Bitnami Apache

NOTE: Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and Mac OS X) or by clicking the shortcut in the Start Menu under "Start -> Bitnami APPNAME Stack -> Application console" (Windows). Learn more.

Apache is a popular open source Web server. It is a project of the Apache Software Foundation.

How to check which Apache modules are installed?

To check which Apache modules are included in your Bitnami stack, execute the command below at the server console:

$ sudo installdir/apache2/bin/apachectl -M

How to check your certificate and key?

If you get an error like this in the Apache error log file, it is because an incorrect certificate or key is in use.

[Mon May 12 15:37:46.891294 201X] [ssl:emerg] [pid 15450] AH02565: Certificate and private key example.com:443:0 from installdir/apps/your_app/conf/certs/server.crt and installdir/apps/your_app/conf/certs/server.key do not match
  • Verify that the current key matches the certificate file with the following commands. Note that the "Modulus" section in the key and certificate must match.

  • Check your certificate:

      $ openssl x509 -noout -text -in server.crt -modulus | grep Modulus
      Modulus=D6E23C2E6140707EA63F3250...
    
  • Check your key:

      $ openssl rsa -noout -text -in server.key -modulus | grep Modulus
      Modulus=D6E23C2E6140707EA63F3250...
    

In case of a mismatch, the wrong key is in use for the certificate and so Apache will not start until the issue is resolved.

How to configure your web application to use a virtual host?

Understand virtual host configuration files

Recent versions of Bitnami apps ship three configuration files in the installdir/apps/myapp/conf/ directory: httpd-app.conf, httpd-prefix.conf and httpd-vhosts.conf.

  • The httpd-app.conf file is the main configuration file for the application. It could have different content depending on the application:

     <Directory "installdir/apps/myapp/htdocs">
         Options +MultiViews
         AllowOverride None
         <IfVersion < 2.3 >
         Order allow,deny
         Allow from all
         </IfVersion>
         <IfVersion >= 2.3>
         Require all granted
         </IfVersion>
     </Directory>
    
     Include installdir/apps/myapp/conf/htaccess.conf
    

    For security and performance reasons, it is advisable to not set AllowOverride All to anything other than None (refer to this Apache note for more information). Bitnami applications store this configuration in the installdir/apps/myapp/conf/htaccess.conf file (more information).

  • The httpd-prefix.conf file ships the default configuration for the applications in "prefix" mode, such that the application can be accessed at (for example) http://example.com/myapp.

     Alias /myapp/ "installdir/apps/myapp/htdocs/"
     Alias /myapp "installdir/apps/myapp/htdocs"
    
     Include "installdir/apps/myapp/conf/httpd-app.conf"
    
  • The httpd-vhosts.conf file contains the default configuration for virtual hosts, for applications to be accessed at (for example) http://myapp.example.com.

     <VirtualHost *:8080>
       ServerName myapp.example.com
       DocumentRoot "installdir/apps/myapp/htdocs"
       Include "installdir/apps/myapp/conf/httpd-app.conf"
     </VirtualHost>
    
     <VirtualHost *:8444>
       ServerName myapp.example.com
       DocumentRoot "installdir/apps/myapp/htdocs"
       SSLEngine on
       SSLCertificateFile "installdir/apps/myapp/conf/certs/server.crt"
       SSLCertificateKeyFile "installdir/apps/myapp/conf/certs/server.key"
       Include "installdir/apps/myapp/conf/httpd-app.conf"
     </VirtualHost>
    

Define virtual host configuration

To configure your application to use a virtual host instead of the prefix URL, make these changes:

  • Delete the following line in the installdir/apache2/conf/bitnami/bitnami-apps-prefix.conf file:

     Include "installdir/apps/myapp/conf/httpd-prefix.conf"
    
  • Add a new link in the installdir/apache2/conf/bitnami/bitnami-apps-vhosts.conf file:

     Include "installdir/apps/myapp/conf/httpd-vhosts.conf"
    
  • Some applications require further changes in configuration files or the database. Please check the exact changes in the application's documentation.

NOTE: After modifying the Apache configuration files, restart Apache to apply the changes.

How to configure multiple SSL domains on the same IP address?

