RHEL7: Configure an Apache virtual host.

Share this link

Note: This is an RHCE 7 exam objective.

Prerequisites

First, follow the instructions to install an Apache web server.

Note: Don’t forget to install the httpd-manual package. This could help you a lot with any syntax issue.

Configuration Procedure

Let’s assume your website is called dummy-host.example.com.

Create the /var/www/html/dummy-host.example.com directory:

# cd /var/www/html
# mkdir dummy-host.example.com

Create an index.html file and assign the correct SELinux context:

# echo "This is a test." > dummy-host.example.com/index.html
# restorecon -R dummy-host.example.com

Create the /etc/httpd/conf.d/vhosts.conf file and paste the following lines:

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/html/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

Optionaly, rename the /etc/httpd/conf.d/ssl.conf file, otherwise you get an additional non-working https virtual host displayed in the configuration.

# cd /etc/httpd/conf.d; mv ssl.conf ssl.conf2

Check the validity of the configuration:

# apachectl configtest
Syntax OK

Note: You can also type: # httpd -t

Restart the httpd service:

# apachectl restart

Note1: You can also type: # systemctl restart httpd
Note2: For minor configuration changes, it is also possible to restart the Apache daemon without losing the current connections: # apachectl graceful

Check the virtual host(s) configuration:

# httpd -D DUMP_VHOSTS
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server dummy-host.example.com (/etc/httpd/conf.d/vhosts.conf:1)
         port 80 namevhost dummy-host.example.com (/etc/httpd/conf.d/vhosts.conf:1)
         port 80 namevhost dummy-host.example.com (/etc/httpd/conf.d/vhosts.conf:1)

Testing Time

Check the configuration:

# yum install -y elinks
# elinks http://dummy-host.example.com
1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 3.25 out of 5)
Loading...

Leave a Reply

47 Comments on "RHEL7: Configure an Apache virtual host."

  Subscribe  
newest oldest
Notify of
nariman1064
Member
nariman1064
Thank you for your awesome RHCE notes, I really appreciate your time and effort to help others. Just in case few people might wonder, I like to add few notes here: – Time is gold during the exam, it seems to me, the fastest and shortest command that you can run to install everything you need for httpd\apache questions is : # yum groupinstall -y “Web server” – Just to make sure you don’t get any read permission issues, perform below command when you are done creating directories and files under /var/www – # chmod -R 755 /var/www – Don’t… Read more »
chamambom
Member
chamambom

your vitual host config for the second website should be enclosed inside

and one should obviously open port 8080 on the firewall

juliorc@upcmail.nl
Member
juliorc@upcmail.nl

Also use:https://www.certdepot.net/rhel7-use-selinux-port-labelling/

As you do not use one of the standard ports

hazhir
Member
hazhir

Thank you for the tip. This is particularly good because by this you will get sample “ssl.conf” file where by just installing “httpd” you won’t be getting this config file.

BTW, in CentOS 7.4 the yum group is called “Basic Web Server”.

ikambarov
Member
ikambarov

I was wondering, can we install httpd-manual and use it during exam?

twostep
Member
twostep

For people who do not want to remember the syntax (it is worth to know also to other applications):
1. Let’s find mem and doc files:
rpm -qd httpd
2. Let’s check the file from above list:
/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf
3. Copy, paste and modify 🙂

raj
Member
raj

Hello All, is it normal to see 2 records for each vhost with the following command?
# httpd -D DUMP_VHOSTS

thegeekaid
Member
thegeekaid

Hi, everything is working fine, but I’m trying to list the files in the directory but without any luck, instead it shows me the default index of Apache 123..,
This is my configuration, can someone point me what I’m missing?

Servername practice.example.com
Documentroot /var/web/practice

Options indexes
AllowOverride None
Require all granted

phil_guy412
Member
phil_guy412
I’ve followed this tutorial as well as another one and can’t get this work. When I run the elinks test I get the “Unable to retrieve http://myvhost.example.com/: Host not found. So from start to finish here’s what I did: I installed httpd, started/enabled it, and added the service to the firewall. Assuming my website is myvhost.example.com I created the /var/www/html/myvhost.example.com directory. While i’m in that directory I ran an echo “This is VHOST” > /var/www/html/myvhost.example.com/index.html I then run a restorecon -R myvhost.example.com Then inside the /etc/httpd/conf.d/myvhost.conf file ServerAdmin admin@myvhost.example.com DocumentRoot /var/www/html/myvhost.example.com ServerName myvhost.example.com ErrorLog logs/myvhost.example.com-error_log CustomLog logs/myvhost.example.com-access_log common I then… Read more »
Sam
Member
Sam

