Assuming that you have a working httpd, copy the previous httpd configuration file as follows:
cp /etc/httpd/conf/httpd-a.b.xx.conf httpd.m.n.xx.conf
Change all of the references to the old httpd directories to the new ones. For example, change all "2.0" references to "2.2".
If a new config file must be created, follow the example file in the install directory.
To enable PHP, you must (depending on which version of PHP you are using) load the DSO module:
LoadModule php4_module /usr/share/httpd-m.n/modules/libphp4.so
or
LoadModule php5_module /usr/share/httpd-m.n/modules/libphp5.so
Then, you need to tell Apache that it should pass PHP modules off to the PHP interpreter:
AddType application/x-httpd-php .php
Finally, you should add the PHP index file to the list of index files, something like this:
DirectoryIndex index.html index.html.var index.php
If you wish to use GnuTLS for SSL and TLS connections, you need to load the mod_gnutls DSO somewhere in the config file (probably with all of the other DSOs):
LoadModule gnutls_module modules/mod_gnutls.so
For the main host or each of the virtual hosts, you then need to turn GnuTLS on and tell it which certificate and key to use:
GnuTLSEnable on
GnuTLSCertificateFile /etc/httpd/hosta.com.crt
GnuTLSKeyFile /etc/httpd/hosta.com.key
You can use multiple certificates, even going so far as to have one for each virtual host:
GnuTLSCertificateFile /etc/httpd/hostb.com.crt
GnuTLSKeyFile /etc/httpd/hostb.com.key
See below for how to build your own certificates.
Meanwhile, if you're into virtual hosts for more than one Web site on the server, here is a sample of that portion of the configuration file needed to set up a virtual host that listens on 9280:
##
## ABCCo Test Site Virtual Host Context
##
Listen 9280
<VirtualHost default:9280>
#
# Document root directory for ABCCo html.
#
DocumentRoot "/var/www/ABCCo/html"
<Directory "/var/www/ABCCo/html">
Options +Includes
</Directory>
#
# Directories defined in the main server that we don't want people to see
# under this port.
#
Alias /manual "/var/www/ABCCo/limbo"
Alias /doc "/var/www/ABCCo/limbo"
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/var/www/ABCCo/cgi-bin/"
#
# Define the properties of the directory above.
#
<Directory "/var/www/ABCCo/cgi-bin">
AllowOverride None
Options ExecCGI FollowSymLinks
Order allow,deny
Allow from all
</Directory>
#
# Point the PHP include path at the HTML directory top level. This lets us
# include stuff without worrying about where we are running from.
#
php_value include_path '.:/var/www/ABCCo/html:/usr/local/lib/php'
</VirtualHost>
Note the part about pointing the PHP include path at the top level HTML directory. It fixes a serious oversight on the part of PHP, in my opinion.
Also, pay particular attention to the aliases for directories that are defined in the main server (i.e. port 80) that you don't want to be visible to the virtual server. If you don't specifically point them to limbo, as shown in the above example, the users of the virtual host will be able to see the directories defined for the main server (perhaps not what you intended). If you are using the default Apache installation, here are some examples of aliases that you might want to disallow:
ScriptAlias /cgi-bin/ "/var/www/ABCCo/limbo/"
Alias /doc "/var/www/ABCCo/limbo"
Alias /error "/var/www/ABCCo/limbo"
Alias /icons "/var/www/ABCCo/limbo"
Alias /manual "/var/www/ABCCo/limbo"
We presume that you'll always define DocumentRoot which will override where the main server's DocumentRoot points but be very careful if you don't. Any user of the virtual server will see the main server's DocumentRoot and all of its contents.
If you are planning on using ProxyPass to redirect requests to another server, be aware of a serious security breach that is possible with the mod_proxy module. If forward proxies are turned on, anybody who has access to your httpd server can use it to forward proxy requests to anywhere the server can reach. If the server is connected to the outside world, you will soon be getting a million hits an hour from bad guys using your server to anonymously download all sorts of crap-oh-la through the proxy.