There is an extension to the SSL protocol called "Server Name Indication". It allows you to use only one IP address for several SSL-protected sites. The only drawback is that some older web browsers do not support it. The example Apache configuration is shown below:

NameVirtualHost *:80

<VirtualHost *:80>
ServerName my-wordpress.example.com
DocumentRoot "installdir/apps/wordpress/htdocs"
</VirtualHost>
<VirtualHost *:80>
ServerName my-sugarcrm.example.com
DocumentRoot "installdir/apps/sugarcrm/htdocs"
</VirtualHost>

Listen 443
NameVirtualHost *:443

<VirtualHost *:443>
SSLEngine on
DocumentRoot "installdir/apps/wordpress/htdocs"
ServerName my-wordpress.example.com
SSLCertificateFile "installdir/apache2/conf/my-wordpress.crt"
SSLCertificateKeyFile "installdir/apache2/conf/my-wordpress.key"
</VIrtualHost>

<VirtualHost *:443>
SSLEngine on
DocumentRoot "installdir/apps/sugarcrm/htdocs"
ServerName my-sugarcrm.example.com
SSLCertificateFile "installdir/apache2/conf/my-sugarcrm.crt"
SSLCertificateKeyFile "installdir/apache2/conf/my-sugarcrm.key"
</VirtualHost>

You can learn more at the following pages:

How to change the Apache port?

HTTP port

Under the default configuration, Apache will wait for requests on port 80. Change that by editing the httpd.conf file and modifying the value specified in the Port directive. For example:

Listen 8080

ServerName localhost:8080

Also change the port in installdir/apache2/conf/bitnami/bitnami.conf in the VirtualHost directive:

<VirtualHost _default_:8080>

Restart the Apache server for the change to take effect.

HTTPS port

Apache waits for HTTPS requests on port 443. Change that by editing the installdir/apache2/conf/bitnami/bitnami.conf file and modifying the value specified in the Port directive. For example:

Listen 8443 

<VirtualHost _default_:8443>

Restart the Apache server for the change to take effect.

NOTE: On Linux and OS X platforms, install the stack as the root user to use a port number under 1024.

How to create an SSL certificate?

OpenSSL is required to create an SSL certificate. A certificate request can then be sent to a certificate authority (CA) to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or you can use a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).

Follow the steps below for your platform.

Linux and Mac OS X

NOTE: OpenSSL will typically already be installed on Linux and Mac OS X. If not installed, install it manually using your operating system's package manager.

Follow the steps below:

  • Generate a new private key:

     $ sudo openssl genrsa -out installdir/apache2/conf/server.key 2048
    
  • Create a certificate:

     $ sudo openssl req -new -key installdir/apache2/conf/server.key -out installdir/apache2/conf/cert.csr
    
    IMPORTANT: Enter the server domain name when the above command asks for the "Common Name".
  • Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.

  • Until the certificate is received, create a temporary self-signed certificate:

     $ sudo openssl x509 -in installdir/apache2/conf/cert.csr -out installdir/apache2/conf/server.crt -req -signkey installdir/apache2/conf/server.key -days 365
    
  • Back up your private key in a safe location after generating a password-protected version as follows:

     $ sudo openssl rsa -des3 -in installdir/apache2/conf/server.key -out privkey.pem
    

    Note that if you use this encrypted key in the Apache configuration file, it will be necessary to enter the password manually every time Apache starts. Regenerate the key without password protection from this file as follows:

     $ sudo openssl rsa -in privkey.pem -out installdir/apache2/conf/server.key
    

Windows

NOTE: OpenSSL is not typically installed on Windows. Before following the steps below, download and install a binary distribution of OpenSSL.

Follow the steps below once OpenSSL is installed:

  • Set the OPENSSL_CONF environment variable to the location of your OpenSSL configuration file. Typically, this file is located in the bin/ subdirectory of your OpenSSL installation directory. Replace the OPENSSL-DIRECTORY placeholder in the command below with the correct location.

     $ set OPENSSL_CONF=C:\OPENSSL-DIRECTORY\bin\openssl.cfg
    
  • Change to the bin/ sub-directory of the OpenSSL installation directory. Replace the OPENSSL-DIRECTORY placeholder in the command below with the correct location.

     $ cd C:\OPENSSL-DIRECTORY\bin
    
  • Generate a new private key:

     $ openssl genrsa -out installdir/apache2/conf/server.key 2048
    
  • Create a certificate:

     $ openssl req -new -key installdir/apache2/conf/server.key -out installdir/apache2/conf/cert.csr
    
    IMPORTANT: Enter the server domain name when the above command asks for the "Common Name".
  • Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.

  • Until the certificate is received, create a temporary self-signed certificate:

     $ openssl x509 -in installdir/apache2/conf/cert.csr -out installdir/apache2/conf/server.crt -req -signkey installdir/apache2/conf/server.key -days 365
    
  • Back up your private key in a safe location after generating a password-protected version as follows:

     $ openssl rsa -des3 -in installdir/apache2/conf/server.key -out privkey.pem
    

    Note that if you use this encrypted key in the Apache configuration file, it will be necessary to enter the password manually every time Apache starts. Regenerate the key without password protection from this file as follows:

     $ openssl rsa -in privkey.pem -out installdir/apache2/conf/server.key
    

Find more information about certificates at http://www.openssl.org.

How to create a Virtual Host?

Using a Virtual Host allows you to access an application at (for example) http://localhost/ or http://APPNAME.localhost instead of http://localhost/APPNAME.

This example shows how to configure WordPress to be accessible from http://DOMAIN (replace the DOMAIN placeholder with the correct domain name for your virtual host). Follow these steps:

  • Comment out the line that includes the prefix configuration file in the installdir/apache2/conf/bitnami/bitnami-apps-prefix.conf file:

      # Include "installdir/apps/wordpress/conf/httpd-prefix.conf"
    
  • Include the virtual host configuration file for WordPress in the installdir/apache2/conf/bitnami/bitnami-apps-vhosts.conf file:

      Include "installdir/apps/wordpress/conf/httpd-vhosts.conf"
    
  • Edit the installdir/apps/wordpress/conf/httpd-vhosts.conf file and replace the placeholder domain within the ServerName and ServerAlias directives with the correct domain name.
  • Update the URL in the application if necessary. For WordPress, you will need to update the WordPress database using the following command. Remember to replace the DOMAIN placeholder with the correct domain name for your virtual host.

      $ sudo mysql -u root -p -e "USE bitnami_wordpress; UPDATE wp_options SET option_value='http://DOMAIN' WHERE option_name='siteurl' OR option_name='home';"
    
  • Restart the Apache server:

      $ sudo installdir/ctlscript.sh restart apache
    

How to debug Apache errors?

Once Apache starts, it will create two log files at installdir/apache2/logs/access_log and installdir/apache2/logs/error_log respectively.

  • The access_log file is used to track client requests. When a client requests a document from the server, Apache records several parameters associated with the request in this file, such as: the IP address of the client, the document requested, the HTTP status code, and the current time.

  • The error_log file is used to record important events. This file includes error messages, startup messages, and any other significant events in the life cycle of the server. This is the first place to look when you run into a problem when using Apache.

If no error is found, you will see a message similar to:

Syntax OK

How to deny connections from bots/attackers?

Sometimes, if you are experiencing poor performance, it is because you are being attacked by Internet bots. The reason for these attacks is that they are trying to find a security bug in your application code or in the software itself.

An example of a bot attack is attempting to check if the php.cgi binary is disabled. As this is disabled by default, attackers won't be able to exploit your system, but you will have hundreds or even thousands of connections from the same IP address (or even different IP addresses) trying to "check" every few hours if those binaries or scripts are available.

Our stacks and cloud images come with the latest versions of their components but, even though you are safe from those attacks, your server could experience poor performance because of the traffic they generate.

To know if you are being attacked, run the command below:

$ cd installdir/apache2/logs/
$ tail -n 10000 access_log | awk '{print $1}'| sort| uniq -c| sort -nr| head -n 10

This will show you the number of times that an IP address connected to your Web server. If you see that some IP addresses have many more connections than others, run the following command (remember to modify ATTACKER_IP with the correct IP):

$ cd installdir/apache2/logs/
$ grep "ATTACKER_IP" access_log

If you see that the IP address is always attempting to connect to the same location, if it is a URL that you don't know, or if it is trying to run binaries or scripts directly, it is likely that IP address is a bot.

Examples of log messages for this scenario are:

[Mon Dec 08 07:01:52 2014] [error] [client 143.107.202.68] script not found or unable to stat: installdir/apache2/cgi-bin/php-cgi
[Mon Dec 08 07:01:52 2014] [error] [client 143.107.202.68] script not found or unable to stat: installdir/apache2/cgi-bin/php.cgi
[Mon Dec 08 07:01:53 2014] [error] [client 143.107.202.68] script not found or unable to stat: installdir/apache2/cgi-bin/php4
[Mon Dec 08 19:01:51 2014] [error] [client 143.107.202.68] script not found or unable to stat: installdir/apache2/cgi-bin/php
[Mon Dec 08 19:01:51 2014] [error] [client 143.107.202.68] script not found or unable to stat: installdir/apache2/cgi-bin/php5
[Mon Dec 08 19:01:52 2014] [error] [client 143.107.202.68] script not found or unable to stat: installdir/apache2/cgi-bin/php-cgi
[Mon Dec 08 19:01:52 2014] [error] [client 143.107.202.68] script not found or unable to stat: installdir/apache2/cgi-bin/php.cgi
[Mon Dec 08 19:01:52 2014] [error] [client 143.107.202.68] script not found or unable to stat: installdir/apache2/cgi-bin/php4

This shows that an attacker with IP address 143.107.202.68 is trying to find the PHP CGI scripts, and all these connections are taking place within the same second.

To deny connections to these attackers, the easiest way is with your Apache configuration file. Follow these steps:

  • Edit the file at installdir/apps/APPNAME/conf/httpd-app.conf. The example below shows how to reject the 1.2.3.4 IP address in WordPress:

     <Directory installdir/apps/wordpress/htdocs>
     deny from 1.2.3.4
     ...
     </Directory>
    

    To deny access to more than one IP, use the example below:

     <Directory installdir/apps/wordpress/htdocs>
     deny from 1.2.3.4
     deny from 5.6.7.8
     deny from 9.10.11.12
     ...
     </Directory>
    
  • Check if your changes are okay by executing the following command:

     $ apachectl -t
    
  • Restart the Apache web server:

     $ sudo installdir/ctlscript.sh restart apache
    

To further protect your website, consider installing the mod_evasive module.

How to disable the cache in the server?

If you are developing on top of an AMP Stack or customizing any Bitnami Stack, your files (like JavaScript files) may be cached by the server and even you modify them your changes will not appear to be applied.

In order to disable the cache in the server and let the files be served each time, disable PageSpeed for Apache and OPCache, enabled by default in PHP.

To disable PageSpeed, comment out the following lines in your httpd.conf (installdir/apache2/conf/httpd.conf)

#Include conf/pagespeed.conf

#Include conf/pagespeed_libraries.conf

To disable OPCache, change opcache.enable in your php.ini file and set it to 0 (installdir/php/etc/php.ini)

How to enable HTTPS support with SSL certificates?

TIP: If you wish to use a Let's Encrypt certificate, you will find specific instructions for enabling HTTPS support with Let's Encrypt SSL certificates in our Let's Encrypt guide.
NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server.

Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.

Once you obtain the certificate and certificate key files, you will need to update your server to use them. Follow these steps to activate SSL support:

  • Use the table below to identify the correct locations for your certificate and configuration files.

    Variable Value
    Current application URL https://[custom-domain]/
      Example: https://my-domain.com/ or https://my-domain.com/appname
    Apache configuration file installdir/apache2/conf/bitnami/bitnami.conf
    Certificate file installdir/apache2/conf/server.crt
    Certificate key file installdir/apache2/conf/server.key
    CA certificate bundle file (if present) installdir/apache2/conf/server-ca.crt
  • Copy your SSL certificate and certificate key file to the specified locations.

    NOTE: If you use different names for your certificate and key files, you should reconfigure the SSLCertificateFile and SSLCertificateKeyFile directives in the corresponding Apache configuration file to reflect the correct file names.
  • If your certificate authority has also provided you with a PEM-encoded Certificate Authority (CA) bundle, you must copy it to the correct location in the previous table. Then, modify the Apache configuration file to include the following line below the SSLCertificateKeyFile directive. Choose the correct directive based on your scenario and Apache version:

    Variable Value
    Apache configuration file installdir/apache2/conf/bitnami/bitnami.conf
    Directive to include (Apache v2.4.8+) SSLCACertificateFile "installdir/apache2/conf/server-ca.crt"
    Directive to include (Apache < v2.4.8) SSLCertificateChainFile "installdir/apache2/conf/server-ca.crt"
    NOTE: If you use a different name for your CA certificate bundle, you should reconfigure the SSLCertificateChainFile or SSLCACertificateFile directives in the corresponding Apache configuration file to reflect the correct file name.
  • Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:

     $ sudo chown root:root installdir/apache2/conf/server*
    
     $ sudo chmod 600 installdir/apache2/conf/server*
    
  • Open port 443 in the server firewall. Refer to the FAQ for more information.

  • Restart the Apache server.

You should now be able to access your application using an HTTPS URL.

How to enable LDAP module in Apache?

Bitnami stacks already ship the LDAP module installed in Apache but it is not enabled by default. To enable this module, follow these steps:

  • Enable the LDAP module. Edit the main Apache configuration file located at installdir/apache2/conf/httpd.conf. Uncomment the mod_authnz_ldap line and add the mod_ldap line at the end of the LoadModule section:

    ...
    LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
    ...
    LoadModule ldap_module modules/mod_ldap.so
    
  • Restart Apache server and check it is already enabled:

    $ sudo installdir/ctlscript.sh restart apache
    $ installdir/apache2/bin/apachectl -M | grep ldap
      ...
      authnz_ldap_module (shared)
      ldap_module (shared)
      ...
    

How to add the mod_evasive module in Apache?

