Introduction
	Apache is the web server GSP recommends for FreeBSD 15 and Rocky Linux 10 VPS instances. This page covers installing it, where its files live, publishing your first site, and a few essential security settings. Hosting several domains on one VPS is covered on the Virtual Hosting page, and adding HTTPS on the HTTPS and SSL page.
	Installing Apache
	On FreeBSD 15: # pkg install apache24 # sysrc apache24_enable=YES # service apache24 start On Rocky Linux 10: # dnf install httpd # systemctl enable --now httpd # firewall-cmd --permanent --add-service=http --add-service=https # firewall-cmd --reload Visiting http://your-domain.example/ (once DNS points at your VPS) should now show Apache's default placeholder page.
	Where Files Live
	The two systems lay out Apache differently: FreeBSD: configuration under /usr/local/etc/apache24/ (main file httpd.conf); default content in /usr/local/www/apache24/data; Apache runs as the www user. Rocky Linux: configuration under /etc/httpd/ (main file conf/httpd.conf); default content in /var/www/html; Apache runs as the apache user. NOTE: Avoid editing httpd.conf directly for site-specific settings — a future package upgrade may ship a new default. Instead, drop your own .conf files into the directory Apache includes automatically: Includes/ on FreeBSD, or /etc/httpd/conf.d/ on Rocky Linux. Those are loaded for you and left alone by upgrades.
	Publishing Content
	Upload your files via SFTP — for example with a secure client such as FileZilla (choosing SFTP, not plain FTP) — and set ownership so Apache can read them — you own the files, the web-server group can read them, and they are not executable (correct for static HTML, CSS, JavaScript, and images): # FreeBSD # chown -R youruser:www /usr/local/www/apache24/data # find /usr/local/www/apache24/data -type d -exec chmod 755 {} \; # find /usr/local/www/apache24/data -type f -exec chmod 644 {} \; # Rocky Linux # chown -R youruser:apache /var/www/html # find /var/www/html -type d -exec chmod 755 {} \; # find /var/www/html -type f -exec chmod 644 {} \; On Rocky Linux there is a second gatekeeper: SELinux. Files under /var/www/html are automatically labeled so Apache may read them. If you serve a site from elsewhere (a directory under /home, say), you must apply that label yourself — the Virtual Hosting page shows how.
	Securing Apache
	A few settings in an Includes/ or conf.d/ file reduce what Apache reveals and disable directory listings: ServerTokens Prod # Server: header says only "Apache", not the version ServerSignature Off # remove the version footer from error pages Use Options -Indexes so a directory without an index file does not show a generated file listing, and reload after any change — testing the configuration first so a typo can't take every site down: # apachectl configtest && service apache24 reload # FreeBSD # apachectl configtest && systemctl reload httpd # Rocky Linux Password-protected directories (htpasswd), MIME types, and server-side includes are documented in Apache's own reference; the loadable modules behind those and many other features are covered just below. Keep Apache patched as part of the routine on the Securing Your VPS page.
