Note: This is an RHCE 7 exam objective.
Prerequisites
First, follow the instructions to install an Apache web server.
Note: Don’t forget to install the httpd-manual package. This could help you a lot with any syntax issue.
Configuration Procedure
Let’s assume your website is called dummy-host.example.com.
Create the /var/www/html/dummy-host.example.com directory:
# cd /var/www/html # mkdir dummy-host.example.com
Create an index.html file and assign the correct SELinux context:
# echo "This is a test." > dummy-host.example.com/index.html # restorecon -R dummy-host.example.com
Create the /etc/httpd/conf.d/vhosts.conf file and paste the following lines:
<VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/html/dummy-host.example.com ServerName dummy-host.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost>
Optionaly, rename the /etc/httpd/conf.d/ssl.conf file, otherwise you get an additional non-working https virtual host displayed in the configuration.
# cd /etc/httpd/conf.d; mv ssl.conf ssl.conf2
Check the validity of the configuration:
# apachectl configtest Syntax OK
Note: You can also type: # httpd -t
Restart the httpd service:
# apachectl restart
Note1: You can also type: # systemctl restart httpd
Note2: For minor configuration changes, it is also possible to restart the Apache daemon without losing the current connections: # apachectl graceful
Check the virtual host(s) configuration:
# httpd -D DUMP_VHOSTS VirtualHost configuration: *:80 is a NameVirtualHost default server dummy-host.example.com (/etc/httpd/conf.d/vhosts.conf:1) port 80 namevhost dummy-host.example.com (/etc/httpd/conf.d/vhosts.conf:1) port 80 namevhost dummy-host.example.com (/etc/httpd/conf.d/vhosts.conf:1)
Testing Time
Check the configuration:
# yum install -y elinks # elinks http://dummy-host.example.com
Thank you for your awesome RHCE notes, I really appreciate your time and effort to help others.
Just in case few people might wonder, I like to add few notes here:
– Time is gold during the exam, it seems to me, the fastest and shortest command that you can run to install everything you need for httpd\apache questions is :
# yum groupinstall -y “Web server”
– Just to make sure you don’t get any read permission issues, perform below command when you are done creating directories and files under /var/www
– # chmod -R 755 /var/www
– Don’t forget to add your website name in /etc/hosts
– If you ever get a question to create another virtual host on a different port than port 80, don’t sweat, its easy, perform all the steps that are mentioned on this page with couple of modifications below :
1. Go to /etc/httpd/conf/httpd.conf and add a second “Listen” line with the given port, for example if the given port was 8080, you add a line like below
#Listen 12.34.56.78:80
Listen 80
Listen 8080
2. Go to /etc/httpd/conf.d/vhosts.conf ( or whatever the name of the file is) and change the port number in front of VirtualHost like below :
ServerAdmin webmaster@somewebsite.com
DocumentRoot /var/www/html/somewebsite.com
ServerName somewebsite.com
ErrorLog logs/somewebsite.com
CustomLog logs/somewebsite.com common
3. When you want to test the website, do :
# elinks http://somewebsite.com:8080
I hope this helps, if I’m wrong, someone will correct me 🙂
Thanks.
your vitual host config for the second website should be enclosed inside
and one should obviously open port 8080 on the firewall
Also use:https://www.certdepot.net/rhel7-use-selinux-port-labelling/
As you do not use one of the standard ports
Thank you for the tip. This is particularly good because by this you will get sample “ssl.conf” file where by just installing “httpd” you won’t be getting this config file.
BTW, in CentOS 7.4 the yum group is called “Basic Web Server”.
I was wondering, can we install httpd-manual and use it during exam?
Yes, I suppose you can.
For people who do not want to remember the syntax (it is worth to know also to other applications):
1. Let’s find mem and doc files:
rpm -qd httpd
2. Let’s check the file from above list:
/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf
3. Copy, paste and modify 🙂
Interesting. Thanks.
Hello All, is it normal to see 2 records for each vhost with the following command?
# httpd -D DUMP_VHOSTS
Hi, everything is working fine, but I’m trying to list the files in the directory but without any luck, instead it shows me the default index of Apache 123..,
This is my configuration, can someone point me what I’m missing?
