Apache HTTPD is one of the most used web servers on the internet. A web server is a daemon that speaks the http(s) protocol, a text-based protocol for sending and receiving objects over a network connection. The term Virtual Host refers to the practice of running more than one website (such as site1.thegeeksearch.com and site2.thegeeksearch.com) on a single machine.
There are 2 types of Virtual hosts, they are:
IP-Based Virtual Host: If you need to have two websites (with two different ip-addresses) on the server that runs Apache, then that physical server should have two different ip-addresses configured.
Name-Based Virtual Host: when Apache web server receives a request it looks for the hostname in the HTTP header and depending on the hostname it serves different websites. This is very easy, as you need only one ip-address on that physical server; but you have to update the DNS with multiple website names pointing to the same ip-address.
I am not going to deep on the types of Virtual Host here. Let us check how to configure the Virtual Host in CentOS/RHEL 7. First we need to install the HTTP (apache) package on the server using YUM. Run the following command to install the HTTP package.
# yum install httpd -y
run “rpm -qlc httpd” command to list all the configuration files in the HTTPD package.
# rpm -qlc httpd
The default configuration file is /etc/httpd/conf/httpd.conf. In this file we have a lot of configuration directives. Let us check some of the important directives in the httpd.conf file.
1. This directive specifies where httpd will look for any files referenced in the configuration files with a relative path.
2. This directive tells httpd to start listening on port 80/tcp on all interfaces. To only listen on selected interfaces, the syntax is “Listen 126.96.36.199:80“.
3. This directive includes other files, as if they were inserted into the configuration file in place of the Include statement.
4,5. These 2 directive specify the user and group the httpd daemon should run as.
6. some error pages generated by httpd can include a link where users can report a problem. Setting this directive to a valid email address will make a webmaster easier to contact for users.
7. A <Directory> block sets configuration directives for a specified directory, and all descendant directories. Common directive inside the
- AllowOverride None: .htaccess files will not be consulted for per directory configuration settings. Setting this to any other setting will have a performance penalty, as well as the possible security ramification.
- Require All Denied: httpd will refuse to serve content out of this directory, returning a HTTP/1.1 403 Forbidden error when requested by a client.
- Require All Granted: Allow access to this directory. Setting this on a directory outside of the normal content tree can have security implications.
- Options [[+|-] OPTIONS]…: Turn on (or off) certain options for a directory. For example, the Indexes option will show a directory listing if a directory is requested and no index.html file exists in that directory.
8. This setting determines where httpd will search for requested files. it is important that the directory specified here in both readable by the httpd (both regular and SELinux Permission).
There are many other directives in httpd.conf you could refer man pages to get more information on that.
# man httpd.conf
Let us configure the Virtual Host now. Virtual Host is configured using <VirtualHost> block inside the main configuration. To ease of administration, these Virtual Host blocks are typically not defined inside /etc/httpd/conf/httpd.conf, but rather in separate .conf files in /etc/httpd/conf.d/.
Create a file named site1.conf file under /etc/httpd/conf.d/ and add the following entries.
- This is the main tag of the block. The 192.168.1.11:80 part indicates to httpd that this block should be considered for all connections coming in on that IP/Port combination.
- Here is the DocumentRoot is being set, but only for within this virtual host.
- This setting is used to configure name-based virtual hosting. If multiple <VirtualHost> blocks are declared for the same IP/Port combination, the block that matches ServerName with the hostname: header sent in the client http request will be used.
- To help sorting mail messages regarding the different websites, it is helpful to set unique ServerAdmin mail address for all virtual hosts.
- The location of all error messages related to this virtual host.
- The location for all access messages regarding this virtual host.
- This provides access to the DocumentRoot Defined.
Now let us create a directory for DocumentRoot where we put our webpage. Run the following command to create the directory.
# mkdir -p /srv/site1/www
Create an index.html web-page to test the virtual host configuration using any editor. I am using cat command to create a test page here.
Now set the necessary SELinux Permissions. The default SELinux policy is restrictive as to what context can be read by httpd. The default selinux context for web server content is httpd_sys_content_t. We need to set this SELinux context to new DocumentRoot using semanage command. semanage command is a part of policycoreutils-python-2.2.5-11.el7.x86_64 package. Install it if the semanage command is not available on your system. Run the following commands to set the fcontext on /srv/site1/www .
# semanage fcontext -a -t httpd_sys_content_t '/srv/site1/www(/.*)?' # restorecon -Rv /srv/site1/www
start the httpd service and enable it on startup and create a firewall rule for httpd using the following commands.
# systemctl start httpd # systemctl enable httpd # firewall-cmd --add-service=http --permanent # firewall-cmd --reload
Check your webpage using a browser or elinks command to test the Virtual Host functionality.