VirtualHost does not work under Apache 2.4.6 on CentOS 7

Question

VirtualHost does not work under Apache 2.4.6 on CentOS 7

I am trying to configure VH in Apache 2.4.6 on CentOS 7, but to no avail since it does not work. This is what I have tried so far:

Since this line Include conf.modules.d/*.conf is located in /etc/httpd/conf/httpd.conf , then I create a file under /etc/httpd/conf.d/vhost.conf and put it inside it:
```
 NameVirtualHost *:80 <VirtualHost *:80> ServerName webserver ServerAlias localhost devserver development DocumentRoot /var/www/html </VirtualHost> 
```
Restart / restart the Apache service (try both):
```
 service httpd reload|restart 
```

On the Windows side, edit the file C:\Windows\system32\drivers\etc\hosts and add this line:

 192.168.3.131 webserver localhost devserver development # this is the IP of Apache Server

Open a browser and try: http://webserver , http://devserver and both go to the default Apache page so that VH doesn't work.

Place the file under /var/www/html/index.php with these lines <?php phpinfo(); ?> <?php phpinfo(); ?> to know which modules are loading Apache, here is the result:

 core mod_so http_core mod_access_compat mod_actions mod_alias mod_allowmethods mod_auth_basic mod_auth_digest mod_authn_anon mod_authn_core mod_authn_dbd mod_authn_dbm mod_authn_file mod_authn_socache mod_authz_core mod_authz_dbd mod_authz_dbm mod_authz_groupfile mod_authz_host mod_authz_owner mod_authz_user mod_autoindex mod_cache mod_cache_disk mod_data mod_dbd mod_deflate mod_dir mod_dumpio mod_echo mod_env mod_expires mod_ext_filter mod_filter mod_headers mod_include mod_info mod_log_config mod_logio mod_mime_magic mod_mime mod_negotiation mod_remoteip mod_reqtimeout mod_rewrite mod_setenvif mod_slotmem_plain mod_slotmem_shm mod_socache_dbm mod_socache_memcache mod_socache_shmcb mod_status mod_substitute mod_suexec mod_unique_id mod_unixd mod_userdir mod_version mod_vhost_alias mod_dav mod_dav_fs mod_dav_lock mod_lua prefork mod_proxy mod_lbmethod_bybusyness mod_lbmethod_byrequests mod_lbmethod_bytraffic mod_lbmethod_heartbeat mod_proxy_ajp mod_proxy_balancer mod_proxy_connect mod_proxy_express mod_proxy_fcgi mod_proxy_fdpass mod_proxy_ftp mod_proxy_http mod_proxy_scgi mod_systemd mod_cgi mod_php5

And, apparently, mod_vhost is loaded, but it doesn’t work, did I miss something? Any help or advice around this? I might have forgotten something, but I read the Apache docs and didn't find anything useful

Update: test1

I made some changes to the definition of VH, and now this is what I have:

 <VirtualHost *:80> DocumentRoot /var/www/html ServerName webserver #ServerAlias localhost devserver development <Directory "/var/www/html"> Options FollowSymLinks Includes ExecCGI AllowOverride All Allow from all #Require local #Require 192.168.3.0/16 #Require 192.168.1.0/16 </Directory> </VirtualHost>

But I get 403 Forbidden

Forbidden
You do not have permission to access /index.php on this server.

What is failing here?

+6

linux php apache2 centos apache2.4

ReynierPM Sep 01 '14 at 15:04

source share

3 answers

To elaborate on jap1968 , CentOS 7 comes with a SELinux pain at the butt level set to enforcing . This causes all kinds of confusion when the completely normal configuration of a service is disabled (Apache).

