Amazon Linux: Setting up vHosts and SSL certificate on Apache

In this article, I will try to explain how to set up vHosts and SSL certificate.

What is vHost? vHost or virtual hosting is a way to host multiple websites on a single server.

What is a SSL Certificate? A SSL Certificate is used establish up a secure encrypted connection between the browser and the server.

In my last article I explained how to set up an Amazon Linux server with Apache, PHP and MYSQL. Therefore if you have not done this yet, please read this article first and follow the steps.

Here are some help to understand the basic Linux commands we will be using on this tutorial.

sudo – Allow current user to execute a command as superuser. Use “sudo -i” to log in as superuser.
cd – Open folder FOR example cd /var/www/ you can ALSO use “cd ..” to go back.
ls – List files and folders.
mv – Move files or folders. Example “mv /var/www/index.php /etc/” will move the file to the folder “etc”.
cp – Copy files or folders. Example “cp /var/www/index.php /etc/” this will copy the file to the folder “etc”.
rm – Remove files or folders. Example “rm /var/www/index.php” this will remove index.php or if you are in the folder you can use “rm index.php”.
Use “rm -r” to remove folders.
mkdir – Create a directory. Example “mkdir /var/www/vhost”.
nano – Text editor. Example “nano /var/www/index.php” this will open index.php in nano text editor.

Setting up vHosts

Remember from last time, our current default site root was /var/www/html. What we will be doing now is to create a new folder under /var/www/.

sudo mkdir /var/www/vhosts/

Now under /var/www/vhosts/ you need to create a folder for your website.

sudo mkdir /var/www/vhosts/website.com
sudo mkdir /var/www/vhosts/website2.com

Next step is to create an ssl.conf file in /etc/httpd/conf.d/ssl. Since the “ssl” directory does not exist, you need to create it.

sudo mkdir /etc/httpd/conf.d/ssl
sudo nano /etc/httpd/conf.d/ssl/ssl.conf

It is now time to get a SSL certificate. In this tutorial, we will be using a single website certificate from Comodo. We are now going to generate a private key and a CSR (Certificate Signing Request).

cd /etc/httpd/conf.d/ssl
openssl req -nodes -newkey rsa:2048 -keyout website.key -out website.csr

You are now going to specify Country code, State or Province Name, Locality Name, Organization Name, you can skip Organization Unit Name, Common Name (website.com), You can skip email and challenge password.

When buying a certificate you have to use your Certificate Signing Request, so open website.csr and copy everything inside.

sudo nano website.csr

Just mark everything and press the right mouse button to copy, exit the file without saving.

You can now order a ssl certificate, you can get a free 90 days certificate here. When ordering the certificate you have to paste content from website.csr file. When you have ordered you should get an email with 4 files:

Root CA Certificate – AddTrustExternalCARoot.crt
Intermediate CA Certificate – COMODORSAAddTrustCA.crt
Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
Your PositiveSSL Certificate – website_com.crt

We now have to append website_com.crt, COMODORSADomainValidationSecureServerCA.crt and COMODORSAAddTrustCA.crt into one file and so that the ssl certificate remains on top.

cat website_com.crt COMODORSADomainValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt > website.com.crt

Copy the following code to your ssl.conf with nano editor. To paste it in nano editor, press the right mouse button. As you see I have added a second VirtualHost, just to show you how easy you can add a second website. Edit the file so that the directories and certificate files are correct.

NameVirtualHost *:443

<VirtualHost *:443>
 ServerName website.com www.website.com
 DocumentRoot /var/www/vhosts/website.com
 SSLEngine on
 SSLCertificateFile /etc/httpd/conf.d/ssl/website.com.crt
 SSLCertificateKeyFile etc/httpd/conf.d/ssl/website.key
</VirtualHost>

<VirtualHost *:443>
 ServerName website2.com www.website2.com
 DocumentRoot /var/www/vhosts/website2.com
 SSLEngine on
 SSLCertificateFile /etc/httpd/conf.d/ssl/website2_com.crt
 SSLCertificateKeyFile /etc/httpd/conf.d/ssl/website2_com.key
</VirtualHost>

When finished you should save the file with ctrl + x and restart apache with this command.

sudo service httpd restart

Your server is now configured to work with multiple websites and ssl certificates. Please leave a comment if you have any questions!

 

Leave a Reply