Install and Configure Apache on Ubuntu 20.04
Apache is a free, open-source web server that can handle both static and dynamic applications. It offers a highly flexible architecture with many modular extensions and is capable of acting as a reverse proxy or load balancer to deliver web applications or backend services.
This guide explains how to install Apache on Ubuntu 20.04 and configure it to securely serve web applications using virtual hosts.
Prerequisites
- An Ubuntu 20.04 server
- A configured A record for your domain pointing to the server’s IP address
- SSH access to the server as a non-root user with sudo privileges
- Ensure the server is updated
Install Apache
The Apache web server package is included in Ubuntu 20.04’s default repositories. Follow these steps to install the latest version using the APT package manager and set Apache to start automatically on boot.
Update the server’s package index
$ sudo apt update
Install the Apache web server package
$ sudo apt install apache2 -y
Check the installed Apache version
$ apachectl -v
Example output:
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2024-07-17T18:58:09
Allow HTTP traffic through the firewall
$ sudo ufw allow 80/tcp
Next, open your server’s public IP address in a browser (for example, Chrome) to confirm that the default Apache welcome page is displayed.
Manage the Apache System Service
The Apache service profile controls the web server’s runtime processes. Use the following commands to configure Apache to start on boot and to check or control the service status.
Enable Apache at boot
$ sudo systemctl enable apache2
Example output:
Synchronizing state of apache2.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable apache2
Start the Apache service
$ sudo systemctl start apache2
Check the Apache service status
$ sudo systemctl status apache2
Example output:
● apache2.service – The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2025-04-06 08:30:18 UTC; 3min 26s ago
Docs: https://httpd.apache.org/docs/2.4/
Main PID: 3588 (apache2)
Tasks: 55 (limit: 9415)
Memory: 7.0M
CGroup: /system.slice/apache2.service
├─3588 /usr/sbin/apache2 -k start
├─3589 /usr/sbin/apache2 -k start
└─3590 /usr/sbin/apache2 -k start
Stop the Apache service
$ sudo systemctl stop apache2
Restart Apache
$ sudo systemctl restart apache2
Create a New Apache Virtual Host
Apache uses virtual hosts to serve applications. By default, a virtual host listens on all IP addresses using HTTP port 80. Here’s how to disable the default host and create a custom virtual host for your own domain.
Create the configuration file
$ sudo nano /etc/apache2/sites-available/website.conf
Add the following content, replacing app.example.com with your domain and webmaster@example.com with the administrator’s email:
ServerAdmin webmaster@example.com
ServerName app.example.com
DocumentRoot /var/www/html/website
DirectoryIndex index.html index.php
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
This configuration serves files from /var/www/html/website on the domain app.example.com. Key directives include:
<VirtualHost *:80>: Listens on port 80ServerAdmin: Administrator email for error notificationsServerName: Domain name for the virtual hostDocumentRoot: Directory where application files are storedDirectoryIndex: Default file to serve (e.g., index.html)ErrorLogandCustomLog: Locations for log files<Directory /var/www/html/website>: Settings for the web root directoryOptions Indexes FollowSymLinks: Enables directory listing and symlink followingAllowOverride All: Permits .htaccess overridesRequire all granted: Grants access to all users
Disable the default virtual host
$ sudo a2dissite 000-default
Enable the new virtual host
$ sudo a2ensite website
Create the web root directory
$ sudo mkdir -p /var/www/html/website
Test the Apache configuration
$ sudo apachectl configtest
Expected output: Syntax OK
Create a sample index.html page
$ sudo nano /var/www/html/website/index.html
Add the following HTML content:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Apache Web Server</title>
</head>
<body>
<h1>Greetings from centron!</h1>
</body>
</html>
This page displays “Greetings from centron” when visited at your domain.
Assign ownership to the web root directory
$ sudo chown -R www-data:www-data /var/www/html/website
Restart Apache to apply changes
$ sudo systemctl restart apache2
Secure the Apache Web Server
By default, Apache listens on HTTP port 80, which means data travels between the server and the client’s browser without encryption. HTTPS provides secure, encrypted communication by using valid SSL certificates to authenticate the web server. Follow these steps to secure your Apache installation with trusted Let’s Encrypt SSL certificates, enabling encrypted traffic and automatically redirecting HTTP requests to HTTPS.
Install the Certbot Client
Use the Snap package manager to install the Certbot client for Let’s Encrypt.
$ sudo snap install certbot --classic
Request a New SSL Certificate
Request a Let’s Encrypt SSL certificate for your virtual host domain. Replace app.example.com with your actual domain and hello@example.com with your email address.
$ sudo certbot --apache --agree-tos --redirect -d app.example.com -m hello@example.com
Upon success, you should see output similar to:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/app.example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/app.example.com/privkey.pem
This certificate expires on 2025-07-05.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for app.example.com to /etc/apache2/sites-available/website-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://app.example.com
Test the SSL Renewal Process
Verify the automatic renewal process using a dry run.
$ sudo certbot renew --dry-run
Example output:
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Processing /etc/letsencrypt/renewal/app.example.com.conf
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Account registered.
Simulating renewal of an existing certificate for app.example.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/app.example.com/fullchain.pem (success)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Restart Apache to Apply SSL Changes
$ sudo systemctl restart apache2
Set Up Firewall Rules
Uncomplicated Firewall (UFW) can be enabled on Ubuntu 20.04 servers. Configure UFW to allow network connections through the Apache firewall profile.
List Available UFW Application Profiles
$ sudo ufw app list
You should see profiles similar to:
Apache
Apache Full
Apache Secure
OpenSSH
Allow the Apache Full Profile
This enables both HTTP (port 80) and HTTPS (port 443) connections through the firewall.
$ sudo ufw allow 'Apache Full'
Reload the Firewall
$ sudo ufw reload
Check Firewall Status
$ sudo ufw status
Example output:
To Action From
— —— —-
22/tcp ALLOW Anywhere
Apache Full ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
Finally, open your virtual host domain https://app.example.com in a browser to confirm that Apache serves your HTML application with the “Greetings from centron” message.
Conclusion
You have successfully installed the Apache web server on your Ubuntu 20.04 server. Apache allows you to host static websites and work with dynamic content processors like PHP to serve modern applications such as WordPress. Additionally, you can configure Apache as a reverse proxy using the mod_proxy module to securely deliver backend services.