Consequently, unless you have the server properly secured and/or the forward proxy feature locked down so that only internal users may access it, make sure that forward proxying is turned off. The easiest way to do this is like so:
# Mod_proxy
# If mod_proxy is turned on, disable forward proxies for everyone. This
# feature is bad news.
<IfModule mod_proxy.c>
ProxyRequests Off
</IfModule>
These lines should be placed in the general configuration section somewhere before the Listen directive so that forward proxying is turned off for all of the servers and virtual servers listening to the outside world. If you really want this feature for a particular server/virtual server, it can be enabled only for certain, well-known users/machines. But, it is best to leave it turned off for everyone unless you really know what you're doing. If you make a mistake, the bad guys will find out about it.
Note that disabling the use of forward proxies in this manner does not effect the ProxyPass directive so that you may still do the following:
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /Billing http://deltoids:9280/Billing
To set up name-based virtual hosting, you define a virtual server that looks something like this (here we're forwarding to another server with ProxyPass too, just to spice up the example):
<VirtualHost default:80>
#
# These are the domain names that we map to the proxy server.
#
ServerName www.mydomain.com
ServerAlias www.mydomain.net
ServerAlias www.mydomain.org
ServerAlias mydomain.com
ServerAlias mydomain.net
ServerAlias mydomain.org
#
# Proxy directives for the Web site. Redirected to another server.
#
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://10.100.0.1:8280/
ProxyPassReverse / http://10.100.0.1:8280/
</VirtualHost>
Or, if you want to set up name-based virtual hosting along with SSL, for that secure computing feeling, you might define virtual servers that look something like this (here we're forwarding to two separate servers with ProxyPass too, just to spice up the example):
Listen *:443
NameVirtualHost *:443
<VirtualHost *:443>
#
# To make virtual hosts work, we use mod_gnutls instead of SSL.
#
GnuTLSEnable on
GnuTLSCertificateFile /etc/httpd/hosta.com.crt
GnuTLSKeyFile /etc/httpd/hosta.com.key
#
# These are the domain names that we map to the proxy server.
#
ServerName www.mydomain.com
ServerAlias mydomain.com
#
# Proxy directives for the Web site. Redirected to another server.
#
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://10.100.0.1:8280/
ProxyPassReverse / http://10.100.0.1:8280/
</VirtualHost>
<VirtualHost *:443>
#
# Certificates have the domain name in them so we need a separate one for
# alternate domain names.
#
GnuTLSEnable on
GnuTLSCertificateFile /etc/httpd/hostb.com.crt
GnuTLSKeyFile /etc/httpd/hostb.com.key
#
# These are the alternate domain names that we map to the proxy server.
#
ServerName www.mydomain.net
ServerAlias mydomain.net
#
# Proxy directives for the Web site. Redirected to another server.
#
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://10.100.0.1:8380/
ProxyPassReverse / http://10.100.0.1:8380/
</VirtualHost>
Once you have the new config file built to your satisfaction, unlink the config file symbolic link and relink it to the new config file:
rm /etc/httpd/conf/httpd.conf
ln -s /etc/httpd/conf/httpd-m.n.xx.conf /etc/httpd/conf/httpd.conf
Also, unlink the symbolic link in the document root directory that points to the Apache documentation and link it to the new documentation:
rm /var/www/manual
ln -s /usr/share/httpd-m.n/manual /var/www/manual
One final note. The newer versions of Apache no longer look in /etc/httpd/conf for httpd.conf anymore. Instead, they look in their installation directory (e.g. /usr/share/httpd-m.n/conf/httpd.conf). If you don't like this "feature", you may want to replace /usr/share/httpd-m.n/conf/httpd.conf with a symlink to /etc/httpd/conf/httpd.conf:
rm -f /usr/share/httpd-m.n/conf/httpd.conf
ln -s /etc/httpd/conf/httpd.conf /usr/share/httpd-m.n/conf/httpd.conf
Otherwise, you will have to specifically direct httpd to the correct config file, if you are using the one in /etc. To do this, use the "-f" parameter when starting httpd:
/usr/share/httpd-m.n/bin/httpd -f /etc/httpd/conf/httpd.conf