Apache2

March 16, 2026 • Apache2 • The dinosaur that still runs the web.

nginx is trendy. Everyone loves nginx. It's fast, it's lightweight, it handles more connections. But Apache2 is still out there, still running half the web, still supported by a massive community. Don't dismiss it.

Apache is not dead. It powers Netflix, Airbnb, Uber. Sometimes "newer" doesn't mean "better for your use case."

Installation

It's probably in your package manager:

# Debian/Ubuntu
apt install apache2

# RHEL/CentOS
yum install httpd

# Start it
systemctl start apache2    # or httpd
systemctl enable apache2   # start on boot

The Directory Structure

Everything you need is where it should be:

/etc/apache2/           # Configuration
  /sites-available/     # Site configs
  /sites-enabled/      # Active sites
  /modules/            # Loaded modules
  /ports.conf          # Listen ports
/var/log/apache2/      # Logs
/var/www/html/        # Default web root

Virtual Hosts

Host multiple sites on one server:

# Create config
vim /etc/apache2/sites-available/mysite.conf

<VirtualHost *:80>
    ServerName mysite.com
    ServerAlias www.mysite.com
    DocumentRoot /var/www/mysite
    
    <Directory /var/www/mysite>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    
    ErrorLog ${APACHE_LOG_DIR}/mysite-error.log
    CustomLog ${APACHE_LOG_DIR}/mysite-access.log combined
</VirtualHost>

# Enable it
a2ensite mysite
systemctl reload apache2

Modules

Apache is modular. Enable what you need:

# Enable SSL
a2enmod ssl

# Enable rewrite (for .htaccess)
a2enmod rewrite

# Enable headers
a2enmod headers

# Enable proxy
a2enmod proxy
a2enmod proxy_http

# List enabled modules
apache2ctl -M

Security

Don't serve the world your entire filesystem:

# Deny access to everything by default
<Directory />
    Require all denied
</Directory>

# Only allow specific directories
<Directory /var/www>
    Require all granted
</Directory>

# Hide Apache version
ServerTokens Prod
ServerSignature Off

SSL/TLS

Let's Encrypt changed everything. Get free SSL:

# Install certbot
apt install certbot python3-certbot-apache

# Get certificate
certbot --apache -d mysite.com -d www.mysite.com

# Auto-renewal is automatic
# Certificate renews before expiry

The Point

Apache has been around since 1995. It's battle-tested. It has documentation for everything. It works with .htaccess which makes per-directory configuration easy. It's not the fastest, but it's the most flexible.

Use nginx for high-concurrency static file serving. Use Apache for everything else. They're not enemies - they're tools.

The best web server is the one that does what you need. Apache still does what most people need.