Servername practice.example.com
Documentroot /var/web/practice
Options indexes
AllowOverride None
Require all granted
In the /etc/httpd/conf.d directory, rename the welcome.conf file welcome.conf.dist
Restart the httpd daemon with systemctl restart httpd
I’ve followed this tutorial as well as another one and can’t get this work. When I run the elinks test I get the “Unable to retrieve http://myvhost.example.com/: Host not found.
So from start to finish here’s what I did:
I installed httpd, started/enabled it, and added the service to the firewall.
Assuming my website is myvhost.example.com I created the /var/www/html/myvhost.example.com directory. While i’m in that directory I ran an echo “This is VHOST” > /var/www/html/myvhost.example.com/index.html
I then run a restorecon -R myvhost.example.com
Then inside the /etc/httpd/conf.d/myvhost.conf file
ServerAdmin admin@myvhost.example.com
DocumentRoot /var/www/html/myvhost.example.com
ServerName myvhost.example.com
ErrorLog logs/myvhost.example.com-error_log
CustomLog logs/myvhost.example.com-access_log common
I then restart the httpd service and run the elinks test and i get the error.
I’m not sure what i’m missing or doing wrong.
At a quick glance it looks ok. Is your host up. Ping and a port scan (nmap) on myvhost.example.com. Ask your self if the ipaddress is correct. Also check the SElinux status. What Port are you running on? Check the log files in /var/log/ for http errors
1. I can ping the IP address but not myvhost.example.com
(I had to recreate my test server so I didn’t get
around to installing a working DNS yet, so this might
just be that issue)
2. I’m running this on the default port 80
3. I’ve tried turning SELinux off completely and still
get the same error.
4. The /var/log/httpd/myvhost.example.com-error_log shows
nothing.
5. This test server has an IP address of
172.31.122.164/20 and I added that to the /etc/hosts
file as 172.31.122.164/20 myvhost.example.com
And what do you mean that i need to check if my IP address is correct and host is up? I can get the default RHEL Appache Test Page if that means anything.
Hi phil_guy412
Let me try to help, one step at a time.
No ping means no connectivity. You said your test server has an IP of 172.31.122.164 Whats the client’s IP? The issue could be “subnetting”
/20 = 255.255.240.0
According to your configurations:
Your Network = 172.31.112.0/20
Broadcast = 172.31.127.255/20
Usable IPS = 172.31.112.1 – 172.31.127.254
The easiest way to solve this problem without complicating network configurations, use the /24 subnet. /24 = 255.255.255.0
Its easy to work with /24.
Change your IP addresses to anything between 172.31.20.1 – 172.31.20.254 (for example)
server = 172.31.20.2/24
client1 = 172.31.20.3/24
client2 = 172.31.20.4/24
Then redefine the /etc/hosts entries. Once you do this, please let us know how it goes, then we can move on to next step of troubleshooting.
So now that I thought about it in regards to dns, I tried running elinks test with the IP address and it works haha. I’ll install a dns and see if I can get it to work then too.
I figured it out. I tried running the elinks test with only the IP address and it worked. It did not work with myvhost.example.com so I either had a DNS issue or just had to update my /etc/hosts file.
“Host not found” message should’ve been your first clue 🙂
What does myvhost.example.com resolve to?
What do you mean by that?
That’s exactly what I mean, the host has to resolve to some IP address. The error that you get “Host not found” means that the host cannot be found, implying there is no DNS record available for the host you try to resolve. The error message tells you what the problem is.
I have another question in general. If during the exam they ask me to configure a private directory for a specific user or group of users for a Virtual Host, do I just add the security options to the virtual host configuration?
For example…
ServerAdmin admin@myvhost.example.com
DocumentRoot /var/www/html/myvhost.example.com
ServerName myvhost.example.com
ErrorLog logs/myvhost.example.com-error_log
CustomLog logs/myvhost.example.com-access_log common
AuthType Basic
AuthName “Password Protected Area”
AuthGroupFile /etc/httpd/conf/htgroup
AuthUserFile /etc/httpd/conf/passwd
Require Group sales
I’m trying to test this now.
