Introduction
The focus of this howto is for those users who need to host their own domains and maybe a few customer domains. This is not aimed at being used for mass web hosting.
There are many ways to do virtual websites under linux. The technique I am going to use is multiple domains on one ip address. I’m using standard linux users to log into the virtual domains.
Setting Up The Base Server
For a dedicated server start with the base server setup:
HOWTO CentOS 7.x Base Server Setup
Introduction All of our servers will start with this install. This base server is based on CentOS 7. Downloading the ISO Visit the CentOS website and download the Minimal install ISO. Initial Install Boot the install DVD. The graphical install … Continue readingNOTE: If you don’t follow the base server setup then you may run into problems with this howto.
Install Software
We need to install an FTP server and Let’s Encrypt. So type the following:
> yum -y install vsftpd ftp python-certbot-apache
Setup Default User Directory
A new user’s directory needs to have some files and folders created for them. We will modify the user skel directory so when a new user is created the required folder structure will be there.
Type the following.
> mkdir -p /etc/skel/{website,logs,cgi-bin,backup}
> echo “HELLO WORLD” > /etc/skel/website/index.html
Configuring vsftpd
Lets create the configuration file. Replace the contents of /etc/vsftpd.conf with the text below.
listen=NO listen_ipv6=YES anonymous_enable=NO local_enable=YES write_enable=YES #local_umask=022 dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key ssl_enable=NO allow_writeable_chroot=YES pasv_enable=Yes pasv_min_port=40000 pasv_max_port=40100
Start vsftpd.
> sudo systemctl enable vsftpd
> sudo systemctl start vsftpd.service
Configuring Apache
Most of the apache configuration is already done. We are going to do some changes to make managing websites easier. Lets start out by creating a directory for virtual host file storage.
> mkdir /etc/httpd/virtualhosts.d
Create the virtual host config file. I defined macros to make virtual host creation easier. I also turn on compression. Create /etc/httpd/conf.d/virtual.conf with the following:
# compress all text & html: AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/atom_xml AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/x-httpd-php AddOutputFilterByType DEFLATE application/x-httpd-fastphp AddOutputFilterByType DEFLATE application/x-httpd-eruby # Go ahead and accept connections for these vhosts # from non-SNI clients SSLStrictSNIVHostCheck off # define a macro for the virtual hosts # the user's directory should be setup as follows: # |- cgi-bin # |- logs # |- website # |- ssl # LoadModule macro_module modules/mod_macro.so <Macro virtHost $type $user $host> use $type $host ServerName $host ServerAlias www.$host DocumentRoot /home/$user/website ScriptAlias "/cgi-bin/" "/home/$user/cgi-bin" LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog /home/$user/logs/access_log common ErrorLog /home/$user/logs/error_log <Directory /home/$user/website> DirectoryIndex index.html index.php Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost> </Macro> <Macro VHost80 $host > <VirtualHost *:80> </Macro> <Macro VHost443 $host > <VirtualHost *:443> SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/letsencrypt/live/$host/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/$host/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/$host/fullchain.pem </Macro> # include the virtual host files IncludeOptional /etc/httpd/virtualhosts.d/*.conf #undefine the macros UndefMacro virtHost UndefMacro VHost80 UndefMacro VHost443
Restart apache
> systemctl restart httpd
Configuring Let’s Encrypt
Let’s Encrypt needs to be configured to auto renew certs. Lets create a daily cron job
> nano -w /etc/cron.daily/letsencrypt
#!/usr/bin/bash # letsencrypt auto renew /usr/bin/certbot renew --no-self-upgrade >> /var/log/le-renew.log
Adding a Default Website
Now we will create a default website. This site will be used when no other website can be found.
Setup a DNS record for the new domain. I won’t cover this here.
Add a user. This user will be associated with the new domain name. Type the following. \\
> useradd -s /sbin/nologin -c “default website” defaultweb
> passwd defaultweb
Add the apache user to the new user’s group.
> usermod -a -G defaultweb apache
Update directory permissions.
> chmod g+rwx /home/defaultweb
> chown -R defaultweb:defaultweb /home/defaultweb
Create the virtual host file. For the default server we will use port 80. Past the text below into the file. Type:
> nano -w /etc/httpd/virtualhosts.d/00-default.conf
# Virtual host config file # # MACRO FORMAT # virtHost [type] [user] [host] # type = VHost80 or VHost443 # user = the username of the website # host = domain name or virtual host name # # Use the line below to configure a site on port 80 use virtHost VHost80 defaultweb myserver.mydomain.tld # Uncomment the line below once lets encrypt is setup # use virtHost VHost443 defaultweb myserver.mydomain.tld
Reload apache config
> systemctl reload httpd
Test out the new website. You should get a page that says ‘Hello World’.
Now we will setup lets encrypt for the default website. The website must be reachable from the internet. So lets get the cert:
> certbot certonly –webroot -w /home/defaultweb/website/ -d <YOUR_DOMAIN> –email <YOUR_EMAIL_ADDRESS> –agree-tos
Edit /etc/httpd/virtualHosts.d/00-default.conf
Uncomment the last line to enable ssl connections for the virtual host.
Reload apache.
> systemctl reload apache
Test it out. Connect to your default host via https.
Setup Additional Virtual Hosts
Adding a new virtual host is like adding the default virtual host. Lets go through the steps.
Be sure DNS is configured for the new virtual host.
Setup a new user. This user will be associated with the new domain name. Type the following. Change ‘NEWUSER’ to the username you want.\\
> useradd -s /sbin/nologin -c “Virtual Website User” NEWUSER
> passwd NEWUSER
> usermod -a -G NEWUSER apache
> chmod g+rwx /home/NEWUSER
> chown -R NEWUSER:NEWUSER /home/NEWUSER
Create the virtual host file. For the virtual server we will use port 80. Past the text below into the file. Replace ‘NEWUSER’ with your user name. Replace NEWVHOST with your hostname.
> nano -w /etc/httpd/virtualhosts.d/NEWUSER.conf
# Virtual host config file # # MACRO FORMAT # virtHost [type] [user] [host] # type = VHost80 or VHost443 # user = the username of the website # host = domain name or virtual host name # # Use the line below to configure a site on port 80 use virtHost VHost80 NEWUSER NEWVHOST # Uncomment the line below once lets encrypt is setup # use virtHost VHost443 NEWUSER NEWVHOST
Reload apache config
> systemctl reload httpd
Now we will setup lets encrypt for the new website. The website must be reachable from the internet. Replace NEWUSER and NEWVHOST with the info you have. So lets get the cert.
> certbot certonly –webroot -w /home/NEWUSER/website/ -d NEWHOST -d www.NEWHOST –email YOUR_EMAIL_ADDRESS –agree-tos
Edit /etc/httpd/virtualHosts.d/NEWUSER.conf
Uncomment the last line to enable ssl connections for the virtual host.
Reload apache.
> systemctl reload apache
Test it out. Connect to your new host via https.
Conclusion
That’s the complete setup.