Adding a Virtual Host to Apache

Preamble

The beauty of hosting your own web server and having root access to your machine is the ability to run whatever you want on it. One great example of this is running virtual hosts in apache, which allows you to run multiple websites on the same server. What you can run as a virtual host is fairly unlimited so long as the clients can resolve the address to your web server, be it URL, IP address or even special use domain names if you so desire (though the last one I do not recommend).

When setting up Virtual Hosts it is important to realize that as websites will run on a single server, If one website goes down, its very likely that the others will go with it. Additionally, when a server is not configured correctly or securely when a client connects to the server they may not see what you intend or may see the default apache page.

Place your website’s files in the folder /var/www/root/infinityflame.co.uk replacing my domain name with yours and setting the correct permission on the directory.

Method

There are multiple ways of configuring apache virtual hosts, such as IP-Based Virtual Hosts, which allow you to apply different rules to connections based on the originating or outgoing interface. And the most popular and most used method of Name-Based Virtual Hosts.

Adding a virtual host to apache is very simple once you get used to it. In the folder/etc/apache2, there are the following files, or there should be; sites-enabled, sites-available, mods-enabled, mods-available, conf-enabled and conf-available. The folder for adding virtual hosts in is sites-available. You can also add .conf files to sites-enabled, but in doing so using a2ensite and a2dissite (commands used to enable and disable virtual hosts) no longer work as intended.

Navigate to  the folder/etc/apache2/sites-available then make a file called the name of your first website, such as infinityflame.co.uk.conf or dashboard.infinityflame.co.uk.conf as an example, you can technically call these files whatever you desire, but as you add more websites this folder can become cluttered and hard to navigate if not named efficiently. You can make these files using the touch command or nano. Once you have created the file, open it with your desired text editor and enter the following, replacing the necessary options with the ones you need.

<VirtualHost *:80>

DocumentRoot /var/www/root/infinityflame.co.uk
<Directory "/var/www/root/infinityflame.co.uk">
Options FollowSymLinks
AllowOverride All
allow from all
Options +Indexes
</Directory>
ServerName infinityflame.co.uk
ServerAdmin aidan@infinityflame.co.uk
ServerAlias www.infinityflame.co.uk

CustomLog /var/log/apache2/infinityflame.co.uk-access.log combined
ErrorLog /var/log/apache2/infinityflame.co.uk-error.log

</VirtualHost>

Once you have replaced the options with the ones you used, such as the DocumentRoot, ServerName, ServerAdmin, ServerAlias, CustomLog and ErrorLog. You can save it and start to enable it by doing a2ensite infinityflame.co.uk.conf and then service apache2 reload to reload apache, you should then be able to navigate to your website in a browser, so long as the registered address is pointing to the correct server.

Adding More Virtual Hosts

Once you have added one, its time to add another, then enable that one using the same command, you should now be able to navigate to the appropriate website from the browser automatically. If the server doesn’t have an appropriate virtual host server name or a user connects via an IP Address that hasn’t been defined they will connect to the first one defined in the output of apachectl -S. Additionally, if a user connects to a port that isn’t 80 they will not be able to connect to the Apache server as the server won’t be listening on the port.

Note that there should now be symlinks to the websites you added in the sites-enabled folder that go back to the files we made earlier.

Adding SSL

As websites move to secure areas it is important to have SSL on most modern websites. Fear not, although this requires some extra configuration it is nothing that we can’t handle. Open your website’s configuration file again and add a new virtual host below,

<VirtualHost *:443>

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
SSLCertificateFile /etc/letsencrypt/live/infinityflame.co.uk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/infinityflame.co.uk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/infinityflame.co.uk/fullchain.pem
DocumentRoot /var/www/root/infinityflame.co.uk
<Directory "/var/www/root/infinityflame.co.uk">
Options FollowSymLinks
AllowOverride All
allow from all
Options +Indexes
</Directory>
ServerName infinityflame.co.uk
ServerAdmin aidan@infinityflame.co.uk
ServerAlias www.infinityflame.co.uk

CustomLog /var/log/apache2/infinityflame.co.uk-access.log combined
ErrorLog /var/log/apache2/infinityflame.co.uk-error.log

</VirtualHost>

Replacing the configuration options relevant to the ones you use, as I use LetsEncrypt’s certbot the configuration is made easier by having a standard location for all of the Certificate and Key files that you can copy if you do too, replacing the domain with your own.

Removing or Disabling a Website

To remove a website or disable it use a2dissite infinityflame.co.uk.conf and then reload apache using service apache2 reload. This removes the symlink from sites-enabled so that the website is not loaded on startup.

Using Hashlib to Securely store user passwords and credentials.

What is hashing?

Hashing a password means that users cannot have their passwords compromised when a database engineer is reading cleartext in user databases (to a degree, the passwords could be decoded, but hashing them makes them illegible to someone who is not doing anything extensive). And also prevents hackers from reading passwords in plain text and can be compromised by collision attacks.

Additionally when hashing a password a salt may be added to the password, this prevents a database from being attacked by dictionary attacks.

Why Hash Passwords?

Storing User credentials in Plain Text is generally as bad practice as it allows anyone who reads the file (or computer) to see the password, username or any other credential without any sort of protection, In some cases it is against the law, such as PCI SSC Data Security Standards which handles debit and other card types. The solution to this is to Obfuscation in the form of hashing. Hashing a password makes a standard password seem completely random.

How hashing works

When a user signs up for a website or any other form that requires secure credentials, such as a password, username, email address or address, that user will fill in a form that will ask these credentials, then the web server will both hash and store the hash, the server will ‘throw away’ the original password and keep the hash. In a more secure environment the user may also be given a salt, this may be unique to the user or unique to the application (The user will not know the salt, the salt is owned by the server and will be kept secret.). When hashing both the password and salt will be combined and hashed.

How to hash a string in Python

This tutorial uses Hashlib as its hashing encoder which uses the ever bug free OpenSSL…

First we need to import hashlib and encode the input, then finally we need to check for a match.

How to Configure Apache to use Virtual Hosts

Using Apache is Good, but for one website is limiting its potential you can create multiple websites, domains and sub-domains with Apache, see below.

 

 

First you need to stop your server, you can do this on lunix by entering
[box type=”shadow”] $ sudo /etc/init.d/apache2 stop [/box]

into your terminal, this allows you to make changes to files in your server without breaking it, for windows you need to stop Apache using Xammp, see below.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now Enable Mod_log_config browse here

[box type=”shadow”]xamppapacheconf[/box]

and in httpd.conf remove the # from this line

[box type=”shadow”]#LoadModule log_config_module modules/mod_log_config.so[/box]

to look like this

[box type=”shadow”]LoadModule log_config_module modules/mod_log_config.so[/box]

 

next using an FTP program or other method, go to your website’s root directory such as

[box type=”shadow”]/home/*/public_html/cgi-bin/[/box]

 

Or for windows

[box type=”shadow”]C:xampphtdocs[/box]

This is the base of your web server, and probably where your Index.html is located, create two folders, Domains and Subdomains, this is where your domains will be stored. See below

Domains, Subdomains

 

 

 

 

 

 

 

In Domains, Place the dome of your website, replacing dots with hyphens like so

Domains, if

 

 

 

(Also add any other websites that you plan to host on the server)

Then copy the data that was in your root of the server into the domain folder on the server like this

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

then paste  into your domain folder like this

 

Paste

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

So your Server should now have the ‘root’ of the server in

[box type=”shadow”]WEBROOTDomainsinfinityflame-co-ukindex.html[/box]

or subsequent folders in Linux.

now you need to redirect traffic from your website to the correct folder, this is done with virtual Hosts’s, and is also how you add sub domains see below

browse to your Apache installation folder and go to httpd-vhosts.conf

[box type=”shadow”]apacheconfextrahttpd-vhosts.conf[/box]

 

and at the bottom add the following code replaceing my domain, with yours.

now test the website, start Apache and browse to your domain, you should see your site as you did before, you have now configured your website to use Virtual Hosts

now you need to add other domains and subdomains, See Here

Xampp and Apache

I recently played around with Apache and fond it incredibly educational.

I used Apache for multiple websites and sub-domains, and its a great web server. and I like Xampp’s user Interface, allowing me to edit, configure and Error check my site.

Xampp Control Panel
Xampp’s user interface, server side

 

Don’t get me wrong though, there are some downfalls when putting it through its paces using Owncloud I discovered that php supported was only allowing 2GB uploads, because it is 32Bit, I later discovered that Xampp is only 32Bit for Windows. This was a major disappointment for me, but I still found workarounds.

Apache is great and easy to use with Xampp, I recommend that anyone wanting to get into web servers and general Web hosting try it out first. I hosted it on my Windows Server, But using a server is completely unnecessary, I was also able to run it on my Laptop.

 

For a test Environment or to start out on Web Servers, I recommend Xampp. Its a trade up over usability and performance on Windows.