Close but not quite there yet, you have to put those authentication setting for the directory you want to secure, not the whole DocumentRoot.
phil_guy412 I recommend that you setup a local DNS server, and point all the test Workstations dns settings to the DNS Server.
It’s a good idea as part of RHCE, but a bit of a pain to setup.
Reference
https://www.certdepot.net/rhel7-configure-master-name-server/
And read the comments!
Hi
This might help answer your question.
https://youtu.be/4qIbuj36QTY
Hello everyone,
I’d like to verify one thing regarding HTTP configuration for RHCE exam. Does it matter whether I do configuration for basic web server (I mean not virtual), secure web page, confidential web hosting and dynamic webpage in the path “/etc/httpd/conf.d/” or in the path “/etc/httpd/conf/”.
I am asking because there is also an objective to configure virtual web hosting that should be configured in “/etc/httpd/conf.d/” for sure, but what about all others?
There is no problem with the path, they are working in both paths, I just don’t want to loose points even though it will work fine how it should.
For me it’s convenient to configure everything under one .conf file in /etc/httpd/conf.d/ rather than separately in ssl.conf, http.conf. So please, someone let me know asap as I am having the exam tomorrow. 🙂
Thanks a lot!
There is no way of knowing. I suggest you stick with the convention as detailed by Certdepot.
/etc/httpd/conf.d/
for vhosts.conf ssl.conf etc
/etc/httpd/conf/
for httpd.conf
This is a minor issue. Good luck with the exam.
I’ve just passed the exam with 241 points reached today but now I am sad because I have no idea where I could make a mistake…is there anyone who has passed the exam with 300 points? I’d like to discuss some of the topics with that person. Thanks. 🙂
Congratulations for this great achievement!
Congratulations,
Please remember you signed a Non Disclosure Agreement. There is no way of knowing, whether it is a mistake or a issue in the testing script. I have been through this issue. That is the Advantage of the RHCE exam.
Hello CertDepot,
Below is my virtual host config:
Options None
Allowoverride None
Require all granted
ServerAdmin root@srv5.rhce.local
ServerName srv5.rhce.local
ServerAlias srv5.rhce.local
DocumentRoot “/var/www/html”
LogLevel info
ErrorLog “logs/srv5-error.log”
CustomLog “logs/srv5-access.log” combined
[root@srv6 ~]# curl http://srv5.rhce.local/
srv5.rhce.local
Question:
These below two virtual hosts are not created but they open srv5.rhce.local webpage when I try to access them.
vhost10, vhost2 are only defined in /etc/hosts.
[root@srv6 ~]# curl http://vhost10.rhce.local/
srv5.rhce.local
[root@srv6 ~]# curl http://vhost2.rhce.local/
srv5.rhce.local
httpd.conf is on defaults, nothing has been changed.
Ideally they should not open ??
or what should be expected behavior ? when we try to open the hosts that does not exist.
There is a main server which consists of all the definitions appearing outside of VirtualHost sections, and it usually serves the following location “/var/www/html”.
The first name-based VirtualHost in the Apache configuration file for a given IP:port pair is very important because it is used for ALL requests received on that address and port for which no other VirtualHost for that IP:port pair has a matching ServerName or ServerAlias.
In other words, if there is no matching ServerName or ServerAlias for vhost10.rhce.local, Apache will serve the content for the main server, which is “/var/www/html”.
Tomas, thanks for replying to my query,
so this is normal behaviour.
Hi Certdepot,
Currently, I can access the (Vhost) websites via their ip:port (well, 1 of them), but not with website names.
