Rob's web

Vhostst

Naming

Every webhost needs a name. Standard we use www for websites. Do you have more websites on the same domain you need to give them a different name.

The use of only the domainname is not a good one. The reason is comport fo the visitor when typing the URL to your site.

Best practice

Give the main website the name www.example.com and create a redirect from the example.com vhost. This mean you make two virtual hosts. When visiters enter example.com they are redirected to www.example.com. Search engines and other sites will use a direct link to www.example.com.

Don't use rewrite because it's difficult and messy.

Subdomains to use for http

Subdomains
SubdomainUse
 Not recommended
wwwFor primary website
blogWeblog if not primary website else use www
webmailWebmail server
cloudCloudserver for your domain
forumForum
mta-stsSpecial use for MTA TLS traffic.

HTTP vhosts

Save the template as vhost.con in de vhosts.d dir so it won't start.

vhost.con

# cd /etc/http/conf/
# mkdir vhosts.d
# cd vhosts.d
# vi vhost.con

Add the code below:

<VirtualHost *:80>
  ServerName example.com

  redirect 301 / http://www.example.com
</virtual>

<VirtualHost *:80>
  ServerAdmin webmaster@example.com
  ServerName www.example.com

  CustomLog /var/log/httpd/www.example.com-access_log combined
  ErrorLog /var/log/httpd/www.example.com-error_log
  HostnameLookups Off
  UseCanonicalName Off
  ServerSignature On
  
  DocumentRoot /srv/www/vhosts/www.example.com/httpdocs
  <Directory "/srv/www/vhosts/www.example.com/httpdocs">
    Options +Indexes
    AllowOverride All
    Require all granted
  </Directory>
</virtual>

When you need CGI scripting remove last </virtual> and add:

  ScriptAlias /cgi-bin/ "/srv/www/vhosts/www.example.com/cgi-bin/"
  <Directory "/srv/www/vhosts/www.example.com/cgi-bin">
    Options +ExecCGI -Includes
    AllowOverride None
    Require all granted
  </Directory>
</VirtualHost>

Now for using it for <url>:

# cd /etc/httpd/conf/vhosts
# cp vhost.con <url>.conf

Change www.example.com to the <url> inside the config file.

When to use this template

  1. Website will not need HTTPS.
  2. When you use lets encrypt for HTTPS.
  3. Website is an .onion TOR site.

Ad 1. This is not a safe option. Consider to use lets-encrypt. Search engines don't like HTTP sites. IF you host a public NTP server you can use it to redirect traffic.

Ad 2. The website that get lets-encrypt needs to be http only. After the certificates are created and added the config file will we adjusted for correct workings. We than need a redirect to https. See also below on correct redirecting.

Ad 3. This use only the second virtualhost. Remove the first.

HTTPS vhosts

Correct redirecting

In case of redirecting, a domain should firstly upgrade itself by redirecting to its HTTPS version before it may redirect to another domain. This also ensures that the HSTS policy will be accepted by the web browser. Examples of correct redirect order:

  1. http://example.nl ⇒ https://example.nl ⇒ https://www.example.nl
  2. http://www.example.nl ⇒ https://www.example.nl

Both will we created in the template.

vhosts.con

Lets make a template for HTTPS use:

# cd /etc/http/conf/vhosts.d
# vi vhosts.con

Add the code below:

<VirtualHost *:80>
        ServerName example.com

        Redirect 301 / https://example.com/
</VirtualHost>

<VirtualHost *:443>
        ServerName example.com

        SSLEngine on

        SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
        SSLCertificateFile /etc/pki/tls/certs/example.com.crt
        SSLCertificateChainFile /etc/pki/tls/certs/example.com_ca-bundle.pem

        Include /etc/httpd/conf/vhssl.conf

        Redirect 301 / https://www.example.com
</VirtualHost>

<VirtualHost *:80>
        ServerName www.example.com

        Redirect 301 / https://www.example.com/
</VirtualHost>

<VirtualHost *:443>
        ServerAdmin webmaster@example.com
        ServerName www.example.com

        CustomLog /var/log/httpd/www.example.com-access_log combined
        ErrorLog /var/log/httpd/www.example.com-error_log
        DirectoryIndex index.html index.html.var index.htm index.shtml index.php
        
        SSLEngine on

        SSLCertificateFile /etc/pki/tls/certs/example.com.crt
        SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
        SSLCertificateChainFile /etc/pki/tls/certs/example.com_ca-bundle.pem

        Include /etc/httpd/conf/vhssl.conf

        DocumentRoot /srv/www/vhosts/www.example.com/httpsdocs
        <Directory "/srv/www/vhosts/www.example.com/httpsdocs">
                Options +Indexes +FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>

        ScriptAlias /cgi-bin/ "/srv/www/vhosts/www.example.com/cgi-bin/"
        <Directory "/srv/www/vhosts/www.example.com/cgi-bin">
                Options +ExecCGI -Includes
                SSLOptions +StdEnvVars
                AllowOverride None
                Require all granted
        </Directory>

</VirtualHost>

Now for <url>:

If your website don't need cgi-bin then remove the ScriptAlias /cgi-bin/ part in the setup of the vhost.

# cd /etc/httpd/conf/vhosts.d
# cp vhosts.con <url>.conf

Change www.example.com to the <url> inside the config file.

The first two virtual host are only needed when you setup the primairy website that gets the www subdomain. Use example.com only as a redirect to www.example.com for easy entry on the URL line in the browser.

Setting up directories for https

Between steps you can use ll to see if it went OK.

To check the con (selinux) type ll -Z.

When you don't need cgi-bin skip it. you can always add it later when needed.

Only the first time:

# cd /srv/www
# mkdir vhosts
# chcon -t httpd_sys_content_t vhosts

For every new vhost:

# cd /srv/www/vhosts/
# mkdir www.example.com
# cd www.example.com
# mkdir httpsdocs
# mkdir cgi-bin
# chown root:users httpsdocs cgi-bin
# chcon -t httpd_sys_script_exec_t cgi-bin

When you make a directory for a CMS site:

# chown apache:apache -R httpsdocs/
# chcon -R -t httpd_sys_rw_content_t *