3

A CentOS 7 web server is hosting one public domain, called mydomain.com. The same server also has a separate vpn that hosts two apps for private authorized/authenticated users only. Httpd is set up in a reverse proxy relationship in front of tomcat. All works perfectly using the config below.

How do I change the configuration below so that the server can also host other domains, domain2.com, domain3.com, and domain4.com for the public? Note that there are 3 instances of tomcat. Port 8011 points to the tomcat instance for the public site(s), while ports 8009 and 8010 point to tomcat instances that are used for private vpn apps.

Here is the code for /etc/httpd/conf.d/hostname.conf, which is marked as an include file in /etc/httpd/conf/httpd.conf: 

<VirtualHost *:443>
    ServerName www.bogusdomainforvpn.com
    ServerAlias bogusdomainforvpn.com
    ErrorLog /var/log/httpd/bogusdomainforvpn_com_error.log
    CustomLog /var/log/httpd/bogusdomainforvpn_com_requests.log combined
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    ProxyPass / ajp://ip.address.of.server:8009/
    ProxyPassReverse / ajp://ip.address.of.server:8009/
</VirtualHost>

Listen 444

<VirtualHost *:444>
    ServerName www.bogusdomainforvpn.com
    ServerAlias bogusdomainforvpn.com
    ErrorLog /var/log/httpd/bogusdomainforvpn_com_error.log
    CustomLog /var/log/httpd/bogusdomainforvpn_com_requests.log combined
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    ProxyPass / ajp://ip.address.of.server:8010/
    ProxyPassReverse / ajp://ip.address.of.server:8010/
</VirtualHost>

<VirtualHost *:80>
    ServerName www.mydomain.com
    ServerAlias mydomain.com
    ErrorLog /var/log/httpd/mydomain_com_error.log
    CustomLog /var/log/httpd/mydomain_com_requests.log combined
    ProxyPass / ajp://ip.address.of.server:8011/
    ProxyPassReverse / ajp://ip.address.of.server:8011/
</VirtualHost>
Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
CodeMed
  • 5,079
  • 45
  • 100
  • 147

2 Answers2

3

If you are not using SSL/TLS then simply add a VirtualHost for every website:

<VirtualHost www.domain2.com:80>
    ServerName www.domain2.com
    ErrorLog /var/log/httpd/domain2_com_error.log
    CustomLog /var/log/httpd/domain2_com_requests.log combined
    # You probably want either the next line:
    DocumentRoot /var/www/domain2.com
    # or the next two lines: (but not all three)
    # ProxyPass / ajp://ip.address.of.server:8012/
    # ProxyPassReverse / ajp://ip.address.of.server:8012/
</VirtualHost>

# You only need this block if DocumentRoot is used above:
<Directory /var/www/domain2.com>
    # this enables full control using .htaccess - change for your setup
    AllowOverride All
</Directory>

The <Directory> entry is probably required as CentOS limits access to all outside of the default root of /var/www/html. Edit as you see fit.

The only difference to the VirtualHost section is the replacement of the Proxy entries by a DocumentRoot to point to the directory where your files are stored. I'm assuming you are serving pages from the local apache server. If you are using Tomcat as you did on the original www.mydomain.com site then leave the (suitably edited) ProxyPass and ProxyPassReverse lines and do not add the DocumentRoot entry or the <Directory> section.

For SSL/TLS sites, you need to have a similar setup, but with port changed to 443 and the relevant entries for your certificates:

<VirtualHost www.domain2.com:443>
    ServerName www.domain2.com
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /etc/pki/tls/certs/domain2.crt
    SSLCertificateKeyFile /etc/pki/tls/private/domain2.key
    ErrorLog /var/log/httpd/domain2_com_error.log
    CustomLog /var/log/httpd/domain2_com_requests.log combined
    DocumentRoot /var/www/domain2.com
</VirtualHost>

This virtual named hosting with SSL/TLS relies on Server Name Indication. Your users need Internet Explorer 7 on Vista (or later/better) for this to work as anything earlier doesn't support SNI. On Linux you're pretty safe unless you're using some really archaic browser from the first half of the last decade.

The only issue is that bogusdomainforvpn.com is already using port 443. As this will become the default first match for a SSL/TLS connection, it will be used as the fall-back site if a client that doesn't support SNI attempts to connect to any of your SNI configured sites. If you don't want that to happen, then create another VirtualHost before that one simply for use as the fall-back site for non-SNI clients.

garethTheRed
  • 33,289
  • 4
  • 92
  • 101
  • @CodeMed - I've edited again. Either `DocumentRoot` is needed (for local files) or `ProxyPass` (for proxies), but not both. The reason you're getting 403 is because you haven't set up the permission on the local filesystem where `DocumentRoot` is pointing to. But as you're probably going to delete that line and use `ProxyPass` then it's not an issue. – garethTheRed Oct 06 '15 at 14:37
  • Thank you. I am marking this as accepted because I got the `ajp` connection to work for two different domains on the same server. However, I was never able to get the static html to work, even after trying `chmod 777` on the `DocumentRoot`. Since I do not need to serve static content, I am just going to keep moving. Thank you so much again. Your contributions to this site are greatly appreciated. – CodeMed Oct 06 '15 at 19:44
  • @CodeMed - For future reference (and for anyone else who finds this) - remember that CentOS has SELinux - it may be that you haven't tagged your files as `httpd_sys_content_t`? – garethTheRed Oct 07 '15 at 16:18
  • I have a problem making network connections into a newly created virtual machine. You kindly helped me connect the host operating system to the network. Are you willing to help me connect the guest virtual machine to the network also? Here is the link: http://unix.stackexchange.com/questions/235138/how-do-i-ssh-into-a-new-virtual-machine-that-was-created-using-virt-install – CodeMed Oct 10 '15 at 16:30
2

This won't work for HTTPS sites but without any reverse proxy considerations just simple hosting, your httpd.conf should simply have 3 more of these with X modified in each one:

<VirtualHost *:80>
  ServerName www.domainX.com
  ServerAlias domainX.com
  DocumentRoot /var/www/vhosts/domainX
  ErrorLog /var/log/httpd/domainX_com_error.log
  CustomLog /var/log/httpd/domainX_com_requests.log combined
</VirtualHost>

They could go in separate /etc/httpd/conf.d/hostname.conf if you prefer but but as long as confs are included in master they all act like they are in once big conf so it isn't essential.

DanSut
  • 592
  • 4
  • 14