Skip to main content
Kontronn

How to Set Up a Secure Apache Server on Ubuntu 24.04

·740 words·4 mins
Apache Ubuntu 24.04
Table of Contents

In this detailed tutorial, we’ll guide you through the process of configuring a secure Apache web server on Ubuntu 24.04. Whether you’re launching a personal blog or a professional business site, these steps will help you establish a reliable and well-protected server. Throughout this guide, replace “yourdomain.com” with your actual domain name.

Step 1: Update Your System
#

Begin by refreshing your package lists and upgrading your system to incorporate the latest security updates and software improvements.

sudo apt update
sudo apt upgrade

This ensures your server starts with a strong, up-to-date foundation.

Step 2: Install Apache
#

Next, install Apache2, a widely-used, open-source web server that powers a significant portion of the internet.

sudo apt install apache2

This command sets up Apache, preparing it to handle web traffic for your site.

Step 3: Configure the Firewall
#

Secure your server by adjusting the firewall to permit essential web traffic (HTTP and HTTPS) and, if needed, remote management via SSH.

sudo ufw allow http
sudo ufw allow https
sudo ufw allow OpenSSH
sudo ufw enable
  • sudo ufw allow http and sudo ufw allow https open ports 80 and 443 for standard and secure web traffic, respectively.
  • sudo ufw allow OpenSSH keeps the SSH port accessible for remote administration.
  • sudo ufw enable activates the firewall with these rules in place.

Step 4: Set Up a Basic Website
#

Create a directory for your website and add a simple HTML file to test your setup. Then, assign ownership to Apache’s default user.

sudo mkdir -p /var/www/html/yourdomain
sudo echo "Secure Apache Server on Ubuntu 24.04" > /var/www/html/yourdomain/index.html
sudo chown -R www-data:www-data /var/www/html/yourdomain/
  • mkdir -p builds the directory structure for your site.
  • The echo command generates a basic index.html file with a welcome message.
  • chown -R transfers ownership to www-data, Apache’s default user, ensuring proper permissions.

Step 5: Configure a Virtual Host
#

Set up a Virtual Host to direct traffic to your domain. This tells Apache how to handle requests for your site.

sudo nano /etc/apache2/sites-available/yourdomain.conf

Add this configuration, adjusting it for your domain:

<VirtualHost *:80>
    ServerAdmin admin@yourdomain.com
    ServerName yourdomain.com
    DocumentRoot /var/www/html/yourdomain
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Save the file, then enable your site and optionally disable Apache’s default configuration:

sudo a2ensite yourdomain
sudo a2dissite 000-default
  • sudo a2ensite yourdomain activates your custom site.
  • sudo a2dissite 000-default turns off the default Apache site (optional but recommended).

Step 6: Start and Enable Apache
#

Ensure Apache launches at boot and apply your changes by restarting the service.

sudo systemctl enable apache2
sudo systemctl restart apache2
  • enable sets Apache to start automatically on reboot.
  • restart reloads the service with your new settings.

Step 7: Verify Your Setup
#

Check that your site is live by accessing it through a browser or a command-line tool like wget.

wget yourdomain.com

If successful, you’ll retrieve the index.html file you created earlier.

Step 8: Add SSL with Let’s Encrypt (Optional)
#

Boost security by adding a free SSL certificate from Let’s Encrypt, encrypting data between your server and visitors.

sudo apt install certbot python3-certbot-apache
sudo certbot --apache
  • The first command installs Certbot and its Apache plugin.
  • The second automates certificate retrieval and configures Apache for HTTPS.

You could also use below command

sudo certbot --apache -d yourdomain.com

After running this, Apache should redirect HTTP requests to HTTPS automatically.

Step 9: Test Your Secure Site
#

Visit your site in a browser to confirm it’s running over HTTPS. Look for the padlock icon or test it programmatically if preferred.

Step 10: Strengthen Apache Security
#

Enhance your server’s defenses by tweaking its configuration to minimize vulnerabilities.

sudo nano /etc/apache2/apache2.conf

Add or update these lines:

TraceEnable Off
ServerTokens Prod
ServerSignature Off
  • TraceEnable Off blocks TRACE requests, thwarting potential attacks.
  • ServerTokens Prod hides detailed server info from response headers.
  • ServerSignature Off removes version details from error pages.

For extra protection, consider adding these settings to your Virtual Host, .htaccess, or httpd.conf:

Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5

These disable MIME sniffing, prevent clickjacking, enable XSS filtering, and enforce strong SSL/TLS protocols and ciphers. Restart Apache to apply:

sudo systemctl restart apache2

Wrapping Up
#

You’ve now established a secure Apache server on Ubuntu 24.04, ready to host your website with confidence. This setup balances functionality and security, but don’t stop here—keep your system updated and periodically review your configurations to stay ahead of emerging threats.

Related

AMD Mainstream Laptop APUs Are Running Out of Steam
·940 words·5 mins
AMD APU
NVIDIA Launches 96GB Version RTX 5090
·854 words·5 mins
NVIDIA RTX Pro 6000 GPU Blackwell 2025 GTC
AMD Enters the Arm PC Chip Market
·1920 words·10 mins
AMD Arm PC Chip Sound Wave APU