Difference between revisions of "Redhat: Apache webserver Virtual Hosts"
(Created page with "== Virtual Hosts == Apache allows multiple websites to be hosted on the same system. This is useful given the limited number of IPv4 IP address available. This is done throu...") |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 63: | Line 63: | ||
== Secure Virtual Hosts == | == Secure Virtual Hosts == | ||
| + | |||
| + | For a webserver using https Redhat provides the ssl.conf file. In order to use this you will need to install mod_ssl using yum or RPM. | ||
| + | |||
| + | The ssl module needs to be loaded first: | ||
| + | |||
| + | <syntaxhighlight> | ||
| + | LoadModule ssl_module modules/mod_ssl.so | ||
| + | Listen 443 | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | There are a number of directives in ssl.conf, but no changes should be required. | ||
| + | |||
| + | Virtual Hosts are configures as before but with a slight difference. The port is 443 instead if 80. | ||
| + | |||
| + | In addition to the directives used define Standard Virtual Hosts, several SSL directives are added. | ||
| + | |||
| + | <syntaxhighlight> | ||
| + | SSLEngine On | ||
| + | SSLProtocol all -SSLv2 | ||
| + | SSLCipherSuite ALL: !ADH: !EXPORT: !SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW | ||
| + | SSLCertificateFile /etc/pki/tls/certs/localhost.cert | ||
| + | SSLCertificateKeyFile /etc/pki/tls/private/localhost.key | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | To deal with IE browsers: | ||
| + | |||
| + | <syntaxhighlight> | ||
| + | SetEnvIf User-Agent ".*MSIE.*" \ | ||
| + | nokeepalive ssl-unclean-shutdown \ | ||
| + | downgrade-1.0 force-response-1.0 | ||
| + | </syntaxhighlight> | ||
== SSL Certificates == | == SSL Certificates == | ||
| + | |||
| + | The Default certificate listed in ssl.conf will work for basic configs, you may need to by a certificate from the Certificate Authority. | ||
| + | |||
| + | Within the /etc/pks/tls/certs directory is a makefile used to produce ssl certificates for each virtualhost. However used the certificate is produced by the CA, browers will still ask to use if the want to access the websites as it will be intrusted. | ||
| + | |||
| + | To generate a certificate and write the keys and certificates to the correct directories. | ||
| + | |||
| + | <syntaxhighlight> | ||
| + | cd /etc/pks/tls/certs | ||
| + | genkey <hostname> | ||
| + | </syntaxhighlight> | ||
Latest revision as of 10:58, 25 August 2013
Virtual Hosts
Apache allows multiple websites to be hosted on the same system. This is useful given the limited number of IPv4 IP address available. This is done through virtual hosts that are defined in the httpd.comf file.
Regular Virtual Hosts
The first directive that must be enabled is:
NameVirutalHost *:80To use name based hosts leave the asterisk after the directive. Otherwise set the IP address for the local interface.
Port 80 is the default port of web pages. To direct all requiests via IP 192.168.122.50 on port 80, the virtual host would be defined as shown. But in most cases you would use the above directive so that all websites. It also allows DHCP to work.
<VirtualHost 192.168.122.50:80>
Example Virtual Hosts
<VirtualHost *:80>
ServerAdmin webmaster@boston1.example.com
DocumentRoot /www/docs/boston1.example.com
ServerName boston1.example.com
ErrorLog logs/boston1.example.com-error_log
EustomLof logs/boston1.example.com-error_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@boston2.example.com
DocumentRoot /www/docs/boston2.example.com
ServerName boston2.example.com
ErrorLog logs/boston2.example.com-error_log
EustomLof logs/boston2.example.com-error_log common
</VirtualHost>For the first Virtual Host:
- Error messages are emailed to webmaster@boston1.example.com
- Webpages are stored in teh DocumentRoot
- Clients call the websire through the server name
- The logs are sent to the paths relative to the Serverroot
Syntax Check
To check the syntax of the httpd.conf file run:
httpd -t
Syntax OKCheck Virtual Hosts
httpd -S
httpd -D DUMP_VHOSTSSecure Virtual Hosts
For a webserver using https Redhat provides the ssl.conf file. In order to use this you will need to install mod_ssl using yum or RPM.
The ssl module needs to be loaded first:
LoadModule ssl_module modules/mod_ssl.so
Listen 443There are a number of directives in ssl.conf, but no changes should be required.
Virtual Hosts are configures as before but with a slight difference. The port is 443 instead if 80.
In addition to the directives used define Standard Virtual Hosts, several SSL directives are added.
SSLEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL: !ADH: !EXPORT: !SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/localhost.cert
SSLCertificateKeyFile /etc/pki/tls/private/localhost.keyTo deal with IE browsers:
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0SSL Certificates
The Default certificate listed in ssl.conf will work for basic configs, you may need to by a certificate from the Certificate Authority.
Within the /etc/pks/tls/certs directory is a makefile used to produce ssl certificates for each virtualhost. However used the certificate is produced by the CA, browers will still ask to use if the want to access the websites as it will be intrusted.
To generate a certificate and write the keys and certificates to the correct directories.
cd /etc/pks/tls/certs
genkey <hostname>