Follow these steps:

  • Download the latest version:

     $ wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
    
  • Extract the content:

     $ tar zxvf mod_evasive_1.10.1.tar.gz
    
  • Build, configure and install the module:

     $ cd mod_evasive
     $ cp mod_evasive{20,24}.c
     $ sed s/remote_ip/client_ip/g -i mod_evasive24.c
     $ sudo apxs -i -a -c mod_evasive24.c
    
  • Update the Apache module configuration:

     $ sudo sed 's@Include "installdir/apache2/conf/bitnami/bitnami.conf"@Include "installdir/apache2/conf/bitnami/bitnami.conf"\nInclude "installdir/apache2/conf/modevasion.conf"@' -i installdir/apache2/conf/httpd.conf
     $ sudo tee installdir/apache2/conf/modevasion.conf <<EOF
     #increases size of hash table. Good, but uses more RAM."
     DOSHashTableSize    3097"
     #Interval, in seconds, of the page interval."
     DOSPageInterval     1"
     #Interval, in seconds, of the site interval."
     DOSSiteInterval     1"
     #period, in seconds, a client is blocked.  The counter is reset to 0 with every access within this interval."
     DOSBlockingPeriod   10"
     #threshold of requests per page, per page interval.  If hit == block."
     DOSPageCount        2"
     #threshold of requests for any object by the same ip, on the same listener, per site interval."
     DOSSiteCount        50"
     #locking mechanism prevents repeated calls.  email can be sent when host is blocked (leverages the following by default "/bin/mail -t %s")"
     DOSEmailNotify      mbrown@domainy.com"
     #locking mechanism prevents repeated calls.  A command can be executed when a host is blocked.  %s is the host IP."
     #DOSSystemCommand    \"su - someuser -c \'/sbin/... %s ...\'\""
     #DOSLogDir           \"/var/lock/mod_evasive\""
     #whitelist an IP., leverage wildcards, not CIDR, like 127.0.0.*"
     #DOSWhiteList 127.0.0.1"
     EOF
    
  • Restart Apache:

    $ sudo installdir/ctlscript.sh restart apache
    

How to add the mod_proxy_html module in Apache?

Follow these steps:

  • Download the latest version:

     $ wget http://apache.webthing.com/mod_proxy_html/mod_proxy_html.tar.bz2
    
  • Extract the content and install the module:

     $ tar -jxf mod_proxy_html.tar.bz2
     $ cd mod_proxy_html/
     $ sudo apxs -c -I installdir/common/include/libxml2 -I. -i mod_proxy_html.c
     $ sudo chmod 755 installdir/apache2/modules/mod_proxy_html.so  
     $ sudo apxs -c -I installdir/common/include/libxml2 -I. -i mod_xml2enc.
     $ sudo chmod 755 installdir/apache2/modules/mod_xml2enc.so
    
  • Enable the module by including the lines below in the installdir/apache2/conf/httpd.conf configuration file:

     LoadFile installdir/common/lib/libxml2.so
     LoadModule proxy_html_module modules/mod_proxy_html.so
     LoadModule xml2enc_module modules/mod_xml2enc.so
    

How to add the mod_rpaf module in Apache?

Follow these steps:

  • Download the latest version:

     $ wget https://github.com/gnif/mod_rpaf/archive/stable.zip
    
  • Extract the contents and install the module:

     $ unzip stable.zip
     $ cd mod_rpaf-stable
     $ sudo make
     $ sudo make install
    
  • Check that the mod_rpaf.so file exists in the installdir/apache2/modules directory:

     $ ll installdir/apache2/modules/mod_rpaf.so
    
  • Load and configure the module. A configuration example follows; this can be added to the Apache configuration file at installdir/apache2/conf/httpd.conf.

     LoadModule              rpaf_module modules/mod_rpaf.so
     RPAF_Enable             On
     RPAF_ProxyIPs           127.0.0.1 10.0.0.0/24
     RPAF_SetHostName        On
     RPAF_SetHTTPS           On
     RPAF_SetPort            On
     RPAF_ForbidIfNotProxy   Off
    
  • Restart Apache to reload the new configuration:

     $ sudo installdir/ctlscript.sh restart apache
    

How to enable mod_security in Apache?

Bitnami stacks already ship the mod_security2 module installed in Apache but it is not enabled by default. To enable this module, follow these steps:

  • Enable the mod_security2 and mod_unique_id modules in Apache. Edit the main Apache configuration file and uncomment the unique_id_module and add the mod_security line at the end of the LoadModule section:

     ...
     LoadModule unique_id_module modules/mod_unique_id.so
     ...
     LoadModule security2_module modules/mod_security2.so
    
  • Add the default configuration file for mod_security at the end of the Apache configuration file:

     Include "installdir/apache2/conf/modsecurity.conf"
    
  • Restart Apache server and check it is already enabled:

     $ sudo installdir/ctlscript.sh restart apache
     $ tail installdir/apache2/logs/error_log
    
     ...
      [Thu Jan 30 18:42:14.004246 2014] [:notice] [pid 1127] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
     ...
    