At a quick glance it looks ok. Is your host up. Ping and a port scan (nmap) on myvhost.example.com. Ask your self if the ipaddress is correct. Also check the SElinux status. What Port are you running on? Check the log files in /var/log/ for http errors

phil_guy412
Member
phil_guy412
1. I can ping the IP address but not myvhost.example.com (I had to recreate my test server so I didn’t get around to installing a working DNS yet, so this might just be that issue) 2. I’m running this on the default port 80 3. I’ve tried turning SELinux off completely and still get the same error. 4. The /var/log/httpd/myvhost.example.com-error_log shows nothing. 5. This test server has an IP address of 172.31.122.164/20 and I added that to the /etc/hosts file as 172.31.122.164/20 myvhost.example.com And what do you mean that i need to check if my IP address is correct and… Read more »
brucemzn
Member
brucemzn
Hi phil_guy412 Let me try to help, one step at a time. No ping means no connectivity. You said your test server has an IP of 172.31.122.164 Whats the client’s IP? The issue could be “subnetting” /20 = 255.255.240.0 According to your configurations: Your Network = 172.31.112.0/20 Broadcast = 172.31.127.255/20 Usable IPS = 172.31.112.1 – 172.31.127.254 The easiest way to solve this problem without complicating network configurations, use the /24 subnet. /24 = 255.255.255.0 Its easy to work with /24. Change your IP addresses to anything between 172.31.20.1 – 172.31.20.254 (for example) server = 172.31.20.2/24 client1 = 172.31.20.3/24 client2 =… Read more »
phil_guy412
Member
phil_guy412

So now that I thought about it in regards to dns, I tried running elinks test with the IP address and it works haha. I’ll install a dns and see if I can get it to work then too.

phil_guy412
Member
phil_guy412

I figured it out. I tried running the elinks test with only the IP address and it worked. It did not work with myvhost.example.com so I either had a DNS issue or just had to update my /etc/hosts file.

Lisenet
Member

“Host not found” message should’ve been your first clue 🙂

Lisenet
Member

What does myvhost.example.com resolve to?

phil_guy412
Member
phil_guy412

What do you mean by that?

Lisenet
Member

That’s exactly what I mean, the host has to resolve to some IP address. The error that you get “Host not found” means that the host cannot be found, implying there is no DNS record available for the host you try to resolve. The error message tells you what the problem is.

phil_guy412
Member
phil_guy412

I have another question in general. If during the exam they ask me to configure a private directory for a specific user or group of users for a Virtual Host, do I just add the security options to the virtual host configuration?

For example…

ServerAdmin admin@myvhost.example.com
DocumentRoot /var/www/html/myvhost.example.com
ServerName myvhost.example.com
ErrorLog logs/myvhost.example.com-error_log
CustomLog logs/myvhost.example.com-access_log common
AuthType Basic
AuthName “Password Protected Area”
AuthGroupFile /etc/httpd/conf/htgroup
AuthUserFile /etc/httpd/conf/passwd
Require Group sales

I’m trying to test this now.

Lisenet
Member

Close but not quite there yet, you have to put those authentication setting for the directory you want to secure, not the whole DocumentRoot.

Sam
Member
Sam

phil_guy412 I recommend that you setup a local DNS server, and point all the test Workstations dns settings to the DNS Server.

It’s a good idea as part of RHCE, but a bit of a pain to setup.

Reference
https://www.certdepot.net/rhel7-configure-master-name-server/
And read the comments!

brucemzn
Member
brucemzn

Hi
This might help answer your question.
https://youtu.be/4qIbuj36QTY

slavonic
Member
slavonic
Hello everyone, I’d like to verify one thing regarding HTTP configuration for RHCE exam. Does it matter whether I do configuration for basic web server (I mean not virtual), secure web page, confidential web hosting and dynamic webpage in the path “/etc/httpd/conf.d/” or in the path “/etc/httpd/conf/”. I am asking because there is also an objective to configure virtual web hosting that should be configured in “/etc/httpd/conf.d/” for sure, but what about all others? There is no problem with the path, they are working in both paths, I just don’t want to loose points even though it will work fine… Read more »
Sam
Member
Sam

There is no way of knowing. I suggest you stick with the convention as detailed by Certdepot.

