I still remember the first time I learned how to install Apache on Linux. It was 2008, I was running Ubuntu 8.04 Hardy Heron on a beat-up Dell Optiplex, and I had zero clue what a web server actually did. I just knew the tutorial said to type some commands and open a browser. When that default “It works!” page loaded in Firefox, something clicked inside me. That single moment turned a curious tinkerer into a full-time Linux person.
Fast forward to 2026, and the Apache HTTP Server Project is still everywhere. According to W3Techs web server statistics, the Apache web server powers roughly 24–30% of all websites globally. Over 1.25 million companies rely on it daily. Nginx has certainly grown, and I’ve written a full guide on how to set up Nginx on Linux, but Apache remains the backbone of shared hosting, enterprise deployments, and countless homelab projects.
This guide walks you through installing, configuring, and securing the Apache web server on both Ubuntu/Debian and RHEL/Rocky Linux. There’s also a critical security hardening step that most guides skip entirely. We’ll cover that in Step 6. Whether this is your first web server or your fiftieth, I’ve got you covered.
sudo apt install apache2 -y on Ubuntu/Debian or sudo dnf install httpd -y on RHEL/Rocky. Then start it with sudo systemctl enable --now apache2 (or httpd). Visit http://your-server-ip to confirm it’s running.
What Is Apache and Why It Still Powers the Web
Apache launched in 1995 and has dominated web hosting for over three decades. Its official mission? To provide “a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.” That mission hasn’t changed, and neither has its reliability.
Get a VPS from as low as $11/year! WOW!
What makes the Apache web server special is its flexibility. It uses a module-based architecture with Multi-Processing Modules (MPMs) and supports per-directory configuration through .htaccess files. This makes it perfect for shared hosting where multiple users need independent configs without touching the main server settings.
One thing that trips up newcomers constantly: the package name differs between distro families. On Ubuntu and Debian, it’s called apache2. On RHEL, Rocky Linux, and AlmaLinux, it’s called httpd. Same software, different packaging. I’ll cover both throughout this guide so you never get confused.
Before You Start: Prerequisites
Before we dive in, make sure you have:
- A Linux server running Ubuntu 22.04/24.04, Debian 12, RHEL 9, Rocky Linux 9, or AlmaLinux 9
- Root or
sudoaccess - Basic terminal familiarity
- No existing web server running on port 80
Check if port 80 is already in use:
sudo ss -tlnp | grep ':80'If nothing shows up, you’re good to go. If something does, stop that service first. My ss command guide explains how to read this output and troubleshoot listening ports.
Step 1: Update Your System
Always start with a fresh update. This ensures you get the latest package versions and security patches before installing anything new.
sudo apt update && sudo apt upgrade -yRHEL/Rocky/AlmaLinux:
sudo dnf update -yStep 2: Install Apache
Here’s where the distro split matters most. Pay close attention to the package name. Getting this wrong is one of the most common mistakes I see in forums and Stack Overflow threads.
Install on Ubuntu and Debian
sudo apt install apache2 -yVerify the installation:
apache2 -vYou should see the Apache version number and build date.
Install on RHEL, Rocky Linux, and AlmaLinux
sudo dnf install httpd -yVerify:
httpd -vBoth distro families install to the same default document root: /var/www/html. That’s where your website files will live until you configure virtual hosts.
Step 3: Start and Enable Apache with systemctl
Installing Apache doesn’t automatically start it. You need to start the service and enable it so it survives reboots.
sudo systemctl start apache2
sudo systemctl enable apache2RHEL/Rocky (one command does both):
sudo systemctl enable --now httpdCheck the status to make sure everything is running:
sudo systemctl status apache2 # or httpd on RHELNow open a browser and navigate to http://your-server-ip. You should see the Apache default welcome page. That “It works!” moment never gets old. For deeper service management options, read my systemctl service management guide.
You can also verify from the terminal. Use curl -I http://localhost to check the response headers, or run sudo ss -tlnp | grep ':80' to confirm Apache is listening on port 80. My ss command guide covers network socket verification in detail.
Step 4: Configure Your Firewall
If your server has a firewall running (and it should), you need to open ports 80 and 443 for web traffic. The process differs between Ubuntu and RHEL families.
UFW on Ubuntu and Debian
sudo ufw allow 'Apache Full'
sudo ufw statusApache Full opens both HTTP (port 80) and HTTPS (port 443). For HTTP only, use 'Apache' instead. For HTTPS only, use 'Apache Secure'. My UFW firewall guide covers all the available profiles and custom rules.
firewalld on RHEL and Rocky Linux
sudo firewall-cmd --permanent --add-service=http --add-service=https
sudo firewall-cmd --reloadThe --permanent flag makes the rule survive reboots. Without it, the rule disappears on the next restart. For advanced firewall rules and zone management, check out my firewalld guide.
