Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Do I just tell the firewall guys to point the external IP at the server address and this configuration will work if someone requests site1, site2, site3, etc..
Do I need A records, CNAME?
Code:
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf
#NameVirtualHost *:80
ServerName servername.dmz.domain
DocumentRoot "/var/www/html"
<VirtualHost *:80>
DocumentRoot /var/www/html
</VirtualHost>
<VirtualHost *:80>
Redirect / https://servername.internal.domain
DocumentRoot /var/www/html
ServerName servername.internal.domain
ServerAlias servername.internal.domain
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName https://servername.internal.domain
ServerAlias https://servername.internal.domain
SSLEngine on
<Directory "/var/www/html">
Options FollowSymLinks ExecCGI
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
Redirect / https://www.site1.com
DocumentRoot /var/www/html/www.site1.com
ServerName www.site1.com
ServerAlias www.site1.com
<Directory "/var/www/html/www.site1.com">
Options Indexes FollowSymLinks ExecCGI
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html/www.site1.com
ServerName https://www.site1.com
ServerAlias https://www.site1.com
SSLEngine on
<Directory "/var/www/html/www.site1.com">
Options Indexes FollowSymLinks ExecCGI
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
Redirect / https://www.site2.com
DocumentRoot /var/www/html/www.site2.com
ServerName /www.site2.com
ServerAlias /www.site2.com
<Directory "/var/www/html//www.site2.com">
Options Indexes FollowSymLinks ExecCGI
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html//www.site2.com
ServerName https://www.site2.com
ServerAlias https://www.site2.com
SSLEngine on
<Directory "/var/www/html/www.site2.com">
Options Indexes FollowSymLinks ExecCGI
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Yes, you'll need A records for each site's domain name to route to the web server's IP address.
Couple of other comments:
ServerName and ServerAlias should be different (else why have an alias?)
We usually do:
Code:
ServerName site1.com
ServerAlias www.site1.com
I don't think your internal.server.name is going to work as coded, tho. Does it have a 'real' domain name?
I think what you have coded is going to route all requests to the internal server. I'm guessing tho.
Note that the first VirtualHost is the default, so, for example, an http://yourIPaddress will return the first VirtualHost only.
Thanks for the response. The first virtual host is the actual server.
If I create an "internal" a-record for all the virtual hosts on the actual IP of the server, and set that as the ServerAlias and set the ServerName to the actual requested site, would that work?
Code:
<VirtualHost *:80>
Redirect / https://www.site1.com
DocumentRoot /var/www/html/www.site1.com
ServerName www.site1.com
ServerAlias site1.dmz.domain (A-Record)
<Directory "/var/www/html/www.site1.com">
Options Indexes FollowSymLinks ExecCGI
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html/www.site1.com
ServerName https://www.site1.com
ServerAlias https://site1.dmz.domain (A-Record)
SSLEngine on
<Directory "/var/www/html/www.site1.com">
Options Indexes FollowSymLinks ExecCGI
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Thanks for the response. The first virtual host is the actual server.
If I create an "internal" a-record for all the virtual hosts on the actual IP of the server, and set that as the ServerAlias and set the ServerName to the actual requested site, would that work?
Code:
<VirtualHost *:80>
Redirect / https://www.site1.com
DocumentRoot /var/www/html/www.site1.com
ServerName www.site1.com
ServerAlias site1.dmz.domain (A-Record)
<Directory "/var/www/html/www.site1.com">
Options Indexes FollowSymLinks ExecCGI
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html/www.site1.com
ServerName https://www.site1.com
ServerAlias https://site1.dmz.domain (A-Record)
SSLEngine on
<Directory "/var/www/html/www.site1.com">
Options Indexes FollowSymLinks ExecCGI
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I'm not sure what you mean by "internal" A record.
A request to a domain name is routed to the web server by a name server (DNS).
The A record needs to be in the name server.
ServerName and ServerAlias should not contain http(s):// parts, just the actual domain name(s) as defined in DNS*
The redirect for port 80 will automatically use port 443. The https is not explicitly coded for 443.
