So far everything is configured against one hostname in apache – so if you want different content then you could have things like http://hostname/blog and hostname/mail and so on. But a different way of doing this would be to configure subdomains – so blog.hostname.com and mail.hostname.com. There is a shortcut way of doing this which is outlined here – but this guide will be using seperate virtual hosts for each sub domain. Secondly – if you need a hostname in the real world to access your machine remotely then just go to dyndns.org and register one – it’s free, though you need to make sure it doesn’t expire. You’ll also need to open up ports 80 and 443 in your router. Finally, the free account doesn’t give subdomains any more, so everything on this page is an irrelevant unless you want to part with 15 dollars a year. If you are still carrying on then first we need to enable virtual hosts – so edit /etc/httpd/conf/httpd.conf and uncomment the line:
NameVirtualHost *:80
Next add in a section below:
<VirtualHost *:80> DocumentRoot /home/apache ServerName yourserver.dyndns.org ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log combined </VirtualHost>
If you had any extra config (rewrite rules for example) make sure to include them too (and remove them from elsewhere in the file). Which may mean that you end up with something like:
<VirtualHost *:80> DocumentRoot /home/apache ServerName yourserver.dyndns.org ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log combined RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/cube/(.*)$ https://%{HTTP_HOST}/cube/$1 [R,L] </VirtualHost>
Next we need to do the same for SSL – so edit /etc/httpd/conf.d/ssl.conf and add in the line:
NameVirtualHost *:443
Just above the virtual host section – giving:
NameVirtualHost *:443 <VirtualHost *:443>
Now we can start adding config for virtual hosts. Using the mail as an example – lets set that up as an SSL host of mail.myserver.dyndns.org. Edit the /etc/httpd/conf.d/ssl.conf and add a new section at the end:
<VirtualHost *:443> ServerName mail.yourhost.dyndns.org:443 DocumentRoot /home/apache/cube ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
Note that you can specify certificates for each host. As the hostname should equal the common name of the certificate this does prevent an error showing in the browser, but as they are self signed certs it’s probably not worth bothering. If you restart now (service httpd restart) you should be able to go to https://mail.yourhost.dyndns.org and see your webmail. Lets also add configuration to force the http->https redirect we had before. So edit /etc/httpd/conf/httpd.conf and add this at the end:
<VirtualHost *:80> ServerName mail.yourhost.dyndns.org DocumentRoot /home/apache/cube ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log combined RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L] </VirtualHost>
This means that the non http version (http://mail.yourhost.dyndns.org) will forward straight to the ssl version. Finally lets remove access to the /cube folder – we only want it to be accessed through the subdomain now. So for the root virtual host (in /etc/httpd/conf/httpd.conf) add in another rewrite:
<VirtualHost *:80> DocumentRoot /home/apache ServerName yourhost.dyndns.org ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log combined RewriteEngine On RewriteRule ^/cube/(.*)$ https://mail.yourhost.dyndns.org/$1 [R=301,L] </VirtualHost>
Note the original /cube SSL rewrite rule has been removed – this new rule replaces it.
Leave a comment