RHEL7: Configure an Apache virtual host.

Share this link

Note: This is an RHCE 7 exam objective.

Prerequisites

First, follow the instructions to install an Apache web server.

Note: Don’t forget to install the httpd-manual package. This could help you a lot with any syntax issue.

Configuration Procedure

Let’s assume your website is called dummy-host.example.com.

Create the /var/www/html/dummy-host.example.com directory:

# cd /var/www/html
# mkdir dummy-host.example.com

Create an index.html file and assign the correct SELinux context:

# echo "This is a test." > dummy-host.example.com/index.html
# restorecon -R dummy-host.example.com

Create the /etc/httpd/conf.d/vhosts.conf file and paste the following lines:

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/html/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

Optionaly, rename the /etc/httpd/conf.d/ssl.conf file, otherwise you get an additional non-working https virtual host displayed in the configuration.

# cd /etc/httpd/conf.d; mv ssl.conf ssl.conf2

Check the validity of the configuration:

# apachectl configtest
Syntax OK

Note: You can also type: # httpd -t

Restart the httpd service:

# apachectl restart

Note1: You can also type: # systemctl restart httpd
Note2: For minor configuration changes, it is also possible to restart the Apache daemon without losing the current connections: # apachectl graceful

Check the virtual host(s) configuration:

# httpd -D DUMP_VHOSTS
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server dummy-host.example.com (/etc/httpd/conf.d/vhosts.conf:1)
         port 80 namevhost dummy-host.example.com (/etc/httpd/conf.d/vhosts.conf:1)
         port 80 namevhost dummy-host.example.com (/etc/httpd/conf.d/vhosts.conf:1)

Testing Time

Check the configuration:

# yum install -y elinks
# elinks http://dummy-host.example.com
1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 3.25 out of 5)
Loading...
47 comments on “RHEL7: Configure an Apache virtual host.
  1. nariman1064 says:

    Thank you for your awesome RHCE notes, I really appreciate your time and effort to help others.
    Just in case few people might wonder, I like to add few notes here:

    – Time is gold during the exam, it seems to me, the fastest and shortest command that you can run to install everything you need for httpd\apache questions is :
    # yum groupinstall -y “Web server”
    – Just to make sure you don’t get any read permission issues, perform below command when you are done creating directories and files under /var/www
    – # chmod -R 755 /var/www
    – Don’t forget to add your website name in /etc/hosts
    – If you ever get a question to create another virtual host on a different port than port 80, don’t sweat, its easy, perform all the steps that are mentioned on this page with couple of modifications below :
    1. Go to /etc/httpd/conf/httpd.conf and add a second “Listen” line with the given port, for example if the given port was 8080, you add a line like below
    #Listen 12.34.56.78:80
    Listen 80
    Listen 8080
    2. Go to /etc/httpd/conf.d/vhosts.conf ( or whatever the name of the file is) and change the port number in front of VirtualHost like below :

    ServerAdmin webmaster@somewebsite.com
    DocumentRoot /var/www/html/somewebsite.com
    ServerName somewebsite.com
    ErrorLog logs/somewebsite.com
    CustomLog logs/somewebsite.com common

    3. When you want to test the website, do :
    # elinks http://somewebsite.com:8080

    I hope this helps, if I’m wrong, someone will correct me 🙂

  2. ikambarov says:

    I was wondering, can we install httpd-manual and use it during exam?

  3. twostep says:

    For people who do not want to remember the syntax (it is worth to know also to other applications):
    1. Let’s find mem and doc files:
    rpm -qd httpd
    2. Let’s check the file from above list:
    /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf
    3. Copy, paste and modify 🙂

  4. raj says:

    Hello All, is it normal to see 2 records for each vhost with the following command?
    # httpd -D DUMP_VHOSTS

  5. thegeekaid says:

    Hi, everything is working fine, but I’m trying to list the files in the directory but without any luck, instead it shows me the default index of Apache 123..,
    This is my configuration, can someone point me what I’m missing?

    Servername practice.example.com
    Documentroot /var/web/practice

    Options indexes
    AllowOverride None
    Require all granted

  6. phil_guy412 says:

    I’ve followed this tutorial as well as another one and can’t get this work. When I run the elinks test I get the “Unable to retrieve http://myvhost.example.com/: Host not found.

