This post describes how to reconfigure and restart an Apache server in a secure way. Secure is relative. Of course there is always a chance that someting goes wrong. This approach limits the chances. Especially it’s a good approach for changing an existing configuration you have not touched yet and to have no downtime.
This may also work for other HTTP daemons. It’s not limited to Apache, but some commands are Apache specific.
Before you make any changes to the configuration make a backup of the current configuration. Maybe this step isn’t required if the configuration files are already under a version control system (like Git).
- Config Test
This is also still before you make any changes. Run
apachectl configtestto see if the current configuration works. It’s an important step. Do not skip this. If you are not the only person who edits the Apache configuration this step protects you if it was faulty even before changing anything. Do not apply any of your things you need to change if this step fails.
- Which Apache modules are installed?
apachectl -Mand save the output of this command to your disk. It’s good to know which modules are loaded before you apply a new configuration.
- Check Status
systemctl status apache2to see infomrations about the current running Apache process. You maybe want to save this output to your local harddrive.
Still using the old configuration. Reload the Apache executing
systemctl reload apache2to see if the old configuration is what is needed until this point. If the behavior of Apache has changed after the reload it means that someone in the past has made a change to the configuration but did not reload the Apache process.
- Apply your changes.
This is the step where you actual touch the Apache configuration files. Until this step you did not touched anything. Apply your new changes to the configuration.
- Config Test #2
apachectl configtestagain to see if your changes made well. If not fix the configuration and run
- Reload #2
systemctl reload apache2to load your new configuration into the Apache process.
- Check Status #2
systemctl status apache2again to check if everything is OK.
Check Apache from your browser to see if the changes has been applied successful.