Every step you do for the end user, adds responsibility. If your apache install opens a security hole, it is your problem. If they don't setup apache properly, it is their problem. (Security issues rarely result in _OUR_ problem).

Not knowing the total scope of your application, but having a large app of my own, things I run into are:

• Make upgrades easy (preserve previous settings)
• Be able to compare the installation/configuration on a client "test" machine to a client "production" machine.
• Watch out for Windows boxes