Current revision updated by vtopping3 on
Originally created by vtopping3 on

Instructions for configuring virtual hosts and opening ports (especially SSL) to web traffic on a newly-provisioned RHEL 7 VM (running Apache 2.4).

Find your new host's ip address

host mydomain.cc.gatech.edu

Copy Template and Edit your apache config file for port 80

cp newsite.conf.template mydomain.cc.conf

nano /etc/httpd/conf.d/mydomain.cc.conf

Under # 'Main' server configuration, paste in an IP-specific VirtualHost config like this:

<VirtualHost 130.207.7.100:80>
    ServerName          newsite.cc.gatech.edu
    ServerAdmin         tsoweb@cc.gatech.edu
    ErrorLog            logs/newsite_error.log
    LogLevel            warn
    DocumentRoot        "/var/www/html"

        <Directory "/var/www/html">
           AllowOverride all
        </Directory>

        # Uncomment if redirecting all traffic to SSL
        #Redirect / https://newsite.cc.gatech.edu/
</VirtualHost>

Copy Template and Edit your apache config file for port 443

First, check to see if ssl is installed.

*if ssl.conf not present* run 
   yum install mod_ssl

 Once ssl is confirmed then proceed:

cp newsite-ssl.conf.template mydomain-ssl.cc.conf

nano /etc/httpd/conf.d/mydomain-ssl.cc.conf

Under ## SSL Virtual Host Context, change or add these specific lines to the VirtualHost config like this:

<VirtualHost _default_:443>

becomes:

<VirtualHost 130.207.7.100:443>

Under # General setup, add:

    ServerName          newsite.cc.gatech.edu
    ServerAdmin         tsoweb@cc.gatech.edu

Change log files to match hostname:

 ErrorLog logs/ssl_newsite_error_log
 TransferLog logs/ssl_newsite_access_log

The SSL Configuration section should look like this:

        SSLEngine on
        SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3
        SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL
        SSLHonorCipherOrder on
        SSLCertificateFile /etc/pki/tls/certs/localhost.crt
        SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
        SSLCertificateChainFile /etc/pki/tls/certs/localhost.chain.crt
        SSLProxyCACertificateFile /etc/pki/tls/certs/localhost.crt

After the <Directory "/var/www/cgi-bin"> section, add:

  <Directory "/var/www/html">
    AllowOverride all
  </Directory>

Restart apache

systemctl restart httpd

Check that the firewalls are open on ports 80 and 443

Note: the WebServices zone is one our sysadmins created, it does not exist natively.

firewall-cmd --list-all

If they are not listed next to ports, then add them:

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent

and reload the service:

firewall-cmd --reload
...
  services: http https

Test that your site responds on both ports

This assumes that DNS is properly set up. You may be able to use telnet like so:
telnet newsite.cc.gatech.edu 80
telnet newsite.cc.gatech.edu 443

Alternatively, on a mac, use netcat like so:
nc -zv newsite.cc.gatech.edu 80
nc -zv newsite.cc.gatech.edu 443

Allow database connection in firewalls

If you're going to connect to an external database, make sure that the campus firewalls (http://fw.noc.gatech.edu/) allow a 3306/tcp connection on that external database server (i.e. sarge.cc) from your new VM's IP address.

Filing Categories
Identifier Categories
Specific categories