CentOS – Apache Virtual Hosts

  Uncategorized

Create the Directory Layout

In this example we’ll be creating two domains, domain1.com and domain2.com

As the default permissions only allow us, the ‘demo’ user, to browse our home folder, let’s start off by giving Apache access to this folder as well:

chmod 755 /home/demo

OK, now we need to create the directory structure for our sites.

In your home directory create a ‘public_html’ folder:

cd ~
mkdir public_html

Now, for each domain we want to host, create a folder with a standard set of sub-folders:

mkdir -p public_html/domain1.com/{public,private,log,cgi-bin,backup}

and

mkdir -p public_html/domain2.com/{public,private,log,cgi-bin,backup}

That will create the folders public, private, log, cgi-bin and backup for each of our domains (domain1.com and domain2.com).

index.html

The content of the public folder is, entirely, up to you but for this example I am going to use a very simple HTML file so we can check that the virtual hosts work correctly:

For each domain let’s create the index.html file:

nano public_html/domain1.com/public/index.html

add the following to the file:

<html>
  <head>
    <title>domain1.com</title>
  </head>
  <body>
    <h1>domain1.com</h1>
  </body>
</html>

Repeat the process so you have a similar file for domain2.com (simply replace all instances of ‘domain1.com’ with ‘domain2.com).

Now that we have a basic structure for our two domains we can look at defining the two virtual hosts.

NameVirtualHosts

With the virtual hosts, one thing to note that often catches people off guard is the NameVirtualHost setting.

For each port that Apache listens to, we need to define a NameVirtualHost. The issue that people sometimes overlook lies in the fact that you can only define it once per port.

Be careful that you do not add the same NameVirtualHost twice as adding another one will cause warnings and errors.

Let’s go ahead and uncomment the generic NameVirtualHost in the Apache configuration.

Navigate to the /etc/httpd/conf directory and open the main Apache configuration file (httpd.conf):

sudo nano httpd.conf

Towards the bottom of this file you will want to uncomment out the generic NameVirtualHost as follows:

# Use name-based virtual hosting.
#
NameVirtualHost *:80
#
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.

Now we can restart Apache to initiate the changes:

sudo /etc/init.d/httpd restart

The following warning will be displayed as we still need to add our VirtualHosts

Stopping httpd:                                            [  OK  ]
Starting httpd: [Thu Dec 11 02:06:13 2008] [warn] NameVirtualHost *:80 has no VirtualHosts
                                                           [  OK  ]

Please keep in mind that this is only a warning and will not appear once we complete the following section.

Let’s move on.

Custom Virtual Hosts

We’ve setup the basics and now we’re ready to add our own virtual hosts so that we can start to serve our domains.

Let’s create the vhost for domain1:

sudo nano /etc/httpd/conf/httpd.conf

At the bottom of the httpd.conf file, we need to add the following:

# Place any notes or comments you have here
# It will make any customization easier to understand in the weeks to come
 
# domain: domain1.com
# public: /home/demo/public_html/domain1.com/
 
<VirtualHost *:80>
 
  # Admin email, Server Name (domain name) and any aliases
  ServerAdmin [email protected]
  ServerName  domain1.com
  ServerAlias www.domain1.com
 
 
  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html
  DocumentRoot /home/demo/public_html/domain1.com/public
 
 
  # Custom log file locations
  LogLevel warn
  ErrorLog  /home/demo/public_html/domain1.com/log/error.log
  CustomLog /home/demo/public_html/domain1.com/log/access.log combined
 
</VirtualHost>

OK good, now we need to reload Apache:

sudo /etc/init.d/httpd reload

Navigate

Now navigate to your site:

http://domain1.com

You should now see the contents of public/index.html being shown:

domain1.jpg

ServerAlias

Note that in the vhost file, we set a ServerAlias. Providing you have the DNS set up correctly you can also use that address:

http://www.domain1.com

Repeat as necessary

To create and enable domain2.com simply go through the process again:

sudo nano /etc/httpd/conf/httpd.conf
...
# Enter the details for domain2.com as per the example shown above

Then reload Apache:

sudo /etc/init.d/httpd reload

Finally, navigate to your second domain:

http://domain2.com
or
http://www.domain2.com

All being well, you will see the ‘domain2.com’ index file.

Log Files

As defined in your vhost in the Apache configuration, each domain has its own log files, lets take a quick look:

ls /home/demo/public_html/domain1.com/log/

The output is exactly as expected:

access.log  error.log

This makes for much easier analysis as each set of logs is self contained.

Default Vhost

Remember that although we created a vhost for domain1.com and domain2.com, if someone enters the IP address of the Cloud Server they are served the contents of the domain1.com vhosts.

Why are they served from that vhost?

Apache searches the enabled vhosts from the top down. Therefore, once it finds a matching vhost for the IP address entered, the contents of that domain are displayed. As we setup domain1.com initially in this example, the contents for this domain will be shown if you enter your Cloud Server’s IP address in a browser.

