Configuring the Apache Web Server
ServBay makes it easy for you to manage and configure the built-in Apache Web Server package. Using ServBay’s graphical user interface, you can easily adjust Apache’s core settings to meet the needs of various development projects.
Accessing Apache Settings
- Open the ServBay application.
- In the left sidebar, click on
Web Server
. - Select the
Apache
tab.
You will see Apache’s configuration window, as shown below:
Detailed Explanation of Key Settings
Below are detailed explanations of each parameter on the Apache configuration interface:
Basic Settings
- HTTP Port: The port Apache listens on for HTTP connections. Default is
80
. - HTTPS Port: The port Apache listens on for HTTPS connections. Default is
443
. - Server Name: The name and port that the server uses for identification. The default
127.0.0.1
is typically used for local access. - Server Root: The root directory where the Apache package is installed. Note: This is not your website’s document root (which is set separately when adding a site), but the path where Apache’s program files reside. The default is usually
/Applications/ServBay/package/apache/current
.
Performance Tuning
- Timeout: The maximum number of seconds the server waits before giving up on an I/O operation. Default is
300
seconds. - Max KeepAlive Requests: Maximum number of requests permitted on a persistent connection.
1000
allows numerous requests per connection,0
means unlimited. - KeepAlive Timeout: Maximum seconds the server waits for a new request before closing a persistent connection. Default is
60
seconds. - Keep Alive: Enables or disables HTTP persistent connections (KeepAlive). It’s recommended to leave this
On
for better performance. - MPM StartServers: The number of child server processes created at startup.
- MPM MaxSpareThreads: Maximum number of idle threads. Controls the reserve thread pool for handling traffic spikes.
- MPM MaxConnectionsPerChild (formerly MaxRequestsPerChild): Maximum number of connections a child process will handle during its lifetime.
0
means unlimited. Useful for preventing memory leaks from affecting long-running processes. - MPM MaxRequestWorkers (formerly MaxClients): Maximum number of concurrent requests that can be served (the total across all child processes). This is a critical configuration for Apache performance.
- MPM ThreadsPerChild: Fixed number of threads created by each child process (applies to the
worker
orevent
MPM).
Features & Characteristics
- Access File Name: Directive specifying the filename for distributed configuration, typically
.htaccess
. Controls whether or not.htaccess
files can override global server config. - Use Canonical Name: Determines how Apache constructs self-referencing URLs.
Off
is generally more flexible. - Server Signature: Adds a line with server version and virtual host information at the bottom of server-generated pages (such as error pages). For security, it’s recommended to set this
Off
in production. - Hostname Lookups: Whether to perform DNS reverse lookups on clients' IP addresses.
Off
improves performance, as DNS lookups can be slow. - Server Tokens: Controls the level of information provided in the server response header (
Server:
).Minor
(e.g., Apache/2.4) is more secure thanFull
(e.g., Apache/2.4.58 (Unix) PHP/8.3.1).Prod
displays onlyApache
.
Admin & Logging
- Server Admin: The administrator email address displayed in error messages sent to clients.
- Log Level: Controls the verbosity of messages recorded in the error log (
error_log
).warn
is commonly used; it logs warnings and more serious errors. Other levels includedebug
,info
,notice
,error
,crit
,alert
, andemerg
.
Modules
This section lists the available Apache modules. You can check the box to enable required modules or uncheck to disable them. Common modules include:
mod_rewrite
: Used for URL rewriting.mod_ssl
: Provides SSL/TLS support (HTTPS).mod_deflate
: For content compression.mod_expires
: Controls cache headers.mod_proxy
and related modules: For reverse proxy support.mod_auth_basic
,mod_auth_digest
: Basic or digest authentication.
After enabling or disabling modules, you’ll need to save your configuration, and in some cases, restart Apache for changes to take effect.
Directory Index
- Directory Index: When a requested URL maps to a directory, Apache will look for files listed here in order and return the first one found. The default is usually
index.html index.htm index.php
.
SSL/TLS Settings
These options configure Apache’s HTTPS functionality.
- SSLCipherSuite / TLSCipherSuite: Defines the cipher suites allowed by the server. Using strong, modern cipher suites is essential for security. ServBay provides recommended defaults.
- SSLProxyCipherSuite: Specifies cipher suites for SSL connections when Apache is acting as a reverse proxy.
- SSLHonorCipherOrder: When set to
On
, forces the server to use its preferred cipher suite order rather than the client’s. Recommended to leave thisOn
. - SSLStrictSNIVHostCheck: When
On
, rejects connections where the hostname requested by the client (via SNI) doesn’t match a configured virtual host. Enhances security. - ProtocolHonorOrder: Similar to
SSLHonorCipherOrder
, but applies to protocol version negotiation. - SSLProtocol: Defines which SSL/TLS protocol versions are allowed. Example:
all -SSLv2 -SSLv3
allows all modern protocols but disables known-insecure SSLv2 and SSLv3. - SSLProxyProtocol: Specifies allowed protocol versions for SSL connections when Apache acts as a reverse proxy.
- Protocols: Configures the order of supported protocols, such as enabling HTTP/2.
h2 h2c http/1.1
prioritizes HTTP/2 (encryptedh2
or plaintexth2c
), falling back to HTTP/1.1.
Saving & Resetting
- Reset: Clicking this button will restore all Apache settings to ServBay’s defaults.
- Save: Clicking this button saves all your changes to the Apache configuration. After saving, ServBay will usually apply the changes automatically. If Apache is running, a brief restart may be necessary for all changes to take effect.
Important Tips
- These settings modify Apache’s global configuration. Site-specific (virtual host) settings—such as
DocumentRoot
or customRewriteRule
s—are typically set when adding or editingWebsites
. - If you see a “Service Apache is not enabled” message at the top of the configuration screen, it means Apache is not currently running. You can still modify and save configurations, but changes will only take effect the next time Apache is started. You can start Apache from ServBay’s main dashboard or from the
Packages
menu.
Summary
ServBay offers an intuitive interface for managing the core configuration of your Apache Web Server. By understanding these options, you can tailor Apache’s behavior, performance, and security to suit your development needs—making the most of ServBay as your local development environment.