Apache Web Server Virtual Host Configuration

Posted on  by admin

Creating virtual host configurations on your Apache server does not magically cause DNS entries to be created for those host names. You must have the names in DNS, resolving to your IP address, or nobody else will be able to see your web site. VirtualHost matching Once the server is configured to listen to a specific address or port, Apache must decide what VirtualHost should be used to fulfill the client request. Before seeing the steps involved in this decision, let’s briefly see how a virtual host is defined. Usually apache2 on Ubuntu has a virtual host setup for the default site, i.e. When apache can't find a more specific domain (TLD) attached to another virtual host. The command a2dissite SITENAME is a script for disabling any enabled site on Ubuntu/Debian systems. The opposite command is a2ensite for enabling a disabled site. The process for completing virtual server Apache configuration is simple: First, input “$ sudo nano /etc/apache2/sites-available/example.com.conf” to open your virtual host configuration file.

  1. Apache Virtual Host Config
  2. Apache Virtual Server
  3. Apache Web Server Virtual Host Configuration Tutorial

In this article, we'll run through installing and setting up an Apache virtual host to utilize the HTTPS protocol with an SSL certificate. If you're not familiar with the initial virtual host setup process or need a refresher, you can learn how to setup Apache and virtual hosts here.

HTTPS today is pretty much a requirement. At the very least, it's highly recommended by top search engines like Google and Bing to have one set up, even if you're just running a little old blog like this one. It secures your website and, most importantly, your users and their information. So just do it.

What is an SSL Certificate?

An SSL certificate is a data file that digitally binds a cryptographic key to an organization's details, allowing secure connections from a web server to a user's browser.

SSL certificates are commonly used in scenarios where sensitive information is transferred, such as an e-commerce site accepting credit cards, any websites accepting user sign-ups, logins, or personal information, data transfers, and more. In today's world, it's best to have an SSL certificate installed for your website, even if you're running a simple site or blog.

I recommend NameCheap for all of your SSL purchasing needs. It's easy to get set up with an account, and only takes a few minutes to create an SSL certificate and install it on your server.

Install the SSL Certificate on Your Server

Apache Virtual Host Config

Since this article is about setting up an Apache virtual host to handle SSL certificates and HTTPS requests, I'm going to assume for now that you have already obtained the SSL certificates you need from a Certificate Authority, like NameCheap. Any well-known provider will work. You just need to make sure you have the following three certificate files before proceeding:

  • .cer or .crt file: The digital certificate file used by a web browser to verify a website or organization's security and authenticity.
  • .key file: The certificate's private key used in the encryption/decryption of data sent between your server and connecting clients.
  • .ca-bundle file: The root certificate belonging to the issuing Certificate Authority, and the intermediate certificate which acts as the middle-man between the protected root certificate and server certificates for your website.
Apache web server virtual host configuration tutorial

All certificate files combined make up a certificate chain.

Apache Web Server Virtual Host Configuration

Apache Virtual Server

Let's install these three certificate files onto your web server at the following location:

Create an Apache Virtual Host with SSL

Because I'm a minimalist, we're going to set up a single Apache virtual host that will work for connections through ports 80, regular traffic, and 443, secure traffic. It's easier to manage, especially if you're managing many sites in your configuration, and removes extra room for error.

First, we must make sure Apache's SSL module is installed and loaded properly before enabling it. Without this, restarting your Apache server will fail and you'll need to either comment it out or correct it before you can restart it again.

To ensure that the module is loaded and running on your server, run the following command:

Next, we need to tell Apache to listen for incoming, secure traffic on port 443. By default, only port 80 is enabled, which will not work for HTTPS traffic.

Next, we're telling our VirtualHost configuration to listen to any requests received through ports 80 and 443 on a single virtual host instance. If a request is received through the secure port, the SSL directives kick in and include the SSL certificates installed at the locations we specify on the server, and enable SSL capabilities on your website.

Now, restart your Apache web server to enable the changes:

Some server configurations, like Amazon LightSail, do not support connections through port 443 out of the box. To allow outside connections to the secure port, you must enable it through your provider.
Server

Conclusion

Since HTTPS is pretty much a requirement, at least according to the top search engines, you should always install SSL certificates and enable for your websites from the get-go. It's best practice to do this and could save you a lot of time and trouble in the long-run.

Maybe you don’t know what all virtual hosts your Apache HTTP Server has defined and where exactly because your config files aren’t organised well, they’re a mess. Maybe you defined a new virtual host and have no idea why a request to your site ain’t picking it up.

Well the apachectl program that comes with the Apache installation in all major Linux distributions, Mac OS, FreeBSD, etc. for administrative tasks can totally help you in this case.

Apache Web Server Virtual Host Configuration Tutorial

Both the commands output a VirtualHost configuration: section that is super useful. If we look at it closely:

This is the current virtual host setup for this site. It gives out a bunch of useful information:

  1. There are two virtual hosts set and enabled at – 000-catchall.conf:1 and codingshower.conf:1. What comes after : is the line number.
  2. All the <VirtualHost> definitions have been defined with *:80 as the expected addr:port type. They’re all name based virtual hosts.
  3. Once the virtual hosts are matched with the IP:PORT of the connection, the server names will be matched. If the connection Host is codingshower.com then the vhost defined in codingshower.conf:1 will be picked. If the Host is catchall then 000-catchall.conf:1 will be picked otherwise the default server will win which is the same as the one for catchall. So a request to http://catchall or http://PUBLIC_IP will go to the 000-catchall.conf vhost.

I highly recommend that whenever you set up a new virtual host or make changes to the <VirtualHost>, ServerName or ServerAlias directives of existing ones, you must run one of the two commands shown above and go through your new list properly so that you know what’ll work for a specific connection.

I also highly recommend reading my other article that explains virtual host request matching in depth.