This is something to keep in mind when planning your websites. Do you want a particular domain to be the default? Do you want the IP address to have completely different content?

If you want the IP address to have separate content than your domains, you will need to create an additional vhost and use the IP of your Cloud Server as the ServerName.

Email

ServerAdmin

ServerAdmin [email protected]

Sets the email address for the server administrator – this will be used if you have setup the server to contact you on errors. It is also shown in the ServerSignature (if set to ‘Email’ – see below)

Domain Name

ServerName and ServerAlias

ServerName domain.com
ServerAlias www.domain.com

Sets the domain name for the virtual host. You can have as many aliases as required. For example, you can have domain.com and domain.net point to the same content.

Note this is not a rewrite rule (we’ll look at those later) but the domains defined here will serve the same content (assuming you have set the DNS to point to your Cloud Server IP).

Index Files

DirectoryIndex

DirectoryIndex index.html

Defines the index file (the ‘home’ page that is shown on entering the domain address). Useful if you have want the user to be directed to an alternate page or to a non-standard home page.

Do note this is not a good way of redirecting users as they may go directly to a non specified page such as domain.com/index.php whilst the DirectoryIndex will only work for those entering domain.com.

Documents

DocumentRoot

DocumentRoot /home/demo/public_html/domain.com/public

The location of the domain’s public files. Use an absolute path name.

Log Files

ErrorLog and CustomLog

LogLevel warn
ErrorLog  /home/demo/public_html/domain.com/log/error.log
CustomLog /home/demo/public_html/domain.com/log/access.log combined

Set the Log levels and the location for the Virtual Hosts log files. Very useful for easy analysis of the domain statistics.

Error Documents

ErrorDocument

ErrorDocument 404 /errors/404.html
ErrorDocument 403 /errors/403.html

Used for all the standard error messages.

In these examples I have an ‘errors’ folder in my public directory. I created each error document and place them in the ‘errors’ folder. The paths shown are relative to the DocumentRoot folder defined above.

If not defined, Apache will generated its own error pages. Custom error pages are more user friendly and can be customized as much, or as little, as you want.

Apache Footers

ServerSignature

ServerSignature On

Sets whether the server details are displayed in any server generated error pages or index lists. Options are On, Off and Email.

Note the level of detail in the signature is configured via ServerTokens which cannot be set in the Virtual Hosts file – only in the main httpd.conf. See the Apache Configuration article for more details.

If set to Email, the ServerAdmin email will be displayed.

cgi-bin

ScriptAlias

ScriptAlias /cgi-bin/ /home/demo/public_html/domain.com/cgi-bin/
<Location /cgi-bin>
  Options +ExecCGI
</Location>

Enables the cgi-bin location as defined by the custom virtual hosts layout. You can, of course, leave the cgi-bin in the DocumentRoot location if you so wish.

Directory

<Directory xxx/xxx>

<Directory /home/demo/public_html/domain.com/public>
  Options FollowSymLinks
</Directory>

Set the Options for the specified directory – the example shown allows the Option FollowSymLinks to be enable for the public directory of domain.com

Listed below are further Options that can be set:

Directory Browsing

Options

Options -Indexes

To turn off directory browsing use ‘-Indexes’ or ‘None’. To turn them on, use ‘+Indexes’.

SSI

Options

Options -Includes

This Option disables Server Side Inlcudes.

Symlinks

Options

Options -FollowSymLinks

Enable or disable the option to follow symlinks. Be careful with this option as it can lead to security risks (inadvertently linking to configuration folders).

Dejay Clayton made a good suggestion in using SymLinksIfOwnerMatch instead of FollowSymLinks.

The SymLinksIfOwnerMatch allows symbolic links to be followed only if the owner of the link is identical to the owner of the target file or directory. Thus preventing many of the security risks than a simple FollowSymlinks can create.

.htaccess

AllowOverride

AllowOverride None

Setting AllowOverride to none disables .htaccess support. Set to All to allow them.

You can also specify which .htaccess features to enable such as:

AllowOverride AuthConfig Indexes

The Apache AllowOverride docs has more information on the different features.

Remember to specifically protect your .htaccess file. This can be done in two ways:

Firstly rename it to something obscure and, secondly, deny access to the file from external sources:

AccessFileName .myobscurefilename
<Files ~ "^\.my">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

No Options

Options

Options None

This will turn off all the available options.

Hierarchy

Remember that the Options directives can be set per directory like this:

<Directory />
  AllowOverride None
  Options None
</Directory>
 
<Directory /home/demo/public_html/domain.com/public>
  AllowOverride All
</Directory>

This will turn of all Options and disable .htaccess support for all directories.

However, the second Directory setting will override the first and allow .htaccess support for the domain.com/public directory.

Summary

The Virtual Hosts directive is at once an easy tool to use and a very powerful one. My advice is to enter one setting and test it. Then enter the next setting and so on.

Once familiar you will see you have fine control over all of your web folders and files.

Views: 1

LEAVE A COMMENT

What is the capital of Egypt? ( Cairo )