In this tutorial i will try to go easily step by step to install simple virtual hosts using Apache (the most popular web server) on CentOS (considered to be Red Hat community version).
Apache Virtual Hosts is ability to host many web sites with different domain name in same system installation.
Let’s Go,…
01.Installing Apache
httpd is the name of package in centos and mod_ssl (library to provide https ability) :
# yum install httpd mod_ssl -y
02.Enable and Start httpd service (enable means start on system boot by default) :
# systemctl enable httpd
# systemctl start httpd
03.Firewall ports to open (http/https):
firewall-cmd --permanent --add-service=http --add-service=https
firewall-cmd --reload
*Open your browser and go to url: localhost , should see default apache welcome page , fine !
04.SELinux configuration if non-default location used:
Default path for web site files is /var/www/html/ which is properly configured with SELinux , but you can use whatever path you want but you must take care of SELINUX
# mkdir /web
# chown -R apache:apache /web/
# semanage fcontext -a -t httpd_sys_content_t '/web(/.*)?'
# restorecon -Rv /web
*Now this folder is ready to hold our web site files
05.Virtual Hosts:
default configuration file for httpd in Centos is: /etc/httpd/conf/httpd.conf
*To create a new Virtual host: use any editor to create a file with .conf extension in /etc/httpd/conf.d/
For Example: let’s create horusec.local web site:
vim /etc/httpd/conf.d/horusec.conf
<Directory /web >
Require all granted
AllowOverride None
</Directory>
<VirtualHost *:80>
DocumentRoot /web
ServerName horusec.local
ServerAlias www.horusec.local
ServerAdmin [email protected]
ErrorLog "logs/horusec_error_log"
CustomLog "logs/horusec_access_log" combined
</VirtualHost>
Now you need to add a record in /etc/hosts to point to this name for testing or Register this domain name with your public IP in your Domain Registerar
Add test page to our site:
# echo “Welcome to horusec.local Testing web site” > /web/index.html
*Now browse to horusec.local , should see our testing page (edit /etc/hosts or any dns resolving to use site names or use IP for testing)
06.HTTPS secure connection:
yum install crypto-utils
Create self-signed certificate:
# genkey horusec.local
# provide your certificate info – this files must be found there after that:
/etc/pki/tls/private/horusec.local.key
/etc/pki/tls/certs/horusec.local.0.csr
/etc/pki/tls/certs/horusec.local.crt
#default ssl configuration file:
vim /etc/httpd/conf.d/ssl.conf
Create a new web site in a new configuration file called horusec.conf
# vim /etc/httpd/conf.d/horusec.conf
<Directory /web > Require all granted AllowOverride None </Directory> <VirtualHost *:443> DocumentRoot /web ServerName horusec.local SSLEngine on SSLCertificatefile /etc/pki/tls/certs/horusec.local.crt SSLCertificatekeyfile /etc/pki/tls/private/horusec.local.key SSLCertificatechainfile /etc/pki/tls/certs/horusec.local.crt ServerAdmin [email protected] ErrorLog "logs/site1_error_log" CustomLog "logs/site1_access_log" combined </VirtualHost> #Also append that next lines to redirect http to https: <VirtualHost *:80> ServerName horusec.local RewriteEngine on RewriteRule ^(/.*)$ https://%{HTTP_HOST} [redirect=301] </VirtualHost>
Reload httpd service to read new configuration file:
systemctl reload httpd
#Now Browse to horusec.local , should redirect you to https://horusec.local and open our welcome test page
One comment on “Linux Apache HTTP/HTTPS”
-
Pingback: Apache secure directory with user and password | IT Systems
Comments are closed.