Configuration :
cat /etc/httpd/conf.d/03_vhosts_basic.conf
Listen 81
Listen 62223
LT irectory “/srv/dummy/www” GT
Require all granted
LT /Directory GT
LT VirtualHost 10.10.100.1:62223 GT
ServerAdmin webmaster@vhost1.example.exam
DocumentRoot /srv/dummy/www
ServerName vhost1.example.exam
CustomLog logs/vhost1.example.exam-Access_log common
ErrorLog logs/vhost1.example.exam-Error_log
LT /Virtualhost GT
LT Directory “/srv/server3/www” GT
Require all granted
LT /Directory GT
LT Virtualhost 10.10.100.1:81 GT
ServerAdmin webmaster@Vhost2.example.exam
DocumentRoot /srv/server3/www
ServerName vhost2.example.exam
CustomLog logs/vhost2.example.exam-Access_log common
ErrorLog logs/vhost2.example.exam-Error_log
LT /Virtualhost GT
I have checked Syntax –
[root@CentOS-Server1 conf.d]# httpd -S
VirtualHost configuration:
10.10.100.1:62223 vhost1.example.exam (/etc/httpd/conf.d/03_vhosts_basic.conf:7)
10.10.100.1:81 vhost2.example.exam (/etc/httpd/conf.d/03_vhosts_basic.conf:19)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir=”/run/httpd/” mechanism=default
Mutex mpm-accept: using_defaults
Mutex fcgid-pipe: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: “/run/httpd/httpd.pid”
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=”apache” id=48
Group: name=”apache” id=48
[root@CentOS-Server1 conf.d]# httpd -D DUMP_VHOSTS
VirtualHost configuration:
10.10.100.1:62223 vhost1.example.exam (/etc/httpd/conf.d/03_vhosts_basic.conf:7)
10.10.100.1:81 vhost2.example.exam (/etc/httpd/conf.d/03_vhosts_basic.conf:19)
Ports 81 and 62223 have correct SELinux context and allowed via firewall.
[root@CentOS-Server1 conf.d]# semanage port -l | grep http_port_t
http_port_t tcp 62223, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
[root@CentOS-Server1 conf.d]# firewall-cmd –permanent –list-ports
81/tcp 62223/tcp
THis is my hostfile residing on a client –
[ab@CentOS-Client1 ~]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.100.1 CentOS-Server1.example.exam server1 vhost1.example.exam vhost2.example.exam
Testing from client works fine for these two –
[ab@CentOS-Client1 ~]$ curl -k http://10.10.100.1:62223
First Vhost. Same IP, different website
[ab@CentOS-Client1 ~]$ curl -k http://10.10.100.1
Test webpage
Basic Webpage
But curling to 10.10.100.1:81 spews following error. Lynx and firefox failed too.
[ab@CentOS-Client1 ~]$ curl -k http://10.10.100.1:81/
LT !DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN” GT
LThtmlGTLTheadGT
LTtitleGT404 Not FoundLT/titleGT
LT/headGTLTbodyGT
LTh1GTNot FoundLT/h1GT
LTpGTThe requested URL / was not found on this server.LT/pGT
LT/bodyGTLT/htmlGT
Questions –
1. Any pointers why the vhost at 10.10.100.1:81 throws errors ?
2. Do I need a DNS to be able to connect to these websites using their name ? (all current attempts to reach the websites by name points to the default webpage akin to “curl -k http://10.10.100.1”)
++Update
Changed the vhost ports from 81 & 62223 to 80, restarted apache.
Configs –
[root@CentOS-Server1 ~]# cat /etc/httpd/conf.d/00_basicserver.conf
Require all granted
AllowOverride none
[root@CentOS-Server1 ~]# cat /etc/httpd/conf.d/03_vhosts_basic.conf
Listen 81
Listen 62223
Require all granted
ServerAdmin webmaster@vhost1.example.exam
DocumentRoot /srv/dummy/www
ServerName vhost1.example.exam
ServerAlias vhost1.example.exam
CustomLog logs/vhost1.example.exam-Access_log common
ErrorLog logs/vhost1.example.exam-Error_log
Require all granted
ServerAdmin webmaster@Vhost2.example.exam
DocumentRoot /srv/server3/www
ServerName vhost2.example.exam
ServerAlias vhost2.example.exam
CustomLog logs/vhost2.example.exam-Access_log common
ErrorLog logs/vhost2.example.exam-Error_log
Testing –
[root@CentOS-Client1 ~]# curl -k http://CentOS-Server1.example.exam/
First Vhost. Same IP, different website
[root@CentOS-Client1 ~]# curl -k http://vhost1.example.exam/
First Vhost. Same IP, different website
[root@CentOS-Client1 ~]# curl -k http://vhost2.example.exam/
vhost 2,aka server 3
It’d be mighty helpful if someone could clarify these doubts –
1. If a webserver has a bunch of name based Vhosts configured, would they all listen to same port, or can separate ports be used ?
