(use-apache2-modules)= # How to use Apache2 modules Apache2 is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache2. By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately, and added at any time using the **LoadModule** directive. Otherwise, Apache2 must be recompiled to add or remove modules. Ubuntu compiles Apache2 to allow the dynamic loading of modules. Configuration directives may be conditionally included on the presence of a particular module by enclosing them in an `` block. ## Installing and handling modules You can install additional Apache2 modules and use them with your web server. For example, run the following command at a terminal prompt to install the Python 3 WSGI module: ```bash sudo apt install libapache2-mod-wsgi-py3 ``` The installation will enable the module automatically, but we can disable it with `a2dismod`: ```bash sudo a2dismod wsgi sudo systemctl restart apache2.service ``` And then use the `a2enmod` utility to re-enable it: ```bash sudo a2enmod wsgi sudo systemctl restart apache2.service ``` See the `/etc/apache2/mods-available` directory for additional modules already available on your system. ## Configure Apache2 for HTTPS The `mod_ssl` module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL, the `https://` prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar. The `mod_ssl` module is available in the `apache2-common` package. Run the following command at a terminal prompt to enable the `mod_ssl` module: ```bash sudo a2enmod ssl ``` There is a default HTTPS configuration file in `/etc/apache2/sites-available/default-ssl.conf`. In order for Apache2 to provide HTTPS, a **certificate** and **key** file are also needed. The default HTTPS configuration will use a certificate and key generated by the `ssl-cert` package. They are good for testing, but the auto-generated certificate and key should be replaced by a certificate specific to the site or server. > **Note**: > For more information on generating a key and obtaining a certificate see {ref}`Certificates `. To configure Apache2 for HTTPS, enter the following: ```bash sudo a2ensite default-ssl ``` > **Note**: > The directories `/etc/ssl/certs` and `/etc/ssl/private` are the default locations. If you install the certificate and key in another directory make sure to change *SSLCertificateFile* and *SSLCertificateKeyFile* appropriately. With Apache2 now configured for HTTPS, restart the service to enable the new settings: ```bash sudo systemctl restart apache2.service ``` Note that depending on how you obtained your certificate, you may need to enter a passphrase when Apache2 restarts. You can access the secure server pages by typing `https://your_hostname/url/` in your browser address bar. ## Sharing write permission For more than one user to be able to write to the same directory you will need to grant write permission to a group they share in common. The following example grants shared write permission to `/var/www/html` to the group "webmasters". ```bash sudo chgrp -R webmasters /var/www/html sudo chmod -R g=rwX /var/www/html/ ``` These commands recursively set the group permission on all files and directories in `/var/www/html` to allow reading, writing and searching of directories. Many admins find this useful for allowing multiple users to edit files in a directory tree. > **Warning**: > The `apache2` daemon will run as the `www-data` user, which has a corresponding `www-data` group. These **should not** be granted write access to the document root, as this would mean that vulnerabilities in Apache or the applications it is serving would allow attackers to overwrite the served content. ## Further reading - The [Apache2 Documentation](https://httpd.apache.org/docs/2.4/) contains in depth information on Apache2 configuration directives. Also, see the apache2-doc package for the official Apache2 docs. - O'Reilly's [Apache Cookbook](http://shop.oreilly.com/product/9780596529949.do) is a good resource for accomplishing specific Apache2 configurations. - For Ubuntu specific Apache2 questions, ask in the `#ubuntu-server` IRC channel on [libera.chat](https://libera.chat/).