/etc/httpd/conf.d/
for vhosts.conf ssl.conf etc

/etc/httpd/conf/
for httpd.conf

This is a minor issue. Good luck with the exam.

slavonic
Member
slavonic

I’ve just passed the exam with 241 points reached today but now I am sad because I have no idea where I could make a mistake…is there anyone who has passed the exam with 300 points? I’d like to discuss some of the topics with that person. Thanks. 🙂

Sam
Member
Sam

Congratulations,

Please remember you signed a Non Disclosure Agreement. There is no way of knowing, whether it is a mistake or a issue in the testing script. I have been through this issue. That is the Advantage of the RHCE exam.

asifshabir
Member
asifshabir
Hello CertDepot, Below is my virtual host config: Options None Allowoverride None Require all granted ServerAdmin root@srv5.rhce.local ServerName srv5.rhce.local ServerAlias srv5.rhce.local DocumentRoot “/var/www/html” LogLevel info ErrorLog “logs/srv5-error.log” CustomLog “logs/srv5-access.log” combined [root@srv6 ~]# curl http://srv5.rhce.local/ srv5.rhce.local Question: These below two virtual hosts are not created but they open srv5.rhce.local webpage when I try to access them. vhost10, vhost2 are only defined in /etc/hosts. [root@srv6 ~]# curl http://vhost10.rhce.local/ srv5.rhce.local [root@srv6 ~]# curl http://vhost2.rhce.local/ srv5.rhce.local httpd.conf is on defaults, nothing has been changed. Ideally they should not open ?? or what should be expected behavior ? when we try to open the hosts… Read more »
Lisenet
Member

There is a main server which consists of all the definitions appearing outside of VirtualHost sections, and it usually serves the following location “/var/www/html”.

The first name-based VirtualHost in the Apache configuration file for a given IP:port pair is very important because it is used for ALL requests received on that address and port for which no other VirtualHost for that IP:port pair has a matching ServerName or ServerAlias.

In other words, if there is no matching ServerName or ServerAlias for vhost10.rhce.local, Apache will serve the content for the main server, which is “/var/www/html”.

asifshabir
Member
asifshabir

Tomas, thanks for replying to my query,
so this is normal behaviour.

Honest Abe
Member
Honest Abe
Hi Certdepot, Currently, I can access the (Vhost) websites via their ip:port (well, 1 of them), but not with website names. Configuration : cat /etc/httpd/conf.d/03_vhosts_basic.conf Listen 81 Listen 62223 LT irectory “/srv/dummy/www” GT Require all granted LT /Directory GT LT VirtualHost 10.10.100.1:62223 GT ServerAdmin webmaster@vhost1.example.exam DocumentRoot /srv/dummy/www ServerName vhost1.example.exam CustomLog logs/vhost1.example.exam-Access_log common ErrorLog logs/vhost1.example.exam-Error_log LT /Virtualhost GT LT Directory “/srv/server3/www” GT Require all granted LT /Directory GT LT Virtualhost 10.10.100.1:81 GT ServerAdmin webmaster@Vhost2.example.exam DocumentRoot /srv/server3/www ServerName vhost2.example.exam CustomLog logs/vhost2.example.exam-Access_log common ErrorLog logs/vhost2.example.exam-Error_log LT /Virtualhost GT I have checked Syntax – [root@CentOS-Server1 conf.d]# httpd -S VirtualHost configuration: 10.10.100.1:62223 vhost1.example.exam (/etc/httpd/conf.d/03_vhosts_basic.conf:7) 10.10.100.1:81… Read more »
Honest Abe
Member
Honest Abe
++Update Changed the vhost ports from 81 & 62223 to 80, restarted apache. Configs – [root@CentOS-Server1 ~]# cat /etc/httpd/conf.d/00_basicserver.conf Require all granted AllowOverride none [root@CentOS-Server1 ~]# cat /etc/httpd/conf.d/03_vhosts_basic.conf Listen 81 Listen 62223 Require all granted ServerAdmin webmaster@vhost1.example.exam DocumentRoot /srv/dummy/www ServerName vhost1.example.exam ServerAlias vhost1.example.exam CustomLog logs/vhost1.example.exam-Access_log common ErrorLog logs/vhost1.example.exam-Error_log Require all granted ServerAdmin webmaster@Vhost2.example.exam DocumentRoot /srv/server3/www ServerName vhost2.example.exam ServerAlias vhost2.example.exam CustomLog logs/vhost2.example.exam-Access_log common ErrorLog logs/vhost2.example.exam-Error_log Testing – [root@CentOS-Client1 ~]# curl -k http://CentOS-Server1.example.exam/ First Vhost. Same IP, different website [root@CentOS-Client1 ~]# curl -k http://vhost1.example.exam/ First Vhost. Same IP, different website [root@CentOS-Client1 ~]# curl -k http://vhost2.example.exam/ vhost 2,aka server 3 It’d be mighty… Read more »
Sam
Member
Sam
To answer your questions, as I understand the way the system works, think of the system as an indexing services. There are two different Indexing services (DNS, local web service or Apache). 1) DNS (or /etc/hosts file) These point the protocol(http,ie browser) to look at the server for website. http://vhost1.example.exam/ to 10.10.100.1 http://vhost2.example.exam/ to 10.10.100.1 2) (Apache) Local Indexing lookup Apache filters the web address as sent in the http header, to the relevant virtual host. If the address is missing, then Apache will address the Default (first Virtual Host, or an error page). The Port address are filtered in… Read more »
Honest Abe
Member
Honest Abe

