# Apache default vs. minimal install



## Mage (Nov 1, 2015)

I have been installing Apache with the default options for years. It crossed my mind that I should try using a minimal installation.

I’m able to turn off the options one by one without posting to this forum. I read at least the first 3 sentences of the documentation of each module. I realised that I have never used  most of them. I had no idea what they did. So I ended up turning off about 70% of the defaults on a test machine.

However, I’m not an Apache expert. Just because it starts up, it doesn’t mean it’s safe and optimal.

Question one: Is it worth to turn them off? Do I gain anything with that? The goal is just to save some memory. I use the default httpd.conf with few changes (Directories, Virtual hosts).

Question two: Is there something that I can turn off but it has a bad effect on the security / performance? Especially without me noticing it. This is the part where I lack the knowledge.

Our installations are simple: Apache24, virtual hosts: Phusion Passenger + Ruby on Rails. Event worker. No SSL. Behind CloudFlare.


----------



## Jeckt (Nov 2, 2015)

1) The biggest gain for turning them off is a shorter compile time, although it's impossible to activate them by accident if they don't exist. The most flexible method is to build most of them, then only load the ones you need.

2) You probably won't gain much security from modules themselves (aside from SSL). Some Apache modules increase performance. Caching a few static files in memory can help. The biggest gain will be http compression, and you'll always want this on, even at the lowest compression level (for files that can be compressed). When http/2 is considered stable, you may want that enabled.


----------



## ohauer (Nov 8, 2015)

Mage said:


> Question one: Is it worth to turn them off? Do I gain anything with that? The goal is just to save some memory. I use the default httpd.conf with few changes (Directories, Virtual hosts).


In Apache 2.4 most of the modules are not enabled by default in httpd.conf, so they do not need additional memory but keeping the default build/installation very flexible for most use cases.



> Question two: Is there something that I can turn off but it has a bad effect on the security / performance? Especially without me noticing it. This is the part where I lack the knowledge.
> 
> Our installations are simple: Apache24, virtual hosts: Phusion Passenger + Ruby on Rails. Event worker. No SSL. Behind CloudFlare.



Compare your httpd.conf with httpd.conf.sample from a default build (e.g extracted from official FreeBSD package).
I would say you need only the modules enabled by default in the httpd.conf.sample if they are sufficient for your requirement, but even then you save only one or two minutes build time.


----------

