A few tips for httpd


You should read man "httpd.conf".


You'll find what's written here and more.


Choose where to store logs.

By default, they are in "/var/www/logs"

log access "website-name.log"

Disable logs with "no log".

gzip compression

Add "gzip-static" instruction in a domain configuration or a "location" section. Thus, httpd try to deliver the requested file with ".gz" suffix if it is present.

This is good for bandwidth, it can reduce 2x to 10x the weight to transfer. Compressoin ratio is good on text files (html, css, js, svg, ...)

To gzip a file before uploading on your server :

$ gzip -vk9 index.html
index.html:                49.5% -- replaced with index.html.gz
1395 bytes in, 733 bytes out

Custom error pages

Add "errdocs" intruction to tell which directory contains custom error pages. A generic "err.html" or multiple pages with error code as name can be used.

As example :

errdocs "/htdocs/athome.tld/err"

In /var/www/htdocs/athome.tld/err", there is the following "err.html" :

<!DOCTYPE html>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" href="/favicon.png" type="image/png" />
<style type="text/css">body, html {height:100%; margin:0}
#bg {
	position: relative;
	background-position: center;
	background-repeat: no-repeat;
	background-size: cover;
	background-image: url("/img/errimg.jpg");
	height: 100%;
#content {
<div id="bg">
	<div id="content">
		<h1>Error page 😖</h1>

Improve disponibility

To increase the number of server processes and thus serve simultaneously content to multiple clients, increase the default value of 3 :

prefork 10

Publish with utf-8

If you try to serve plain text, the web browser may have trouble to display some glyphs except if you specifically set it to utf-8.

To avoid clients to look for this setup, you can explicitly send the appropriate header. However, the semicolon has to be escaped making the configuration a bit weird. Here is an example for ".txt" and ".gmi" file extensions :

types {
        text/"plain;charset=UTF-8" gmi
        text/"plain;charset=UTF-8" txt

Password restricted area

Create login credentials with "htpasswd":

# htpasswd /var/www/secret.htpw login

Replace "login" with any username and set a strong password.

Do it again to add more users.

Set appropriate permissions on this file :

# chown www /var/www/secret.htpw
# chmod 400 /var/www/secret.htpw

Finally, tell httpd to read this file for credentials and ask client to enter login + password when "/hidden_directory" is requested :

location "/hidden_directory/*" {
    authenticate "Restricted access" with "/secret.htpw"

"secret.htpw" location is relative to httpd's chroot.

For a whole website :

location "/*"

Or add "authenticate" instruction at the very beginning without any "location".

File index

To display a list of files availables in a directory if no "index.html" is found :

location "/dir/*" {
    directory auto index

Include configuration files

If you have many websites, you can include files in "/etc/httpd.conf" instead of writing again and again the same thing :

include "/etc/httpd/site1.conf"
include "/etc/httpd/site2.conf"


Add a "ticket session lifetime" to speed up TLS.

hsts preload
tls {
  certificate "/etc/ssl/athome.tld.crt"
  key "/etc/ssl/private/athome.tld.key"
  ticket lifetime default