    So from start to finish here’s what I did:

    I installed httpd, started/enabled it, and added the service to the firewall.

    Assuming my website is myvhost.example.com I created the /var/www/html/myvhost.example.com directory. While i’m in that directory I ran an echo “This is VHOST” > /var/www/html/myvhost.example.com/index.html

    I then run a restorecon -R myvhost.example.com

    Then inside the /etc/httpd/conf.d/myvhost.conf file

    ServerAdmin admin@myvhost.example.com
    DocumentRoot /var/www/html/myvhost.example.com
    ServerName myvhost.example.com
    ErrorLog logs/myvhost.example.com-error_log
    CustomLog logs/myvhost.example.com-access_log common

    I then restart the httpd service and run the elinks test and i get the error.

    I’m not sure what i’m missing or doing wrong.

    • Sam says:

      At a quick glance it looks ok. Is your host up. Ping and a port scan (nmap) on myvhost.example.com. Ask your self if the ipaddress is correct. Also check the SElinux status. What Port are you running on? Check the log files in /var/log/ for http errors

      • phil_guy412 says:

        1. I can ping the IP address but not myvhost.example.com
        (I had to recreate my test server so I didn’t get
        around to installing a working DNS yet, so this might
        just be that issue)

        2. I’m running this on the default port 80

        3. I’ve tried turning SELinux off completely and still
        get the same error.

        4. The /var/log/httpd/myvhost.example.com-error_log shows
        nothing.

        5. This test server has an IP address of
        172.31.122.164/20 and I added that to the /etc/hosts
        file as 172.31.122.164/20 myvhost.example.com

        And what do you mean that i need to check if my IP address is correct and host is up? I can get the default RHEL Appache Test Page if that means anything.

        • brucemzn says:

          Hi phil_guy412
          Let me try to help, one step at a time.
          No ping means no connectivity. You said your test server has an IP of 172.31.122.164 Whats the client’s IP? The issue could be “subnetting”
          /20 = 255.255.240.0
          According to your configurations:
          Your Network = 172.31.112.0/20
          Broadcast = 172.31.127.255/20
          Usable IPS = 172.31.112.1 – 172.31.127.254

          The easiest way to solve this problem without complicating network configurations, use the /24 subnet. /24 = 255.255.255.0
          Its easy to work with /24.
          Change your IP addresses to anything between 172.31.20.1 – 172.31.20.254 (for example)
          server = 172.31.20.2/24
          client1 = 172.31.20.3/24
          client2 = 172.31.20.4/24
          Then redefine the /etc/hosts entries. Once you do this, please let us know how it goes, then we can move on to next step of troubleshooting.

      • phil_guy412 says:

        So now that I thought about it in regards to dns, I tried running elinks test with the IP address and it works haha. I’ll install a dns and see if I can get it to work then too.

      • phil_guy412 says:

        I figured it out. I tried running the elinks test with only the IP address and it worked. It did not work with myvhost.example.com so I either had a DNS issue or just had to update my /etc/hosts file.

    • Lisenet says:

      What does myvhost.example.com resolve to?

  7. phil_guy412 says:

    I have another question in general. If during the exam they ask me to configure a private directory for a specific user or group of users for a Virtual Host, do I just add the security options to the virtual host configuration?

    For example…

    ServerAdmin admin@myvhost.example.com
    DocumentRoot /var/www/html/myvhost.example.com
    ServerName myvhost.example.com
    ErrorLog logs/myvhost.example.com-error_log
    CustomLog logs/myvhost.example.com-access_log common
    AuthType Basic
    AuthName “Password Protected Area”
    AuthGroupFile /etc/httpd/conf/htgroup
    AuthUserFile /etc/httpd/conf/passwd
    Require Group sales

    I’m trying to test this now.

  8. slavonic says:

    Hello everyone,

    I’d like to verify one thing regarding HTTP configuration for RHCE exam. Does it matter whether I do configuration for basic web server (I mean not virtual), secure web page, confidential web hosting and dynamic webpage in the path “/etc/httpd/conf.d/” or in the path “/etc/httpd/conf/”.

