The main apache conf file. You should only need to touch it to change global directory settings and your document root.

Which ports apache should listen on Listen 80, Listen 443

Which apache modules are available - they've been downloaded and installed but may or may not be enabled.

Which modules are enabled - only these are usable (read on below for how to manage these)

Which sites are available. A site is essentially a virtual host. You break them out into separate files and those files go in here.

Which sites have been enabled (read on below for how to manage these).

I use mod_ssl, mod_cache, mod_disk_cache, mod_rewrite, mod_expires, mod_delfate and mod_headers. These show how to enable them. Not install them, enable them.

This shows how to disable a module: here I disable ssl.

Search in the apache2.conf file for ServerTokens and change it to Prod. While not a huge deal if you don't make this change it only takes one exploit in a module for it to become a big deal.

Search in the apache2.conf file for ServerSignature and change the value to Off. Again, not a huge deal unless someone gets your Apache version number and finds a known eploit because of it. Chances of this happening aren't that good, but why take a chance.

If you haven't heard about mod_deflate then you're in for a treat. This module will zip up files on their way to a web browser. This can provide a significant benefit to a user's experience; especially if you have a lot of Javascript. Be careful to configure it correctly so you don't try to zip things that are already compressed like images. I choose to specifically state what types of files I'll allow to be zipped in lines 39 - 49. Also, lines 53, 56 and 59 are boiler plate rules to prevent browsers with issues from getting zipped content. If you're interested don't forget to first enable it: sudo a2enmod deflate.

If you care about performance you'll want to turn on disk caching with mod_disk_cache and mod_cache. A full description of apache caching is way beyond the scope of this article but here are the hilights of what I'm doing. Any file returned from the URI /static_files will be cached for a year. That path leads to Javascript and CSS files which do change from time to time but not that often. I wrote a little tool that detects what files have changed and gives them a new unique name when I deploy into production on the server and also changes dependent HTML files that use the newly named files. That way the new file is found and cached instead of the old now defunct Javascript or CSS files. Yes, it is a little fragile but with a little discipline I reap huge performance benefits. The largest files of my site (JS, CSS and images) are all served from cache.

I'm turning on the ability to control what cache-control headers are returned to web browsers so I can tell the browsers how long to cache files before returning to my server to get them. Below I'll show you how I'm using this feature in conjunction with apache disk caching to get a screaming fast web site. The module that governs this is mod_expires.

I'm turning on apache rewriting using mod_rewrite so I can modify some URLs that come in. Certainly this one of Apache's most useful features.

This line through line 102 make use of URL rewriting. Look at comments embedded above the rules to explain what they do. Many sites use similar rules.

This line through 1ine 131 are the rules that use mod_rewrite to tell the browser how long to hold onto a file in the browser cache before coming to the sever to get it again. I can be aggressive with my caching because when a file is modified, as I said above, I detect it and give the modified file a new name. I'm telling the browser to hold onto the file for a year.

This is for hooking Apache to Tomcat. Tomcat will be the subject of my next article and I'll wait to explain this line until then.