Apache Server Guide: Get Started with The World’s Most Popular Web Server

Named out of respect for the Native American Tribe, the Apache HTTP server was created as a collaborative project and ended up becoming one of the most efficient servers of all time.

Apache was designed by contributors from all over the world, but the project started with Rob McCool of the National Center for Supercomputing Applications.

What was the point of the project? To create a commercial-grade computing server that could support any program, software, or application, regardless of how robust. Not only that, but Apache was meant to be free and open to the public, and it’s remained that way ever since.

Getting Started

Here are a few resources for getting setup and started with Apache:

• Apache Website: this site offers a getting started guide for those who have never worked with Apache in the past. It’s also useful for those who consider themselves new to building any type of website at all. The guide starts by covering everything from clients to URLs; configuration files to website content. Once you feel comfortable with the initial training, it asks you to move onto more advanced topics like downloading, installing, and configuring Apache.
• An Introduction to Apache: this resource from Tuts+ explores getting started with Apache more in-depth, talking about the tools and details that come together to make Apache work.
• Apache for Beginners: this outlines why you should care about this type of server and how it can help the average developer when constructing new software. Furthermore, the article explains popular methods for downloading and installing the server.

Basic Configuration

Now that you have the setup sorted, you can move onto configuring Apache:

• Learning Apache Web Server Administration: this course from Udemy takes a look at how Linux users can expand their knowledge with more visual learning options. Each lesson is broken down into a handful of lectures with videos and downloadable pages about everything from virtual hosts to authentication.
• Configuration Files: this resource on the official Apache site lists the files that are going to help you get the whole package setup. The best part of this resource is how it outlines what each directive and configuration file does for the server launch, along with which files you need to place the directives into.
• Directive Index: if you’re not at all familiar with what a directive is, or if you’d like to have a nice resource for referencing back to the most common directives, look at the directive index on the Apache site for names and descriptions of each one.
• Apache Configuration Basics: this covers some beginner questions you may have, but the true value stems from how some configurations of Apache call it Apache2, and the fact that these varying setups require different files.
• How to Configure the Apache Web Server on an Ubuntu or Debian VPS: I’d recommended that all learners and users check out this guide. Both Ubuntu and Debian are operating systems, similar to that of Windows or Mac OS. Therefore, the article explains how installing your web files onto a server like Apache also requires a viable operating system like one of these. What’s most crucial is the file hierarchy in Ubuntu and Debian, seeing as how a configuration can change drastically depending on the operating system.
• Apache 2 Basic Configuration on Unix-Like Systems: although a Unix operating system is related to that of the ones discussed above, it’s not a bad idea to consider the intricacies of each system. That’s why this resource stands out in terms of covering more than just one operating system. The flexibility and power of Apache is revealed in the Unix-like systems article, because it talks about the incredible combinations of configuration files for ensuring your server works the way you want it to.

Security

• Authentication and Authorization: this comes into play when you’re trying to protect your digital assets such as the server and the programs on the server. It basically acts as a gatekeeper, checking who wants to access the server and who is allowed access. The authorization portion of the resource expands on how you, the webmaster, can set certain user levels so that some users have access to more data, while others are either limited or completely shut out.
• Linux Apache HTTP Server Security and Hardening Guide: this video has several parts for your security needs. It’s a visual introduction to the topic.
• 13 Apache Web Server Security and Hardening Tips: this guide offers more in-depth details with 13 Apache security and hardening tips. For example, some of the tips talk about hiding some files so that no one has access to them outside of the webmaster. You’ll also learn about disabling unnecessary modules, updating Apache on a regular basis and restricting access to some users. All of these come in handy if you’re knowledgeable about Apache but nervous about keeping your assets safe.
• Security Tips: this resources on the official Apache site provides some basic security tips written in plain English for the complete beginner. It then goes into more detailed items such as protecting your server files in general and making sure that your system settings aren’t vulnerable.
• Apache Web Server Hardening and Security Guide: this guide from Geek Flare touches on many of the problems you might encounter from things like information leakage, SQL injections (a form of attack that involves injecting malicious code into a program,) problems with authorization and authentication, and more. The guide has a beautiful table of contents that leads to strong information about each of the threats.

Logging

• Turning on Logging in HttpClient: logging happens when a list of server activities are documented and stored. In some instances you might not want any of these activities to be logged. On the other hand, logging can be crucial for development, protection and management. This guide walks you through the process of turning on logging.
• Disable HttpClient Logging: on the flipside, you should also know how to turn logging off.
• Logging Practices: the proper logging practices improve your chances of success, considering you might mess something up if not following the right steps. Here’s the official guide from Apache.