++configs –

[root@CentOS-Server1 http]# cat /etc/httpd/conf.d/03_vhosts_basic.conf
#Listen 81
#Listen 62223
LTDirectory “/srv/dummy/www”GT
Require all granted
LT/DirectoryGT

LTVirtualHost 10.10.100.1:80GT
ServerAdmin webmaster@vhost1.example.exam
DocumentRoot /srv/dummy/www
ServerName vhost1.example.exam
ServerAlias vhost1.example.exam
CustomLog logs/vhost1.example.exam-Access_log common
ErrorLog logs/vhost1.example.exam-Error_log
LT/VirtualhostGT

LTDirectory “/srv/server3/www”GT
Require all granted
LT/DirectoryGT

LTVirtualhost 10.10.100.1:80GT
ServerAdmin webmaster@Vhost2.example.exam
DocumentRoot /srv/server3/www
ServerName vhost2.example.exam
ServerAlias vhost2.example.exam
CustomLog logs/vhost2.example.exam-Access_log common
ErrorLog logs/vhost2.example.exam-Error_log
LT/VirtualhostGT

[root@CentOS-Server1 http]# cat /etc/httpd/conf.d/00_basicserver.conf
LTDirectory /var/www/htmlGT
Require all granted
AllowOverride none
LT/DirectoryGT

Sam
Member
Sam

I couldn’t see any thing wrong with your code at a glance. Upon running the config file (with modifications) and a bit of trouble shooting, you have a missing a bit of information which is for the directory /var/www/html/ directory by default. I am assuming there are no SElinux errors.

you need to add two additional Director tags
LT Directory “/srv/server3” GT
Require all granted
LT /Directory GT

LT Directory “/srv/dummy” GT
Require all granted
LT /Directory GT

For the second problem, this should work, it did work for me. Did you reboot after you updated the /etc/hosts file?

source
https://httpd.apache.org/docs/2.4/urlmapping.html

Lisenet
Member

Why do you need to reboot after updating the /etc/hosts file?

Sam
Member
Sam

I haven’t looked in to it. Perhaps it is some setting in the kernel or a kernel module.

Lisenet
Member

There is no setting for this, and the fact is that you don’t need to reboot after updating the /etc/hosts file. Neither on Linux nor Windows.

Sam
Member
Sam

I agree, this is the normal case. However under in this setup the system requires a reboot. If you are in doubt test the system yourself. CentOS 7.1503

Lisenet
Member

I’m still yet to understand why changing the hosts file entries requires a reboot. If you have a referencing Red Hat article on this, please share.

Sam
Member
Sam

If I had a link, or any additional information I would post it. Whether this is a feature, or a bug, I have no idea. If you have time, troubleshoot it.

Feature(s) Explained?
https://twitter.com/Abdella66285984/status/991720766034104321

Lisenet
Member

To troubleshoot what exactly? To change hosts entries? This does not require a reboot. I sense that this conversation started to circle.

Sam
Member
Sam

The first stage in troubleshooting is to replicate the problem. If you have not done this then you are trolling. I hope this is not the case.

RHCSA7: Task of the day

Allowed time: 3 minutes.
Check that you've got no SELinux policy violations.

RHCE7: Task of the day

Allowed time: 15 minutes.
Configure a Samba server called MYSERVER, belonging to the MYGROUP group, sharing the /shared directory with the name "shared".

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...