Home / server / Questions / 224159
Accepted
Bobby Jack
Asked: 2011-01-20 04:08:49 +0800 CST

Organising httpd.conf for Virtual Hosts

  • 772

I'm trying to set up a subdomain using name-based Virtual Hosts, according to the configuration format in this question.

As I understand it, this:

Finally, you can fine-tune the configuration of the virtual hosts by placing other directives inside the containers. Most directives can be placed in these containers and will then change the configuration only of the relevant virtual host. To find out if a particular directive is allowed, check the Context of the directive. Configuration directives set in the main server context (outside any container) will be used only if they are not overridden by the virtual host settings.

should mean that the task of moving from a single host to 1 host + 1 subdomain should be fairly straightforward. However, when I add the VirtualHost directives, I run into problems.

First off (and pretty catastrophic) is that the home page for the main domain returns a 403 (Forbidden). Could any of the following be causing that:

  • The existing main domain has a large configuration file, with many settings. I'm placing the VirtualHost directives near the end of httpd.conf, just after the commented out instructions for virtual hosts
  • There are lots of Redirects and Rewrites in a file that's included after the VirtualHosts - could they be clashing?
  • I've put the absolute minimum in the VirtualHost directives, because I want to keep it as simple as possible. Would it be better to move the contents of the old httpd.conf into a separate file (e.g. main-domain.conf), Include that in one VirtualHost and create a separate conf file for the sub-domain, including that in the second VirtualHost directive?
  • Finally, is there any simple way of debugging this, bearing in mind I'm working with a live site, so any changes have to be tested very quickly!

Update

OK, the error is, more specifically:

Directory index forbidden by rule

Other pages appear to work OK, so it must be some kind of problem with a redirect from the homepage. I guess this was partly why I asked if there are known clashes between VirtualHost setups and Redirects / Rewrites.

Should a <Directory "/path/to/docroot"> block that matches the DocumentRoot in a VirtualHost block be before or after the latter (or doesn't it matter)?

Update 2

OK, so it looks like what's not happening is the following redirect:

RewriteRule ^/$ /path/to/something/else [PT]

which I'm guessing is happening for one of two reasons:

  1. The current config isn't even attempting to process this rewriterule. The rule itself is in an Included file, after the VirtualHost blocks.

  2. The rule is no longer matching because the VirtualHost directive is causing the pattern match to fail. This seems, to me, by far the most likely ...

Update 3

Anyone think this might be relevant?

Note that, by default, rewrite configurations are not inherited. This means that you need to have a RewriteEngine on directive for each virtual host in which you wish to use it.

In other words, does that mean I need to:

<VirtualHost *:80>
    RewriteEngine on
</VirtualHost>

for each VH that needs to handle Rewrite* stuff, rather than just relying on RewriteEngine on in the globally-included file?

Update 4

Sadly, the change referred to in Update 3 hasn't fixed the problem at all

apache-2.2 virtualhost

2 Answers

  1. Best Answer

    I always split my vhosts in to seperate directories files. In httpd.conf have a line:

    Include /etc/httpd/sites-enabled/*.conf

    Then create two directories:

    mkdir -p /etc/httpd/sites-{enabled,available}

    Then you can create as many vhosts as you need, one per file in:

    /etc/httpd/sites-available/site1.conf /etc/httpd/sites-available/site2.conf

    Now you can turn sites on and off with a symlink in the sites-enabled directory:

    ln -s /etc/httpd/sites-available/sites2.conf /etc/httpd/sites-enabled/

    You can test your config with:

    apachectl configtest

    Which should at least tell you if you're syntactically correct.

    Andrew

    • 3

  2. The most important gotcha here is that when you you have no virtualhosts, the base configuration acts as your default virtualhost.

    Normally (without adding new interfaces or ports) When you go to add your first vhost, you actually need to add two. One to capture the traffic that was hitting the base configuration, and one to capture the new traffic.

    If you don't, you may find that the vhost you added for the new domain handles all the traffic -- and if it's stil a work in progress, you might see the 403s.

    So from a no-virtualhost config:

    NameVirtualHost *:80
# This first vhost captures all traffic to port 80 if it doesn't match
# the ServerName/ServerAlias of another VH :80. <virtualhost *:80>. It acts
# like the base server config before you added vhosts
<virtualhost *:80>
ServerName example.com 
# not much else, inherit from base
</virtualhost>

<virtualhost *:80> 
ServerName other.example.com 
... 
</virtualhost>

    And remember that if you add a new Alias or DocumentRoot, you need a new section that looks just like the one you have for your base servers document root.

    • 0