Apache Server Configs is a collection of configuration snippets that can help your server improve the web site's performance and security, while also ensuring that resources are served with the correct content-type and are accessible, if needed, even cross-domain.
There are a few options for getting the Apache server configs.
See also the Apache Getting Started.
If you have access to the main server configuration
file
(usually called httpd.conf), you should configure Apache by this way.
This is usually the recommended way, as using .htaccess files slows
down
Apache!
Getting options:
- Download the zip archive
- Checkout directly:
apache2ctl stop cd /usr/local mv apache2 apache2-previous git clone https://github.com/h5bp/server-configs-apache.git apache2 # install-specific edits apache2ctl start
See Apache httpd configuration usage guide.
If you don't have access, which is quite common with hosting services,
just copy the .htaccess file in the root of the website.
Getting options:
- Download the
h5bp.htaccesson the latest release - Install them via npm:
npm install --save-dev apache-server-configsInside thedist/folder, you'll find a ready-to-use.htaccessfile.
This repository has the following structure:
./
├── vhosts/
│ ├── 000-default.conf
│ └── templates/
├── h5bp/
│ ├── basic.conf
│ └── .../
└── nginx.conf
-
vhosts/This directory should contain all of the server definitions.
Except if they are dot prefixed or non .conf extension, all files in this folder are loaded automatically.
-
templatesfolderFiles in this folder contain a
<VirtualHost/>template for secure and non-secure hosts. They are intended to be copied in thevhostsfolder with allexample.comoccurrences changed to the target host.
-
-
h5bp/This directory contains config snippets (mixins) to be included as desired.
There are two types of config files provided, individual config snippets and combined config files which provide convenient defaults.
-
basic.confThis file loads a small subset of the rules provided by this repository to add expires headers, allow cross domain fonts and protect system files from web access. The
basic.conffile includes the rules which are recommended to always be defined.
-
-
httpd.confThe main Apache config file.
Some configurations won't have any effect if the appropriate modules aren't enabled. So, in order for everything to work as intended, you need to ensure the you have the following Apache modules enabled:
mod_autoindex.c(autoindex_module)mod_deflate.c(deflate_module)mod_expires.c(expires_module)mod_filter.c(filter_module)mod_headers.c(headers_module)mod_include.c(include_module)mod_mime.c(mime_module)mod_rewrite.c(rewrite_module)mod_setenvif.c(setenvif_module)
For more detailed information on configuration files and how to use them, please check the appropriate Apache documentation:
- https://httpd.apache.org/docs/current/configuring.html
- https://httpd.apache.org/docs/current/howto/htaccess.html
These instructions should work on any distribution where apt-get has been
used to install Apache.
-
Open up a terminal and type the following command. Enter your password when prompted.
sudo a2enmod setenvif headers deflate filter expires rewrite include -
Restart apache by using the following command so the new configuration takes effect.
sudo /etc/init.d/apache2 restart
-
MAMP PRO. On the main screen, click the
Apachetab and ensure that all the required modules are 'checked', indicating they are enabled. -
WampServer. If you have installed WampServer just click on the icon in the task bar then Apache section then modules section. You will be presented with a list of modules. Simply click on a module name to enable it. WampServer will automatically restart the Apache service after you enable a module.
-
Others. Locate the
httpd.conffile, which is typically found in:- MAMP:
/Applications/MAMP/conf/apache/httpd.conf - XAMPP:
/Applications/XAMPP/etc/httpd.conf - WAMP:
C:\apache\conf\httpd.conf
Open the file in a text editor and uncomment all of the required modules. Once you have done so, reset MAMP/WAMP/XAMPP.
- MAMP:
The first thing to check is that the httpd.conf file contains appropriate values for
your specific install.
Most specific variables are:
ServerRootUserGroupErrorLogCustomLog
-
To verify Apache config
$ apache2 -t
-
To verify Apache config with a custom file
$ apache2 -t -f httpd.conf
-
To reload Apache and apply new config
$ apache2ctl reload
$ cd /usr/local/apache2/vhosts-
Creating a new site
$ cp templates/example.com.conf .actual-hostname.conf $ sed -i 's/example.com/actual-hostname/g' .actual-hostname.conf -
Enabling a site
$ mv .actual-hostname.conf actual-hostname.conf
-
Disabling a site
$ mv actual-hostname.conf .actual-hostname.conf
$ apache2ctl reloadSecurity, mime-type, and caching best practices evolve, and so should do your .htaccess file. In the past, with each new Apache Server Configs release it was quite tedious to find out which .htaccess trick was just new or only had changes in certain nuances.
The build script with its re-usable and customizable build configuration lets you easily update your .htaccess file. Each new .htaccess build will contain the updated Apache Server Configs source files, enabled or commented-out according to your settings in the htaccess.conf of your project root.
Allows you to define which module to enable or disable for your project. Just copy the default htaccess.conf from this repo into your project directory. Adjust to your needs, and/or add custom code snippets you need for your project. Its syntax is straight and pretty much self-explanatory:
# Example Module
title "example module"
enable "src/example-module/images.conf"
enable "src/example-module/web_fonts.conf"
disable "src/example-module/not-needed.conf"
omit "src/example-module/not-needed-at-all.conf"
... more modules ...
For example, the “Cross-origin web fonts” snippet is always included in our pre-built .htaccess file and enabled. If your project does not deal with web fonts, you can disable or omit this section:
This will comment out the section:
disable "src/cross-origin/web_fonts.conf"
…and this will exclude the section, saving lines in output:
omit "src/cross-origin/web_fonts.conf"
For example, the “Forcing https://” snippet is disabled by default, although being included in our pre-built .htaccess. To enable this snippet, change the disable keyword to enable:
enable "src/rewrites/rewrite_http_to_https.conf"
Imagine you're passing all requests to non-existing files to your favourite web framework. The according mod_dir snippet would go like this:
FallbackResource index.php
Store this snippet in a file, e.g. config/framework_rewrites.conf, and add a reference in your htaccess.conf:
# PROJECT MODULES
enable "config/framework_rewrites.conf"
Dive into your project root and call the build script from wherever you cloned the repo. Here are three examples:
1. Create a default .htaccess
in current work directory. An existing htaccess.conf in this directory will be used; if none is present, the default configuration will apply.
$ path/to/server-configs-apache/bin/build.sh
# Output looks like:
[✔] Build .htaccess
[✔] Moved in place: './.htaccess'2. Custom output location
Just add output path and filename as parameter. By the way, if there's an existing .htaccess file, the build script will create a backup.
$ path/to/server-configs-apache/bin/build.sh htdocs/.htaccess
[✔] Build .htaccess
[✔] Create backup: 'htdocs/.htaccess~'
[✔] Moved in place: 'htdocs/.htaccess'3. Custom .htaccess configuration
Why not maintain your personal ~/htaccess.conf? This example creates a .htaccess in current work directory, according to your favourite settings you may have stored in your $HOME directory:
$ path/to/server-configs-apache/bin/build.sh ./.htaccess ~/htaccess.conf- Apache v2.4.10+
Anyone is welcome to contribute, however, if you decide to get involved, please take a moment to review the guidelines:
Apache Server Configs is only possible thanks to all the awesome contributors!
The code is available under the MIT license.