Apache Per Server Application Settings
About
The Apache web server is the default web server choice on LxRoot. It offers the maximum compatibility with your web applications and has full .htaccess support.
Servers running Apache will automatically inherit the Global Application setttings. In addition to the General Per Server Settings there are a handful of customisable configurations specific to Apache:
PHP-FPM Settings
php.ini automatically inherits the php.ini settings defined in your Global Application settings. Inherited directives can be identified by the 'Inheritied' tag.
To override or add custom directives to a server:
- Click Servers in the left side bar
- Locate the server you would like to install the Application role on and select Manage from the drop down menu
- Scroll to Roles
- Select the Application tab then select php settings
- Select the row to edit an existing directive or select Add directive to add a custom directive
Virtual Host Includes
To add custom virtual host configuration for a site, log in to your server with SSH as root and edit the file at /var/local/LxRoot/apache/vhost_includes/ example.com.conf where example.com is the domain for which you want to add the custom configuration. This file will be included at the end of both the http and https VirtualHost block.
This is an advanced feature and should be done carefully; incorrect syntax will take down your web server.
It is not possible to edit the primary httpd.conf. Any changes made to this file will be lost on update. However you can include custom configuration within a virtual host.
ModSecurity
ModSecurity can be enabled/disable through the LxRoot control panel. Once enabled, you can use LxRoot's inline editor to customise security settings, define rules, and how ModSecurity detects and responds to web threats.
By default the OWASP ruleset is enabled offering a set of predefined security rules to help protect the web server against common vulnerabilities such as SQL injection, cross-site scripting (XSS), and more. The OWASP version can update through the LxRoot panel.
To enable ModSecurity on an Apache server:
- Click Servers in the left side bar
- Locate the server you would like to install the ModSecurity on and select Manage from the drop down menu
- Scroll to Roles
- Select the Application tab then select ModSecurity
- Toggle On or Off
Apache modules
The following modules are shipped with Apache and enabled by default. These modules can not be disabled:
- mpm_event_module modules/mod_mpm_event
- authn_file_module modules/mod_authn_file
- authn_core_module modules/mod_authn_core
- authz_host_module modules/mod_authz_host
- authz_groupfile_module modules/mod_authz_groupfile
- authz_user_module modules/mod_authz_user
- authz_core_module modules/mod_authz_core
- access_compat_module modules/mod_access_compat
- auth_basic_module modules/mod_auth_basic
- reqtimeout_module modules/mod_reqtimeout
- filter_module modules/mod_filter
- mime_module modules/mod_mime
- log_config_module modules/mod_log_config
- logio_module modules/mod_logio
- env_module modules/mod_env
- expires_module modules/mod_expires
- headers_module modules/mod_headers
- setenvif_module modules/mod_setenvif
- version_module modules/mod_version
- unixd_module modules/mod_unixd
- status_module modules/mod_status
- autoindex_module modules/mod_autoindex
- dir_module modules/mod_dir
- alias_module modules/mod_alias
- rewrite_module modules/mod_rewrite
- proxy_module modules/mod_proxy
- proxy_fcgi_module modules/mod_proxy_fcgi
- proxy_http_module modules/mod_proxy_http
- proxy_http2_module modules/mod_proxy_http2
- ssl_module /usr/local/apache2/modules/mod_ssl
- http2_module modules/mod_http2
- deflate_module modules/mod_deflate
- unique_id_module modules/mod_unique_id
- security2_module modules/mod_security2
The following modules are shipped with Apache and are not enabled by default:
- mod_buffer
- mod_session
- mod_headers
- mod_optional_fn_export
- mod_access_compat
- mod_cache
- mod_heartbeat
- mod_optional_fn_import
- mod_session_cookie
- mod_actions
- mod_cache_disk
- mod_heartmonitor
- mod_optional_hook_export
- mod_session_crypto.so
- mod_alias
- mod_cache_socache
- mod_http2
- mod_optional_hook_import
- mod_session_dbd
- mod_allowmethods
- mod_case_filter
- mod_ident
- mod_proxy
- mod_setenvif
- mod_asis
- mod_case_filter_in
- mod_imagemap
- mod_proxy_ajp
- mod_slotmem_plain
- mod_auth_basic
- mod_cern_meta
- mod_include
- mod_proxy_balancer
- mod_slotmem_shm
- mod_auth_digest
- mod_cgi
- mod_info
- mod_proxy_connect
- mod_socache_dbm
- mod_auth_form
- mod_cgid
- mod_isapi
- mod_proxy_express
- mod_socache_memcache
- mod_authn_anon
- mod_charset_lite
- mod_lbmethod_bybusyness
- mod_proxy_fcgi
- mod_socache_redis
- mod_authn_core
- mod_data
- mod_lbmethod_byrequests
- mod_proxy_fdpass
- mod_socache_shmcb
- mod_authn_dbd
- mod_dav
- mod_lbmethod_bytraffic
- mod_proxy_ftp
- mod_speling
- mod_authn_dbm
- mod_dav_fs
- mod_lbmethod_heartbeat
- mod_proxy_hcheck
- mod_ssl
- mod_authn_file
- mod_dav_lock
- mod_ldap
- mod_proxy_html
- mod_status
- mod_authn_socache
- mod_dbd
- mod_log_config
- mod_proxy_http
- mod_substitute
- mod_authnz_fcgi
- mod_deflate
- mod_log_debug
- mod_proxy_http2
- mod_suexec
- mod_authnz_ldap
- mod_dialup
- mod_log_forensic
- mod_proxy_scgi
- mod_unique_id
- mod_authz_core
- mod_dir
- mod_logio
- mod_proxy_uwsgi
- mod_unixd
- mod_authz_dbd
- mod_dumpio
- mod_lua
- mod_proxy_wstunnel
- mod_userdir
- mod_authz_dbm
- mod_echo
- mod_macro
- mod_ratelimit
- mod_usertrack
- mod_authz_groupfile
- mod_env
- mod_md
- mod_reflector
- mod_version
- mod_authz_host
- mod_example_hooks
- mod_mime
- mod_remoteip
- mod_vhost_alias
- mod_authz_owner
- mod_example_ipc
- mod_mime_magic
- mod_reqtimeou
- mod_watchdog
- mod_authz_user
- mod_expires
- mod_mpm_event
- mod_request
- mod_xml2enc
- mod_autoindex
- mod_ext_filter
- mod_mpm_prefork
- mod_rewrite
- mod_brotli
- mod_file_cache
- mod_mpm_worker
- mod_security2
- mod_bucketeer
- mod_filter
- mod_negotiation
- mod_sed