Using Virtual Hosts
 | Warning |
|---|---|
If you plan to use the Apache Configuration Tool, a GUI utility provided with Red Hat Linux, you may not edit your Apache Web server's httpd.conf configuration file. Conversely, if you want to edit httpd.conf by hand, do not use the Apache Configuration Tool. If you need more information on the Apache Configuration Tool, please see the Official Red Hat Linux Customization Guide. |
You can use Apache's virtual hosts capability to run different servers for different IP addresses, different host names or different ports on the same machine. If you are interested in using virtual hosts, complete information is provided in the Apache documentation on your machine or on the Web at http://httpd.apache.org/docs/vhosts/.
 | Note |
|---|---|
You cannot use name-based virtual hosts with your secure Web server, because the SSL handshake (when the browser accepts the secure Web server's certificate) occurs before the HTTP request which identifies the appropriate name-based virtual host. If you want to use name-based virtual hosts, they will only work with your non-secure Web server. |
Virtual hosts are configured within the httpd.conf file, as described in the section called Configuration Directives in httpd.conf. Please review that section before you start to change the virtual hosts configuration on your machine.
The Secure Web Server Virtual Host
The default configuration of your Web server runs a non-secure and a secure server. Both servers use the same IP address and host name, but they listen on different ports, and the secure server is a virtual host. This configuration enables you to serve both secure and non-secure documents in the most efficient manner possible. Setting up the secure HTTP transmission is very resource intensive, so generally you will be able to serve far fewer pages per second with a secure server. You need to consider this when you decide what information to include on the secure server, and which you can use the non-secure server for.
The configuration directives for your secure server are contained within virtual host tags in the httpd.conf file. If you need to change something about the configuration of your secure server, you will need to change the configuration directives inside virtual host tags in the httpd.conf file. If you want to enable certain features (for example, server side includes) for your secure server, they will need to be enabled within the virtual host tags that define your secure server.
The non-secure Web server is configured as the "non-virtual" host in the httpd.conf file. In other words, the non-secure Web server's configuration options are outside of the virtual host tags in httpd.conf. If you want to change something about your non-secure Web server, you will need to change the configuration directives in httpd.conf outside of the virtual host tags.
By default, both the secure and the non-secure Web servers share the same DocumentRoot, a configuration directive specified in httpd.conf. In other words, the secure and the non-secure Web server look in the same place for the HTML files that they provide in response to requests. By default, the DocumentRoot is set to /var/www/html.
To change the DocumentRoot so that it is no longer shared by both the secure server and the non-secure server, change one of the DocumentRoot directives in httpd.conf. The DocumentRoot outside the virtual host tags defines the DocumentRoot for your non-secure Web server. The DocumentRoot within the virtual host tags that define your secure server is for your secure server.
If for some reason you want to disable the non-secure Web server on your machine, you can. Your secure server listens on port 443, the default port for secure Web communications, while your non-secure Web server listens on port 80, the default port for non-secure Web communications. To stop the non-secure Web server from accepting connections, in httpd.conf, find the line which reads:
Port 80 |
Change the above line so that it reads:
Port 443 |
Then comment out the Listen 80 line.
After these two steps, your Web server will be accepting connections on port 443, the default port for secure Web communications. However, your server will not accept connections on port 80, the default port for non-secure communications, so the non-secure Web server will be effectively disabled.
Setting Up Virtual Hosts
Most people will probably use their Web server as it is configured. Therefore, they will be using the built-in virtual hosts capability, but they will not have to do any manipulation of the virtual hosts directives in httpd.conf. However, if you would like to use the virtual hosts capability for some other reason, you can.
To create a virtual host, you will need to alter the virtual host lines, provided as an example, in httpd.conf, or create your own virtual host section. (Remember that name-based virtual hosts will not work with your secure server — you will need to use IP address-based virtual hosts if you need SSL-enabled virtual hosts. Your non-secure server, however, will support both IP address and name-based virtual hosts.)
The virtual host example lines read as follows:
#<VirtualHost ip.address.of.host.some_domain.com> # ServerAdmin webmaster@host.some_domain.com # DocumentRoot /www/docs/host.some_domain.com # ServerName host.some_domain.com # ErrorLog logs/host.some_domain.com-error_log # CustomLog logs/host.some_domain.com-access_log common #</VirtualHost> |
Uncomment all of the lines. Then add the correct information for your machine and/or your virtual host to each line.
In the first line, change ip.address.of.host.some_domain.com to your server's IP address. Change the ServerName to a valid DNS name to use for the virtual host. (In other words, do not just make something up. Ask your system administrator if you do not know how to get a valid domain name.)
You will also need to uncomment one of the NameVirtualHost lines in httpd.conf:
#NameVirtualHost 12.34.56.78:80 #NameVirtualHost 12.34.56.78 |
Uncomment one of the lines and change the IP address to the IP address (and port if necessary) for that virtual host.
Many other configuration directives can be placed between the virtual host tags, depending upon why you are setting up a virtual host.
If you set up a virtual host and want it to listen on a non-default port (80 is the default port for non-secure Web communications; 443 is the default port for secure Web communications), you will need to set up a virtual host for that port and add a Listen directive to httpd.conf, corresponding to that port.
To have a virtual host work specifically for that port, add the port number to the first line of the virtual host configuration. The first line should look something like the following:
<VirtualHost ip_address_of_your_server:12331> |
This line would create a virtual host that listens on port 12331. Substitute the port number you want to use for 12331 in the previous example.
Underneath the Listen lines in httpd.conf, add a line like the following, which will instruct your Web server to listen on port 12331:
Listen 12331 |
You must restart httpd to start a new virtual host. See the section called Starting and Stopping httpd for instructions on how to start and stop httpd.
Much more complete information about creating and configuring both name-based and IP address-based virtual hosts is provided on the Web at http://httpd.apache.org/docs/vhosts/. Please check the Apache Group's virtual host documentation for more details on using virtual hosts.