Linux Virtual Host Setup

See https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7

Create user for VHOST update

Create user

sudo adduser <vhostuser>
sudo passwd <vhostuser>

Make sure user’s history time is saved

su - <vhostuser>
# - update <vhostuser>'s .bashrc (puts time in history output)
# -  export HISTTIMEFORMAT="%Y-%m-%d %H:%M "

Note

need to log out / log in for the history format change to take affect

Enable putty key access

mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
# - copy puttygen public key, paste into .ssh/authorized_keys
# - create session configuration in putty
# - set Connection > SSH > Auth > Private key file for authentication
#   - copy from PuTTYgen window
# - set Connection > Data > Auto-login username
# - Session Save

Put <vhostuser> in apache group, access to <vhostuser> group, /home/<vhostuser> default <vhostuser> group

sudo usermod -a -G apache <vhostuser>
sudo usermod -g apache <vhostuser>
sudo usermod -a -G <vhostuser> <vhostuser>
sudo chown -R <vhostuser>:<vhostuser> /home/<vhostuser>
sudo chmod -R g+s /home/<vhostuser>/

Update DNS (optional)

May need to create the following records in DNS server.

type

name

value

A

<subhost>

<host ip>

CNAME

www.<subhost>

<subhost>.<host>

CNAME

sandbox.<subhost>

<subhost>.<host>

For example, <subhost> = routes, <host> = loutilities.com

Create VHOST

The following expects mod_wsgi-express to be running, see Set Script as Service for details.

If you’re deploying on docker, see Initial Deploy of Docker Web App to Server

Create /etc/httpd/sites-available/www.<vhost>.conf

<VirtualHost *:80>
  ServerName <vhost>.com
  ServerAlias www.<vhost>.com
#  Redirect permanent / https://<vhost>.com/
  DocumentRoot /var/www/www.<vhost>.com
  LogLevel warn
  ErrorLog /var/www/www.<vhost>.com/logs/error.log
  CustomLog /var/www/www.<vhost>.com/logs/requests.log combined

  <Directory /var/www/www.<vhost>.com>
    allow from all
    Options +Indexes
  </Directory>
</VirtualHost>

#<VirtualHost *:443>
#  ServerName <vhost>.com
#  ServerAlias www.<vhost>.com
#  ServerAdmin lking@pobox.com
#  SSLEngine on
#  SSLCertificateFile /etc/letsencrypt/live/www.<vhost>.com/fullchain.pem
#  SSLCertificateKeyFile /etc/letsencrypt/live/www.<vhost>.com/privkey.pem
#  SSLCertificateChainFile /etc/letsencrypt/live/www.<vhost>.com/chain.pem
#
#  DocumentRoot /var/www/www.<vhost>.com/<repo-name>
#
# # wsgi stuff - <wsgi-port> needs to be unique among vhosts
#  WSGIScriptReloading On
#  ProxyPass / http://<wsgi-proxy-host>.com:<wsgi-port>/
#  ProxyPassReverse / http://<wsgi-proxy-host>.com:<wsgi-port>/
#  RequestHeader set X-Forwarded-Port 443
#  RequestHeader set X-Forwarded-Scheme https
#
#  <Directory /var/www/www.<vhost>.com/<repo-name>>
#    Options Indexes FollowSymLinks MultiViews
#    AllowOverride All
#    Order deny,allow
#    allow from all
#  </Directory>
#
#  LogLevel warn
#  ErrorLog /var/www/www.<vhost>.com/logs/error.log
#  CustomLog /var/www/www.<vhost>.com/logs/requests.log combined
#
#</VirtualHost>

Create the directories to hold the vhost on disk

sudo mkdir /var/www/www.<vhost>
sudo mkdir /var/www/www.<vhost>/logs

Enable VHOST

(first host on server)

sudo a2ensite _default

additional hosts

sudo a2ensite <vhost>
sudo apachectl configtest # verify syntax before using
sudo apachectl restart

Set up VHOST SSL

sudo certbot --apache certonly -d <vhost>
# maybe like sudo certbot --apache certonly -d www.<vhost>.com -d <vhost>.com
sudo vim /etc/httpd/sites-available/<vhost>.conf
#    [uncomment the commented SSL related lines]
sudo apachectl configtest # verify configuration syntax
sudo apachectl restart
sudo certbot renew --dry-run # verify operation
sudo vim /etc/cron.d/certbot # run twice daily
#    0 \*/12 \* \* \* root /usr/bin/certbot renew