Configuring the Apache Web Server

ServBay makes it easy for you to manage and configure the built-in Apache Web Server package. Using ServBay’s graphical user interface, you can easily adjust Apache’s core settings to meet the needs of various development projects.

Accessing Apache Settings

1. Open the ServBay application.
2. In the left sidebar, click on Web Server.
3. Select the Apache tab.

You will see Apache’s configuration window, as shown below:

Detailed Explanation of Key Settings

Below are detailed explanations of each parameter on the Apache configuration interface:

Basic Settings

• HTTP Port: The port Apache listens on for HTTP connections. Default is 80.
• HTTPS Port: The port Apache listens on for HTTPS connections. Default is 443.
• Server Name: The name and port that the server uses for identification. The default 127.0.0.1 is typically used for local access.
• Server Root: The root directory where the Apache package is installed. Note: This is not your website’s document root (which is set separately when adding a site), but the path where Apache’s program files reside. The default is usually /Applications/ServBay/package/apache/current.

Performance Tuning

• Timeout: The maximum number of seconds the server waits before giving up on an I/O operation. Default is 300 seconds.
• Max KeepAlive Requests: Maximum number of requests permitted on a persistent connection. 1000 allows numerous requests per connection, 0 means unlimited.
• KeepAlive Timeout: Maximum seconds the server waits for a new request before closing a persistent connection. Default is 60 seconds.
• Keep Alive: Enables or disables HTTP persistent connections (KeepAlive). It’s recommended to leave this On for better performance.
• MPM StartServers: The number of child server processes created at startup.
• MPM MaxSpareThreads: Maximum number of idle threads. Controls the reserve thread pool for handling traffic spikes.
• MPM MaxConnectionsPerChild (formerly MaxRequestsPerChild): Maximum number of connections a child process will handle during its lifetime. 0 means unlimited. Useful for preventing memory leaks from affecting long-running processes.
• MPM MaxRequestWorkers (formerly MaxClients): Maximum number of concurrent requests that can be served (the total across all child processes). This is a critical configuration for Apache performance.
• MPM ThreadsPerChild: Fixed number of threads created by each child process (applies to the worker or event MPM).

Features & Characteristics

• Access File Name: Directive specifying the filename for distributed configuration, typically .htaccess. Controls whether or not .htaccess files can override global server config.
• Use Canonical Name: Determines how Apache constructs self-referencing URLs. Off is generally more flexible.
• Server Signature: Adds a line with server version and virtual host information at the bottom of server-generated pages (such as error pages). For security, it’s recommended to set this Off in production.
• Hostname Lookups: Whether to perform DNS reverse lookups on clients' IP addresses. Off improves performance, as DNS lookups can be slow.
• Server Tokens: Controls the level of information provided in the server response header (Server:). Minor (e.g., Apache/2.4) is more secure than Full (e.g., Apache/2.4.58 (Unix) PHP/8.3.1). Prod displays only Apache.

Admin & Logging

• Server Admin: The administrator email address displayed in error messages sent to clients.
• Log Level: Controls the verbosity of messages recorded in the error log (error_log). warn is commonly used; it logs warnings and more serious errors. Other levels include debug, info, notice, error, crit, alert, and emerg.

Modules

This section lists the available Apache modules. You can check the box to enable required modules or uncheck to disable them. Common modules include:

• mod_rewrite: Used for URL rewriting.
• mod_ssl: Provides SSL/TLS support (HTTPS).
• mod_deflate: For content compression.
• mod_expires: Controls cache headers.
• mod_proxy and related modules: For reverse proxy support.
• mod_auth_basic, mod_auth_digest: Basic or digest authentication.

After enabling or disabling modules, you’ll need to save your configuration, and in some cases, restart Apache for changes to take effect.

Directory Index

• Directory Index: When a requested URL maps to a directory, Apache will look for files listed here in order and return the first one found. The default is usually index.html index.htm index.php.

SSL/TLS Settings

These options configure Apache’s HTTPS functionality.

• SSLCipherSuite / TLSCipherSuite: Defines the cipher suites allowed by the server. Using strong, modern cipher suites is essential for security. ServBay provides recommended defaults.
• SSLProxyCipherSuite: Specifies cipher suites for SSL connections when Apache is acting as a reverse proxy.
• SSLHonorCipherOrder: When set to On, forces the server to use its preferred cipher suite order rather than the client’s. Recommended to leave this On.
• SSLStrictSNIVHostCheck: When On, rejects connections where the hostname requested by the client (via SNI) doesn’t match a configured virtual host. Enhances security.
• ProtocolHonorOrder: Similar to SSLHonorCipherOrder, but applies to protocol version negotiation.
• SSLProtocol: Defines which SSL/TLS protocol versions are allowed. Example: all -SSLv2 -SSLv3 allows all modern protocols but disables known-insecure SSLv2 and SSLv3.
• SSLProxyProtocol: Specifies allowed protocol versions for SSL connections when Apache acts as a reverse proxy.
• Protocols: Configures the order of supported protocols, such as enabling HTTP/2. h2 h2c http/1.1 prioritizes HTTP/2 (encrypted h2 or plaintext h2c), falling back to HTTP/1.1.

Saving & Resetting

• Reset: Clicking this button will restore all Apache settings to ServBay’s defaults.
• Save: Clicking this button saves all your changes to the Apache configuration. After saving, ServBay will usually apply the changes automatically. If Apache is running, a brief restart may be necessary for all changes to take effect.

Important Tips

• These settings modify Apache’s global configuration. Site-specific (virtual host) settings—such as DocumentRoot or custom RewriteRules—are typically set when adding or editing Websites.
• If you see a “Service Apache is not enabled” message at the top of the configuration screen, it means Apache is not currently running. You can still modify and save configurations, but changes will only take effect the next time Apache is started. You can start Apache from ServBay’s main dashboard or from the Packages menu.

Summary

ServBay offers an intuitive interface for managing the core configuration of your Apache Web Server. By understanding these options, you can tailor Apache’s behavior, performance, and security to suit your development needs—making the most of ServBay as your local development environment.