Overview
Virtual hosts means hosting more than one website’s on
Apache web server.
The purpose of this guide is to configure virtual hosts on a
different ports and different document content folder. It
is always a best practice to configure SELinux
in enforcing mode to have extra
layer of security on the server that is exposed to the internet domain.
Applies To
Tested on RHEL 7, CentOS 7.
Pre-Requisites
·
apache
httpd
·
policycoreutils-python
(semanage command)
Configure Apache – VirtualHost
One of the features with apache is configuring virtualhost
for hosting multiple websites on a webserver and configuring these website on a
different ports also.
All the configurations has to be done with “apache” user. Daemon
start/restart/status command should be executed with “root” user.
Default – Listen
Next we will list the “Listen” directive (port to listen)
that has been configured. By default this directive is configured to listen on
port “80”; run the command;
cat /etc/httpd/conf/httpd.conf |
grep ^Listen
Default – DocumentRoot
First and foremost thing that has to be done is to know the
“DocumentRoot” directive that has
been configured in apache main configuration file “httpd.conf”. By default this directive is configured as “/var/www/html”.
cat /etc/httpd/conf/httpd.conf |
grep ^DocumentRoot
Default – List DocumentRoot
Next we will list the folder DocumentRoot “/var/www/”, run the command;
cd /var/www/ ; ll
New Website Directory
Create the new website directory, where we intend create new
website and change the owner of the folder to apache user and group.
mkdir -v /var/www/example{2..3};
cd /var/www/
chown -R apache:apache example{2..3}
; ll
Add Listen
Next step is to configure listen port directive, edit “httpd.conf” and add the directive entries as below.
Listen :80
Listen :81
Listen :82
Add VirtualHost Directive
Next step is to create a new VirtualHost directive entries
for different ports, as below.
Default Port – 80
Configuration directives for port 80 and virtual host.
<VirtualHost
*:80>
ServerAdmin admin@domain.com
DocumentRoot "/var/www/html"
ServerName example1.domain.com
ServerAlias example1.domain.com
ErrorLog
"/var/log/httpd/example1/error_log"
CustomLog
"/var/log/httpd/example1/access_log" common
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
Alternate Port – 81
Configuration directives for port 81 and virtual host.
<VirtualHost
*:81>
ServerAdmin admin@domain.com
DocumentRoot "/var/www/example2"
ServerName example2.domain.com
ServerAlias example2.domain.com
ErrorLog
"/var/log/httpd/example2/error_log"
CustomLog
"/var/log/httpd/example2/access_log" common
<Directory /var/www/example2>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
Alternate Port – 82
Configuration directives for port 82 and virtual host.
<VirtualHost
*:82>
ServerAdmin admin@domain.com
DocumentRoot "/var/www/example3"
ServerName example3.domain.com
ServerAlias example3.domain.com
ErrorLog
"/var/log/httpd/example3/error_log"
CustomLog
"/var/log/httpd/example3/access_log" common
<Directory /var/www/example3>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
Parse Config File
To show the settings as parsed from the config file and show
errors in the configuration, run the command;
httpd -S
Note: In this case log file directories are not created, hence the
check has failed.
Create – Log Directories
Next step is to create log directories for “example1”, “example2” and “example3”
in “/var/log/httpd/”. In this
directory all the access and error logs will be generated and stored, to create
these directories run the command;
mkdir -v /var/log/httpd/example{1..3}
Validate Syntax
After parsing the configuration file, next we will check for
syntax errors to validate the syntax, run the command; if no issues are found “Syntax OK” will be displayed.
httpd -t
Parse Config File
After creating the directory, rerun the parse config file
and show errors if any, if no errors are reported, it will list all the main
parameters configured, run the command
httpd -S
Restart Service – httpd
After validating the configuration and verifying the syntax,
next you can go ahead and restart the httpd service and check the service
status.
systemctl restart httpd
systemctl status httpd -l
SELinux Status
To know the SELinux Status and current enforcement mode
configured run the command; if the “SeLinux
status” is enabled and current mode is set to “enforcing”; SELinux configuration is required else ignore these
steps.
sestatus | grep 'SELinux status\|Current mode'
Add Network port type
Since SELinux is enabled, next step is to add network type
port type definitions for SELinux to authorize ports 80 – 82 for http traffic, run
the command.
semanage port -d -t http_port_t
-p tcp 80
semanage port -d -t http_port_t
-p tcp 81
semanage port -d -t http_port_t
-p tcp 82
semanage port -l | grep -w "http_port_t"
or semanage port -l | grep
http_port_t
Modify Security Group
Add new rules to the “Inbound rules” in the
AWS Security group for all the ports that needs to access from outside.
Launch Websites
To demonstrate these settings and configuration is working,
we will create a “index.html” file
with a sample html content page as per the website numbers and different font
colors.
Website #1
<HTML>
<BODY>
<TITLE>
1st website </TITLE>
<H1>
<FONT
COLOR="brown"> This is First website's
default page </H1>
</H1>
</BODY>
</HTML>
Website #2
<HTML>
<BODY>
<TITLE>
2nd website </TITLE>
<H1>
<FONT
COLOR="green"> This is second
website's default page </FONT>
</H1>
</FONT>
</BODY>
</HTML>
Website #3
<HTML>
<BODY>
<TITLE>
3rd website </TITLE>
<H1>
<FONT
COLOR="blue"> This is third website's
default page </FONT>
</H1>
</FONT>
</BODY>
</HTML>
No comments:
Post a Comment