	Dynamic Modules
	Apache 2.4’s features are split into modules, and almost all of them are built as DSOs — Dynamic Shared Objects, the mod_*.so files kept under /usr/local/libexec/apache24/ on FreeBSD and /usr/lib64/httpd/modules/ on Rocky Linux. “Dynamically loaded” means a module is not compiled into the Apache binary; instead it is loaded at startup only if a LoadModule line names it — so you add or drop a capability by editing one line and reloading, with no recompiling. The single module compiled in statically is mod_so, the loader that makes loading all the others possible. See exactly what is active right now with httpd -M: $ httpd -M # all loaded modules (static and shared) $ httpd -M | grep rewrite # check whether a specific one is on A LoadModule line names the module and the file it lives in (the path differs by system): LoadModule rewrite_module libexec/apache24/mod_rewrite.so # FreeBSD LoadModule rewrite_module modules/mod_rewrite.so # Rocky Linux The module names are the same on both systems. The ones worth knowing on a typical web-and-PHP VPS, and what each is for:  Module   What it does   mod_so   Loads every other dynamic module; the one module built in statically, so it is always present   mod_mpm_event   The multi-processing engine that accepts and dispatches connections; the default, and the right MPM to pair with PHP-FPM   mod_ssl   HTTPS/TLS support — enables <VirtualHost *:443> and the SSL* directives (on Rocky, dnf install mod_ssl)   mod_rewrite   Rule-based URL rewriting and redirects (RewriteRule)   mod_alias   Simple URL mapping: Alias, ScriptAlias, and Redirect   mod_headers   Add or modify request/response headers — used for HSTS and cache-control   mod_deflate   gzip-compresses responses to cut bandwidth and speed up page loads   mod_expires   Sets Expires/Cache-Control so browsers cache static assets   mod_proxy   The proxying foundation the other mod_proxy_* modules build on   mod_proxy_fcgi   Forwards requests to a FastCGI process — how PHP-FPM is served   mod_proxy_http   Reverse-proxies to an HTTP application server (Node, Python, etc.) behind Apache   mod_auth_basic   HTTP Basic password authentication for protected directories   mod_authn_file   Checks usernames and passwords against an htpasswd file   mod_authn_core / mod_authz_core   Core authentication/authorization providers behind the Require directive   mod_authz_host   Allow or deny by client address or hostname (Require ip, Require host)   mod_dir   Serves a directory’s index file (DirectoryIndex, e.g. index.html)   mod_autoindex   Generates an automatic file listing when a directory has no index (Options Indexes)   mod_mime   Maps filename extensions to content types and handlers   mod_negotiation   Content negotiation — serves the best language or type variant of a resource   mod_setenvif   Sets environment variables from request attributes, for conditional configuration   mod_include   Server-Side Includes (SSI) — assembles pages from .shtml fragments   mod_cgi / mod_cgid   Runs CGI scripts (mod_cgid is the variant used with threaded MPMs)   mod_log_config   Defines the access-log format (LogFormat, CustomLog)   mod_userdir   Per-user web sites served from ~/public_html   mod_vhost_alias   Dynamic mass virtual hosting driven by a directory layout   mod_dav / mod_dav_fs   WebDAV — read/write file access to a directory over HTTP   mod_status   Publishes a live /server-status page of worker and traffic statistics (restrict it!)   mod_info   Publishes a /server-info dump of the running configuration (restrict it!)   mod_security (3rd-party)   A web-application firewall that filters malicious requests; pkg install on FreeBSD, dnf install from EPEL on Rocky
	Enabling and Disabling Modules
	FreeBSD lists every shipped module’s LoadModule line in httpd.conf, with the commonly-disabled ones commented out behind a leading #. Rocky Linux instead organizes those lines into small files under /etc/httpd/conf.modules.d/, and ships some modules (such as mod_ssl) as their own package that drops in its own config. To turn a module on, uncomment or add its LoadModule line — or install the package that provides it — and reload, always testing the configuration first: # FreeBSD: edit /usr/local/etc/apache24/httpd.conf, then # apachectl configtest && service apache24 reload # Rocky Linux: edit /etc/httpd/conf.modules.d/00-optional.conf, then # apachectl configtest && systemctl reload httpd apachectl configtest — run it every time before reloading — catches the most common module mistake: enabling a module whose dependency is still unloaded. Apache refuses to start and the error names the missing piece. To disable a module, comment its line back out and reload. Webmin’s Apache module presents every available module as a checkbox, which is often easier than editing the files by hand. WARNING: mod_status and mod_info are invaluable for debugging but expose internal details of your server. If you enable either, wrap its <Location> block in a Require ip … rule (or Basic-auth protection) so only you can reach it — never leave /server-status open to the public Internet.
	Documentation
	Apache HTTP Server Documentation