This page provides a practical minimal Apache baseline for current Debian and RHEL systems.
/etc/apache2/apache2.conf
/etc/apache2/ports.conf
/etc/apache2/sites-available/*.conf
/etc/apache2/mods-available/*.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
/etc/apache2/apache2.conf)ServerTokens Prod
ServerSignature Off
Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 2
<Directory /var/www/>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
/etc/httpd/conf/httpd.conf)ServerTokens Prod
ServerSignature Off
Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 2
<Directory "/var/www/html">
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Use one vhost file per site.
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public
<Directory /var/www/example.com/public>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/example-error.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
</VirtualHost>
On RHEL, use explicit log paths like /var/log/httpd/example-error.log.
Enable SSL/TLS modules and configure a dedicated HTTPS vhost.
<VirtualHost *:443>
ServerName example.com
DocumentRoot /var/www/example.com/public
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.crt
SSLCertificateKeyFile /etc/ssl/private/example.key
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</VirtualHost>
ServerTokens Prod: Reduces exposed version details.ServerSignature Off: Prevents Apache version footer leakage.AllowOverride None: Avoids .htaccess overhead and uncontrolled overrides.Options -Indexes: Prevents directory listing.KeepAlive + KeepAliveTimeout: Balance connection reuse and worker usage.sudo a2enmod headers ssl rewrite
sudo a2ensite example.com.conf
sudo apache2ctl configtest
sudo systemctl reload apache2
sudo httpd -t
sudo systemctl reload httpd
rewrite, headers, ssl, proxy, proxy_http as needed).mpm_event for modern reverse-proxy and static workloads.apache2ctl configtest or httpd -t in CI before deployments.