 127
  • 192