Master Apache httpd: Virtual Hosts, Access Control, and HTTPS Configuration
This guide walks through Apache httpd setup on CentOS, covering virtual host types (IP‑based, port‑based, name‑based), detailed configuration steps, access control methods for users and IPs, and enabling HTTPS with SSL certificates, complete with practical command examples and testing procedures.
Preface
The previous article introduced the HTTP protocol and basic features of Apache httpd; this guide continues with configuring virtual hosts, access control, and HTTPS.
Apache httpd Virtual Hosts
Three virtual‑host modes are supported: IP‑based, port‑based, and name‑based (FQDN).
Experimental Environment
Running on CentOS 6.6 with httpd‑2.2.15 (CentOS 7 upgrades to the 2.4 series). Important paths include:
Version: httpd-2.2.15 (CentOS7 upgrade to 2.4 series)
Configuration file: /etc/httpd/conf/httpd.conf
Include directory: /etc/httpd/conf.d/*.conf
Service script: /etc/rc.d/init.d/httpd
Sysconfig file: /etc/sysconfig/httpd
Modules directory: /etc/httpd/modules (symlink to /usr/lib64/httpd/modules)
Main binary: /usr/sbin/httpd (prefork, event, worker)
Log directory: /var/log/httpd (access_log, error_log)
Document root: /var/www/html/images/a.jpgBefore adding virtual hosts, comment out the main DocumentRoot "/var/www/html" entry.
IP‑Based Virtual Host
Principle:
Configuration example:
DNS server: 172.16.10.10
Web servers: 172.16.10.110 and 172.16.10.186
Sites: www.scholar.com and ops.scholar.com, with corresponding document roots /web/www and /web/ops
# vim /etc/httpd/conf/httpd.conf
<VirtualHost 172.16.10.110:80>
ServerName www.scholar.com
DocumentRoot "/web/www"
</VirtualHost>
<VirtualHost 172.16.10.186:80>
ServerName ops.scholar.com
DocumentRoot "/web/ops"
</VirtualHost>After creating site files, check syntax, restart the service, enable autostart, and verify both sites are reachable.
Port‑Based Virtual Host
Principle:
Configuration example:
DNS server: 172.16.10.10
Web server: 172.16.10.110
Same FQDN www.scholar.com serves different content on ports 80 and 8080
Listen 80
Listen 8080
<VirtualHost 172.16.10.110:80>
ServerName www.scholar.com
DocumentRoot "/web/www"
</VirtualHost>
<VirtualHost 172.16.10.110:8080>
ServerName www.scholar.com
DocumentRoot "/web/port"
</VirtualHost>After creating the /web/port site, test the configuration; both ports respond correctly.
Name‑Based Virtual Host
Principle:
Configuration example:
DNS server: 172.16.10.10
Web server: 172.16.10.110
Two sites: www.scholar.com (document root /web/www) and dev.scholar.net (document root /web/dev)
# /etc/named.conf
zone "scholar.net" IN { type master; file "scholar.net.zone"; };
zone "16.172.in-addr.arpa" IN { type master; file "172.16.10.net"; };NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.scholar.com
DocumentRoot "/web/www"
</VirtualHost>
<VirtualHost *:80>
ServerName dev.scholar.net
DocumentRoot "/web/dev"
</VirtualHost>After creating the site files and restarting httpd, both hostnames are reachable.
Access Control
Two modes are available: user‑based and IP‑based.
User‑Based Access Control
Principle:
Example: protect the /web/www/admin directory with basic authentication.
<VirtualHost *:80>
ServerName www.scholar.com
DocumentRoot "/web/www"
<Directory "/web/www/admin">
Options none
AllowOverride AuthConfig
AuthType Basic
AuthName "Admin Area."
AuthUserFile /etc/httpd/conf/.htpasswd
Require valid-user
</Directory>
</VirtualHost>Create the password file with:
htpasswd -c -m /etc/httpd/conf/.htpasswd username # create first user
htpasswd -m /etc/httpd/conf/.htpasswd username # add or update user
htpasswd -D /etc/httpd/conf/.htpasswd username # delete userTesting shows the authentication works.
IP‑Based Access Control
Principle:
Example: allow only the web server IP 172.16.10.110 to access dev.scholar.net.
<VirtualHost *:80>
ServerName dev.scholar.net
DocumentRoot "/web/dev"
<Directory "/web/dev">
Order allow,deny
allow from 172.16.10.110
</Directory>
</VirtualHost>After testing, the site is reachable from the allowed IP and denied otherwise.
HTTPS Configuration
After building a CA with OpenSSL, enable HTTPS on the www.scholar.com site.
Key steps:
Install mod_ssl module.
Generate a private key and a self‑signed certificate.
Configure /etc/httpd/conf.d/ssl.conf with the certificate and key paths.
# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
DocumentRoot "/web/www"
ServerName www.scholar.com:443After syntax check, restart httpd, verify that port 443 is listening, import the CA certificate into trusted roots, and test the HTTPS connection successfully.
The End
This article covered Apache httpd virtual hosts, user and IP access control, and HTTPS setup; further topics such as compiling httpd 2.4.9 and new features will be addressed in future posts.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.