Configuring Virtual Hosts on Debian 11 with Apache and OpenSSL
Configure Domain Names and Modify Hosts File
Configure Domain Names
Ensure that the domain names of your sites are configured to point to your server's IP address. You can do this by modifying the DNS records of your domain names.
Modify hosts file on Windows
In C:\Windows\System32\drivers\etc\hosts, enter your server's IP address followed by the domain name. For example:
Open the hosts file in a text editor with administrative privileges (e.g., Notepad++ or Notepad as Administrator).
Add an entry in the following format:
192.168.1.100 example.com www.example.com
Replace 192.168.1.100 with your server's actual IP address, and example.com with your domain name. You can add multiple domain names if needed, each on a new line.
Save the file after making changes.
Note: Modifying the hosts file allows you to test your site on your local machine before DNS changes propagate globally.
Configuration Steps
- Install Apache and OpenSSL
- Generate SSL Keys with OpenSSL
- Enable Necessary Apache Modules
- Configure Virtual Hosts
- Virtual Host for Port 80 (HTTP)
- Activate Virtual Hosts
- Virtual Host for Port 443 (HTTPS)
Ensure your system is up to date, then install Apache and OpenSSL if not already installed:
sudo apt updatesudo apt install apache2 openssl
Use OpenSSL to generate a private key and a self-signed certificate (or obtain a valid SSL certificate if available):
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
Ensure required Apache modules are enabled:
sudo a2enmod sslsudo a2enmod headerssudo systemctl restart apache2
Create configuration files for your virtual hosts in /etc/apache2/sites-available/.
Create a configuration file for your HTTP virtual host:
sudo nano /etc/apache2/sites-available/example.com.conf
Add the following content (replace example.com with your domain name):
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Enable the virtual hosts you have configured:
sudo a2ensite example.com.confRestart Apache to apply the changes:
sudo systemctl restart apache2
Create a configuration file for your HTTPS virtual host:
sudo nano /etc/apache2/sites-available/example.com.conf
Add the following content:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# Redirect all HTTP traffic to HTTPS
Redirect permanent / https://www.example.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>Restart Apache to apply the changes:
sudo systemctl restart apache2
Additional Notes:
- File Paths: Make sure to adjust file paths and domain names (
example.com) according to your actual needs. - Security: Use a valid SSL certificate for production rather than a self-signed certificate.
- Firewall: Open HTTP (80) and HTTPS (443) ports in your firewall if necessary.
- Logs: Error and access logs are configured to be stored in
/var/log/apache2/. Ensure this directory exists and that Apache has appropriate permissions to write to it.