User Tools

Site Tools


apache:virtual_host

Apache Configuration

httpd

Configuration

  • The apache configuration file is located per default under /etc/httpd/conf/httpd.conf
  • In addition configuration files from /etc/httpd/conf.d/*.conf are being loaded from httpd.conf
Each configuration changes requires a reload or restart of the Apache service to take effect.

Syntax check httpd.conf

:!: Make sure each time you edited the httpd.conf file that there's no typo:

httpd -t
Syntax OK

Manage the Apache process

After each configuration change (whithin httpd.conf or conf.d/*) the Apache service must be reloaded (or restarted):

service httpd reload

Restart apache:

service httpd restart

Show the process status:

service httpd status

Show all VirtualHosts configured

The command check's the syntax as well. Per default it will check the httpd.conf file. For an other config file use the -f switch.

httpd -S
VirtualHost configuration:
192.168.63.248:80      example.com (/etc/httpd/conf/httpd.conf:1282)
wildcard NameVirtualHosts and _default_ servers:
*:443                  www.secure.com (/etc/httpd/conf/httpd.conf:1072)
*:80                   is a NameVirtualHost
         default server example.com (/etc/httpd/conf/httpd.conf:1024)

Syntax OK

httpd.conf - Using Name-based Virtual Hosts

To use name-based virtual hosting, you must designate the IP address (and possibly port) on the server that will be accepting requests for the hosts. This is configured using the NameVirtualHost directive. In the normal case where any and all IP addresses on the server should be used, you can use * as the argument to NameVirtualHost. If you're planning to use multiple ports (e.g. running SSL) you should add a Port to the argument, such as *:80. Note that mentioning an IP address in a NameVirtualHost directive does not automatically make the server listen to that IP address. See Setting which addresses and ports Apache uses for more details. In addition, any IP address specified here must be associated with a network interface on the server.

The next step is to create a <VirtualHost> block for each different host that you would like to serve. The argument to the <VirtualHost> directive should be the same as the argument to the NameVirtualHost directive (ie, an IP address, or * for all addresses). Inside each <VirtualHost> block, you will need at minimum a ServerName directive to designate which host is served and a DocumentRoot directive to show where in the filesystem the content for that host lives. Main host goes away

If you are adding virtual hosts to an existing web server, you must also create a <VirtualHost> block for the existing host. The ServerName and DocumentRoot included in this virtual host should be the same as the global ServerName and DocumentRoot. List this virtual host first in the configuration file so that it will act as the default host.

For example, suppose that you are serving the domain www.domain.tld and you wish to add the virtual host www.otherdomain.tld, which points at the same IP address. Then you simply add the following to httpd.conf:

NameVirtualHost *:80
 
<VirtualHost *:80>
ServerName www.domain.tld
ServerAlias domain.tld *.domain.tld
DocumentRoot /www/domain
</VirtualHost>
 
<VirtualHost *:80>
ServerName www.otherdomain.tld
DocumentRoot /www/otherdomain
</VirtualHost>

You can alternatively specify an explicit IP address in place of the * in both the NameVirtualHost and <VirtualHost> directives. For example, you might want to do this in order to run some name-based virtual hosts on one IP address, and either IP-based, or another set of name-based virtual hosts on another address.

Many servers want to be accessible by more than one name. This is possible with the ServerAlias directive, placed inside the <VirtualHost> section. For example in the first <VirtualHost> block above, the ServerAlias directive indicates that the listed names are other names which people can use to see that same web site:

ServerAlias domain.tld *.domain.tld

then requests for all hosts in the domain.tld domain will be served by the www.domain.tld virtual host. The wildcard characters * and ? can be used to match names. Of course, you can't just make up names and place them in ServerName or ServerAlias. You must first have your DNS server properly configured to map those names to an IP address associated with your server.

Finally, you can fine-tune the configuration of the virtual hosts by placing other directives inside the <VirtualHost> containers. Most directives can be placed in these containers and will then change the configuration only of the relevant virtual host. To find out if a particular directive is allowed, check the Context of the directive. Configuration directives set in the main server context (outside any <VirtualHost> container) will be used only if they are not overridden by the virtual host settings.

Now when a request arrives, the server will first check if it is using an IP address that matches the NameVirtualHost. If it is, then it will look at each <VirtualHost> section with a matching IP address and try to find one where the ServerName or ServerAlias matches the requested hostname. If it finds one, then it uses the configuration for that server. If no matching virtual host is found, then the first listed virtual host that matches the IP address will be used.

