⚙️ Apache HTTPD – Configuration Guide

Apache uses a modular and flexible configuration system. The main file is typically:

RHEL/CentOS/Fedora: /etc/httpd/conf/httpd.conf
Debian/Ubuntu: /etc/apache2/apache2.conf

These include additional files and folders (conf.d/, sites-available/, mods-enabled/, etc.) using Include directives.

🧭 🔊 Listening: `Listen`

Bind Apache to IP(s) and port(s). Default:

Listen 80
Listen 443

You can specify interfaces:

# Listen on specific IP and port (For Network Interface)
Listen 192.168.1.100:80

ℹ️ Only root can bind ports below 1024.

🌐 Server Identity

ServerRoot "/etc/httpd"
ServerName example.com:80

# Disable server signature in error pages for security
ServerSignature Off

# Only show minimal server version details in headers
ServerTokens Prod

ServerName: Defines the canonical hostname/port
ServerSignature Off & ServerTokens Prod: Hide Apache version info for better security

📁 Document Root & Aliases

DocumentRoot "/var/www/html"
<Directory "/var/www/html">
  Options Indexes FollowSymLinks

# Allow .htaccess to override settings
  AllowOverride All        
  Require all granted
</Directory>

# Map /docs URL path to a different directory
Alias /docs "/opt/docs/html"
<Directory "/opt/docs/html">
  Require all granted
</Directory>

DocumentRoot: Base directory for serving files
Alias: Maps a URL path to a different file system location

🛡️ Directory-Level Controls

# Restrict access to a specific directory
<Directory "/var/www/html/private">
  Require ip 192.168.1.0/24

# Disallow .htaccess overrides in this directory
  AllowOverride None

# Disable all options (like Indexes, FollowSymLinks)
  Options None
</Directory>

Use <Directory>, <Files>, <Location> for access control

🌍 Virtual Hosts

Apache supports name-based and IP-based virtual hosts:

<VirtualHost *:80>
  ServerName example.com
  ServerAlias www.example.com
  DocumentRoot "/var/www/example"
  ErrorLog "logs/example-error.log"
  CustomLog "logs/example-access.log" combined
</VirtualHost>

✅ Use apachectl -S to debug vhost issues

⏱️ Performance & Security Tuning

# Wait 60 seconds max for client or server to respond -- Prevents hanging or delays
Timeout 60

# Reuse the connection for multiple requests --	Faster performance
KeepAlive On

# Allow 100 requests on one connection --	Limits overuse
MaxKeepAliveRequests 100

# Wait 5 seconds for next request	-- Save resources
KeepAliveTimeout 5

# Max size of the request line (like URL)	-- Blocks overly long URLs
LimitRequestLine 8190

# Max size of a header field --	Stops huge headers/cookies
LimitRequestFieldSize 8190

Optimize connection behavior with KeepAlive settings
Prevent abuse with header and line limits

🧪 Protocol Support: HTTP/2

Protocols h2 http/1.1
ProtocolsHonorOrder On

Ensure TLS-enabled vhosts have HTTP/2 enabled for speed

🔒 SSL Setup

Typically configured in ssl.conf:

Listen 443
<VirtualHost *:443>
  ServerName secure.example.com
  DocumentRoot "/var/www/secure"
  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/example.crt
  SSLCertificateKeyFile /etc/ssl/private/example.key
  Protocols h2 http/1.1
</VirtualHost>

Use valid certs, and enforce secure protocols

🔄 If / ElseIf Conditions

# If request comes from 10.1.0.0/16, allow access
<If "-R '10.1.0.0/16'">
  Require ip 10.1.0.0/16
</If>

# Else if request comes from 10.0.0.0/8, allow access
<ElseIf "-R '10.0.0.0/8'">
  Require ip 10.0.0.0/8
</ElseIf>


* Apache supports conditional logic in configurations

---

## 🧩 Modules & Includes

```apache
IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf
LoadModule rewrite_module modules/mod_rewrite.so

Modular approach keeps your config DRY and clean

✅ Testing & Reloading

apachectl configtest   # Syntax check
systemctl reload httpd # Graceful reload
systemctl restart httpd

Always test before reload/restart to avoid downtime

🔍 Quick Directive Reference

Directive	Description
`Listen`	IP/port binding
`ServerName`	Canonical hostname
`DocumentRoot`	Filesystem base directory
`Alias`	URL to filesystem path
`ErrorLog`, `CustomLog`	Logging setup
`Timeout`, `KeepAlive*`	Connection optimization
`LimitRequest*`	Protection against large headers
`<VirtualHost>`	Host-specific configurations
`Protocols`	Enable HTTP/2 support
`SSLEngine`, `SSLCert*`	TLS configuration

🎨 Pro Tips

💾 Backup before editing: Always make a copy of your config
🧼 Minimal modules: Enable only the modules you use
🔒 Harden SSL: Use strong ciphers, disable TLS 1.0/1.1
🔍 Logs: Always check logs in /var/log/httpd/ or /var/log/apache2/

📘 This configuration guide should help you understand and master Apache's flexible and powerful setup system!

🧭 🔊 Listening: Listen​

🌐 Server Identity​

📁 Document Root & Aliases​

🛡️ Directory-Level Controls​

🌍 Virtual Hosts​

⏱️ Performance & Security Tuning​

🧪 Protocol Support: HTTP/2​

🔒 SSL Setup​

🔄 If / ElseIf Conditions​

✅ Testing & Reloading​

🔍 Quick Directive Reference​

🎨 Pro Tips​