Return-Path:
- Server configuration:
+
- This document attempts to answer the commonly-asked questions about
+ setting up virtual hosts. These scenarios are those involving multiple
+ web sites running on a single server, via name-based or IP-based virtual hosts. A document should be
+ coming soon about running sites on several servers behind a single
+ proxy server. Setup: Your server has a single IP address, and multiple aliases (CNAMES)
+ point to this machine in DNS. You want to run a web server for
+ www.example1.com and www.example2.org on this
+ machine. Server configuration:
-
-
-
-
- Server configuration:
+ DocumentRoot /www/example2
+ ServerName www.example2.org
+
+ # Other directives here
- The asterisks match all addresses, so the main server serves no
+ requests. Due to the fact that www.example1.com is first
+ in the configuration file, it has the highest priority and can be seen
+ as the default or primary server. That means
+ that if a request is received that does not match one of the specified
+ ServerName directives, it will be served by this first
+ VirtualHost. You can, if you wish, replace However, it is additionally useful to use The above configuration is what you will want to use in almost
+ all name-based virtual hosting situations. The only think that this
+ configuration will not work for, in fact, is when you are serving
+ different content based on differing IP addresses or ports. The server has two IP addresses. On one (1.2.3.4), we
+ will serve the "main" server, and on the other (5.6.7.8),
+ we will serve two or more virtual hosts. Server configuration:
-
-
- Server configuration:
-
-
-
- The server can be made to respond to internal and external
- requests with the same content, with just one
-
- Server configuration:
-
- Any request to an address other than 5.6.7.8 will be
+ served from the main server. A request to 5.6.7.8 with an
+ unknown hostname, or no The server machine has two IP addresses (192.168.1.1
+ and 11.22.33.44). The machine is sitting between an
+ internal (intranet) network and an external (internet) network. Outside
+ of the network, the name server.example.com resolves to
+ the external address (111.22.33.55), but inside the
+ network, that same name resolves to the internal address
+ (192.168.1.1). The server can be made to respond to internal and external requests
+ with the same content, with just one Server configuration: Now requests from both networks will be served from the same
+ Setup: You have multiple domains going to the same IP and also want to
+ serve multiple ports. By defining the ports in the "NameVirtualHost"
+ tag, you can allow this to work. If you try using <VirtualHost
+ name:port> without the NameVirtualHost name:port or you try to use
+ the Listen directive, your configuration will not work. Server configuration:
-
- Server configuration:
-
- Setup: The server has two IP addresses (1.2.3.4 and
+ 5.6.7.8) which resolve to the names
+ www.example1.com and www.example2.org
+ respectively. Server configuration:
- Server configuration:
-
-
-
-
-
- Server configuration:
-
- Requests for any address not specified in one of the
+ <VirtualHost> directives (such as
+ localhost, for example) will go to the main server, if
+ there is one. Setup: The server machine has two IP addresses (1.2.3.4 and
+ 5.6.7.8) which resolve to the names
+ www.example1.com and www.example2.org
+ respectively. In each case, we want to run hosts on ports 80 and
+ 8080.
-
- Server configuration:
+ <VirtualHost 5.6.7.8:80>
+ DocumentRoot /www/example2-80
+ ServerName www.example1.org
+ </VirtualHost>
-
- Server configuration:
+ Setup: On some of my addresses, I want to do name-based virtual hosts, and
+ on others, IP-based hosts. Server configuration:
- Server configuration:
-
- Setup 1: Catching every request to any unspecified IP address and
+ port, i.e., an address/port combination that is not used for
+ any other virtual host. Server configuration: Using such a default vhost with a wildcard port effectively prevents
+ any request going to the main server.
- Server configuration:
-
- A default vhost never serves a request that was sent to an
address/port that is used for name-based vhosts. If the request
- contained an unknown or no
-
-
- Server configuration:
-
- Virtual Host examples for common setups
-
-
-Base configuration
-
-
-
-
-Additional features
-
-
-
-
-_default_
vhosts
-ServerPath
directive
-
-
-Simple name-based vhosting
-
-
-
-
+
+
- ...
