How to Install and Secure Apache on Debian11

Having a web server like Apache is a great starting point for getting started with web technology on Linux. So, in this post, you will learn how to install and secure Apache on Debian 11 and get it ready for the work you need to do with it.

Introducing to Apache webserver

According to the Apache Web server site

The Apache HTTP Server Project is a collaborative software development effort aimed at creating a robust, commercial-grade, featureful, and freely available source code implementation of an HTTP (Web) server.

We often talk about Apache webserver but the program itself is called httpd, however, we will continue to use the term Apache Web Server to refer to it.

Apache Web server is one of the most popular web servers out there along with Nginx and others. Now the next question is what is a Web Server?

A web server is a computer program that is responsible for processing a server-side application. The web server waits for a browser to make a request, such as accessing a web page and responds to the request by sending HTML code via a network data transfer.

So if you intend to develop a web application, you will necessarily have to use a web server to make your website available. Some advantages of using Apache are the following:

  • Use the .htaccess file to configure whatever you want.
  • It is one of the web servers with more years in the market, super reliable.
    Apache can be customized, its structure is based on modules.
  • It allows you to activate and deactivate functionalities.
  • OpenSource so we can examine the source code and its functionalities.

So, let’s go for it.

Install and Secure Apache on Debian 11

Apache Web Server is available from the official repositories. So, first of all, we have to open a terminal or connect via SSH to the server

sudo apt update

And you can install Apache Web Server by running the following command

sudo apt install apache2

This will install the Apache Web Server from the official repositories along with its dependencies.

Also, you can search for Apache related packages in the official repositories as follows

sudo apt search apache2

So, now Apache Web Server is installed on the system.

Setting the Firewall for Apache Web Server

Like almost any web server, Apache runs on ports 80 and 443 in the case of HTTPS. So we need to make some changes to the firewall.

So, to open these ports, you can run

sudo ufw allow 80
sudo ufw allow 443

This is at the system level but if you have other firewalls protecting your server, you have to open those ports on it.

This way, the server will now allow requests on those ports and Apache will work. So, open your browser and go to http://your-server-IP or http://your-domain and you will see this:

Apache web server on Debian 11
Apache web server on Debian 11

Working with the Apache Web Server service on Debian 11

Apache web server is managed through a system service. This means that we have to use the systemctl command to start or manage it.

So, if you want to start it you have to run

sudo systemctl start apache2

To stop it, just run

sudo systemctl stop apache2

In case you make changes to the Apache configuration, you will have to restart Apache for these changes to take effect.

sudo systemctl restart apache2

Or:

sudo systemctl reload apache2

Also, it is a good idea to check the status of the service to see if Apache is working properly.

sudo systemctl status apache2

So the operation of the service is similar to other services like MariaDB.

Secure Apache webserver

One of the fastest and most efficient ways to secure an Apache installation is to modify the /etc/apache2/conf-enabled/security.conf file and add certain parameters.

So, create a backup of this file before editing it

sudo cp /etc/apache2/conf-enabled/security.conf /etc/apache2/conf-enabled/security.conf.bak

And now you can edit it

sudo nano /etc/apache2/conf-enabled/security.conf

And add the following content. If there are items already in the file just update it.

Save the changes and close the file.

We have to modify another file called /etc/apache2/mods-enabled/ssl.conf with which we can define other features that allow us to increase the security of Apache.

Again, back up the file first

sudo cp /etc/apache2/mods-enabled/ssl.conf /etc/apache2/mods-enabled/ssl.conf.bak

Edit it

sudo nano /etc/apache2/mods-enabled/ssl.conf 

And add the following

SSLProtocol -all +TLSv1.2
SSLCipherSuite HIGH:!aNULL:!MD5

Save the changes and restart apache to apply them.

sudo systemctl restart apache2

Now Apache is ready to use.

Conclusion

Apache Web Server is one of the most popular web applications and proof of this is that almost 40% of all websites are hosted with Apache. In addition to this, it is quite flexible and easy to implement configurations.

So, what do you think of Apache and its web server? Leave us a comment and help us grow.