Apache HTTP Server is the most popular web server in the world and has been so since April 1996. It played a key role in the growth of the World Wide Web. It is estimated that Apache Server is serving 54.2% of all active websites and 53.3% of the top servers across all domains! In this post i will explain the basics of Name-Based Virtual Hosts Apache Configuration and Secure Sockets Layer (SSL) Apache Configuration on CentOS 6.
If you don’t know where to find Apache Configuration files on CentOS 6 read my post on “Install Apache Server on CentOS 6“.
1. Name-Based Virtual Host Configuration
You have two options when configuring Apache Virtual Hosts:
- IP-Based Virtual Host
- Name-Based Virtual Host Configuration.
The second (Name-Based) is recommended for most scenarios and this is the one we will be covering in this post.
Virtual Host configuration directory is located at /etc/httpd/conf.d/. This is where we put newly created Virtual Host conf files (vhost1.conf, vhost2.conf,…).
When defining a new Virtual Host we must start with “<VirtualHost *:80>” line. If you are defining SSL Virtual Host the port number of course probably changes to 443. We always end Virtual Host definition with </VirtualHost> line.
Between the beginning and ending line we can put our Virtual Host configuration directives. You can find a list of each Apache configuration directives available in the standard Apache distribution HERE.
When finished, Virtual Host configuration file should look something like this:
[root@foo1 ~]# cat /etc/httpd/conf.d/http1.conf <VirtualHost *:80> ServerAdmin info@geekpeek.net ServerName foo1.geekpeek1.net DocumentRoot /var/www/html/geekpeek1 ErrorLog /var/log/httpd/http1/geekpeek1-error.log CustomLog /var/log/httpd/http1/geekpeek1-common.log common </VirtualHost>
These are the “basic” Apache configurationdirectives that should be included in Virtual Host configuration file. Let’s explain quickly what these directives are all about.
ServerAdmin – This is the email address that the server includes in error messages sent to the client. When you get a 404 error this email will be displayed to user, enabling him to send a question regarding server availability.
ServerName – This is the hostname and port that the server uses to identify itself.
DocumentRoot – Directory that forms the main document tree visible from the web. This is the location to your HTML or PHP files that you want your web server to serve to the clients.
ErrorLog – Location where the server will log errors.
CustomLog – Sets filename and format of log file. In our case this is where common web server information will be logged.
There is one more thing we need to edit in the main Apache configuration file (/etc/httpd/conf/httpd.conf).
We need to set the “ServerName” directive (this is the FQDN of your web server) and NameVirtualHost *:80 directive in /etc/httpd/conf/httpd.conf. You can easily add this at the end of the conf file:
[root@foo1 ~]# /bin/echo "ServerName foo1.geekpeek.net" >> /etc/httpd/conf/httpd.conf [root@foo1 ~]# /bin/echo "NameVirtualHost *:80" >> /etc/httpd/conf/httpd.conf
If you are running web server on port 443 also, add another NameVirtualHost directive for 443 port.
[root@foo1 ~]# /bin/echo "NameVirtualHost *:443" >> /etc/httpd/conf/httpd.conf
If you followed this guide and successfully created Virtual Host configuration file, you can now test your Apache Configuration:
[root@foo1 ~]# service httpd configtest Syntax OK
If everything looks OK, you are ready to start your Apache web server!
[root@foo1 ~]# /etc/init.d/httpd start Starting httpd: [ OK ]
You can now try to access your website via browser by entering “http://servername”.
2. Apache Secure Socket Layer (SSL) Configuration
To configure Apache for SSL we need to install additional Apache SSL module called mod_ssl:
[root@foo1 ~]# yum install mod_ssl
After a successful installation of Apache SSL module we can configure Apache SSL Virtual Host. The configuration is similar to Virtual Host running on port 80, with some additional Apache configuration directives and additional configuration for port 443 of course.
Again we create a new Apache Configuration file at location /etc/httpd/conf.d/ and insert the following:
[root@foo1 ~]# cat /etc/httpd/conf.d/https1.conf
<VirtualHost *:80>
ServerAdmin info@geekpeek.net
ServerName foo2.geekpeek.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/ [R,L]
</VirtualHost><VirtualHost *:443> ServerAdmin info@geekpeek.net ServerName foo2.geekpeek.com DocumentRoot /var/www/html/https1 ErrorLog /var/log/httpd/https1/https1-error.log CustomLog /var/log/httpd/https1/https1-common.log common SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4+RSA:+HIGH:+MEDIUM:!LOW:!RC4 SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key </VirtualHost>
The first “VirtualHost” directive defines the service running on HTTP port 80. Since this Virtual Host is running explicitly on 443 port we only define “ServerAdmin” and “ServerName” directive.
We need to make sure, that clients, who connect to foo2.geekpeek.com on port 80 automatically get redirected (rewritten) to HTTPS. We can achieve this with “Rewrite Condition” and “Rewrite Rule” Apache Configuration directions.
In the second “VirtualHost” directive we define service running on HTTPS port 443.
This is where we define already known and explained Apache Configuration directives (ServerAdmin, ServerName, DocumentRoot, ErrorLog, CustomLog) and new additional SSL directives.
Quick explanation of SSL directives is:
SSLEngine – This is the SSL Engine Operation Switch. You can turn SSLEngine on or off or leave it optional.
SSLProtocol – This configures usable SSL/TLS protocol versions.
SSLCipherSuite – These are the web server Cipher Suites available for negotiation in SSL handshake.
SSLCertificateFile – This is the server PEM-encoded X.509 Certificate file. You can use the automaticaly generated self-signed certificate, or define your own signed certificate file.
SSLCertificateKeyFile – This is the server PEM-encoded Private Key file.
You can now test your Apache Configuration:
[root@foo1 ~]# service httpd configtest Syntax OK
If everything looks OK, you are ready to start your Apache web server!
[root@foo1 ~]# /etc/init.d/httpd start Starting httpd: [ OK ]
Try to access your website via browser by entering “https://servername”.
3. Possible errors on Apache start
There are a couple of basic errors you could end up when starting/restarting you Apache web server and we will be covering on how to fix them.
Starting httpd: httpd: apr_sockaddr_info_get() failed for foo1.geekpeek.net httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
You are seeing this error because you did not define ServerName directive in file /etc/httpd/conf/httpd.conf. Just add “ServerName FQDN” to your httpd.conf and restart your Apache. The error should dissapear!
[Fri Aug 02 10:05:08 2013] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Fri Aug 02 10:05:08 2013] [warn] _default_ VirtualHost overlap on port 80, the first has precedence
To remove this error add “NameVirtualHost” directive to /etc/httpd/conf/httpd.conf. For port 80 you must add “NameVirtualHost *:80” and for port 443 you must add “NameVirtualHost *:443”. When you will restart your Apache this error will not appear anymore!
[Fri Aug 02 10:09:42 2013] [warn] NameVirtualHost *:443 has no VirtualHosts
This error indicates there are TOO MANY “NameVirtualHost” directive in /etc/httpd/conf/httpd.conf or Virtual Host configuration files at /etc/httpd/conf.d location. By removing additional “NameVirtualHost” directives and leaving just one for every port (80 and 443) this error will not appear anymore!