As defined (without the http(s) parts), the web server will serve the contents of /var/www/html/www.site1.com if the URI contains www.site1.com or site1.dmz.domain -- it will not know what to do with site1.com.
*One can put the domain name to IP relationship in a hosts file instead of using a name server.
This example should be in your config file:
Code:
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
I have access to set up A-records for internal DNS. I'm on a segmented VLAN or something so I have to request external redirects to an "internal" dmz vlan. I changed my virtual hosts to better reflect your config. How does apache know to not use the first virtual host every time? I guess I just don't understand how a request for site2.com can be directed without an IP.
Code:
NameVirtualHost *:80
NameVirtualHost *:443
ServerName prod-web.dmz.domain
DocumentRoot "/var/www/html"
#<VirtualHost *:80>
# DocumentRoot /var/www/html
#</VirtualHost>
#<VirtualHost *:80>
# Redirect / https://servername.internal.domain
# DocumentRoot /var/www/html
# ServerName servername.internal.domain
# ServerAlias servername.internal.domain
#</VirtualHost>
#<VirtualHost *:443>
# DocumentRoot /var/www/html
# ServerName https://servername.internal.domain
# ServerAlias https://servername.internal.domain
# SSLEngine on
# <Directory "/var/www/html">
# Options FollowSymLinks ExecCGI
# AllowOverride AuthConfig FileInfo
# Order allow,deny
# Allow from all
# </Directory>
#</VirtualHost>
#SITES START HERE
<VirtualHost *:80>
Redirect / https://www.test1.com
DocumentRoot /var/www/html/www.test1.com
ServerName test1.com
ServerAlias www.test1.com
<Directory "/var/www/html/www.test1.com/">
Options Indexes FollowSymLinks ExecCGI
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html/www.test1.com
ServerName test1.com
ServerAlias www.test1.com
SSLEngine on
<Directory "/var/www/html/www.test1.com/">
Options Indexes FollowSymLinks ExecCGI
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
#SITE2
<VirtualHost *:80>
Redirect / https://test2.com
DocumentRoot /var/www/html/test2.com
ServerName www.test2.com
ServerAlias test2.com
<Directory "/var/www/html/test2.com/">
Options Indexes FollowSymLinks ExecCGI
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html/test2.com
ServerName www.test2.com
ServerAlias test2.com
SSLEngine on
<Directory "/var/www/html/test2.com/">
Options Indexes FollowSymLinks ExecCGI
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I have access to set up A-records for internal DNS. I'm on a segmented VLAN or something so I have to request external redirects to an "internal" dmz vlan. I changed my virtual hosts to better reflect your config. How does apache know to not use the first virtual host every time? I guess I just don't understand how a request for site2.com can be directed without an IP.
That's done in the DNS. The DNS A record will point the domain name to the IP address of the web server.
That's done on the DNS server that's authoritative for the domain name. A
Code:
dig site1.com ns
will display which name server that is.
There's a line in the httpd config:
Code:
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen *:80
Right?
You'll also need a
Code:
Listen *:443
so the server is listening for the https connections as well.
In apache 2.4, the ssh definitions are often in a separate config file, however, and thats where the Listen *.443 will be. You'll get an error if you define it twice, 'cause the second one will hit a busy port and the web server won't start.
The web server will match the domain name in the URI to the ServerName directive in the VirtualHost container.
So, if https://site1.com is entered in a web browser, the name is resolved to the IP of the web server via DNS, then the request is received by the web server and the web server delivers the content in the DocumentRoot for that ServerName.
What OP is referring to sounds a lot like "shared hosting," where multiple websites exist on the same web server (not in VPNs). This Wikipedia article provides a nice intro to shared hosting: https://en.wikipedia.org/wiki/Shared...osting_service
What OP is referring to sounds a lot like "shared hosting," where multiple websites exist on the same web server (not in VPNs). This Wikipedia article provides a nice intro to shared hosting: https://en.wikipedia.org/wiki/Shared...osting_service
I agree. That article gives an excellent explanation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.