    I am asking because there is also an objective to configure virtual web hosting that should be configured in “/etc/httpd/conf.d/” for sure, but what about all others?

    There is no problem with the path, they are working in both paths, I just don’t want to loose points even though it will work fine how it should.

    For me it’s convenient to configure everything under one .conf file in /etc/httpd/conf.d/ rather than separately in ssl.conf, http.conf. So please, someone let me know asap as I am having the exam tomorrow. 🙂

    Thanks a lot!

    • Sam says:

      There is no way of knowing. I suggest you stick with the convention as detailed by Certdepot.

      /etc/httpd/conf.d/
      for vhosts.conf ssl.conf etc

      /etc/httpd/conf/
      for httpd.conf

      This is a minor issue. Good luck with the exam.

      • slavonic says:

        I’ve just passed the exam with 241 points reached today but now I am sad because I have no idea where I could make a mistake…is there anyone who has passed the exam with 300 points? I’d like to discuss some of the topics with that person. Thanks. 🙂

  9. asifshabir says:

    Hello CertDepot,

    Below is my virtual host config:

    Options None
    Allowoverride None
    Require all granted

    ServerAdmin root@srv5.rhce.local
    ServerName srv5.rhce.local
    ServerAlias srv5.rhce.local
    DocumentRoot “/var/www/html”

    LogLevel info
    ErrorLog “logs/srv5-error.log”
    CustomLog “logs/srv5-access.log” combined

    [root@srv6 ~]# curl http://srv5.rhce.local/
    srv5.rhce.local

    Question:

    These below two virtual hosts are not created but they open srv5.rhce.local webpage when I try to access them.
    vhost10, vhost2 are only defined in /etc/hosts.

    [root@srv6 ~]# curl http://vhost10.rhce.local/
    srv5.rhce.local
    [root@srv6 ~]# curl http://vhost2.rhce.local/
    srv5.rhce.local

    httpd.conf is on defaults, nothing has been changed.

    Ideally they should not open ??
    or what should be expected behavior ? when we try to open the hosts that does not exist.

    • Lisenet says:

      There is a main server which consists of all the definitions appearing outside of VirtualHost sections, and it usually serves the following location “/var/www/html”.

      The first name-based VirtualHost in the Apache configuration file for a given IP:port pair is very important because it is used for ALL requests received on that address and port for which no other VirtualHost for that IP:port pair has a matching ServerName or ServerAlias.

      In other words, if there is no matching ServerName or ServerAlias for vhost10.rhce.local, Apache will serve the content for the main server, which is “/var/www/html”.

  10. Honest Abe says:

    Hi Certdepot,

    Currently, I can access the (Vhost) websites via their ip:port (well, 1 of them), but not with website names.

    Configuration :

    cat /etc/httpd/conf.d/03_vhosts_basic.conf

    Listen 81
    Listen 62223
    LT irectory “/srv/dummy/www” GT
    Require all granted
    LT /Directory GT

    LT VirtualHost 10.10.100.1:62223 GT
    ServerAdmin webmaster@vhost1.example.exam
    DocumentRoot /srv/dummy/www
    ServerName vhost1.example.exam
    CustomLog logs/vhost1.example.exam-Access_log common
    ErrorLog logs/vhost1.example.exam-Error_log
    LT /Virtualhost GT

    LT Directory “/srv/server3/www” GT
    Require all granted
    LT /Directory GT

    LT Virtualhost 10.10.100.1:81 GT
    ServerAdmin webmaster@Vhost2.example.exam
    DocumentRoot /srv/server3/www
    ServerName vhost2.example.exam
    CustomLog logs/vhost2.example.exam-Access_log common
    ErrorLog logs/vhost2.example.exam-Error_log
    LT /Virtualhost GT

    I have checked Syntax –

    [root@CentOS-Server1 conf.d]# httpd -S
    VirtualHost configuration:
    10.10.100.1:62223 vhost1.example.exam (/etc/httpd/conf.d/03_vhosts_basic.conf:7)
    10.10.100.1:81 vhost2.example.exam (/etc/httpd/conf.d/03_vhosts_basic.conf:19)
    ServerRoot: “/etc/httpd”
    Main DocumentRoot: “/var/www/html”
    Main ErrorLog: “/etc/httpd/logs/error_log”
    Mutex proxy: using_defaults
    Mutex authn-socache: using_defaults
    Mutex ssl-cache: using_defaults
    Mutex default: dir=”/run/httpd/” mechanism=default
    Mutex mpm-accept: using_defaults
    Mutex fcgid-pipe: using_defaults
    Mutex authdigest-opaque: using_defaults
    Mutex proxy-balancer-shm: using_defaults
    Mutex rewrite-map: using_defaults
    Mutex authdigest-client: using_defaults
    Mutex fcgid-proctbl: using_defaults
    Mutex ssl-stapling: using_defaults
    PidFile: “/run/httpd/httpd.pid”
    Define: _RH_HAS_HTTPPROTOCOLOPTIONS
    Define: DUMP_VHOSTS
    Define: DUMP_RUN_CFG
    User: name=”apache” id=48
    Group: name=”apache” id=48
    [root@CentOS-Server1 conf.d]# httpd -D DUMP_VHOSTS
    VirtualHost configuration:
    10.10.100.1:62223 vhost1.example.exam (/etc/httpd/conf.d/03_vhosts_basic.conf:7)
    10.10.100.1:81 vhost2.example.exam (/etc/httpd/conf.d/03_vhosts_basic.conf:19)

    Ports 81 and 62223 have correct SELinux context and allowed via firewall.

    [root@CentOS-Server1 conf.d]# semanage port -l | grep http_port_t
    http_port_t tcp 62223, 80, 81, 443, 488, 8008, 8009, 8443, 9000
    pegasus_http_port_t tcp 5988
    [root@CentOS-Server1 conf.d]# firewall-cmd –permanent –list-ports
    81/tcp 62223/tcp

    THis is my hostfile residing on a client –

    [ab@CentOS-Client1 ~]$ cat /etc/hosts
    127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
    10.10.100.1 CentOS-Server1.example.exam server1 vhost1.example.exam vhost2.example.exam

    Testing from client works fine for these two –

    [ab@CentOS-Client1 ~]$ curl -k http://10.10.100.1:62223
    First Vhost. Same IP, different website
    [ab@CentOS-Client1 ~]$ curl -k http://10.10.100.1
    Test webpage
    Basic Webpage

    But curling to 10.10.100.1:81 spews following error. Lynx and firefox failed too.

    [ab@CentOS-Client1 ~]$ curl -k http://10.10.100.1:81/
    LT !DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN” GT
    LThtmlGTLTheadGT
    LTtitleGT404 Not FoundLT/titleGT
    LT/headGTLTbodyGT
    LTh1GTNot FoundLT/h1GT
    LTpGTThe requested URL / was not found on this server.LT/pGT
    LT/bodyGTLT/htmlGT

    Questions –
    1. Any pointers why the vhost at 10.10.100.1:81 throws errors ?
    2. Do I need a DNS to be able to connect to these websites using their name ? (all current attempts to reach the websites by name points to the default webpage akin to “curl -k http://10.10.100.1”)

    • Honest Abe says:

      ++Update
      Changed the vhost ports from 81 & 62223 to 80, restarted apache.

      Configs –
      [root@CentOS-Server1 ~]# cat /etc/httpd/conf.d/00_basicserver.conf

      Require all granted
      AllowOverride none

      [root@CentOS-Server1 ~]# cat /etc/httpd/conf.d/03_vhosts_basic.conf
      Listen 81
      Listen 62223

      Require all granted

      ServerAdmin webmaster@vhost1.example.exam
      DocumentRoot /srv/dummy/www
      ServerName vhost1.example.exam
      ServerAlias vhost1.example.exam
      CustomLog logs/vhost1.example.exam-Access_log common
      ErrorLog logs/vhost1.example.exam-Error_log

      Require all granted

      ServerAdmin webmaster@Vhost2.example.exam
      DocumentRoot /srv/server3/www
      ServerName vhost2.example.exam
      ServerAlias vhost2.example.exam
      CustomLog logs/vhost2.example.exam-Access_log common
      ErrorLog logs/vhost2.example.exam-Error_log