Step 5: Set Up a Virtual Host for Your Domain
Virtual hosts let one Apache web server handle multiple domains from a single machine. This is how most production setups work, and once you set up virtual hosts, the real power of Apache configuration opens up.
Virtual Host on Ubuntu and Debian
Create a new config file:
sudo nano /etc/apache2/sites-available/yourdomain.confAdd this configuration block:
<VirtualHost *:80>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
DocumentRoot /var/www/yourdomain
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>Enable the site and disable the default:
sudo a2ensite yourdomain.conf
sudo a2dissite 000-default.conf
sudo systemctl reload apache2The a2ensite and a2dissite commands are Ubuntu/Debian helpers that manage symlinks between sites-available and sites-enabled directories.
Virtual Host on RHEL and Rocky Linux
Create the config at /etc/httpd/conf.d/yourdomain.conf with the same VirtualHost block above. Any .conf file placed in conf.d/ is auto-loaded by Apache. No a2ensite equivalent needed. Then reload:
sudo systemctl reload httpdFor both distro families, create the document root and set proper ownership:
sudo mkdir -p /var/www/yourdomain
sudo chown $USER:www-data /var/www/yourdomain # Ubuntu/Debian
sudo chown $USER:apache /var/www/yourdomain # RHEL/RockyUnderstanding file ownership is important here. My Linux file permissions guide explains chown and directory permissions in depth. The Apache docs also have excellent Apache virtual host examples for multi-domain and IP-based configurations.
Step 6: Harden Apache Security
Here’s the step I promised you wouldn’t want to skip. I learned this the hard way early in my sysadmin career. I left a default Apache install wide open on a test server, figured nobody would find it. Within hours, bots were scanning it and probing for known exploits. Default Apache installs broadcast your server version and OS to anyone who asks. That’s handing attackers a roadmap.
Add these two directives to your Apache configuration:
ServerTokens Prod
ServerSignature OffOn Ubuntu, edit /etc/apache2/conf-available/security.conf. On RHEL, edit /etc/httpd/conf/httpd.conf.
“It is recommended to use the ServerTokens Prod option so that a possible attacker does not gain any valuable information about your system.” — Red Hat Enterprise Linux Security Guide
ServerTokens Prod strips the Server response header down to just “Apache,” hiding your version and OS. ServerSignature Off removes the version footer from error pages.
Next, disable directory listing so visitors can’t browse your file structure when no index page exists:
<Directory /var/www/yourdomain>
Options -Indexes
</Directory>Always validate your config before reloading. This one habit has saved me from taking down production servers more times than I can count:
sudo apachectl configtestIf it returns “Syntax OK,” you’re safe to reload. For more hardening techniques, read the Apache official security tips. I also recommend browsing the best Linux security tools for a broader security toolkit, setting up fail2ban to block brute-force attacks, and securing your traffic with SSL using my Let’s Encrypt with Certbot guide.
Essential Apache Commands Every Admin Needs
After years of managing Apache servers, these are the commands I reach for daily:
- Test config syntax:
sudo apachectl configtest - Graceful reload (no dropped connections):
sudo systemctl reload apache2 - Full restart:
sudo systemctl restart apache2 - View error log:
sudo tail -f /var/log/apache2/error.log - View access log:
sudo tail -f /var/log/apache2/access.log - Enable a module:
sudo a2enmod rewrite - List active virtual hosts:
sudo apachectl -S
apache2 for httpd in every command above. Logs also live at /var/log/httpd/ instead of /var/log/apache2/.
You can also check Apache logs through systemd using journalctl -u apache2 --since today. My journalctl guide covers filtering, following live output, and advanced query syntax. Apache handles log rotation automatically through logrotate, but understanding how it works helps when logs grow unexpectedly. My logrotate guide breaks it down.
Next Steps: SSL, Monitoring, and Going Further
Your Apache web server is installed, configured with virtual hosts, and hardened against common threats. Nice work. But a production-ready server needs a few more layers. Here’s where to go next:
- Add free SSL: Encrypt your traffic with a free certificate from Let’s Encrypt. My Let’s Encrypt with Certbot guide walks you through the entire process in minutes.
- Monitor server health: Track Apache performance, uptime, and resource usage with my Prometheus and Grafana setup guide.
- Block bad actors: Protect your web server against brute-force attacks with my fail2ban setup guide.
- Generate dev certificates: For testing environments, use my openssl command guide to create self-signed certs.
- Compare web servers: Wondering if Nginx is a better fit for your use case? Read my guide on how to set up Nginx on Linux and decide for yourself.
Apache has powered the web for over 30 years, and knowing how to install Apache on Linux is still one of the most practical skills a sysadmin can have. Whether you’re running a personal blog, a company intranet, or a homelab experiment that got out of hand (we’ve all been there), Apache delivers the reliability you need.
