Apache Virtual Mass Hosting

From Wikichris
Jump to: navigation, search

I use Apache2 with his awesome Mass Virtual Hosting. This allows me to create a new web site named www.newwebsite.com only by creating the following directory : /home/websites/http/www.newwebsite.com/

Before we start

HTTP

We will install the original files for each website here :

/home/websites/original/$PROJECT_NAME

If my project is about phpmyadmin, a good name would be.... phpmyadmin...

We will then create a link for each url linked to this project there :

/home/websites/http/www.$PROJECT_NAME.com > rep_of_my_project

So we can give it many aliases:

/home/websites/http/www.$PROJECT_NAME.com > /rep_of_my_project
/home/websites/http/$PROJECT_NAME.com > /rep_of_my_project
/home/websites/http/www.$PROJECT_NAME.net > /rep_of_my_project
/home/websites/http/$PROJECT_NAME.mycompany.com > /rep_of_my_project

for each new website (or aliase) you just have 2 steps :

  • create the corresponding entry in your DNS
  • create a link to your website folder
ln -s /home/websites/original/$PROJECT_NAME /home/websites/http/www.$PROJECT_NAME.com

HTTPS

Concerning the SSL website I prefer to keep the old fashion install to keep control on certificats. In the following installation I'll take an example for https://wiki.gonzofamily.com

Installation

This will install Apache2, PHP5 and MySQL php5-mcrypt is for a futur PhpMyAdmin install

apt-get install apache2 mysql-server php5-mysql php5-mcrypt
a2enmod vhost_alias
a2enmod rewrite
a2enmod ssl

Create the new following file /etc/apache2/sites-available/masshosts

# get the server name from the Host: header
UseCanonicalName Off
# this log format can be split per-virtual-host based on the first field
LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
# include the server name in the filenames used to satisfy requests
<VirtualHost *:80>
	CustomLog /var/log/apache2/access.log vcommon
	VirtualDocumentRoot /home/websites/http/%0
	#VirtualScriptAlias /home/websites/http/%0/cgi-bin
</VirtualHost>

Let's use this new file instead of the default one

rm /etc/apache2/sites-enabled/000-default
cd /etc/apache2/sites-enabled/
ln -s ../sites-available/masshosts 000-masshosts

For each virtual host SSL I take default-ssl and I modify it Let's take an example for the following website

wiki.gonzofamily.com

Whose files are here :

/home/websites/original/wiki/

Dans the SSL certificats there:

/etc/ssl/private/wiki.gonzofamily.com/server.crt
/etc/ssl/private/wiki.gonzofamily.com/server.key
/etc/ssl/private/wiki.gonzofamily.com/bundle.crt


cd /etc/apache2/sites-available
cp default-ssl wiki-ssl

I modify the new file wiki-ssl :

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin monemail@domaine.com
        ServerName wiki.gonzofamily.com
        DocumentRoot /home/websites/original/wiki/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /home/websites/original/wiki/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
        SSLEngine on
        SSLCertificateFile    /etc/ssl/private/wiki.gonzofamily.com/server.crt
        SSLCertificateKeyFile /etc/ssl/private/wiki.gonzofamily.com/server.key
        SSLCertificateChainFile /etc/ssl/private/wiki.gonzofamily.com/bundle.crt
 [...]
 </VirtualHost>
</IfModule>

Enable the website

cd /etc/apache2/sites-enabled/
ln -s ../sites-available/wiki-ssl 010-wiki-ssl

Let's add the NameVirtualHost *:443 in the following file /etc/apache2/ports.conf

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
   NameVirtualHost *:443
   Listen 443
</IfModule>

Restart Apache

/etc/init.d/apache2 restart

HTTPS Certificate

Here is how we could create a self signed certificate for our wiki

cd /etc/ssl/private/wiki.gonzofamily.com/
  • Step 1: Generate a Private Key (password deleted later)
openssl genrsa -des3 -out server.key 2048
  • Step 2: Generate a CSR (Certificate Signing Request)
openssl req -new -key server.key -out server.csr
  • Step 3: Remove Passphrase from Key
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
  • Step 4: Generating a Self-Signed Certificate for 2 years
openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt

Multi-domain

And now how to create a request for Multi domain:

  • Make a copy your initial /etc/ssl/openssl.cnf file
  • Edit it to add req_extensions = v3_req in the [ req ] section.
  • Edit it to add subjectAltName=DNS:www.example.com,DNS:www.other-example.com (one DNS: entry per host name you require) in the [ v3_req ] section.
  • after the request generation, check if it worked :
openssl req -text -noout -in server.csr 
[...]
Attributes:
       Requested Extensions:
           X509v3 Basic Constraints:
               CA:FALSE
           X509v3 Key Usage:
               Digital Signature, Non Repudiation, Key Encipherment
           X509v3 Subject Alternative Name:
               DNS:www.foo.com, DNS:www.foo.org