In this article, I will try to explain how to set up vHosts and SSL certificate.
What is vHost? vHost or virtual hosting is a way to host multiple websites on a single server.
What is a SSL Certificate? A SSL Certificate is used establish up a secure encrypted connection between the browser and the server.
Here are some help to understand the basic Linux commands we will be using on this tutorial.
sudo – Allow current user to execute a command as superuser. Use “sudo -i” to log in as superuser.
cd – Open folder FOR example cd /var/www/ you can ALSO use “cd ..” to go back.
ls – List files and folders.
mv – Move files or folders. Example “mv /var/www/index.php /etc/” will move the file to the folder “etc”.
cp – Copy files or folders. Example “cp /var/www/index.php /etc/” this will copy the file to the folder “etc”.
rm – Remove files or folders. Example “rm /var/www/index.php” this will remove index.php or if you are in the folder you can use “rm index.php”.
Use “rm -r” to remove folders.
mkdir – Create a directory. Example “mkdir /var/www/vhost”.
nano – Text editor. Example “nano /var/www/index.php” this will open index.php in nano text editor.
Setting up vHosts
Remember from last time, our current default site root was /var/www/html. What we will be doing now is to create a new folder under /var/www/.
sudo mkdir /var/www/vhosts/
Now under /var/www/vhosts/ you need to create a folder for your website.
sudo mkdir /var/www/vhosts/website.com sudo mkdir /var/www/vhosts/website2.com
Next step is to create an ssl.conf file in /etc/httpd/conf.d/ssl. Since the “ssl” directory does not exist, you need to create it.
sudo mkdir /etc/httpd/conf.d/ssl sudo nano /etc/httpd/conf.d/ssl/ssl.conf
It is now time to get a SSL certificate. In this tutorial, we will be using a single website certificate from Comodo. We are now going to generate a private key and a CSR (Certificate Signing Request).
cd /etc/httpd/conf.d/ssl openssl req -nodes -newkey rsa:2048 -keyout website.key -out website.csr
You are now going to specify Country code, State or Province Name, Locality Name, Organization Name, you can skip Organization Unit Name, Common Name (website.com), You can skip email and challenge password.
When buying a certificate you have to use your Certificate Signing Request, so open website.csr and copy everything inside.
sudo nano website.csr
Just mark everything and press the right mouse button to copy, exit the file without saving.
You can now order a ssl certificate, you can get a free 90 days certificate here. When ordering the certificate you have to paste content from website.csr file. When you have ordered you should get an email with 4 files:
Root CA Certificate – AddTrustExternalCARoot.crt
Intermediate CA Certificate – COMODORSAAddTrustCA.crt
Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
Your PositiveSSL Certificate – website_com.crt
We now have to append website_com.crt, COMODORSADomainValidationSecureServerCA.crt and COMODORSAAddTrustCA.crt into one file and so that the ssl certificate remains on top.
cat website_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > website.com.crt
Copy the following code to your ssl.conf with nano editor. To paste it in nano editor, press the right mouse button. As you see I have added a second VirtualHost, just to show you how easy you can add a second website. Edit the file so that the directories and certificate files are correct.
NameVirtualHost *:443 <VirtualHost *:443> ServerName website.com www.website.com DocumentRoot /var/www/vhosts/website.com SSLEngine on SSLCertificateFile /etc/httpd/conf.d/ssl/website.com.crt SSLCertificateKeyFile etc/httpd/conf.d/ssl/website.key </VirtualHost> <VirtualHost *:443> ServerName website2.com www.website2.com DocumentRoot /var/www/vhosts/website2.com SSLEngine on SSLCertificateFile /etc/httpd/conf.d/ssl/website2_com.crt SSLCertificateKeyFile /etc/httpd/conf.d/ssl/website2_com.key </VirtualHost>
When finished you should save the file with ctrl + x and restart apache with this command.
sudo service httpd restart
Your server is now configured to work with multiple websites and ssl certificates. Please leave a comment if you have any questions!