+
+
+
+
+
Virtual Host examples for common setups
+
+ Examples
+
+
+
+
+
+
+ Additional features
+
+
+
+ _default_
vhostsServerPath
+ directive
+
+ Running several name-based web
+ sites on a single IP address.
+
+
+
+
+
+
+
+
+
+
+ Note: Creating virtual
+ host configurations on your Apache server does not magically
+ cause DNS entries to be created for those host names. You
+ must have the names in DNS, resolving to your IP
+ address, or nobody else will be able to see your web site. You
+ can put entries in your hosts file for local
+ testing, but that will work only from the machine with those
+ hosts entries.
+
+
+
+
+
+
+
+
+
+
+ # Ensure that Apache listens on port 80
Listen 80
- ServerName server.domain.tld
+ # Listen for virtual host requests on all IP addresses
NameVirtualHost *
<VirtualHost *>
- DocumentRoot /www/domain
- ServerName www.domain.tld
- ...
+ DocumentRoot /www/example1
+ ServerName www.example1.com
+
+ # Other directives here
+
</VirtualHost>
<VirtualHost *>
- DocumentRoot /www/subdomain
- ServerName www.sub.domain.tld
- ...
- </VirtualHost>
-
- The asterisks match all addresses, so the main server serves no
- requests. Due to the fact that www.domain.tld is first
- in the configuration file, it has the highest priority and can be
- seen as the default or primary server.
-
-
-
-More complicated name-based vhosts
-
-
-
-
- ...
+ </VirtualHost>
+
+
+
+
+
+
+
+
+
+ Note:
+
+
+ *
with the actual
+ IP address of the system. In that case, the argument to
+ VirtualHost
must match the argument to
+ NameVirtualHost
:
+
+
+
+
+
+
+
+
+
+ NameVirtualHost 12.34.56.78
+ <VirtualHost 12.34.56.78>
+ # etc ...
+
+ *
+ on systems where the IP address is not predictable - for
+ example if you have a dynamic IP address with your ISP, and
+ you are using some variety of dynamic DNS solution. Since
+ *
matches any IP address, this configuration
+ would work without changes whenever your IP address
+ changes.
+
+ Name-based hosts on more than one
+ IP address.
+
+
+
+ Setup 1:
+
+
+
+
+
+ Note: Any of the
+ techniques discussed here can be extended to any number of IP
+ addresses.
+
+
+
+
+
+
+
+
+
+
Listen 80
- ServerName server.domain.tld
- NameVirtualHost 111.22.33.44
+ # This is the "main" server
+ ServerName server.domain.com
+ DocumentRoot /www/mainserver
+
+ # This is the other address
+ NameVirtualHost 5.6.7.8
+
+ <VirtualHost 5.6.7.8>
+ DocumentRoot /www/example1
+ ServerName www.example1.com
+
+ # Other directives here ...
- <VirtualHost 111.22.33.44>
- DocumentRoot /www/domain
- ServerName www.domain.tld
- ...
</VirtualHost>
- <VirtualHost 111.22.33.44>
- DocumentRoot /www/subdomain
- ServerName www.sub.domain.tld
- ...
- </VirtualHost>
-
- Apart from localhost there are no unspecified
- addresses/ports, therefore the main server only serves
- localhost requests. Due to the fact
- that www.domain.tld has the highest priority
- it can be seen as the default or
- primary server.
-
-
-
-
- ...
- Listen 80
- ServerName www.domain.tld
- DocumentRoot /www/domain
-
- NameVirtualHost 111.22.33.55
+ <VirtualHost 5.6.7.8>
+ DocumentRoot /www/example2
+ ServerName www.example2.org
+
+ # Other directives here ...
- <VirtualHost 111.22.33.55>
- DocumentRoot /www/otherdomain
- ServerName www.otherdomain.tld
- ...
- </VirtualHost>
-
- <VirtualHost 111.22.33.55>
- DocumentRoot /www/subdomain
- ServerName www.sub.domain.tld
- ServerAlias *.sub.domain.tld
- ...
</VirtualHost>
-
- Any request to an address other than 111.22.33.55
- will be served from the main server. A request to
- 111.22.33.55 with an unknown or no Host:
- header will be served from www.otherdomain.tld.
- VirtualHost
- section.
-
- ...
+
+ Host:
header, will be served from
+ www.example1.com.Serving the same content on
+ different IP addresses (such as an internal and external
+ address).
+
+ Setup:
+
+ VirtualHost
+ section.
+
+
+
+
+
+
+
+
+
NameVirtualHost 192.168.1.1
- NameVirtualHost 111.22.33.55
-
- <VirtualHost 192.168.1.1 111.22.33.55>
- DocumentRoot /www/server1
- ServerName server1.domain.tld
- ServerAlias server1
- ...
- </VirtualHost>
-
+ NameVirtualHost 11.22.33.44
- Now requests from both networks will be served from the same
- VirtualHost
+ <VirtualHost 192.168.1.1 11.22.33.44>
+ DocumentRoot /www/server1
+ ServerName server.example.com
+ ServerAlias server
+ </VirtualHost>
+
+ VirtualHost
.
+
+
+
+
+
+ Note: On the internal
+ network, one can just use the name
+ server
rather
+ than the fully qualified host name server.example.com. Note
+ also that, in the above example, you can replace the list of IP
+ addresses with
*, which will cause the server to respond
+ the same on all addresses.
+
+ Running different sites on different
+ ports.
+
+
+
+
+
+
+
+
+
+
+ Listen 80
+ Listen 8080
-
- ...
- NameVirtualHost 111.22.33.44:80
- NameVirtualHost 111.22.33.44:8080
+ NameVirtualHost 11.22.33.44:80
+ NameVirtualHost 11.22.33.44:8080
- <VirtualHost 111.22.33.44:80>
- ServerName www.domain.tld
- DocumentRoot /www/domain-80
+ <VirtualHost 11.22.33.44:80>
+ ServerName www.domain.tld
+ DocumentRoot /www/domain-80
</VirtualHost>
- <VirtualHost 111.22.33.44:8080>
- ServerName www.domain.tld
- DocumentRoot /www/domain-8080
+ <VirtualHost 11.22.33.44:8080>
+ ServerName www.domain.tld
+ DocumentRoot /www/domain-8080
</VirtualHost>
- <VirtualHost 111.22.33.44:80>
- ServerName www.otherdomain.tld
- DocumentRoot /www/otherdomain-80
+ <VirtualHost 11.22.33.44:80>
+ ServerName www.otherdomain.tld
+ DocumentRoot /www/otherdomain-80
</VirtualHost>
- <VirtualHost 111.22.33.44:8080>
- ServerName www.otherdomain.tld
- DocumentRoot /www/otherdomain-8080
+ <VirtualHost 11.22.33.44:8080>
+ ServerName www.otherdomain.tld
+ DocumentRoot /www/otherdomain-8080
</VirtualHost>
+
+
- IP-based virtual hosting
-
+ IP-based vhosts
+
-
-
-
-
-
- ...
+
- The main server can never catch a request, because all IP addresses
- (apart from localhost) of our machine are in use for IP-based
- virtual hosts. The web server can only be reached on the first address
- through port 80 and the proxy only on the second address through port 8080.
-
+
+
+
+
+
+
+
+
+
Listen 80
- DocumentRoot /www/domain
- ServerName www.domain.tld
- <VirtualHost 111.22.33.55>
- DocumentRoot /www/otherdomain
- ServerName www.otherdomain.tld
- ...
+ <VirtualHost 1.2.3.4>
+ DocumentRoot /www/example1
+ ServerName www.example1.com
</VirtualHost>
-
- www.otherdomain.tld can only be reached through the
- address 111.22.33.55, while www.domain.tld
- can only be reached through 111.22.33.44
- (which represents our main server).
-
-
- ...
- Listen 80
- ServerName server.domain.tld
+
+ <VirtualHost 5.6.7.8>
+ DocumentRoot /www/example2
+ ServerName www.example2.org
+ </VirtualHost>
+
+
+
+ Mixed port-based and ip-based
+ virtual hosts
+
+
+
+
+
+
+
+
+
+
+ Listen 1.2.3.4:80
+ Listen 1.2.3.4:8080
+ Listen 5.6.7.8:80
+ Listen 5.6.7.8:8080
- <VirtualHost 111.22.33.44>
- DocumentRoot /www/domain
- ServerName www.domain.tld
- ...
+ <VirtualHost 1.2.3.4:80>
+ DocumentRoot /www/example1-80
+ ServerName www.example1.com
</VirtualHost>
- <VirtualHost 111.22.33.55>
- DocumentRoot /www/otherdomain
- ServerName www.otherdomain.tld
- ...
+ <VirtualHost 1.2.3.4:8080>
+ DocumentRoot /www/example1-8080
+ ServerName www.example1.com
</VirtualHost>
-
- The main server can never catch a request, because all IP addresses
- of our machine are in use for IP-based virtual hosts
- (only localhost requests can hit the main server).
-
-
- ...
- Listen 111.22.33.44:80
- Listen 111.22.33.55:8080
- ServerName server.domain.tld
-
- <VirtualHost 111.22.33.44:80>
- DocumentRoot /www/domain
- ServerName www.domain.tld
- ...
+ <VirtualHost 5.6.7.8:8080>
+ DocumentRoot /www/example2-8080
+ ServerName www.example2.org
</VirtualHost>
+
+
- <VirtualHost 111.22.33.55:8080>
- ServerName www-cache.domain.tld
- ...
- <Directory proxy:>
- Order Deny,Allow
- Deny from all
- Allow from 111.22.33
- </Directory>
- </VirtualHost>
-
-
-Mixed name-/IP-based vhosts
-
-
-
-
Mixed name-based and IP-based
+ vhosts
-
- ...
+
+
+
+
+
+
+
+
+
Listen 80
- ServerName server.domain.tld
- NameVirtualHost 111.22.33.44
+ NameVirtualHost 1.2.3.4
- <VirtualHost 111.22.33.44>
- DocumentRoot /www/domain
- ServerName www.domain.tld
- ...
+ <VirtualHost 1.2.3.4>
+ DocumentRoot /www/example1
+ ServerName www.example1.com
</VirtualHost>
- <VirtualHost 111.22.33.44>
- DocumentRoot /www/subdomain1
- ServerName www.sub1.domain.tld
- ...
+ <VirtualHost 1.2.3.4>
+ DocumentRoot /www/example2
+ ServerName www.example2.org
</VirtualHost>
- <VirtualHost 111.22.33.44>
- DocumentRoot /www/subdomain2
- ServerName www.sub2.domain.tld
- ...
+ <VirtualHost 1.2.3.4>
+ DocumentRoot /www/example3
+ ServerName www.example3.net
</VirtualHost>
-
- <VirtualHost 111.22.33.55>
- DocumentRoot /www/otherdomain1
- ServerName www.otherdomain1.tld
- ...
+
+ # IP-based
+ <VirtualHost 5.6.7.8>
+ DocumentRoot /www/example4
+ ServerName www.example4.edu
</VirtualHost>
- <VirtualHost 111.22.33.66>
- DocumentRoot /www/otherdomain2
- ServerName www.otherdomain2.tld
- ...
+ <VirtualHost 9.8.7.6>
+ DocumentRoot /www/example5
+ ServerName www.example5.gov
</VirtualHost>
-
-
-
-
-
-
-Port-based vhosts
-
-
-
-
- ...
- Listen 80
- Listen 8080
- ServerName www.domain.tld
- DocumentRoot /www/domain
-
- <VirtualHost 111.22.33.44:8080>
- DocumentRoot /www/domain2
- ...
+
+
+
+ Using
+
+ _default_
+ vhosts
+
-
+
+
+
+
+
+
+ <VirtualHost _default_:*>
+ DocumentRoot /www/default
</VirtualHost>
-
- A request to www.domain.tld on port 80 is served
- from the main server and a request to port 8080 is served from
- the virtual host.
-
-
-
-
+
+ Using
+ _default_
vhosts
-
-
-
- ...
- <VirtualHost _default_:*>
- DocumentRoot /www/default
- ...
- </VirtualHost>
-
- Using such a default vhost with a wildcard port effectively
- prevents any request going to the main server.
- A default vhost never serves a request that was sent to an
+ Host:
header it is
- always served from the primary name-based vhost (the
- vhost for that address/port appearing first in the configuration
- file).
- You can use
- AliasMatch
- or
- RewriteRule
- to rewrite any request to a single information page (or script).
- _default_
vhost for port 80.
-
- ...
+ contained an unknown or no
Host:
header it is always
+ served from the primary name-based vhost (the vhost for that
+ address/port appearing first in the configuration file).
You can use AliasMatch
or
+ RewriteRule
+ to rewrite any request to a single information page (or script).
Setup 2:
+ +Same as setup 1, but the server listens on several ports and we want
+ to use a second _default_
vhost for port 80.
Server configuration:
+ +++ ++
++ ++ +<VirtualHost _default_:80> - DocumentRoot /www/default80 - ... + DocumentRoot /www/default80 + # ... </VirtualHost> <VirtualHost _default_:*> - DocumentRoot /www/default - ... + DocumentRoot /www/default + # ... </VirtualHost> -- The default vhost for port 80 (which must appear before - any default vhost with a wildcard port) catches all requests that - were sent to an unspecified IP address. The main server is - never used to serve a request. - -- -
Setup 3: - We want to have a default vhost for port 80, but no other default vhosts. - - Server configuration: - -
- ... ++
The default vhost for port 80 (which must appear before any + default vhost with a wildcard port) catches all requests that were sent + to an unspecified IP address. The main server is never used to serve a + request.
+ +Setup 3:
+ +We want to have a default vhost for port 80, but no other default + vhosts.
+ +Server configuration:
+ +++ ++
++ ++ +<VirtualHost _default_:80> DocumentRoot /www/default ... </VirtualHost> -- A request to an unspecified address on port 80 is served from the - default vhost any other request to an unspecified address and port - is served from the main server. - - - - -
- -Migrating a name-based vhost to an IP-based vhost
- -- -
- Setup: - The name-based vhost with the hostname - www.otherdomain.tld (from our name-based - example, setup 2) should get its own IP address. - To avoid problems with name servers or proxies who cached the old - IP address for the name-based vhost we want to provide both variants - during a migration phase.
- The solution is easy, because we can simply add the new IP address - (111.22.33.66) to theVirtualHost
directive. -- Server configuration: - -
- ... ++
A request to an unspecified address on port 80 is served from the + default vhost any other request to an unspecified address and port is + served from the main server.
+Setup:
+ +The name-based vhost with the hostname
+ www.otherdomain.tld (from our name-based example, setup 2) should get its own IP
+ address. To avoid problems with name servers or proxies who cached the
+ old IP address for the name-based vhost we want to provide both
+ variants during a migration phase.
+ The solution is easy, because we can simply add the new IP address
+ (111.22.33.66) to the VirtualHost
+ directive.