As a consequence, the first listed virtual host is the default virtual host. The DocumentRoot from the main server will never be used when an IP address matches the NameVirtualHost directive. If you would like to have a special configuration for requests that do not match any particular virtual host, simply put that configuration in a <VirtualHost> container and list it first in the configuration file.

Example virtual host configuration

<VirtualHost *:80>
  ServerName test.example.com
  DocumentRoot "/home/www/test.example.com/htdocs"
  CustomLog logs/test.example.com-access_log combined
  ErrorLog logs/test.example.com-error_log
  <Directory "/home/www/test.example.com/htdocs">
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "Developer Page example.com"
    AuthUserFile "/home/www/test.example.com/auth_example.com"
    Require user example admin
  </Directory>
  <Directory "/home/www/test.example.com/htdocs/phpMyAdmin">
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "Developer Page example.com"
    AuthUserFile "/home/www/test.example.com/auth_example.com"
    Require user example admin
  </Directory>
</VirtualHost>

httpd.conf - Defining index files

To specify index files apache should look for automaticaly, add the definitions like in the following example:

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents.  The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
DirectoryIndex index.html index.html.var index.php

Creating htaccess files for authentication

Creating a new file

This will create the file .access with an entry for the user admin

(the script will prompt for a password, can be created with mkpasswd first)

htpasswd -cm .access admin

If there is already an authentication file omit the -c (create) option

usage manual for htpasswd

Usage:
        htpasswd [-cmdpsD] passwordfile username
        htpasswd -b[cmdpsD] passwordfile username password
 
        htpasswd -n[mdps] username
        htpasswd -nb[mdps] username password
 -c  Create a new file.
 -n  Don´t update file; display results on stdout.
 -m  Force MD5 encryption of the password.
 -d  Force CRYPT encryption of the password (default).
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.
 -b  Use the password from the command line rather than prompting for it.
 -D  Delete the specified user.
On Windows, NetWare and TPF systems the ´-m´ flag is used by default.
On all other systems, the ´-p´ flag will probably not work. 

Settings

Limiting interfaces to listen on

The “Listen” directive allows you to bind Apache to specific IP addresses and/or ports, in addition to the default. See also the <VirtualHost> directive.

Change this to Listen on specific IP addresses as shown below to prevent Apache from glomming onto all bound IP addresses (0.0.0.0) e.g.

Listen 12.34.56.78:80

For example, to make the server accept connections on both port 80 and port 8000, use:

Listen 80
Listen 8000

To make the server accept connections on two specified interfaces and port numbers, use

Listen 192.170.2.1:80
Listen 192.170.2.5:8000 

Serving files from NFS

There is a problem the Sendfile function when serving from NFS mounted drives ( See http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile for reference).

It's best to deactivate the EnableSendfile option:

# EnableSendfile: Control whether the sendfile kernel support is
# used to deliver files (assuming that the OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems.  Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
#
EnableSendfile off

In addition the mmap feature should also be turned off hosting files on NFS.
(See http://httpd.apache.org/docs/2.2/misc/perf-tuning.html for reference).

#
# EnableMMAP: Control whether memory-mapping is used to deliver
# files (assuming that the underlying OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems.  On some systems, turning it off (regardless of
# filesystem) can improve performance; for details, please see
# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
#
EnableMMAP off

Active Directory Authentication with LDAP

:!: Requirement: You have to create a user within AD with read access.

<Location /repos/>
    DAV svn
    SVNParentPath /srv/svn/repos
 
    # Active Directory LDAP Authentication for Domain swisstxt.ad.prod
    AuthBasicProvider ldap
    AuthType Basic
    AuthzLDAPAuthoritative off
    AuthName "Subversion Repository Web Browsing"
    AuthLDAPURL "ldap://dc01.example.ad.local:3268/DC=example,DC=ad,DC=local?sAMAccountName?sub?(objectClass=*)"
    AuthLDAPBindDN "CN=AD-Read-UserName,OU=Users,DC=example,DC=ad,DC=local"
    AuthLDAPBindPassword "secret"
    require valid-user
    # require ldap-group CN=Developer Group,OU=Users,DC=example,DC=ad,DC=local
  </Location>
/srv/wiki.niwos.com/data/pages/apache/virtual_host.txt · Last modified: 2010/04/13 13:53 (external edit)