Everyone knows about the default web page for Apache on SLES or the Welcome page on OES 2. What if I want to be able to access another location on the server without changing the defaults or asking users to remember a long url? That’s where Virtual Hosts come into play. You can create a location on your server, place your web documents inside and then configure Apache to take you there.

In this article, we will configure a simple virtual host for users to access company policies or whatever you want to put there. We’ll give the virtual host it’s own domain name and DNS record. And as an added bonus, we’ll configure it for eDirectory authentication and access based on group membership.

  • Create location for our files
  • Create a virtual host
  • Create a default web page
  • Add eDirectory authentication

For those who prefer using a GUI in lieu of down and dirty command line, refer to Dave Simons’ AppNote. How to Setup and Configure Apache Web Server in SLES 10

Location for web files

First of all, we need a location for our virtual host. If you want only eDirectory-based users adding or modifying the files, and have an NSS volume mounted, create the directory within that mount point.

md /media/nss/DATA/policies

If you want non-eDirectory users to be able to access the site (read only), create the directory under /usr/share

md /usr/share/www/policies

Create Virtual Host

Create a CNAME record or alias for your virtual host to point to your real server name.

Now we’ll create a virtual host for our new site. We don’t want to change the existing structure of Apache’s configuration, so instead of modifying any of the *.conf files, we’ll create a new one based on the templates.

Change your current directory to /etc/apache2/vhosts.d

Notice there is a file called vhosts.template? That’s the file we will use to create our new virtual host or you can create a blank file and add directives as desired.

Copy this file to myvhost.conf

cp /etc/apache2/vhosts.d/vhosts.template /etc/apache2/vhosts/myvhost.conf

Open the file for editing and make changes that correspond to your server.

# Start of myvhost.conf

# Virtual Host file for my companies policies for users to view.

NameVirtualHost *:80  # add this so we listen port 80 on all IP addresses

<VirtualHost *:80>  # Define the virtual host here.

    # This is optional and if there is an error Apache displays this email address for the user
    ServerAdmin webmaster@mydomain.com

    # This is the CNAME DNS record that points to the host's IP.
    ServerName policies.mydomain.com

    # this is the base directory where the virtual host will default.
    DocumentRoot /media/nss/DATA/policies

    # If your virtual host site will have any cgi, modify this line.  For this example, rem it out.
    # ScriptAlias /cgi-bin/ "/srv/www/vhosts/dummy-host.example.com/cgi-bin/"

     # Here we set permissions for Apache.  These are not related to eDirectory.
    <Directory "/media/nss/DATA/policies">
	Options Indexes FollowSymLinks
	AllowOverride None
	Order allow,deny
	Allow from all



# End of myvhost.conf

We can add multiple <VirtualHost> sections, defining multiple virtual hosts. However, if the user, browses to this host and uses unknown hostnames, Apache defaults the user to the first virtual host in the list. This can be avoided by placing the following directive in your virtual host configuration file.

ServerName mainserver.mydomain.com

This is also defined in /etc/apache2/default-server.conf

If you want Apache to listen on a particular IP address or port for your virtual host, specify those items in the <VirtualHost> directive:


You can add multiple IP addresses to this directive, separated by a space.

The ServerName directive is the name the users will put in their browsers to get to your virtual host.

DocumentRoot tells us where the base directory or “/” (root) for this virtual host resides.

Based on our statement above, DocumentRoot /media/nss/DATA/policies AND we placed a default index.html file there:

We browse to our vhost, http://policies.mydomain.com/ we would see the contents of that index.html

Create a default web page – index.html

<h1>We're Here!</h1>

Place this file in your Document Root.

Save your files and now we need to restart Apache

rcapache2 restart

Let’s test it before we go any further.

Open a browser and type in the new host. http://policies.mydomain.com

Cool, huh?

Ok. Now let’s add the eDirectory authentication piece, so only users with a certain group membership can access this site.

eDirectory Authentication

Open your newly created virtual host configuration file.

Scroll down to the “Allow from all” in the <Directory …> section and place these lines after:

	AuthType Basic
	AuthName “Protected”
	require group cn=PolicyAdmins, o=myorg
	AuthLDAPAuthoritative On
	AuthLDAPURL ldaps://your_edirectory_server.mydomain.com/o=myorg?uid


Replace the group DN with your own group DN.

Replace the AuthLDAPURL with your own eDirectory server name and your base dn

Save the file and restart Apache.

Let’s test again using an account that is a member of PolicyAdmins.

Browse to our new URL http://policies.mydomain.com

Notice we are prompted to login first.

Here is an example of a user that is not a member of the group PolicyAdmins.

You can modify the settings in the vhosts configuration to allow non-admins and then eDirectory ACLs will apply as to what they can or can’t see or do.


Apache is a very versatile and powerful web server. I even run a scaled down version of it on my SLED laptop for testing new ideas. The product I use is XAMPP www.xampp.org. It’s an open source, full blown LAMP server that has Apache2, MySQL, PHP 5 and Perl, in one package that you can launch locally. I test all my web stuff on it before putting it on a real server. Enjoy.

(Visited 1 times, 1 visits today)
Tags: , ,
Category: Open Enterprise Server on SLES, SUSE Linux Enterprise Server, Technical Solutions
This entry was posted Friday, 22 February, 2008 at 6:24 am
You can follow any responses to this entry via RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet