# Apache HTTP Server — Configure and Operate the Web Server

> Practical guide to the Apache HTTP Server — service control, configtest, virtual hosts, modules, TLS and directives on Debian/Ubuntu and RHEL.

Source: https://www.jpkc.com/db/en/cheatsheets/web-servers/apache/

<!-- PROSE:intro -->
The Apache HTTP Server – often simply called httpd – has been one of the most widely deployed web servers on the internet for decades. Its modular design lets you switch on features like mod_rewrite, SSL or reverse proxying exactly where you need them, and VirtualHosts let you serve any number of domains from a single instance. This cheat sheet collects the commands you reach for daily: service control, configuration tests, modules, VirtualHosts, TLS and performance tuning. Always validate your syntax with `apachectl configtest` before a reload – and prefer `graceful` over a hard restart to avoid dropping live connections.
<!-- PROSE:intro:end -->

## Service Management (systemctl)

`systemctl start apache2` — Start the Apache web server (Debian/Ubuntu). Use httpd on RHEL/CentOS.

```bash
systemctl start apache2
```

`systemctl stop apache2` — Stop the Apache web server gracefully.

```bash
systemctl stop apache2
```

`systemctl restart apache2` — Restart Apache (stops and starts). Drops all active connections briefly.

```bash
systemctl restart apache2
```

`systemctl reload apache2` — Reload Apache configuration without dropping active connections (graceful).

```bash
systemctl reload apache2
```

`systemctl status apache2` — Show Apache service status, PID, and recent log output.

```bash
systemctl status apache2
```

`systemctl enable apache2` — Enable Apache to start automatically on system boot.

```bash
systemctl enable apache2
```

`systemctl disable apache2` — Disable Apache from starting automatically on boot.

```bash
systemctl disable apache2
```

## apachectl Commands

`apachectl configtest` — Test the Apache configuration for syntax errors. Returns 'Syntax OK' or an error.

```bash
apachectl configtest
```

`apachectl -t` — Short alias for configtest. Test configuration syntax.

```bash
apachectl -t
```

`apachectl -t -D DUMP_VHOSTS` — Show a summary of all configured virtual hosts with their ServerName and document roots.

```bash
apachectl -t -D DUMP_VHOSTS
```

`apachectl -t -D DUMP_MODULES` — List all loaded Apache modules.

```bash
apachectl -t -D DUMP_MODULES
```

`apachectl -t -D DUMP_RUN_CFG` — Show the resolved runtime configuration (MPM settings, ServerName, etc.).

```bash
apachectl -t -D DUMP_RUN_CFG
```

`apachectl -v` — Show the Apache version and build date.

```bash
apachectl -v
```

`apachectl -V` — Show the Apache version, build flags, and compiled-in defaults.

```bash
apachectl -V
```

`apachectl graceful` — Reload Apache configuration gracefully (without dropping connections).

```bash
apachectl graceful
```

`apachectl graceful-stop` — Stop Apache gracefully after current requests complete.

```bash
apachectl graceful-stop
```

## Modules (Debian/Ubuntu)

`a2enmod <module>` — Enable an Apache module. Creates symlinks in mods-enabled/. Requires reload/restart.

```bash
a2enmod rewrite
```

`a2dismod <module>` — Disable an Apache module. Removes symlinks from mods-enabled/. Requires reload.

```bash
a2dismod status
```

`a2enmod rewrite && systemctl reload apache2` — Enable mod_rewrite and reload Apache in one step.

```bash
a2enmod rewrite && systemctl reload apache2
```

`a2enmod ssl headers deflate expires` — Enable multiple modules at once.

```bash
a2enmod ssl headers deflate expires
```

`apache2ctl -M` — List all currently loaded (static and shared) Apache modules.

```bash
apache2ctl -M
```

`apache2ctl -M | grep <module>` — Check whether a specific module is currently loaded.

```bash
apache2ctl -M | grep rewrite
```

## Virtual Hosts (Debian/Ubuntu)

`a2ensite <config>` — Enable a virtual host config file from sites-available/. Creates symlink in sites-enabled/.

```bash
a2ensite example.com.conf
```

`a2dissite <config>` — Disable a virtual host config file. Removes symlink from sites-enabled/.

```bash
a2dissite 000-default.conf
```

`a2ensite example.com.conf && systemctl reload apache2` — Enable a virtual host and reload Apache in one step.

```bash
a2ensite example.com.conf && systemctl reload apache2
```

`ls /etc/apache2/sites-enabled/` — List all currently enabled virtual host configurations.

```bash
ls /etc/apache2/sites-enabled/
```

`ls /etc/apache2/sites-available/` — List all available virtual host configuration files.

```bash
ls /etc/apache2/sites-available/
```

`apachectl -t -D DUMP_VHOSTS 2>&1 | grep -A3 'example.com'` — Find which vhost config handles a specific domain.

```bash
apachectl -t -D DUMP_VHOSTS 2>&1 | grep -A3 'example.com'
```

## Logs

`tail -f /var/log/apache2/access.log` — Follow the Apache access log in real-time (Debian/Ubuntu).

```bash
tail -f /var/log/apache2/access.log
```

`tail -f /var/log/apache2/error.log` — Follow the Apache error log in real-time.

```bash
tail -f /var/log/apache2/error.log
```

`tail -f /var/log/httpd/access_log` — Follow the Apache access log on RHEL/CentOS.

```bash
tail -f /var/log/httpd/access_log
```

`grep 'error\|crit\|alert\|emerg' /var/log/apache2/error.log` — Search the error log for critical and error-level messages.

```bash
grep 'error\|crit\|alert\|emerg' /var/log/apache2/error.log
```

`apache2ctl status` — Show a live server status page in the terminal (requires mod_status).

```bash
apache2ctl status
```

`apachectl -e debug -k start` — Start Apache with debug-level error logging for troubleshooting.

```bash
apachectl -e debug -k start
```

## SSL / TLS

`a2enmod ssl && a2ensite default-ssl.conf && systemctl reload apache2` — Enable SSL module and the default SSL virtual host (Debian/Ubuntu).

```bash
a2enmod ssl && a2ensite default-ssl.conf && systemctl reload apache2
```

`openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt` — Generate a self-signed SSL certificate valid for 365 days.

```bash
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
```

`openssl s_client -connect <host>:443 -servername <host>` — Test an SSL connection and inspect the certificate chain.

```bash
openssl s_client -connect example.com:443 -servername example.com
```

`openssl x509 -in server.crt -text -noout` — Display the details of an SSL certificate file (expiry, issuer, SANs).

```bash
openssl x509 -in server.crt -text -noout
```

`certbot --apache -d <domain>` — Obtain and install a Let's Encrypt SSL certificate for Apache automatically.

```bash
certbot --apache -d example.com -d www.example.com
```

`certbot renew --dry-run` — Test the automatic Let's Encrypt certificate renewal process.

```bash
certbot renew --dry-run
```

## Configuration Directories

`/etc/apache2/apache2.conf` — Main Apache configuration file on Debian/Ubuntu.

```bash
nano /etc/apache2/apache2.conf
```

`/etc/httpd/conf/httpd.conf` — Main Apache configuration file on RHEL/CentOS/Fedora.

```bash
nano /etc/httpd/conf/httpd.conf
```

`/etc/apache2/sites-available/` — Directory containing all virtual host definition files (Debian/Ubuntu).

```bash
ls /etc/apache2/sites-available/
```

`/etc/apache2/conf-available/` — Directory for additional configuration snippets (Debian/Ubuntu).

```bash
ls /etc/apache2/conf-available/
```

`/etc/apache2/mods-available/` — Directory containing all available module configuration files.

```bash
ls /etc/apache2/mods-available/
```

`a2enconf <config> && systemctl reload apache2` — Enable a configuration snippet from conf-available/.

```bash
a2enconf php8.2-fpm && systemctl reload apache2
```

`a2disconf <config>` — Disable a configuration snippet from conf-enabled/.

```bash
a2disconf security
```

## Virtual Host Configuration

Basic HTTP virtual host block with server name, document root, and separate log files.

```bash
<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/html/example
    ErrorLog ${APACHE_LOG_DIR}/example-error.log
    CustomLog ${APACHE_LOG_DIR}/example-access.log combined
</VirtualHost>
```

HTTPS virtual host block with SSL certificate configuration.

```bash
<VirtualHost *:443>
    ServerName example.com
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/example.crt
    SSLCertificateKeyFile /etc/ssl/private/example.key
    DocumentRoot /var/www/html/example
</VirtualHost>
```

Directory block granting access and enabling .htaccess overrides (AllowOverride All).

```bash
<Directory /var/www/html/example>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
```

Hide Apache version and OS from HTTP headers and error pages (add to apache2.conf).

```bash
ServerTokens Prod
ServerSignature Off
```

Reverse proxy: forward /api/ requests to a backend app on port 3000 (requires mod_proxy).

```bash
ProxyPass /api/ http://localhost:3000/
ProxyPassReverse /api/ http://localhost:3000/
```

## Performance & Tuning

`apache2ctl -V | grep 'MPM'` — Check which MPM (Multi-Processing Module) is active: prefork, worker, or event.

```bash
apache2ctl -V | grep 'MPM'
```

`a2dismod mpm_prefork && a2enmod mpm_event && systemctl restart apache2` — Switch from prefork to the high-performance event MPM (required for HTTP/2).

```bash
a2dismod mpm_prefork && a2enmod mpm_event && systemctl restart apache2
```

`a2enmod http2 && systemctl reload apache2` — Enable HTTP/2 support (requires mpm_event and SSL).

```bash
a2enmod http2 && systemctl reload apache2
```

`ab -n 1000 -c 10 https://example.com/` — Apache Bench: send 1000 requests with 10 concurrent connections to benchmark a URL.

```bash
ab -n 1000 -c 10 https://example.com/
```

`ab -n 500 -c 20 -H "Accept-Encoding: gzip" http://example.com/` — Benchmark with gzip encoding header to test compression performance.

```bash
ab -n 500 -c 20 -H "Accept-Encoding: gzip" http://example.com/
```

`curl -I -H 'Accept-Encoding: gzip' http://example.com/` — Check whether gzip compression (mod_deflate) is active for a URL.

```bash
curl -I -H 'Accept-Encoding: gzip' http://example.com/
```

<!-- PROSE:outro -->
## Conclusion

Apache remains the robust, broadly supported choice for classic web hosting – especially where `.htaccess` overrides, mature modules and decades of documentation matter. Always check configuration changes with `apachectl configtest` first and roll them out with a `graceful` reload, so your server stays stable even under live traffic. When you need maximum performance, pair the event MPM with HTTP/2 and mod_deflate.

## Further Reading

- [Apache HTTP Server – official documentation](https://httpd.apache.org/docs/) – reference and manual
- [Apache HTTP Server – Wikipedia](https://en.wikipedia.org/wiki/Apache_HTTP_Server) – background and history
<!-- PROSE:outro:end -->

## Related Commands

- [caddy](https://www.jpkc.com/db/en/cheatsheets/web-servers/caddy/) – modern web server with automatic HTTPS
- [certbot](https://www.jpkc.com/db/en/cheatsheets/web-servers/certbot/) – obtain and renew Let's Encrypt certificates
- [ferron](https://www.jpkc.com/db/en/cheatsheets/web-servers/ferron/) – lightweight web server written in Rust