SSL Part 1: httpd.conf
 |
SSL Part 1: Home | Apache Upgrade | mod_ssl Install | httpd.conf | ssl.conf | Key & Certificate | |
|
mod_ssl Configuration httpd.conf |
You will notice there are two-configuration files httpd.conf and ssl.conf this separation is significant. It allows secure and none secure configuration independence, divide and conquer or in this case separation with real advantages. You can test the main server configuration before enabling the secure configuration making it easier to fault find.
|
|
|
Before looking at the configuration files first define your site architecture and obtain a domain name.
Define sites and obtain a domain name
One of the most important things to have is a domain name, for general testing and experimentation DynDNS provide an excellent free service. If you do not have a static IP address download a Windows update client I found their DynDNS Updater easy to use and versatile. When you set-up an account enable the wildcard option.
For this write-up I have chosen the domain unicenter.gotdns.org With wildcards enabled I use Vhosts and have split my test sites as follows:
The main root folder www contains the following site root folders.
| Main Root Folder www | Domain | Comments |
|---|---|---|
|
default_unsecure |
*.unicenter.gotdns.org |
Contains a single index.html page this is descriptive for all non secured sites hosted. A user can mistype an address name hence may reach this page by mistake |
|
site1 |
unicenter.gotdns.org |
This is my main site unsecured and is accessed using '''http://'''unicenter.gotdns.org |
|
site2 |
news.unicenter.gotdns.org |
A virtualhost site containing news, accessed using http://news.unicenter.gotdns.org . To host more sites create a new root folder (foe example site4) and choose a new wildcard name (card) add a new vhost section to the config file a user would access this site using http://cars.unicenter.gotdns.org |
|
site3 |
unicenter.gotdns.org |
This is the secured site containing a recipe for pumpkin cake. Note it shares the common host name unicenter.gotdns.org however the site is access using https://unicenter.gotdns.org Because the recipe has been handed down and a family secret the site has been password protected. |
There are no restrictions on folder names choose whatever you like. I avoid names with spaces, some FTP programs fall over when they come across these. You can if you wish use the main root folder www as default however my personal preference is to have separate folders and never serve from main root.
With the server sites defined and a domain name obtained we are ready to modify the server template.
Put your servers on-line
A clean install locks down Uniform server to Localhost access only, we will be testing live, hence the servers need putting on-line. Open the file .htaccess in folder www and comment the lines as shown highlight in bold:
| .htaccess |
|---|
|
# This file provides security to the server limiting access to the localhost only. #Order Deny,Allow # To allow execution of cgi scripts in this directory uncomment next two lines. AddHandler cgi-script .pl .cgi #-- #AuthName "Uniform Server - Server Access" |
httpd.conf and Vhosts
We need to set-up Apache to server pages from our various none secure sites. For this you can use “apanel” to create your Vhosts this will provide a basic structure and save you some typing however the format requires changing. Open file httpd.conf located in folder *\Uniform Server\udrive\usr\local\apache2\conf the Vhosts are located at the bottom of this file.
For our NEW sites make the changes highlighted in bold.
Note: Original are Vhosts included in httpd.conf as examples (you can delete these or modify as shown this saves typing)
| Original | NEW | Comments |
|---|---|---|
|
#######VIRTUAL HOST SETUP####### NameVirtualHost *:80 <VirtualHost _default_:80> |
#######VIRTUAL HOST SETUP####### NameVirtualHost *:80 <VirtualHost _default_:80> |
There is no need to change this Vhost, however you probably will want to change the document root folder name from default_unsecure to a more suitable name (true for all other root folders). It is a catch all Vhost uses _default_ which instructs Apache to serve pages from folder default_unsecure when it cannot find a match after looking at all the other Vhosts. |
|
#######VIRTUAL HOST SETUP####### <VirtualHost *:80> |
#######VIRTUAL HOST SETUP####### <VirtualHost *:80> |
This Vhost is your main web site; it is the only Vhost that uses your real domain name. Interestingly it is not a true domain name but is itself a wildcard (virtual) domain. The true domain name is dyndns.org I was allocated the virtual domain unicenter.dyndns.org which to all intense and purpose operates like a real domain, in that it maps to my unique IP address. When you purchase a real domain name it will look something like my_domain.com |
|
#######VIRTUAL HOST SETUP####### <VirtualHost *:80> |
#######VIRTUAL HOST SETUP####### <VirtualHost *:80> |
When I set-up my DynDNS account I enabled wild cards. This allows me to host as many sites as I like simply by having a different name for the wildcard part, in this case news. Like news all sites that use www are merely wildcards hence I could have used www.unicenter.dyndns.org and server my pages from sit1 by changing the root folder to DocumentRoot /www/site1 |
Note 1
If you are not using the template make sure you have only one NameVirtualHost line at the start of the Vhost section search the file for any others and delete them. This single line NameVirtualHost *:80 instructs Apache what follows is a section containing name based virtual hosts, every name arriving only on port 80 is to have it’s name checked against the hosts in this section.
Note 2
Each virtual host starts with <VirtualHost IP-address:Port> we are not being choosey what IP-address we use hence accept any using “*” however we are being very selective with what port to use in our case port 80. {In general the port would default to 80 I personally like to see the numbers} Note 3
A general note, each virtual host inherits from the main server configuration, if you want to tailor each host put any new directives between <VirtualHost *:80> and < /VirtualHost>.
Summary
For testing and experimentation you need only make minor changes to the template. If you are wondering why the site root folders are placed in the main root folder www its one of connivance.
You can locate these root folders anywhere you like however consider the implications for example, if placed on a different drive then you server will not be portable.
|
Ric |