CGI

• The Common Gateway Interface (CGI): has a far more complex definition than what we’re about to explain. In short, it’s a part of the web server that takes information submitted by the user, communicates with other applications on the server, then delivers some sort of response to the web browser and the user. You might see this in action if you fill out a form online and get a “Thank You” message in return.
• DIY: Enable CGI on your Apache Server: this article walks you through how it can be done on your own.
• Apache Tutorial: Dynamic Content with CGI: an official list of rules for directories and files.

FAQs

What’s an Apache Server?

Apache is a highly customizable and extendable web server with HTTP/1.1 compliance. It has an unrestricted license and is constantly being developed for new feature releases. Not only that, but features are built with the help of regular users, since you can submit feedback and report problems. Its full source code is one of the reasons developers go with Apache, considering it allows for the customization of modules in the API.

Some of the more common features include error and problem reports and responses, CGI scripts, authentication, password protected pages, and unlimited and flexible URL rewriting. You can also configure virtual hosts to make things more efficient for a network of sites or applications.

Is there a reason for the Apache name?

The Apache server was named in honor of the Native American tribe, known for their reputation as durable warriors. Some people claim that it’s actually called Apache because it’s “a patchy” server, due to it being built using patch files. Although interesting and cute, this isn’t the reason they named it Apache.

What’s so special about Apache in terms of performance?

In general, Apache’s performance beats out many comparable servers. That said, an expert in IIS could most definitely get that to perform better than Apache. However, doing that requires a high-level of knowledge, so in general you can expect Apache to meet most of your needs in terms of performance, and beat out the competition most of the time.

Does Apache have support I can call or email?

There’s no phone line or live chat you can contact in order to get support for the Apache server. However, the Apache support page does have some nice options like a bug report page and documentation. The majority of support is provided in this fashion, so don’t expect to be able to speak with a person through email or the phone. You’ll have to complete most of your own research.

How do I access Apache?

Downloading the source for Apache can be done on the official site. This page provides the download along with detailed information on what to do next.

What are some Apache server alternatives?

Anyone can open their own web server, meaning that there are plenty of alternatives to Apache. Some of the alternatives include the following:

• nginx
• Lighttpd
• Caddy
• Microsoft IIS
• WPN-XM
• Hiawatha
• Cherokee
• Abyss Web Server

This is just a small taste of other servers, so it’s recommended you research your options thoroughly before committing to a decision.

What do I do if I’m having problems?

When having problems with your Apache server, it’s a good idea to walk through some basic troubleshooting techniques before reporting a bug.

Start by checking the errorlog to see if Apache has reported anything that might be going wrong with the server. Most of the time, you can find an error that gives enough information for you to make a change. Sometimes you have to look up the error to understand what is going on.

After that, check out the questions listed further down in this FAQ to see some of the more common errors. This way you can understand what the problem is and adjust accordingly.

It’s also not a bad idea to check out the Apache bug database. If your issue has already been reported you should check in on occasion to see if it ever gets resolved. You should also contact the original poster to see if they have an email exchange that’s not posted publicly.

Social media groups, forums, and user support groups are another place where people talk about errors and bugs that you might want to check. If all of this fails to resolve your problem, report it to the bug database.

What happens if I get spam from Apache?

The short answer to this is that you’re most likely not getting spam from the Apache server. Many users think that because spam is traced back to a website using Apache it can immediately be attributed to the server. However, that’s not the case. In fact, no marketing spam ever attaches itself and sends out from the Apache server.

What does the undefined reference to “__inet_ntoa” error mean?

This generally happens when installing BIND-8. It means that you probably have a conflict between the libraries and the include files. To fix the problem, make sure you only use the include files and libraries that came along with your system. After that, go to your Configuration file and add -lbind to the EXTRA_LDFLAGS line. Rerun the Configure after that and you should be fine.

What does the “configure failed for srclib/apr” error mean?

The only time this error comes up is when you’re working with Apache 2.4 or later. Making a build with the -with-included-apr brings up this error sometimes. To fix it, you can download the *-deps tarball for the main release. Then place it in the same directory.

How do I handle GCC Compilation errors?

Apache fails to build when you don’t complete a few tasks with the GCC. The GCC ties into the operating system being used, so when you make an upgrade to your operating system you also have to rebuild GCC.

What does the “setgid: Invalid argument” error mean?

