Name based vHosts with Apache 2.2 on Debian/Ubuntu Linux

This article provides basic knowledge and exemplary configurations to use name based virtual Hosts with Apache.

It is assumed that you installed an Apache HTTP server, you can access the computer's terminal with root privileges (e.g. via SSH) and your Domains are pointing to the server you want to use (=DNS A-RRs are set). Additionally, you have to know some basic principles about configuring Apache on Debian/Ubuntu.

You have to use the NameVirtualHost directive in the basic configuration to be able to define vHosts at all.

1. Create a basic configuration file in /etc/apache2/sites-available/ for your new vHost named after the website it is running. I will use /etc/apache2/sites-available/example for the website http://www.example.com:

   <VirtualHost *:*>
     #addresses
     ServerName example.com
     ServerAlias www.example.com
   
     #dirs and permissions
     DocumentRoot "/var/www/vhost/example/htdocs"
     <Directory /var/www/vhost/example/htdocs>
       Order Deny,Allow
       Allow from all
     </Directory>
    
     #logging
     LogLevel warninfo 
     ErrorLog /var/www/log/example/error.log
     CustomLog /var/www/log/example/access.log combined
   </VirtualHost>

   Additionally needed configuration directives can be added later.

2. Make sure the permissions are OK:

   sudo chmod 0755 /etc/apache2/sites-available/
   sudo chmod -R 0644 /etc/apache2/sites-available/*

3. Create the directories you used in your vHost configuration (logfiles and webroot):

   sudo mkdir -v -p -m 0755 /var/www/vhost/example/htdocs/
   sudo mkdir -v -p -m 0600 /var/www/log/example/

4. For security reasons, the log files should only be readable and writeable for the user account which is starting (!= running) the Apache daemon. This is root by default (even Apache normally runs with the www-data account):

   sudo chown -R root /var/www/log/example/
   sudo chmod -R 0600 /var/www/log/example/

5. Check your configuration for any errors:

   sudo apache2ctl configtest

That's all in the first step. Additionally needed configuration directives can be added later.

The basic configuration is done. You can enable your vHost by using the a2ensite <vhost config file>¹⁾ command:

sudo a2ensite example

This creates a symlink from /etc/apache2/sites-enable/example to /etc/apache2/sites-available/example. If you want to disable the vHost again, use a2dissite.²⁾ Restart Apache now:

sudo /etc/init.d/apache2 restart

Your vHost should be reachable now if there where no errors or warnings. Try to open http://www.example.com/ in your browser (For sure, you will get an empty directory index or a “404 Not Found” if there is no data right now).

The basic configuration is done. Now you can add all needed configuration directives allowed in the vHost context to make it fit your needs. Simply couch your needs in terms, google it and have a look at the Apache documentation to find the needed directives.

File system permissions are an essential component of your web server's security. You should keep them as restrictive as possible. Here are some hint:

• root should own as much files as possible. Allow other users only reading and executing files:

  sudo chown -R root /var/www/path/to/your/vhosts/webroot/
  sudo chmod -R 0755 /var/www/path/to/your/vhosts/webroot/

• Grant write permissions only temporarily (e.g. during the upload of of your site's content). You can do this by using the

  sudo chmod 0777 /var/www/path/to/your/vhosts/webroot/

  Upload your files now and remove write permissions and set root as file owner:

  sudo chown -R root /var/www/path/to/your/vhosts/webroot/
  sudo chmod -R 0755 /var/www/path/to/your/vhosts/webroot/

• Grant write permissions only where they are needed through passing file/dir ownership to Apache's www-data user:

  sudo chown -R www-data /var/www/path/to/your/vhosts/webroot/upload/

Add more details The first defined vHost will be used as fallback.

You probably defined multiple NameVirtualHost directives. Many tutorials are creating a basic vhost.conf including a NameVirtualHost * directive. But this NameVirtualHost * directive is also included as default/fallback vHost in /ect/apache2/sites-available/default on Debian and Ubuntu systems.

If you set up your own default host, use

sudo a2dissite default

to disable the Debian/Ubuntu default vHost or use comments (→ “#”) to disable it.

This error is cause by a NameVirtualHost * directive in combination with SSL/TLS. If you want to use SSL with vHosts, you probably created <VirtualHost *:80> and <VirtualHost *:443> entries. These vHosts are confusing Apache in combination with a NameVirtualHost *.

Try to replace NameVirtualHost * with two directives like NameVirtualHost *:80 and NameVirtualHost *:443.

This warning informs you that Apache is not able to resolve one or more values of ServerName (global context or within a vHost) via DNS. This may be caused if you did not set a hostname for your system at all.

You can check if your system got a hostname with

cat /etc/hostname<code>

To set a hostname, use <code>hostname myhostname

If your hostname and all ServerName configurations are correct, you may insert the unresolvable names into /etc/hosts to prevent this error/failed DNS requests.

• Using and maintaining Apache 2.2 on Debian/Ubuntu Linux (some basic principles)
• SSL/TLS with Apache 2.2 on Debian/Ubuntu Linux

• Apache Documentation: vHosts
• Apache Documentation: Name-based Virtual Host Support
• Apache Documentation: VirtualHost configuration examples
• Debian-Administration.org: "Hosting multiple websites with Apache2"