How to add the mod_xsendfile module in Apache?

Bitnami LAMP/MAMP/WAMP stacks b5.4.13-2 and later include the mod_xsendfile module. To enable this module, add the following line in the Apache configuration file:

    LoadModule xsendfile_module modules/mod_xsendfile.so

If you are using an older version, it is easy to install this module into your existing Apache server. If you are using a native installer, you must install the necessary compilation tools first. Follow these steps:

  • Download the latest version:

     $ wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.gz
    
  • Extract the content and install the module:

     $ tar -xzvf mod_xsendfile-0.12.tar.gz
     $ cd mod_xsendfile-0.12
     $ sudo installdir/apache2/bin/apxs -aci mod_xsendfile.c
    

If everything goes well, the module will be installed to installdir/apache2/modules/mod_xsendfile.so. Check the mod_xsenfile configuration page to find out how to configure this module for your application.

How to configure Apache with Phusion Passenger?

To configure Apache with Phusion Passenger, refer to this page.

How to force HTTPS redirection with Apache?

Add the following lines in the default Apache virtual host configuration file at installdir/apache2/conf/bitnami/bitnami.conf, inside the default VirtualHost directive, so that it looks like this:

<VirtualHost _default_:80>
  DocumentRoot "installdir/apache2/htdocs"
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
  ...
</VirtualHost>

After modifying the Apache configuration files:

  • Open port 443 in the server firewall. Refer to the FAQ for more information.

  • Restart Apache to apply the changes.

How to publish my web page?

If you already have a Web page and you want to serve its content with Apache, copy your file to the default document root directory at installdir/apache2/htdocs/.

How to redirect www.myapp.example.com (or other domains) to my server?

  • Add a ServerAlias in the httpd-vhosts.conf file for your application. This option is designed to specify alternate names for a host and is used when matching requests. Here's an example:

     <VirtualHost *:80>
     ServerName app.example.com
     ServerAlias www.app.example.com app.example.org www.app.example.uk.org
     ...
    
     <VirtualHost *:443>
     ServerName app.example.com
     ServerAlias www.app.example.com app.example.org www.app.example.uk.org
    
  • Check that the installdir/apache2/conf/bitnami/bitnami-apps-vhosts.conf file includes the httpd-vhosts.conf file for your application. It should include a line like the one below.

     Include "installdir/apps/APPNAME/conf/httpd-vhosts.conf"
    

    If it does not, add the line above to the installdir/apache2/conf/bitnami/bitnami-apps-vhosts.conf file, replacing the APPNAME placeholder with the correct directory name for your application.

NOTE: After modifying the Apache configuration files, restart Apache to apply the changes.

How to redirect www.myapp.example.com to myapp.example.com?

This redirection is an SEO "best practice".

  • Add the following in the httpd-vhosts.conf file for your application.

     <VirtualHost *:80>
     ServerName app.example.com
     ServerAlias www.app.example.com
     RewriteEngine On
     RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
     RewriteRule ^(.*)$ http://%1$1 [R=permanent,L]
     ...
    
     <VirtualHost *:443>
     ServerName app.example.com
     ServerAlias www.app.example.com
     RewriteEngine On
     RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
     RewriteRule ^(.*)$ https://%1$1 [R=permanent,L]
     ...
    
  • Check that the installdir/apache2/conf/bitnami/bitnami-apps-vhosts.conf file includes the httpd-vhosts.conf file for your application. It should include a line like the one below.

     Include "installdir/apps/APPNAME/conf/httpd-vhosts.conf"
    

    If it does not, add the line above to the installdir/apache2/conf/bitnami/bitnami-apps-vhosts.conf file, replacing the APPNAME placeholder with the correct directory name for your application.

NOTE: After modifying the Apache configuration files, restart Apache to apply the changes.

How to redirect myapp.example.com to www.myapp.example.com?

  • Add the following in the httpd-vhosts.conf file for your application. Or, to apply this redirection by default for all applications installed, add it to the default VirtualHost in the installdir/apache2/conf/bitnami.conf file.

     <VirtualHost *:80>
       ServerName app.example.com
       ServerAlias www.app.example.com
       RewriteEngine On
       RewriteCond %{HTTP_HOST} !^www\. [NC]
       RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
      ...
         
     <VirtualHost *:443>
       ServerName app.example.com
       ServerAlias www.app.example.com
       RewriteEngine On
       RewriteCond %{HTTP_HOST} !^www\. [NC]
       RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
      ...
    