Server configuration:
+ +++ ++
++ ++ +Listen 80 ServerName www.domain.tld DocumentRoot /www/domain @@ -537,90 +618,98 @@ NameVirtualHost 111.22.33.55 <VirtualHost 111.22.33.55 111.22.33.66> - DocumentRoot /www/otherdomain - ServerName www.otherdomain.tld - ... + DocumentRoot /www/otherdomain + ServerName www.otherdomain.tld + # ... </VirtualHost> <VirtualHost 111.22.33.55> - DocumentRoot /www/subdomain - ServerName www.sub.domain.tld - ServerAlias *.sub.domain.tld - ... - </VirtualHost> -- The vhost can now be accessed through the new address (as an IP-based - vhost) and through the old address (as a name-based vhost). - - - - -
- -Using the
- -ServerPath
directive- -
- Setup: - We have a server with two name-based vhosts. In order to match the correct - virtual host a client must send the correct
Host:
header. - Old HTTP/1.0 clients do not send such a header and Apache has no clue - what vhost the client tried to reach (and serves the request from - the primary vhost). To provide as much backward compatibility - as possible we create a primary vhost which returns a single page - containing links with an URL prefix to the name-based virtual hosts. -- Server configuration: - -
- ... + DocumentRoot /www/subdomain + ServerName www.sub.domain.tld + ServerAlias *.sub.domain.tld + # ... + </VirtualHost> ++
The vhost can now be accessed through the new address (as an + IP-based vhost) and through the old address (as a name-based + vhost).
+ServerPath
directiveSetup:
+ +We have a server with two name-based vhosts. In order to match the
+ correct virtual host a client must send the correct Host:
+ header. Old HTTP/1.0 clients do not send such a header and Apache has
+ no clue what vhost the client tried to reach (and serves the request
+ from the primary vhost). To provide as much backward compatibility as
+ possible we create a primary vhost which returns a single page
+ containing links with an URL prefix to the name-based virtual
+ hosts.
Server configuration:
+ +++ ++
++ ++ +NameVirtualHost 111.22.33.44 <VirtualHost 111.22.33.44> - # primary vhost - DocumentRoot /www/subdomain - RewriteEngine On - RewriteRule ^/.* /www/subdomain/index.html - ... + # primary vhost + DocumentRoot /www/subdomain + RewriteEngine On + RewriteRule ^/.* /www/subdomain/index.html + # ... </VirtualHost> <VirtualHost 111.22.33.44> DocumentRoot /www/subdomain/sub1 - ServerName www.sub1.domain.tld - ServerPath /sub1/ - RewriteEngine On - RewriteRule ^(/sub1/.*) /www/subdomain$1 - ... + ServerName www.sub1.domain.tld + ServerPath /sub1/ + RewriteEngine On + RewriteRule ^(/sub1/.*) /www/subdomain$1 + # ... </VirtualHost> <VirtualHost 111.22.33.44> - DocumentRoot /www/subdomain/sub2 - ServerName www.sub2.domain.tld - ServerPath /sub2/ - RewriteEngine On - RewriteRule ^(/sub2/.*) /www/subdomain$1 - ... - </VirtualHost> -- Due to theServerPath
- directive a request to the - URL http://www.sub1.domain.tld/sub1/ is always - served from the sub1-vhost.
- A request to the URL http://www.sub1.domain.tld/ - is only served from the sub1-vhost if the client sent a correct -Host:
header. - If noHost:
header is sent the client gets the - information page from the primary host.
- Please note that there is one oddity: A request to - http://www.sub2.domain.tld/sub1/ is also served from - the sub1-vhost if the client sent noHost:
header.
- TheRewriteRule
directives are used to make sure that - a client which sent a correctHost:
header can use - both URL variants, i.e., with or without URL prefix. - - - - - - - + DocumentRoot /www/subdomain/sub2 + ServerName www.sub2.domain.tld + ServerPath /sub2/ + RewriteEngine On + RewriteRule ^(/sub2/.*) /www/subdomain$1 + # ... + </VirtualHost> + +
Due to the ServerPath
+ directive a request to the URL
+ http://www.sub1.domain.tld/sub1/ is always served
+ from the sub1-vhost.
+ A request to the URL http://www.sub1.domain.tld/ is only
+ served from the sub1-vhost if the client sent a correct
+ Host:
header. If no Host:
header is sent the
+ client gets the information page from the primary host.
+ Please note that there is one oddity: A request to
+ http://www.sub2.domain.tld/sub1/ is also served from the
+ sub1-vhost if the client sent no Host:
header.
+ The RewriteRule
directives are used to make sure that a
+ client which sent a correct Host:
header can use both URL
+ variants, i.e., with or without URL prefix.