Apache Configuration Cheatsheet

Quick reference for Apache directives covering basic config, virtual hosts, rewrite rules, authentication, SSL, modules, .htaccess, and performance tuning

58 commands

ServerName

Set server hostname

ServerName www.example.com

ServerAlias

Set server alias

ServerAlias example.com *.example.com

DocumentRoot

Set document root directory

DocumentRoot /var/www/html

Listen

Set listening port

Listen 80

ServerRoot

Set server root directory

ServerRoot /etc/apache2

DirectoryIndex

Set default index files

DirectoryIndex index.html index.php

ErrorDocument

Set custom error pages

ErrorDocument 404 /error/404.html

ServerAdmin

Set admin email address

ServerAdmin admin@example.com

apachectl configtest

Test configuration syntax

apachectl configtest

apachectl graceful

Graceful restart of Apache

apachectl graceful

<VirtualHost>

Define a virtual host block

<VirtualHost *:80> ... </VirtualHost>

<VirtualHost *:443>

Define SSL virtual host

<VirtualHost *:443> SSLEngine on ... </VirtualHost>

NameVirtualHost

Enable name-based virtual hosting

NameVirtualHost *:80

<Directory>

Define per-directory settings

<Directory /var/www/html> Options Indexes FollowSymLinks </Directory>

Options

Set directory options

Options -Indexes +FollowSymLinks

AllowOverride

Control .htaccess overrides

AllowOverride All

Require

Set access control

Require all granted

RewriteEngine

Enable URL rewrite engine

RewriteEngine On

RewriteRule

Define URL rewrite rule

RewriteRule ^old/(.*)$ /new/$1 [R=301,L]

RewriteCond

Specify rewrite condition

RewriteCond %{HTTPS} off

RewriteCond %{HTTP_HOST}

Condition based on hostname

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]

RewriteCond %{REQUEST_URI}

Condition based on request URI

RewriteCond %{REQUEST_URI} !\.(jpg|png|gif)$ [NC]

Redirect

Set URL redirect

Redirect 301 /old-page https://example.com/new-page

RedirectMatch

Regex-based redirect

RedirectMatch 301 ^/blog/(.*)$ https://blog.example.com/$1

AuthType

Set authentication type

AuthType Basic

AuthName

Set authentication realm name

AuthName "Restricted Area"

AuthUserFile

Specify password file path

AuthUserFile /etc/apache2/.htpasswd

Require valid-user

Allow only authenticated users

Require valid-user

Require user

Allow specific users only

Require user admin editor

htpasswd

Create/update password file

htpasswd -c /etc/apache2/.htpasswd admin

Require ip

Allow access from specific IPs

Require ip 192.168.1.0/24

SSLEngine

Enable SSL engine

SSLEngine on

SSLCertificateFile

Specify SSL certificate file

SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

SSLCertificateKeyFile

Specify SSL private key file

SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

SSLProtocol

Set allowed SSL protocols

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

SSLCipherSuite

Set cipher suites

SSLCipherSuite HIGH:!aNULL:!MD5

SSLHonorCipherOrder

Prefer server cipher order

SSLHonorCipherOrder on

Header set Strict-Transport-Security

Set HSTS header

Header always set Strict-Transport-Security "max-age=31536000"

LoadModule

Load a module

LoadModule rewrite_module modules/mod_rewrite.so

a2enmod

Enable module (Debian)

a2enmod rewrite

a2dismod

Disable module (Debian)

a2dismod status

a2ensite

Enable site config (Debian)

a2ensite example.com.conf

a2dissite

Disable site config (Debian)

a2dissite 000-default.conf

<IfModule>

Conditional on module presence

<IfModule mod_rewrite.c> RewriteEngine On </IfModule>

.htaccess RewriteEngine

Enable rewrite in .htaccess

RewriteEngine On

.htaccess HTTPS強制

Force HTTPS redirect

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

.htaccess www強制

Force www redirect

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

.htaccess キャッシュ

Set browser caching

ExpiresByType image/jpeg "access plus 1 year"

.htaccess IP制限

Restrict access by IP

Require ip 192.168.1.0/24

.htaccess ディレクトリ一覧禁止

Disable directory listing

Options -Indexes

.htaccess カスタムエラーページ

Set custom error pages

ErrorDocument 404 /errors/404.html

mod_deflate

Enable gzip compression

AddOutputFilterByType DEFLATE text/html text/css application/javascript

mod_expires

Set browser cache expiration

ExpiresActive On
ExpiresDefault "access plus 1 month"

KeepAlive

Set Keep-Alive connections

KeepAlive On

KeepAliveTimeout

Set Keep-Alive timeout

KeepAliveTimeout 5

MaxKeepAliveRequests

Max Keep-Alive requests

MaxKeepAliveRequests 100

MaxRequestWorkers

Set max simultaneous requests

MaxRequestWorkers 150

Timeout

Set request timeout

Timeout 60