10.8. Virtual Hosts

The Apache HTTP Server's built in virtual hosting allows the server to serve different information based on which IP address, hostname, or port is being requested. A complete guide to using virtual hosts is available online at http://httpd.apache.org/docs-2.0/vhosts/.

10.8.1. Setting Up Virtual Hosts

To create a name-based virtual host, it is best to use the virtual host container provided in httpd.conf as an example.

The virtual host example read as follows:

#NameVirtualHost *
#
#<VirtualHost  *>
#    ServerAdmin [email protected]
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>

To activate name-based virtual hosting, uncomment the NameVirtualHost line by removing the hash mark (#) and replace the asterisk (*) with the IP address assigned to the machine.

Next, configure a virtual host, by uncommenting and customizing the <VirtualHost> container.

On the <VirtualHost> line, change the asterisk (*) to the server's IP address. Change the ServerName to a valid DNS name assigned to the machine, and configure the other directives as necessary.

The <VirtualHost> container is highly customizable and accepts almost every directive available within the main server configuration.

TipTip
 

If configuring a virtual host to listen on a non-default port, that port must be added to the Listen directive in the global settings section of /etc/httpd/conf/http.conf file.

To activate a newly created virtual host the Apache HTTP Server must be reloaded or restarted. Refer to Section 10.4 Starting and Stopping httpd for instructions on doing this.

Comprehensive information about creating and configuring both name-based and IP address-based virtual hosts is provided online at http://httpd.apache.org/docs-2.0/vhosts/.

10.8.2. The Secure Web Server Virtual Host

By default, the Apache HTTP Server is configured as both a non-secure and a secure server. Both the non-secure and secure servers use the same IP address and host name, but listen on different ports: 80 and 443 respectively. This enables both non-secure and secure communications to take place simultaneously.

One aspect of SSL enhanced HTTP transmissions is that they are more resource intensive than the standard HTTP protocol, so a secure server cannot serve as many pages per second. For this reason it is often a good idea to minimize the information available from the secure server, especially on a high traffic Web site.

ImportantImportant
 

Do not use name-based virtual hosts in conjunction with a secure Web server as the SSL handshake occurs before the HTTP request identifies the appropriate name-based virtual host. Name-based virtual hosts only work with the non-secure Web server.

The configuration directives for the secure server are contained within virtual host tags in the /etc/httpd/conf.d/ssl.conf file.

By default, both the secure and the non-secure Web servers share the same DocumentRoot. It is recommended that the DocumentRoot be different for the secure Web server.

To stop the non-secure Web server from accepting connection, comment the line in httpd.conf which reads Listen 80 by placing a hash mark (#) at the beginning of the line. When finished, it the line looks like the following example:

#Listen 80

For more information on configuring an SSL enhanced Web server, refer to the chapter titled Apache HTTP Secure Server Configuration in the Red Hat Enterprise Linux System Administration Guide. For advanced configuration tips, refer to the Apache Software Foundation documentation available online at the following URLs: