Table of Contents
Name based vHosts with Apache 2.2 on Debian/Ubuntu Linux
This article provides basic knowledge and exemplary configurations to use name based virtual Hosts with Apache.
It is assumed that you installed an Apache HTTP server, you can access the computer's terminal with root privileges (e.g. via SSH) and your Domains are pointing to the server you want to use (=DNS A-RRs are set). Additionally, you have to know some basic principles about configuring Apache on Debian/Ubuntu.
The following commands and configurations are examples to help understanding configuration at all. You need to adapt them to your needs.
Enable vHost support
You have to use the NameVirtualHost
directive in the basic configuration to be able to define vHosts at all.
How to create a new vHost
It is strongly recommended to create a separate configuration file for each vHost, named after the website it is running. The provided Debian administration tools may not won't work otherwise!
Create a configuration file
- Create a basic configuration file in
/etc/apache2/sites-available/
for your new vHost named after the website it is running. I will use/etc/apache2/sites-available/example
for the websitehttp://www.example.com
:<VirtualHost *:*> #addresses ServerName example.com ServerAlias www.example.com #dirs and permissions DocumentRoot "/var/www/vhost/example/htdocs" <Directory /var/www/vhost/example/htdocs> Order Deny,Allow Allow from all </Directory> #logging LogLevel warninfo ErrorLog /var/www/log/example/error.log CustomLog /var/www/log/example/access.log combined </VirtualHost>
Additionally needed configuration directives can be added later.
- Make sure the permissions are OK:
sudo chmod 0755 /etc/apache2/sites-available/ sudo chmod -R 0644 /etc/apache2/sites-available/*
- Create the directories you used in your vHost configuration (logfiles and webroot):
sudo mkdir -v -p -m 0755 /var/www/vhost/example/htdocs/ sudo mkdir -v -p -m 0600 /var/www/log/example/
- For security reasons, the log files should only be readable and writeable for the user account which is starting (!= running) the Apache daemon. This is
root
by default (even Apache normally runs with thewww-data
account):sudo chown -R root /var/www/log/example/ sudo chmod -R 0600 /var/www/log/example/
- Check your configuration for any errors:
sudo apache2ctl configtest
That's all in the first step. Additionally needed configuration directives can be added later.
Activate the vHost
The basic configuration is done. You can enable your vHost by using the a2ensite <vhost config file>
1) command:
sudo a2ensite example
This creates a symlink from /etc/apache2/sites-enable/example
to /etc/apache2/sites-available/example
. If you want to disable the vHost again, use a2dissite
.2) Restart Apache now:
sudo /etc/init.d/apache2 restart
Your vHost should be reachable now if there where no errors or warnings. Try to open http://www.example.com/
in your browser (For sure, you will get an empty directory index or a “404 Not Found” if there is no data right now).
Add further configuration directives
The basic configuration is done. Now you can add all needed configuration directives allowed in the vHost context to make it fit your needs. Simply couch your needs in terms, google it and have a look at the Apache documentation to find the needed directives.
Mastering permissions
File system permissions are an essential component of your web server's security. You should keep them as restrictive as possible. Here are some hint:
root
should own as much files as possible. Allow other users only reading and executing files:sudo chown -R root /var/www/path/to/your/vhosts/webroot/ sudo chmod -R 0755 /var/www/path/to/your/vhosts/webroot/
- Grant write permissions only temporarily (e.g. during the upload of of your site's content). You can do this by using the
sudo chmod 0777 /var/www/path/to/your/vhosts/webroot/
Upload your files now and remove write permissions and set
root
as file owner:sudo chown -R root /var/www/path/to/your/vhosts/webroot/ sudo chmod -R 0755 /var/www/path/to/your/vhosts/webroot/
- Grant write permissions only where they are needed through passing file/dir ownership to Apache's
www-data
user:sudo chown -R www-data /var/www/path/to/your/vhosts/webroot/upload/
The "default" vHost
Add more details
The first defined vHost will be used as fallback.
Troubleshooting
Message: [warn] NameVirtualHost *:0 has no VirtualHosts
You probably defined multiple NameVirtualHost
directives. Many tutorials are creating a basic vhost.conf
including a NameVirtualHost *
directive. But this NameVirtualHost *
directive is also included as default/fallback vHost in /ect/apache2/sites-available/default
on Debian and Ubuntu systems.
If you set up your own default host, use
sudo a2dissite default
to disable the Debian/Ubuntu default vHost or use comments (→ “#”) to disable it.
Message: [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported[...]
This error is cause by a NameVirtualHost *
directive in combination with SSL/TLS. If you want to use SSL with vHosts, you probably created <VirtualHost *:80>
and <VirtualHost *:443>
entries. These vHosts are confusing Apache in combination with a NameVirtualHost *
.
Try to replace NameVirtualHost *
with two directives like NameVirtualHost *:80
and NameVirtualHost *:443
.
Message: Could not reliably determine the server's fully qualified domain name, using <foobar> for ServerName
This warning informs you that Apache is not able to resolve one or more values of ServerName
(global context or within a vHost) via DNS. This may be caused if you did not set a hostname for your system at all.
You can check if your system got a hostname with
cat /etc/hostname<code> To set a hostname, use <code>hostname myhostname
If your hostname and all ServerName
configurations are correct, you may insert the unresolvable names into /etc/hosts
to prevent this error/failed DNS requests.