Prerequisites and Initial Setup
You'll need Ubuntu VPS with Apache2 installed and root or sudo access. Make sure your domain names already point to your server's IP address through DNS records.
Update your system packages first:
sudo apt update && sudo apt upgrade -y
sudo apt install apache2 openssl -yVerify Apache is running and enabled:
sudo systemctl status apache2
sudo systemctl enable apache2This guide covers hosting multiple websites on a single VPS. Each site gets its own virtual host configuration with SSL protection.
Enable Required Apache Modules
Apache needs specific modules for SSL and virtual host functionality:
sudo a2enmod ssl
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2enmod http2The ssl module handles HTTPS connections. Rewrite redirects HTTP traffic to HTTPS.
Headers module adds security headers, and http2 improves performance for modern browsers.
Restart Apache to load the new modules:
sudo systemctl restart apache2Create Directory Structure for Virtual Hosts
Each domain needs its own directory structure. Create directories for two example domains:
sudo mkdir -p /var/www/example.com/public_html
sudo mkdir -p /var/www/secondsite.com/public_html
sudo mkdir -p /var/www/example.com/logs
sudo mkdir -p /var/www/secondsite.com/logsSet proper ownership and permissions:
sudo chown -R www-data:www-data /var/www/
sudo chmod -R 755 /var/www/Create simple index files to test each site:
echo "<h1>Welcome to example.com</h1>" | sudo tee /var/www/example.com/public_html/index.html
echo "<h1>Welcome to secondsite.com</h1>" | sudo tee /var/www/secondsite.com/public_html/index.htmlMigrating sites to a Hostperl VPS works much smoother with this organized directory structure.
Configure HTTP Virtual Hosts First
Start with basic HTTP virtual hosts. These will redirect to HTTPS once SSL is configured.
Create the first virtual host configuration:
sudo nano /etc/apache2/sites-available/example.com.confAdd this configuration:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined
<Directory /var/www/example.com/public_html>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>Create a similar configuration for the second site:
sudo nano /etc/apache2/sites-available/secondsite.com.confEnable both sites and test the configuration:
sudo a2ensite example.com.conf
sudo a2ensite secondsite.com.conf
sudo apache2ctl configtestIf the test shows "Syntax OK", reload Apache:
sudo systemctl reload apache2Install and Configure Let's Encrypt SSL Certificates
Install Certbot for free SSL certificates from Let's Encrypt:
sudo apt install certbot python3-certbot-apache -yRequest certificates for both domains. Certbot automatically configures Apache:
sudo certbot --apache -d example.com -d www.example.com
sudo certbot --apache -d secondsite.com -d www.secondsite.comCertbot asks whether to redirect HTTP traffic to HTTPS. Choose option 2 (redirect) for better security.
Verify your certificates work by visiting your domains with https://. You should see the padlock icon in your browser.
Supporting customers has shown us that proper SSL configuration prevents 90% of common security issues.
Harden SSL Configuration for Secure Apache Virtual Hosts
Certbot creates decent default SSL settings, but you can strengthen security further. Edit the SSL virtual host files:
sudo nano /etc/apache2/sites-available/example.com-le-ssl.confAdd these security headers inside the VirtualHost block:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options DENY
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"Configure stronger SSL protocols and ciphers by creating a security configuration file:
sudo nano /etc/apache2/conf-available/ssl-params.confAdd this content:
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"Enable the configuration and restart Apache:
sudo a2enconf ssl-params
sudo systemctl restart apache2Set Up Automated Certificate Renewal
Let's Encrypt certificates expire every 90 days. Set up automatic renewal:
sudo crontab -eAdd this line to check for renewals twice daily:
0 12,0 * * * /usr/bin/certbot renew --quietTest the renewal process:
sudo certbot renew --dry-runA successful dry run confirms automatic renewal will work. This prevents certificate expiration surprises that could take your sites offline.
Configure Log Rotation and Monitoring
Your virtual hosts generate access and error logs that need regular rotation:
sudo nano /etc/logrotate.d/apache2-vhostsAdd this configuration:
/var/www/*/logs/*.log {
daily
missingok
rotate 52
compress
notifempty
create 640 www-data adm
sharedscripts
postrotate
if /bin/systemctl status apache2 > /dev/null ; then \
/bin/systemctl reload apache2 > /dev/null; \
fi;
endscript
}Test the logrotate configuration:
sudo logrotate -d /etc/logrotate.d/apache2-vhostsMonitor your sites by checking error logs regularly:
sudo tail -f /var/www/example.com/logs/error.logPerformance Optimization for Virtual Hosts
Enable HTTP/2 for better performance with SSL connections. Add this to your SSL virtual host configurations:
Protocols h2 http/1.1Configure Apache's MPM (Multi-Processing Module) for better handling of SSL connections:
sudo nano /etc/apache2/mods-available/mpm_event.confAdjust these values based on your VPS resources:
StartServers 4
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0Enable compression to reduce bandwidth usage:
sudo a2enmod deflate
sudo systemctl restart apache2These optimizations become crucial when running multiple virtual hosts on the same server.
Backup Your Virtual Host Configurations
Create regular backups of your Apache configurations:
#!/bin/bash
BACKUP_DIR="/home/$(whoami)/apache-backups"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR
# Backup Apache configuration
sudo tar -czf $BACKUP_DIR/apache-config-$DATE.tar.gz /etc/apache2/
# Backup website files
sudo tar -czf $BACKUP_DIR/websites-$DATE.tar.gz /var/www/
# Keep only last 7 backups
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -deleteSave this as a script and run it weekly via cron.
Having these backups saves significant time when you need to restore or migrate to a different server.
Customers using comprehensive backup strategies recover from issues 5x faster than those without proper backups.
Setting up secure Apache virtual hosts requires careful configuration and ongoing maintenance. Hostperl's managed VPS hosting includes pre-configured Apache with SSL support, automated backups, and 24/7 monitoring. Our New Zealand-based support team handles the complex configurations so you can focus on your websites.
Frequently Asked Questions
How many virtual hosts can I run on one Apache server?
Apache can handle hundreds of virtual hosts on a properly configured server. The limiting factors are typically RAM, CPU, and network bandwidth rather than Apache itself. Monitor your server resources as you add sites.
Do I need separate SSL certificates for each virtual host?
Each domain requires its own SSL certificate, but you can use wildcard certificates for subdomains or multi-domain certificates to cover several related domains with one certificate.
What happens if my Let's Encrypt certificate expires?
If automatic renewal fails, your sites will show SSL warnings to visitors. Set up monitoring to alert you before certificates expire, and always test the renewal process after initial setup.
Can I mix HTTP and HTTPS virtual hosts on the same server?
Yes, but don't do it. Always redirect HTTP traffic to HTTPS to protect user data and improve your search engine rankings.
How do I troubleshoot SSL configuration issues?
Check Apache error logs first, then use online SSL testing tools like SSL Labs to identify configuration problems. Common issues include incorrect certificate paths, missing intermediate certificates, or cipher suite misconfigurations.
