Thursday, 23 June 2011

HTTP/HTTPS -- Configure a virtual host

If you are coming from a Windows background virtual hosts are the equivalent of hosting several websites using host headers.
In my case I have created a couple of CNAME aliases on my DNS server for, so that and both point to, the ip address of the Apache server. You can replicate this by modifying your /etc/hosts file if you don't want to be using a DNS server. Note that this needs to be added to the client too.

I can now edit the Apache config file (/etc/httpd/conf/httpd.conf) like this:
NameVirtualHost *:80

<VirtualHost *:80>
    DocumentRoot /var/www/rhel6virtual/
    ErrorLog logs/rhel6virtual
    CustomLog logs/rhel6virtual common
<VirtualHost *:80>
    DocumentRoot /var/www/rhel6morevirtual
    ErrorLog logs/rhel6mv
    CustomLog logs/rhel6mv common
I now create the DocumentRoot directories:
mkdir /var/www/rhel6virtual; mkdir /var/www/rhel6morevirtual
and add a file to each directory to allow easy testing:
  echo "More Virtual" > /var/www/rhel6morevirtual/index.html; 
  echo "Virtual" > /var/www/rhel6virtual/index.html
You can now restart Apache:
httpd -k restart
So now if you visit you'll see a web page that simply says Virtual and if you visit you'll see a web page that simply says More Virtual.

Installing Apache has already been covered here. You can check the rather long list of SELinux settings with:
getsebool -a | grep httpd
For an explanation of what each settings does, check this manual page out:
man httpd_selinux
In order to prevent access to the websites you can use iptables (don't forget to save the configuration), e.g.
 iptables -I INPUT -p tcp --dport 80 -s -j DROP
or you can edit the configuration file for Apache, add the following to the second virtual host from above:
 <Directory "/var/www/rhel6morevirtual/">
         Options            Indexes FollowSymLinks
         AllowOverride      None
         Order              deny,allow
         Allow              from
         Deny from all
Only can see rhel6morevirtual now.

In order to prohibit users from accessing the web server, you first need to allow users to use it, so add a user and password with the following command (The -c creates the file, so it's only needed the first time):
 htpasswd -cm /etc/httpd/conf/apachepass myuser
Now, edit the Apache config file and inside the directory directive for "/var/www/rhel6morevirtual/" add:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/httpd/conf/apachepass
Require user myuser
Restart Apache and now the only user that can see rhel6morevirtual will be myuser.

Note that an alternative to this method is to use the .htaccess file. In this method  we create an .htaccess file on the target directory /home/myuser/public_html/ in my case.

Edit the .htaccess file and enter the following :
AuthType Basic
AuthName "Restricted to myuser"
AuthUserFile /home/myuser/public_html/.htauthusers
Require valid-user
You now need to run:
htpasswd -c .htauthusers myuser
If you try to visit the page, you'll be prompted for a username and password. The beauty of this method is that it allows users without root access to restrict access to "their" web site.

No comments:

Post a Comment