2. Is it possible to add multiple “Listen” directives in the main httpd.conf ? (got error)
3. Is it possible to host multiple Vhosts (all listening to port 80, name based) along with the default webserver (as defined in httpd.conf, listening to port 80) ? In that case, what am I doing wrong ?
To answer your questions, as I understand the way the system works, think of the system as an indexing services. There are two different Indexing services (DNS, local web service or Apache).
1) DNS (or /etc/hosts file)
These point the protocol(http,ie browser) to look at the server for website.
http://vhost1.example.exam/ to 10.10.100.1
http://vhost2.example.exam/ to 10.10.100.1
2) (Apache) Local Indexing lookup
Apache filters the web address as sent in the http header, to the relevant virtual host. If the address is missing, then Apache will address the Default (first Virtual Host, or an error page). The Port address are filtered in the same way. If the port is set in the config file, and not in the web address then Apache will direct to the Default Virtual Host.
Note
ServerName usually implies the Primary server name. Usally set in the /etc/httpd/conf/httpd.conf
ServerAlias usually implies any addition server name.
The Difference between ServerName and ServerAlias is just been pedantic. They functional do the same task from what I have read on the in the Apache Docs.
++configs –
[root@CentOS-Server1 http]# cat /etc/httpd/conf.d/03_vhosts_basic.conf
#Listen 81
#Listen 62223
LTDirectory “/srv/dummy/www”GT
Require all granted
LT/DirectoryGT
LTVirtualHost 10.10.100.1:80GT
ServerAdmin webmaster@vhost1.example.exam
DocumentRoot /srv/dummy/www
ServerName vhost1.example.exam
ServerAlias vhost1.example.exam
CustomLog logs/vhost1.example.exam-Access_log common
ErrorLog logs/vhost1.example.exam-Error_log
LT/VirtualhostGT
LTDirectory “/srv/server3/www”GT
Require all granted
LT/DirectoryGT
LTVirtualhost 10.10.100.1:80GT
ServerAdmin webmaster@Vhost2.example.exam
DocumentRoot /srv/server3/www
ServerName vhost2.example.exam
ServerAlias vhost2.example.exam
CustomLog logs/vhost2.example.exam-Access_log common
ErrorLog logs/vhost2.example.exam-Error_log
LT/VirtualhostGT
[root@CentOS-Server1 http]# cat /etc/httpd/conf.d/00_basicserver.conf
LTDirectory /var/www/htmlGT
Require all granted
AllowOverride none
LT/DirectoryGT
I couldn’t see any thing wrong with your code at a glance. Upon running the config file (with modifications) and a bit of trouble shooting, you have a missing a bit of information which is for the directory /var/www/html/ directory by default. I am assuming there are no SElinux errors.
you need to add two additional Director tags
LT Directory “/srv/server3” GT
Require all granted
LT /Directory GT
LT Directory “/srv/dummy” GT
Require all granted
LT /Directory GT
For the second problem, this should work, it did work for me. Did you reboot after you updated the /etc/hosts file?
source
https://httpd.apache.org/docs/2.4/urlmapping.html
Why do you need to reboot after updating the /etc/hosts file?
I haven’t looked in to it. Perhaps it is some setting in the kernel or a kernel module.
There is no setting for this, and the fact is that you don’t need to reboot after updating the /etc/hosts file. Neither on Linux nor Windows.
I agree, this is the normal case. However under in this setup the system requires a reboot. If you are in doubt test the system yourself. CentOS 7.1503
I’m still yet to understand why changing the hosts file entries requires a reboot. If you have a referencing Red Hat article on this, please share.
If I had a link, or any additional information I would post it. Whether this is a feature, or a bug, I have no idea. If you have time, troubleshoot it.
Feature(s) Explained?
https://twitter.com/Abdella66285984/status/991720766034104321
To troubleshoot what exactly? To change hosts entries? This does not require a reboot. I sense that this conversation started to circle.
The first stage in troubleshooting is to replicate the problem. If you have not done this then you are trolling. I hope this is not the case.