1. Install package apache2

sudo apt-get install apache2

...
Setting up apache2 (2.4.10-10+deb8u7) ...
Enabling module mpm_event.
Enabling module authz_core.
Enabling module authz_host.
Enabling module authn_core.
Enabling module auth_basic.
Enabling module access_compat.
Enabling module authn_file.
Enabling module authz_user.
Enabling module alias.
Enabling module dir.
Enabling module autoindex.
Enabling module env.
Enabling module mime.
Enabling module negotiation.
Enabling module setenvif.
Enabling module filter.
Enabling module deflate.
Enabling module status.
Enabling conf charset.
Enabling conf localized-error-pages.
Enabling conf other-vhosts-access-log.
Enabling conf security.
Enabling conf serve-cgi-bin.
Enabling site 000-default.


A. Customize /etc/apache2/conf-enabled/security.conf (sudo)

#
# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
# Debian packages.
#
<Directory />
   AllowOverride None
   Require all denied
</Directory>


# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#ServerTokens Minimal
ServerTokens Prod 
#ServerTokens Full

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#ServerSignature Off
ServerSignature Off

B. Edit /etc/apache2/apache2.conf

    - Forbid access to /usr/share :
#<Directory /usr/share>
#       AllowOverride None
#       Require all granted
#</Directory>

    - Enable access to /srv/doi/www :
<Directory /srv/doi/www>
        Options FollowSymLinks
        AllowOverride FileInfo
        Require all granted
</Directory>


C. Edit /etc/apache2/sites-enabled/000-default.conf

    1.Define the document root
    
    TODO: use mail alias:

        ServerAdmin webmaster@localhost
        DocumentRoot /srv/doi/osug-doi/www

    2. Add mod_expires directives:
        # mod_expires:
        # enable expirations
        ExpiresActive On

        ExpiresDefault "access plus 1 week"
        ExpiresByType text/html "access plus 1 day"

    3. Enable mod_expires:
        a2enmod expires
        service apache2 restart


D. Customize logrotate on debian
   Debian 8 uses logrotate daily with 14 days only !

Edit /etc/logrotate.d/apache2 (as root):
/var/log/apache2/*.log {
        weekly
        missingok
        rotate 52