The default installation of the Apache Web Server simply uses the port 80 over the HTTP protocol to communicate with the clients. In case it's a fresh install, it will show the welcome page as shown in Fig 1. We can also install SSL certificates and configure the Apache server to encrypt the traffic between the server and client and the secure communication will be done using the port 443 over HTTPS protocol.
In this tutorial, we will discuss the steps required to add a Virtual Host to host a website using the Apache Web Server. We will also secure the Apache Web Server by configuring the virtual host to redirect all the communication over HTTP to HTTPS in the later sections of this tutorial. This tutorial provides the steps required to add virtual hosts on the popular Linux distribution Ubuntu. It provides all the steps required to add virtual hosts on Ubuntu 18.04 LTS. The steps should be similar for other Linux systems and Ubuntu versions.
Prerequisites
You must have the below-listed software installed on your system to continue with this tutorial.
Ubuntu Server - This tutorial is written for Ubuntu 18.04 LTS, though it can be any other Linux system. The steps should be the same on other systems. You can also follow Complete Guide To Install Ubuntu 18.04 LTS (Bionic Beaver) to install the desktop version of Ubuntu.
Apache Web Server - It assumes that the Apache is already installed on the system and it's configured properly to access it using the IP address. It can be easily done on your local system in case you have a static IP address. You must be able to view the Welcome Screen by simply navigating to http://xx.xx.xx.xx (xx.xx.xx.xx is your IP address pointing to your server) in case the 000-default virtual host is enabled. You can also follow How To Install Apache 2 On Ubuntu 18.04 LTS to install the Apache Web Server.
Domain - A valid domain properly configured at your domain registrar pointing to your server. I have used example.com in this tutorial for reference. Make to replace it with your own domain.
Apache Modules - As part of this tutorial, also make sure that the appropriate apache modules are enabled as shown below.
# Enable rewrite module
sudo a2enmod rewrite
# Enable SSL module
sudo a2enmod ssl
Firewall - Ports 80 and 443 are open to
Add Virtual Host - HTTP
In this section, we will add the virtual host and enable it to access the application using the domain.
Add and update the Virtual Host to Apache web server as shown below. I have used the nano editor for demonstration purposes. You can use any editor of your choice. Also, replace example.com with the actual domain. Create the directory /var/www/example.com/html to store the website or application files and /var/www/example.com/logs for website specific logs.
# Add Virtual Host
sudo nano /etc/apache2/sites-available/example.com.conf
# Content
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin admin@example.com
DocumentRoot /var/www/example.com/html
<Directory /var/www/example.com/html>
Options -Indexes +FollowSymLinks
DirectoryIndex index.html
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined
</VirtualHost>
# Save and exit the editor
Save the file using the Nano text editor by pressing CTRL + O, then press Enter to write the file. Press CTRL + X to close the editor. Now enable the virtual host as shown below. Make sure that the directory /var/www/example.com/html and /var/www/example.com/logs exists.
# Optionally disable default configuration
sudo a2dissite 000-default
# Enable virtual host
sudo a2ensite example.com
# Output
Enabling site example.com.
To activate the new configuration, you need to run:
systemctl reload apache2
# Test configuration
sudo apache2ctl configtest
# Output
Syntax OK
# Reload Apache
sudo systemctl reload apache2
Now add the index.html file having content as shown below.
# Add index.html
sudo nano /var/www/example.com/html/index.html
# Content
<!DOCTYPE html>
<html lang="en">
<head>
<title>My Domain</title>
</head>
<body>
<h1>Welcome to My Domain.</h1>
</body>
</html>
# Save and exit the editor
If your domain is correctly pointing to your system, you must be able to access it from the browser by navigating to http://www.example.com/index.html. It should show the output of our simple HTML file - Welcome to My Domain.
Add Virtual Host - HTTPS
Now we will add another Virtual Host to process HTTPS requests over the secure channel. Add and update the Virtual Host to Apache web server as shown below.
# Add Virtual Host
sudo nano /etc/apache2/sites-available/example.com-ssl.conf
# Content
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
ServerAdmin admin@example.com
DocumentRoot /var/www/example.com/html
<Directory /var/www/example.com/html>
Options -Indexes +FollowSymLinks
DirectoryIndex index.php
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined
SSLCertificateFile <Domain Certificate>
SSLCertificateKeyFile <Private Key>
SSLCertificateChainFile <Chain File>
</VirtualHost>
</IfModule>
Make sure to provide a valid path to the SSL certificate and key file based on your certificate authority. You can also follow How To Install Let's Encrypt For Apache On Ubuntu to install a free SSL certificate from Let's Encrypt. Below mentioned are some of the standard configurations.
# Let's Encrypt for Apache
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# Comodo
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/XYZ.crt
Now enable the virtual host as we did in the previous section.
# Enable virtual host
sudo a2ensite example.com-ssl
# Output
Enabling site example.com-ssl.
To activate the new configuration, you need to run:
systemctl reload apache2
# Test configuration
sudo apache2ctl configtest
# Output
Syntax OK
# Reload Apache
sudo systemctl reload apache2
This is how we can configure the SSL certificate for a virtual host in Apache. You must be able to access it from the browser by navigating to https://www.example.com/index.html.
Redirect HTTP to HTTPS
In the last section of this tutorial, we will add the redirection from the HTTP requests to HTTPS requests to secure all the client requests for the domain. It can be done by updating the virtual host configuration for HTTP as shown below.
# Update Virtual Host
sudo nano /etc/apache2/sites-available/example.com.conf
# Scroll down
....
....
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# Save and exit the editor
# Test configuration
sudo apache2ctl configtest
# Output
Syntax OK
# Reload Apache
sudo systemctl reload apache2
Now if you try to open the URL - http://www.example.com/index.html, it must redirect you to https://www.example.com/index.html. Make sure that your firewall allows communication on port 443.
This is how we can secure an entire website or application using the SSL certificate for secure communication over the Apache web server and the clients(Browser etc).
Summary
In this tutorial, we have discussed the steps required to add a virtual host for both HTTP and HTTPS protocols on the Apache Web Server. In the last section, we have also secured the site by redirecting all the HTTP requests to HTTPS.