  • If you used the httpd-vhosts.conf file for the application, check that the installdir/apache2/conf/bitnami/bitnami-apps-vhosts.conf file includes the httpd-vhosts.conf file for your application. It should include a line like the one below.

     Include "installdir/apps/APPNAME/conf/httpd-vhosts.conf"
    

    If it does not, add the line above to the installdir/apache2/conf/bitnami/bitnami-apps-vhosts.conf file, replacing the APPNAME placeholder with the correct directory name for your application.

NOTE: After modifying the Apache configuration files, restart Apache to apply the changes.

Troubleshooting

Why can't I start the Apache server?

  • Check the Apache error log file

    Check the Apache error log file at installdir/apache2/logs/error_log (Linux and OS X) or installdir/apache2/logs/error.log (Windows) for information about why the error occurred.

  • Check if another process is listening to that port

    If another process is using that address you'll get:

     (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:port_number
     no listening sockets available, shutting down
    

    To see which process is already using that port you can run the following from a command prompt:

     $ sudo netstat -ltnp | grep :port_number (Linux and OS X)
     netstat -b -a -n (Windows)
    

    In the last column you'll see the process id or process name. You can then use:

     $ ps aux | grep process_name (Linux and OS X)
    

    Look for the pid in the second column and you'll get more information about that process.

    In case another process is using that port, use another port or stop that process.

  • Check if IIS is enabled and running (Windows)

    In case you are using IIS on Windows, you may have some troubles if IIS is running. Check it first:

    netstat -b -a -n
    

    If this is the cause, you can stop it by opening an elevated command-line window. At the command prompt, type net stop WAS and press ENTER, then type Y and press ENTER to also stop W3SVC.

    If you upgrade Windows, IIS may cause conflicts and you won't see the services in the Bitnami Manager Tool. If you lost your services, recover them by opening an elevated command prompt, loading the environment by running "installdir/APP-VERSION/use_app.bat" and then installing the services with "installdir/APP-VERSION/serviceinstall.bat INSTALL".

  • Check permissions and ownership

    Check if you have permissions to bind Apache to the requested port. To bind Apache to privileged ports, start Apache as root. If you don't have permissions to bind Apache to some port, you'll see this error:

     (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:port_number
     no listening sockets available, shutting down
    

    If Apache is unable to open the configuration or the log file, check that the owner of those files is the same user account that installed Apache and that it has write permissions on logs and read permissions on the configuration file. If this is not the case, you will see these errors:

     (13)Permission denied: AH00649: could not open transfer log file installdir/apache2/logs/access_log. 
     AH00015: Unable to open logs
    
     (13)Permission denied: AH00091: httpd: could not open error log file installdir/apache2/logs/error_log.
     AH00015: Unable to open logs
    
     httpd: Could not open configuration file installdir/apache2/conf/httpd.conf: Permission denied
     apache config test fails, aborting
    

How to configure the Apache server?

There are two files holding the configuration of the Apache server:

  • The installdir/apache2/conf/httpd.conf file is the main Apache configuration file.

  • The installdir/apache2/conf/bitnami/bitnami.conf file defines which configuration for each application should be loaded by the Apache server. This file internally references the two files below:

    • The installdir/apache2/conf/bitnami/bitnami-apps-prefix.conf file defines the list of applications to load.
    • The installdir/apache2/conf/bitnami/bitnami-apps-vhosts.conf file defines those applications that need to be served in a different virtual host.

By default, Bitnami applications are accessible at http://localhost/APP. For more information on application-specific Apache configuration files such as the installdir/apps/APP/conf/httpd-app.conf file or the installdir/apps/APP/conf/htaccess.conf file, refer to this section.

Which is my Apache version?

Check your Apache version using the apachectl command. Remember to execute it inside the Bitnami console:

$ apachectl -V
NOTE: When running the commands shown on this page, replace the installdir placeholder with the full installation directory for your Bitnami stack.

How to configure .htaccess files?

One of our main goals is to configure Bitnami applications in the most secure way. For this reason, we moved the configuration in the .htaccess files to the main application configuration files and set the AllowOverride option to None by default.

NOTE: The Apache Software Foundation also recommends this configuration. To quote: "For security and performance reasons, do not set AllowOverride to anything other than None in your block. Instead, find (or create) the block that refers to the directory where you're actually planning to place a .htaccess file."

The content of the .htaccess files have been moved to the installdir/apps/APPNAME/conf/htaccess.conf file. For example, the Bitnami MediaWiki application uses the following configuration files:

  • The installdir/apps/mediawiki/conf/httpd-app.conf file is the main application configuration file (previous versions called it mediawiki.conf). It also sources the htaccess.conf file.

