Name-based Virtual Host Support
The Apache web server Can easily be configured to serve up different content based on the name it was called as.
This allows fun stuff like giving your machine multiple names via DNS and making it look like a whole server farm.
This also makes life easier if you're using it to proxy for other machines internal to your network.
In these notes, we'll be setting up 4 names for the server. foo.bar & www.foo.bar which will be the default web site. Wiki.foo.bar which will be served up by the same install of Apache, but still independant of the default web site. Proxy.foo.bar which is on another machine completely & wouldn't otherwise be reachable.
You will need to set up external DNS for Wiki.foo.bar & Proxy.foo.bar (which are NOT the same as your normal webserver name as far as the outside world is concerned)
NOTE: It is probably smartest to put the VirtualHost
sections in separate files in the /etc/apache2/sites-available/
folder, then make symbolic links to them in /etc/apache2/sites-enabled
This will simplify maintenance down the road...
(But, if you really want to, they can simply be added to /etc/apache2/apache2.conf)
A sample set of files for /etc/apache2/sites-available
:
Note the SSLCertificateFile
& SSLCertificateKeyFile
lines... In these examples, they are based on the self-signed certs built into Apache. If you have proper certs, these will reflect that.
www.foo.bar.conf
########################## # WWW.foo.bar # # our default web server # ########################## <VirtualHost *:80> ServerName foo.bar Redirect permanent / https://www.foo.bar/ </VirtualHost> <VirtualHost *:80> ServerName www.foo.bar Redirect permanent / https://www.foo.bar/ </VirtualHost> <VirtualHost _default_:443> ServerName www.foo.bar DocumentRoot "/var/www/html" SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key </VirtualHost>
wiki.foo.bar.conf
######################### # Wiki.foo.bar # # our Wiki server # ######################### <VirtualHost *:80> ServerName wiki.foo.bar Redirect permanent / https://wiki.foo.bar/ </VirtualHost> <VirtualHost _default_:443> ServerName wiki.foo.bar DocumentRoot "/var/www/wiki" SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key </VirtualHost>
proxy.foo.bar.conf
################################################ # Proxy for proxy.foo.bar # # an ESXi-based server on our internal network # ################################################ <VirtualHost *:80> ServerName proxy.foo.bar Redirect permanent / https://proxy.foo.bar/ </VirtualHost> <VirtualHost _default_:443> ServerName proxy.foo.bar ProxyRequests on SSLEngine On SSLProxyEngine On ProxyPreserveHost On # Redirect WSS traffic (Needed if this is a proxy for ESXi) ProxyPass /ticket/ wss://proxy.foo.bar/ticket/ ProxyPassReverse /ticket/ wss://proxy.foo.bar/ticket/ # Redirect HTTPS traffic ProxyPass / https://proxy.foo.bar/ ProxyPassReverse / https://proxy.foo.bar/ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key <Proxy "*"> Order allow,deny Allow from all </Proxy> ErrorLog /var/log/apache2/Proxy/proxy_log CustomLog /var/log/apache2/Proxy/proxy-access_log combined </VirtualHost>
Enabling the Virtual Hosts
NOTE: Whichever VirtualHost gets configured FIRST becomes the default host. Any name that successfully resolves to the server but is not among the names explicitly handled will be served this VirtualHost. (It may help to start the filename with a '0'. eg: 0-www.foo.bar.conf)
create the links
cd /etc/apache2/sites-enabled
sudo ln -s ../sites-available/www.foo.bar.conf .
sudo ln -s ../sites-available/wiki.foo.bar.conf .
sudo ln -s ../sites-available/proxy.foo.bar.conf .
and restart Apache:
sudo systemctl restart apache2