To disable SELinux, you need to:

0) [optional] Crack open a shell and become root ... or enjoy a brilliant new, super fun setting up sudo so you can make the project "root stuffs". Maybe.

 su -l

1) Get the current status of SELinux. Run sestatus :

 sestatus

2) If SELinux causes hair loss and premature aging, you will get something like this:

 SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28

3) Edit the file /etc/selinux/config . Change SELINUX=enforcing to SELINUX=permissive . This will bring you endless joy the next time you reboot. You will get something like this:

 # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. # SELINUX=enforcing # ===> VOODOO HERE <=== SELINUX=permissive # ===> END VOODOO <=== # # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted

4) Disable SELinux. You can reboot at this point, but it’s easier to say that SELinux will not waste time tormenting. Run setenforce to reset the SELinux provisioning level to match the /etc/selinux/config file:

 setenforce 0

5) Check sestatus :

 sestatus

If everything goes as expected, sestatus will return something like this:

 SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28

6) Restart Apache. If your vhost domain name allows the server you are running on, you will see your new new virtual host:

 # Restart apache: systemctl restart httpd.service # Be lazy by checking your virtual host from the command line: curl www.example.com/new-file-that-only-exists-in-your-new-vhost.txt

6.5) Stop reading here. Or not. I'm a message board, not your mom.

Everything below is beyond the scope of the original question and is included only because you really have to work with SELinux enabled .

7) Work on re-enabling selinux. Start by looking at selinux magazines to see some amazing alphabet soup:

 tail -f /var/log/audit/audit.log

8) Marvel at the depths of the devil, the crazy amount of poorly named utilities and the ugly UX mess that SELinux makes up. You should probably put on your big boy trousers and drink a whole coffee pot before you dive. Here are some details:

CentoOS HowTo : https://wiki.centos.org/HowTos/SELinux
Project : http://selinuxproject.org/page/Main_Page

+4

perfectcu.be Jan 29 '16 at 18:11

source share

Be careful with SELinux. The default configuration will prevent access to virtual host directories via httpd. You will need to set the appropriate context:

 # chcon -R -u system_u -r object_r -t httpd_sys_content_t <DocumentRoot>

Another option is to disable SELinux.

+3

jap1968 Oct 14 '14 at 19:53

source share

Riggsfolly · Accepted Answer · 2014-09-01T15:21:03+0000

A few things that can cause problems: -

 NameVirtualHost *:80

It is no longer valid syntax for Apache 2.4.x, you must completely remove it.

On the Windows side, as soon as you modify the HOSTS file, you need to restart the DNS Client service , so either restart, or better yet, launch the command window using "Run as administrator" and do the following: -

 net stop dnscache net start dnscache

Finally, in determining your virtual host, this will help tell apache where it is allowed to accept connections to this virtual host, for example: -

 <VirtualHost *:80> ServerName webserver ServerAlias localhost devserver development DocumentRoot /var/www/html <Directory "/var/www/html"> AllowOverride All Require local Require ip 192.168.3 </Directory> </VirtualHost>

This will allow access from a computer running apache Require local , and from any IP address on the local network Require ip 192.168.3

Also I'm not sure if Apache on unix sets its root directory by default, but it might be an idea to differentiate your 3 domain names into different directories, for example:

 <VirtualHost *:80> ServerName localhost ServerAlias localhost DocumentRoot /var/www/html <Directory "/var/www/html"> AllowOverride All Require local Require ip 192.168.3 </Directory> </VirtualHost> <VirtualHost *:80> ServerName webserver ServerAlias webserver DocumentRoot /var/www/html/webserver <Directory "/var/www/html/webserver"> AllowOverride All Require local Require ip 192.168.3 </Directory> </VirtualHost> <VirtualHost *:80> ServerName development ServerAlias development DocumentRoot /var/www/html/development <Directory "/var/www/html/development"> AllowOverride All Require local Require ip 192.168.3 </Directory> </VirtualHost> <VirtualHost *:80> ServerName devserver ServerAlias devserver DocumentRoot /var/www/html/devserver <Directory "/var/www/html/devserver"> AllowOverride All Require local Require ip 192.168.3 </Directory> </VirtualHost>

Then put a simple html file in each directory named "Hello from Servername" and change the server name in each file so that you know that you have the correct server.

RE: Update test1.php

 Allow from all

Apache 2.4 syntax is invalid unless you load LoadModule access_compat_module modules/mod_access_compat.so

Even then it should be

 Order Allow,Deny Allow from all

So, the syntax of USE Apache 2.4

 Require all granted

If you want to take a lazy route and allow access from the universe.

VirtualHost does not work under Apache 2.4.6 on CentOS 7

More articles: