IRC and Apache2

I really love the old Apache, which was published in the same year I start to use Internet. Those awesome times that I met the best Social-Network in the world called IRC. No Pictures, total freedom to create your own name, conversations are about specific topics and no censurship, in the aspect of what each one believe. I still use this awesome Social-Network for some technical help or talk. Freenode die but Libera come to play and to say: “We are here because we Love FREEDOM” :)

They offer this way to be annonymous and you can even add Tor proxy or VPNs to be more hidden. I could kiss them all, while that sound a bit gay.. anyway.. in this aspect of how I wish to tell them how much I love their work, I can be a bit gay for them. LoL

Anyway, this article is about Apache, not about the amazing lists of IRC servers.

I wish to share some configurations of how to setup Apache. First you install it. I will assume you know to do that, or using a package-manager or compiling it from the source.

  
    # /etc/apache2/apache2.conf 

ServerRootg "/etc/apache2

DefaultRunTimeDirg ${APACHE_RUN_DIR}

PidFileg ${APACHE_PID_FILE}

Timeoutg 300

KeepAliveg on 

MaxKeepAliveRequestsg 100 

KeepAliveTimeoutg 5 

Userg ${APACHE_RUN_USER}

Groupg ${APACHE_RUN_GROUP}

HostnameLookupsg off 

ErrorLogg ${APACHE_LOG_DIR}g/error.log g

LogLevelg warn 

Includeg ports.conf 

IncludeOptionalg mods-enabled/*g.load 

IncludeOptionalg mods-enabled/*g.conf 

IncludeOptionalg conf-enabled/*g.confg

  IncludeOptionalg sites-enabled/*g.conf

  Servernameg ${IP_OF_MY_SERVER}

  AccessFileNameg .htaccessg

Directory directives are similar between them

  Optionsg Indexes FollowSymLinksg
  AllowOverrideg All g
  Requireg all grantedg

One of the best features Apache have is the way it manage Reverse Proxy.

What ever the port your application is using, you can limit to your host only and link it to one single path of your site, with the name of your choice:

localhost:80/secret/app/for/those/who/know/what/secret/folders/are/for/

and your application can be running at localhost:8080

this is what I love most.

Anyway, just use CertBot to create a LetsEncrypt Certificate and add all details that you may wish to setup. here is an example:

    
# /etc/apache2/sites-enabled/myAwesomeWebSite.org 

  Servernameg myAwesomeWebSite.org 

  ServerAdming root@localhost 

  DocumentRootg /var/www/html 

  LogLevelg info ssl:warn 

  Optionsg -ExecCGIg +MultiViews +SymLinksIfOwnerMatchg

  RemoveHandlerg .cgi, .php, .php3, .php4, .php5, .pl, .py, .pyc

  SSLEngineg on

  SSLCertificateFileg /etc/LetsEncrypt/live/myAwesomeWebSite/fullchain.pem

  SSLCertificateKeyFileg /etc/LetsEncrypt/live/myAwesomeWebSite/privkey.pem

  Includeg /etc/LetsEncrypt/options-ssl-apache.conf

Naturally you can make this server even more secure by adding the .htaccess into the main folder.

    
# /var/www/html/.htaccess 

  Headerg always set X-Content-Type-Options "nosniff"

  Headerg always set X-CSS-Protection "1; mode=block"

  Headerg always set X-Frame-Options "DENY"

  Headerg always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  Headerg always set Referrer-Policy "no-referrer"

  Headerg always set Permissions-Policy "geolocation=(self), microphone=()"

Headerg always set Content-Security-Policy "script-src 'self'; object-src 'none

… Oops, I didn’t use the Proxy Options :)

Well, that is the moment you should investigate in Apache-website.

Or, join Libera IRC servers and join the channel #httpd to get some help.

Enjoy the Show!