This error comes up on two occasions. The first one involves the Group directive. You can find the Group directive in conf/httpd.conf. The Group directive must name a group that is located in the /etc/group file. The other reason this occurs is when a negative number is utilized in the Group directive. For example, you might have something like Group #-2, which is not okay and will give you an error. Most of the time you should stick with a group name instead of a number in order to prevent this from happening.

What does the “httpd: could not set socket option TCP_NODELAY” error mean?

This error almost always happens when the client is disconnected at some point. Most commonly, it happens when the client disconnects sometime prior to when Apache called setsockopt() for the connection. This shouldn’t happen that often.

What does the “connection reset by peer” error mean?

There’s no reason to get alarmed by this message since it comes up quite frequently. All it means is that the client stopped the connection prior to the connection being set up. For example, the client would push the Stop button before the connection, sending an error to you. It all depends on the response time of your site, so if you have a slow site then you might see this error more often. It’s basically a message that tells you people don’t have the patience to sit around and wait for the site to load.

How do I access the Dump file?

The location of the Dump file is in the ServerRoot directory. You can also change this location by adjusting the CoreDumpDirectory directive. Basically, you would be able to choose any different directory if you think it’s more convenient for you.

What does the “Cannot determine host name. Use ServerName directive to set it manually.” message mean?

This is one of the more easily understood errors, since it tells you exactly what it means. Basically, the Apache server can’t figure out the hostname for your system.

In order to fix this you have to go to the confhttpd.conf file and locate the string called ServerName. The goal is to ensure that there’s an uncommented directive like ServerName localhost.

When you get to this location you have two options: To create a new one if you don’t have one or correct the problem. It’s also not a bad idea to see if Windows has DNS enabled. This can be done in the TCP/IP setup area of your Internet Options control panel or the Networking area.

After completing this process of activating your DNS, restart the server to see if it worked.

What does the “System error 1067 has occurred. The process terminated unexpectedly.” message mean?

As you can see, this is one of the more generic messages, but it involves the fact that your web server failed to start properly. The reason is up to you to figure out. In order to do so, go to the DOS Window and execute the following commands:

c: cd "Program FilesApache GroupApache" apache

If a prompt doesn’t come back, push Control-C to exit Apache. Sometimes you can check the Apache error log to find solutions as well.

What does the “admin: not a valid FDN: ….” error mean?

An error like this happens when utilizing the SuSE distribution, because third party authentication tools have been turned on by default. The problem is that they interfere with Apache, forcing the regular authentication to not work.

The main fix involves going to /etc/httpd/suse_addmodule.conf and /etc/httpd/suse_loadmodule.conf and commenting all of the modules you don’t need. In short, get rid of the modules that aren’t required for the server to work properly.

Why am I’m having trouble running a certain number of virtual hosts?

This happens most often when you encounter resource limits on your operating system. For example, the per-process limit for file descriptors is a common reason for virtual hosts to fail. Most of the time, you won’t get a descriptive error message for this, or you won’t receive one at all. If you’d like to fix this problem, there are a few solutions:

Start by finding your Listen directives and reducing the number of directives you have. Most of the time you don’t need any of these Listen directives at all, since Apache already listens to the addresses on port 80.

Some of the other solutions include reducing the amount of log files on the server and boosting the number of file descriptors.

Is there a way to add browsers and referrers to my log?

You have a few options when it comes to completing these tasks. The first one involves compiling the mod_log_config module in the configuration. You should use the CustomLog directive when doing this.

You have the option to either log the extra information inside other files besides the transfer log or utilize the records being written already.

I’m trying to access a directory, but I’m getting a “Forbidden” message. What is this?

More often than not, you can trace this back to one of two reasons. The first one is because your file system permissions are not letting the User/Group run on Apache. Because of this, Apache can’t access the right files.

On the other hand, it might be because your Apache setup has restrictions that block the access of files. You can view the Permission Denied information to figure out if the file permissions are at fault.

None of my parsed files are getting cached. Help!

Caches occur by comparing what’s being delivered from the server with the Last-Modified header. Your parsed files don’t get cached when the caching module can’t figure out if a document has changed or not.

Most of the time you can resolve this by generating an Expires header. Sometimes all you need to do is use the XBitHack Full mechanism for telling Apache to send out the Last-Modified header depending on the modification time.

Why am I having problems restricting access by host or domain name?

Most often you can fix this problem by adding HostnameLookups Double to your configuration. We find that this occurs when you either have a problem mapping in the DNS registration or you have troublesome verification and checking on your Apache server. For either one, you can check the origin information and adjust your configuration.