      Testing –

      [root@CentOS-Client1 ~]# curl -k http://CentOS-Server1.example.exam/
      First Vhost. Same IP, different website
      [root@CentOS-Client1 ~]# curl -k http://vhost1.example.exam/
      First Vhost. Same IP, different website
      [root@CentOS-Client1 ~]# curl -k http://vhost2.example.exam/
      vhost 2,aka server 3

      It’d be mighty helpful if someone could clarify these doubts –
      1. If a webserver has a bunch of name based Vhosts configured, would they all listen to same port, or can separate ports be used ?
      2. Is it possible to add multiple “Listen” directives in the main httpd.conf ? (got error)
      3. Is it possible to host multiple Vhosts (all listening to port 80, name based) along with the default webserver (as defined in httpd.conf, listening to port 80) ? In that case, what am I doing wrong ?

      • Sam says:

        To answer your questions, as I understand the way the system works, think of the system as an indexing services. There are two different Indexing services (DNS, local web service or Apache).

        1) DNS (or /etc/hosts file)
        These point the protocol(http,ie browser) to look at the server for website.
        http://vhost1.example.exam/ to 10.10.100.1
        http://vhost2.example.exam/ to 10.10.100.1

        2) (Apache) Local Indexing lookup
        Apache filters the web address as sent in the http header, to the relevant virtual host. If the address is missing, then Apache will address the Default (first Virtual Host, or an error page). The Port address are filtered in the same way. If the port is set in the config file, and not in the web address then Apache will direct to the Default Virtual Host.

        Note
        ServerName usually implies the Primary server name. Usally set in the /etc/httpd/conf/httpd.conf
        ServerAlias usually implies any addition server name.

        The Difference between ServerName and ServerAlias is just been pedantic. They functional do the same task from what I have read on the in the Apache Docs.

    • Honest Abe says:

      ++configs –

      [root@CentOS-Server1 http]# cat /etc/httpd/conf.d/03_vhosts_basic.conf
      #Listen 81
      #Listen 62223
      LTDirectory “/srv/dummy/www”GT
      Require all granted
      LT/DirectoryGT

      LTVirtualHost 10.10.100.1:80GT
      ServerAdmin webmaster@vhost1.example.exam
      DocumentRoot /srv/dummy/www
      ServerName vhost1.example.exam
      ServerAlias vhost1.example.exam
      CustomLog logs/vhost1.example.exam-Access_log common
      ErrorLog logs/vhost1.example.exam-Error_log
      LT/VirtualhostGT

      LTDirectory “/srv/server3/www”GT
      Require all granted
      LT/DirectoryGT

      LTVirtualhost 10.10.100.1:80GT
      ServerAdmin webmaster@Vhost2.example.exam
      DocumentRoot /srv/server3/www
      ServerName vhost2.example.exam
      ServerAlias vhost2.example.exam
      CustomLog logs/vhost2.example.exam-Access_log common
      ErrorLog logs/vhost2.example.exam-Error_log
      LT/VirtualhostGT

      [root@CentOS-Server1 http]# cat /etc/httpd/conf.d/00_basicserver.conf
      LTDirectory /var/www/htmlGT
      Require all granted
      AllowOverride none
      LT/DirectoryGT

    • Sam says:

      I couldn’t see any thing wrong with your code at a glance. Upon running the config file (with modifications) and a bit of trouble shooting, you have a missing a bit of information which is for the directory /var/www/html/ directory by default. I am assuming there are no SElinux errors.

      you need to add two additional Director tags
      LT Directory “/srv/server3” GT
      Require all granted
      LT /Directory GT

      LT Directory “/srv/dummy” GT
      Require all granted
      LT /Directory GT

      For the second problem, this should work, it did work for me. Did you reboot after you updated the /etc/hosts file?

      source
      https://httpd.apache.org/docs/2.4/urlmapping.html

Leave a Reply

Upcoming Events (Local Time)

There are no events.

RHCSA7: Task of the day

Allowed time: 10 minutes.
Set up a default configuration HTTP server with SELinux in Enforcing mode and active firewalld configuration.

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a caching-only DNS server.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...