How to Install Apache Webserver on Debian 12

Introduction

Apache is an open-source high-performance web server application that enables the delivery of static web applications. It's a widely used web server application that's highly extensible with modules that enable modern functionalities and integrate with dynamic web content processors such as PHP.

This article explains how to install Apache on Debian 12 and create sample virtual hosts to securely serve web applications on a server.

Prerequisites

Before you begin:

• Deploy a Debian 12 server instance on Vultr.
• Create a domain A record pointing to the instance's public IP address. For example, app.example.com.
• Access the server using SSH as a non-root user with sudo privileges.
• Update the server.

Install Apache

Apache is available in the default package repositories on Ubuntu 24.04 with the latest package information. Follow the steps below to install Apache using the APT package manager on your server.

1. Update the server's package index.

   console Copy

   $ sudo apt update
   

2. Install Apache.

   console Copy

   $ sudo apt install apache2 -y
   

3. View the installed PHP version on your server.

   console Copy

   $ apachectl -v
   

   Your output should be similar to the one below.

   Server version: Apache/2.4.58 (Ubuntu)
   Server built:   2024-07-17T18:55:23

4. Allow the HTTP port 80 through the default firewall configuration.

   console Copy

   $ sudo ufw allow 80
   

5. Reload the firewall to apply changes.

   console Copy

   $ sudo ufw reload
   

6. Start the Apache web server.

   console Copy

   $ sudo systemctl start apache2
   

7. Visit your server IP address using a web browser such as Chrome.

   http://SERVER-IP

   Verify that Apache delivers the default virtual host web application page in your browser.

   

Manage the Apache System Service

Apache uses the apache system service to manage the application processes and runtime on your server. Follow the steps below to enable the Apache web server to automatically start at boot time, and manage the system service processes.

1. Enable Apache to automatically start at system boot.

   console Copy

   $ sudo systemctl enable apache2
   

2. Start the Apache web server.

   console Copy

   $ sudo systemctl start apache2
   

3. View the Apache service status and verify that it's running.

   console Copy

   $ sudo systemctl status apache2
   

   Output:

   ● apache2.service - The Apache HTTP Server
        Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
        Active: active (running) since Tue 2024-07-09 09:00:46 UTC; 45s ago
          Docs: https://httpd.apache.org/docs/2.4/
      Main PID: 2019 (apache2)
         Tasks: 55 (limit: 1091)
        Memory: 9.7M
           CPU: 36ms
        CGroup: /system.slice/apache2.service
                ├─2019 /usr/sbin/apache2 -k start
                ├─2021 /usr/sbin/apache2 -k start
                └─2022 /usr/sbin/apache2 -k start

4. Stop the Apache service.

   console Copy

   $ sudo systemctl stop apache2
   

5. Restart the Apache service.

   console Copy

   $ sudo systemctl restart apache2
   

6. Reload the Apache web server configuration to apply configuration changes without affecting the existing connections.

   console Copy

   $ sudo systemctl reload apache2
   

Create a new Apache Virtual Host

Apache virtual host profiles enable the web server to deliver web applications with specific configurations and file types. The /etc/apache2/sites-available directory contains Apache virtual host configuration files that define specific addresses or domains to serve web applications on your server. Follow the steps below to create a new Apache virtual host to serve sample web application files using the example domain app.example.com.

1. Disable the default Apache virtual host configuration.

   console Copy

   $ sudo a2dissite 000-default.conf
   

2. Create a new Apache virtual host configuration. For example, app.example.com.conf.

   console Copy

   $ sudo nano /etc/apache2/sites-available/app.example.com.conf
   

3. Add the following contents to the file. Replace app.example.com with your actual domain.

   apacheconf Copy

   <VirtualHost *:80>
   
   ServerAdmin email@app.example.com
   ServerName app.example.com
   ServerAlias app.example.com
   
   DocumentRoot /var/www/app.example.com
   DirectoryIndex index.php index.html
   
   ErrorLog ${APACHE_LOG_DIR}/app.example.com-error.log
   CustomLog ${APACHE_LOG_DIR}/app.example.com-access.log combined
   
   </VirtualHost>
   

   Save and close the file.

   The above configuration creates a new Apache virtual host that listens for connection requests on the HTTP port 80 using the domain app.example.com to deliver web application files from the web root directory /var/www/app.example.com.

