Name based vHosts with Apache 2.2 on Debian/Ubuntu Linux

This article provides basic knowledge and exemplary configurations to use name based virtual Hosts with Apache.

It is assumed that you installed an Apache HTTP server, you can access the computer's terminal with root privileges (e.g. via SSH) and your Domains are pointing to the server you want to use (=DNS A-RRs are set). Additionally, you have to know some basic principles about configuring Apache on Debian/Ubuntu.

The following commands and configurations are examples to help understanding configuration at all. You need to adapt them to your needs.

Enable vHost support

You have to use the NameVirtualHost directive in the basic configuration to be able to define vHosts at all.

How to create a new vHost

It is strongly recommended to create a separate configuration file for each vHost, named after the website it is running. The provided Debian administration tools may not won't work otherwise!

Create a configuration file

  1. Create a basic configuration file in /etc/apache2/sites-available/ for your new vHost named after the website it is running. I will use /etc/apache2/sites-available/example for the website http://www.example.com:
    <VirtualHost *:*>
      #addresses
      ServerName example.com
      ServerAlias www.example.com
    
      #dirs and permissions
      DocumentRoot "/var/www/vhost/example/htdocs"
      <Directory /var/www/vhost/example/htdocs>
        Order Deny,Allow
        Allow from all
      </Directory>
     
      #logging
      LogLevel warninfo 
      ErrorLog /var/www/log/example/error.log
      CustomLog /var/www/log/example/access.log combined
    </VirtualHost>

    Additionally needed configuration directives can be added later.

  2. Make sure the permissions are OK:
    sudo chmod 0755 /etc/apache2/sites-available/
    sudo chmod -R 0644 /etc/apache2/sites-available/*
  3. Create the directories you used in your vHost configuration (logfiles and webroot):
    sudo mkdir -v -p -m 0755 /var/www/vhost/example/htdocs/
    sudo mkdir -v -p -m 0600 /var/www/log/example/
  4. For security reasons, the log files should only be readable and writeable for the user account which is starting (!= running) the Apache daemon. This is root by default (even Apache normally runs with the www-data account):
    sudo chown -R root /var/www/log/example/
    sudo chmod -R 0600 /var/www/log/example/
  5. Check your configuration for any errors:
    sudo apache2ctl configtest

That's all in the first step. Additionally needed configuration directives can be added later.

Activate the vHost

The basic configuration is done. You can enable your vHost by using the a2ensite <vhost config file>1) command:

sudo a2ensite example

This creates a symlink from /etc/apache2/sites-enable/example to /etc/apache2/sites-available/example. If you want to disable the vHost again, use a2dissite.2) Restart Apache now:

sudo /etc/init.d/apache2 restart

Your vHost should be reachable now if there where no errors or warnings. Try to open http://www.example.com/ in your browser (For sure, you will get an empty directory index or a “404 Not Found” if there is no data right now).

Add further configuration directives

The basic configuration is done. Now you can add all needed configuration directives allowed in the vHost context to make it fit your needs. Simply couch your needs in terms, google it and have a look at the Apache documentation to find the needed directives.

Mastering permissions

File system permissions are an essential component of your web server's security. You should keep them as restrictive as possible. Here are some hint:

  • root should own as much files as possible. Allow other users only reading and executing files:
    sudo chown -R root /var/www/path/to/your/vhosts/webroot/
    sudo chmod -R 0755 /var/www/path/to/your/vhosts/webroot/
  • Grant write permissions only temporarily (e.g. during the upload of of your site's content). You can do this by using the
    sudo chmod 0777 /var/www/path/to/your/vhosts/webroot/

    Upload your files now and remove write permissions and set root as file owner:

    sudo chown -R root /var/www/path/to/your/vhosts/webroot/
    sudo chmod -R 0755 /var/www/path/to/your/vhosts/webroot/
  • Grant write permissions only where they are needed through passing file/dir ownership to Apache's www-data user:
    sudo chown -R www-data /var/www/path/to/your/vhosts/webroot/upload/

The "default" vHost

FIXME Add more details The first defined vHost will be used as fallback.

Troubleshooting

Message: [warn] NameVirtualHost *:0 has no VirtualHosts

You probably defined multiple NameVirtualHost directives. Many tutorials are creating a basic vhost.conf including a NameVirtualHost * directive. But this NameVirtualHost * directive is also included as default/fallback vHost in /ect/apache2/sites-available/default on Debian and Ubuntu systems.

If you set up your own default host, use

sudo a2dissite default

to disable the Debian/Ubuntu default vHost or use comments (→ ”#”) to disable it.

Message: [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported[...]

This error is cause by a NameVirtualHost * directive in combination with SSL/TLS. If you want to use SSL with vHosts, you probably created <VirtualHost *:80> and <VirtualHost *:443> entries. These vHosts are confusing Apache in combination with a NameVirtualHost *.

Try to replace NameVirtualHost * with two directives like NameVirtualHost *:80 and NameVirtualHost *:443.

Message: Could not reliably determine the server's fully qualified domain name, using <foobar> for ServerName

This warning informs you that Apache is not able to resolve one or more values of ServerName (global context or within a vHost) via DNS. This may be caused if you did not set a hostname for your system at all.

You can check if your system got a hostname with

cat /etc/hostname<code>

To set a hostname, use <code>hostname myhostname

If your hostname and all ServerName configurations are correct, you may insert the unresolvable names into /etc/hosts to prevent this error/failed DNS requests.

See also

1) apache 2 enable site
2) apache 2 disable site
Print/export
QR Code
QR Code app:apache-http-server:apache2-vhost-debian-ubuntu (generated for current page)
Languages
Translations of this page: