In Apache2's configuration system, both sites-enabled and conf-enabled serve distinct purposes for modular configuration:
# Typical Apache2 directory structure
/etc/apache2/
├── sites-available/
├── sites-enabled/
├── conf-available/
└── conf-enabled/sites-enabled/ contains symbolic links to virtual host configurations in sites-available/. These define complete website configurations including:
- Document roots
- Server names
- Port bindings
- SSL configurations
# Example virtual host in sites-available/example.com.conf
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/example
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>conf-enabled/ contains links to general server configuration snippets from conf-available/ that affect the entire server:
- Module configurations
- Global security settings
- Performance tuning
- MIME type additions
# Example configuration in conf-available/security.conf
ServerTokens Prod
ServerSignature Off
FileETag NoneUse sites-enabled when:
- Configuring complete websites/virtual hosts
- Needing to bind specific configurations to domains/ports
Use conf-enabled when:
- Applying server-wide configuration changes
- Enabling module-specific settings
- Implementing global security policies
Both directories are processed during Apache startup, but with different inclusion patterns:
# In apache2.conf (Debian/Ubuntu):
IncludeOptional sites-enabled/*.conf
IncludeOptional conf-enabled/*.confThe loading order is:
- core modules
- conf-enabled/*.conf
- mods-enabled/*.load/.conf
- sites-enabled/*.conf
1. Always maintain configurations in *-available directories and symlink to *-enabled:
a2ensite example.com.conf
a2enmod rewrite2. For complex setups, consider this pattern:
sites-available/domain.tld.conf # Main Vhost
conf-available/domain-security.conf # Security rules
conf-available/domain-rewrites.conf # URL rewritesIn Apache's configuration system, both *-enabled and *-available directories serve distinct purposes:
/etc/apache2/
├── sites-available/
├── sites-enabled/
├── conf-available/
└── conf-enabled/
sites-* directories are specifically designed for virtual host configurations. Each file typically contains a complete <VirtualHost> block:
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
conf-* directories contain general configuration snippets that apply server-wide:
# Example security.conf snippet
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
Use sites-available/enabled when:
- Configuring virtual hosts
- Setting up domain-specific configurations
- Managing SSL certificates per site
Use conf-available/enabled when:
- Implementing global settings (security, logging)
- Loading modules or setting environment variables
- Applying configurations affecting all virtual hosts
Both use symlinks, but with different commands:
# For sites
sudo a2ensite example.conf
sudo a2dissite example.conf
# For conf files
sudo a2enconf security.conf
sudo a2disconf security.conf
The files load in this sequence:
- conf-enabled/ (alphabetical order)
- sites-enabled/ (alphabetical order)
This means conf settings can be overridden by site-specific configurations.
Here's how you might structure a real deployment:
# In conf-available/security.conf:
<IfModule mod_headers.c>
Header always set X-Content-Type-Options nosniff
</IfModule>
# In sites-available/example.com.conf:
<VirtualHost *:443>
Header always set Strict-Transport-Security "max-age=63072000"
# Other site-specific configs...
</VirtualHost>