4. Test the Apache configuration for errors.

   console Copy

   $ sudo apache2ctl configtest
   

   Output:

   Syntax OK

5. Enable the Apache virtual host configuration.

   console Copy

   $ sudo a2ensite app.example.com
   

6. Create the virtual host's web root directory /var/www/app.example.com.

   console Copy

   $ sudo mkdir /var/www/app.example.com
   

7. Grant the Apache user www ownership privileges to the web root directory.

   console Copy

   $ sudo chown -R www:www /var/www/app.example.com
   

8. Change the directory permissions to 755 to grant the Apache user full privileges to all available files.

   console Copy

   $ sudo chmod -R 755 /var/www/app.example.com
   

   The above 755 permission mode sets the following privileges on the directory and all files:

   • 7: Read, write and execute permissions to the www user.
   • 5: Read and execute permissions to the www user group.
   • 5: Read and execute permissions to other system users.

9. Create a new sample HTML application file index.html in the virtual host's web root directory.

   console Copy

   $ sudo nano /var/www/app.example.com/index.html
   

10. Add the following contents to the file.

    html Copy

    <!DOCTYPE html>
    <html lang="en">
    <head>
        <title>Greetings from Vultr</title>
    </head>
    <body>
        <h1>Greetings from Vultr</h1>
    </body>
    </html>
    

    Save and close the file.

    The above HTML application displays a Greetings from Vultr message when accessed in a web browser.

11. Restart the Apache service to apply your configuration changes.

    console Copy

    $ sudo systemctl restart apache2
    

12. Access your domain in a web browser window and verify that Apache serves your index.html web application.

    http://app.example.com

    

Secure the Apache Web Server

Apache listens for connection requests using your domain on the default HTTP port 80 using your virtual host configuration. HTTP connections are insecure and do not include any encryption mechanisms by default. Enable HTTPS connections using valid SSL certificates to encrypt all requests between a user's web browser and the Apache web server. Follow the steps below to generate trusted Let's Encrypt SSL certificates and secure the Apache web server.

1. Install the Snap package manager on your server.

   console Copy

   $ sudo apt install snapd -y
   

2. Install the Certbot Let's Encrypt client tool using Snap.

   console Copy

   $ sudo snap install certbot --classic
   

3. Verify the installed Certbot version on your server.

   console Copy

   $ sudo certbot --version
   

   Output:

   certbot 2.11.0

4. Generate a new SSL certificate for your virtual host domain. Replace app.example.com with your actual domain and user@example.com with your email address.

   console Copy

   $ sudo certbot --apache -d app.example.com -m email@example.com --agree-tos
   

   Output:

   Account registered.
   Requesting a certificate for app.example.com
   
   Successfully received certificate.
   Certificate is saved at: /etc/letsencrypt/live/app.example.com/fullchain.pem
   Key is saved at:         /etc/letsencrypt/live/app.example.com/privkey.pem
   This certificate expires on 2024-10-17.
   These files will be updated when the certificate renews.
   Certbot has set up a scheduled task to automatically renew this certificate in the background.
   
   Deploying certificate
   Successfully deployed certificate for app.example.com to /etc/httpd/conf.d/app.example.com-le-ssl.conf
   Congratulations! You have successfully enabled HTTPS on https://app.example.com

5. Test the Certbot automatic SSL certificate renewal process.

   console Copy

   $ sudo certbot renew --dry-run
   

   Output:

   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Processing /etc/letsencrypt/renewal/app.example.com.conf
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Account registered.
   Simulating renewal of an existing certificate for app.example.com
   
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Congratulations, all simulated renewals succeeded: 
     /etc/letsencrypt/live/app.example.com/fullchain.pem (success)
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6. Allow network connections on the HTTPS port 443 through the firewall.

   console Copy

   $ sudo ufw allow 443
   

7. Reload the firewall configuration to apply changes.

   console Copy

   $ sudo ufw reload
   

8. Visit your domain in a new web browser window using HTTPS and verify that your connection is secure.

   https://app.example.com

   Verify that a Connection is secure prompt displays in your browser's URL bar.

   

Conclusion

You have installed Apache on your Debian 12 server and enabled the web server to deliver web applications using virtual host configurations. You can integrate Apache with other applications such as PHP to enable additional functionalities and processing of specific content types on your server. For more information and configuration options, visit the official Apache documentation.