     <Directory "installdir/apps/mediawiki/htdocs">
         Options +MultiViews
         AllowOverride None
         <IfVersion < 2.3 >
         Order allow,deny
         Allow from all
         </IfVersion>
         <IfVersion >= 2.3>
         Require all granted
         </IfVersion> 
     </Directory>
     Include "installdir/apps/mediawiki/conf/htaccess.conf"
    
  • The installdir/apps/mediawiki/conf/htaccess.conf file ships the content of all .htaccess files required by the application. It typically looks like this:

     <Directory installdir/apps/mediawiki/htdocs/cache>
       Deny from all
     </Directory>
     <Directory installdir/apps/mediawiki/htdocs/images>
       # Protect against bug 28235
       <IfModule rewrite_module>
         RewriteEngine On
         RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase]
         RewriteRule . - [forbidden]
       </IfModule>
     </Directory>
     <Directory installdir/apps/mediawiki/htdocs/includes>
       Deny from all
     </Directory>
     <Directory installdir/apps/mediawiki/htdocs/languages>
       Deny from all
     </Directory>
     <Directory installdir/apps/mediawiki/htdocs/maintenance>
       Deny from all
     </Directory>
     <Directory installdir/apps/mediawiki/htdocs/maintenance/archives>
       Deny from all
     </Directory>
     <Directory installdir/apps/mediawiki/htdocs/serialized>
       Deny from all
     </Directory>
    

How to add a new section in the .htaccess file when installing a plugin?

Some plugins, during their installation, create an htaccess file in either the installdir/apps/APPNAME/htdocs/ or in the installdir/apps/APPNAME/htdocs//plugins directory that can not be read by Apache. For that reason, we recommend to move the content of that file to the installdir/apps/APPNAME/conf/htaccess.conf file. Follow these steps:

  • Add a new entry in the installdir/apps/APPNAME/conf/htaccess.conf file specifying the path where the htaccess file is (installdir/apps/APPNAME/htdocs/ or installdir/apps/APPNAME/htdocs//plugins) and pasting below the content of that file.

    NOTE: CONTENT OF THE .htaccess FILE HERE is a placeholder, replace it with the content of the installdir/apps/APPNAME/htdocs/.htaccess file created by the plugin.
    ...
    <Directory "installdir/apps/APPNAME/htdocs/">
    CONTENT OF THE .htaccess FILE HERE
    </Directory>
    
  • Restart Apache to make the changes take effect:

    $ sudo installdir/ctlscript.sh restart
    

How to create a password to protect access to an application?

To configure Apache to request a username and password when accessing your application, follow these steps:

  • At the console, type the following commands. Remember to replace APPNAME, USERNAME and PASSWORD with your application name, desired username and desired password respectively.

     $ cd installdir
     $ apache2/bin/htpasswd -cb apache2/APPNAME_users USERNAME PASSWORD
    
  • Edit the installdir/apps/APPNAME/conf/httpd-app.conf file and add the following lines. You also need to comment the Require all granted line as shown below:

      <Directory "installdir/apps/APPNAME/htdocs">
        ...
          AuthType Basic
          AuthName MyAuthName
          AuthUserFile "installdir/apache2/APPNAME_users"
          Require valid-user
        ...  
    
        <IfVersion >= 2.3>
        # Require all granted
        </IfVersion>
        ...
      </Directory>
    
  • Restart the Apache server:

    $ sudo installdir/ctlscript.sh restart apache
    

When accessing the application, you will see the following authentication popup window. Enter the username and password that you have defined in the first step:

Authentication required

To change the password later, run the htpasswd utility without the -c switch:

$ sudo installdir/apache2/bin/htpasswd installdir/apache2/APPNAME_users USERNAME

How to check if PageSpeed is enabled?

To check if PageSpeed is enabled in Apache, refer to this page.

How to access my application from only one domain?

The default Bitnami server configuration allows you to access the server using different methods: using the domain name (eg. ec2-xx-yy-zz.amazonaws.com or xxxx.cloudapp.net or xxxx.bitnamiapp.com), using the IP address directly.

To redirect all these domains to your own domain, add the following configuration into the installdir/apache2/conf/bitnami/bitnami.conf file. Remember to replace example.com with your own domain.

<VirtualHost _default_:80>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^example.com$
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^(.*)$ http://example.com$1 [R=permanent,L]
...

<VirtualHost _default_:443>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^example.com$
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^(.*)$ https://example.com$1 [R=permanent,L]
...

Then, restart the Apache server for the changes to take effect.

nativeInstaller

Bitnami Documentation