Apache VirtualHost Config Builder

Generate an Apache VirtualHost block for HTTP or HTTPS hosting

Builds a ready-to-use Apache VirtualHost configuration with ServerName, ServerAlias, DocumentRoot, a Directory block, SSL certificate paths, an optional HTTP-to-HTTPS redirect, HSTS, and per-host error and access log paths. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

Where do I put the generated VirtualHost file?

On Debian and Ubuntu, save it under /etc/apache2/sites-available and enable it with a2ensite, then reload Apache. On RHEL-family systems, drop it in /etc/httpd/conf.d and restart httpd.

A correct VirtualHost without trial and error

Hand-writing an Apache VirtualHost means remembering the right directives, a matching Directory block, the correct SSL lines, and a redirect that actually works. This builder generates the whole .conf from a short form — HTTP or HTTPS, with optional port-80 redirect, HSTS, and per-host log paths baked in.

How it works

For an HTTPS site the builder binds the main block to port 443, adds SSLEngine on with your SSLCertificateFile and SSLCertificateKeyFile, and restricts SSLProtocol to TLS 1.2 and 1.3. It pairs that with a Directory block setting sane defaults — directory listings off, symlinks followed, and Require all granted. When you enable the redirect, a second port-80 VirtualHost uses mod_rewrite to issue a permanent redirect to the https scheme. Optional HSTS adds a Strict-Transport-Security header. Error and access logs are written to per-host filenames derived from your domain so you can tail them independently.

Example output for an HTTPS site

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    RewriteEngine On
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com

    SSLEngine on
    SSLCertificateFile    /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    SSLProtocol           -All +TLSv1.2 +TLSv1.3

    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

    <Directory /var/www/example.com>
        Options -Indexes +FollowSymLinks
        AllowOverride FileInfo
        Require all granted
    </Directory>

    ErrorLog  /var/log/apache2/example.com-error.log
    CustomLog /var/log/apache2/example.com-access.log combined
</VirtualHost>

Deployment steps

  1. Copy the generated .conf into /etc/apache2/sites-available/example.com.conf (Debian/Ubuntu) or /etc/httpd/conf.d/example.com.conf (RHEL/CentOS).
  2. On Debian-family systems, enable the site: a2ensite example.com.conf.
  3. Validate: apachectl configtest — fix any reported errors before continuing.
  4. Reload without dropping connections: apachectl graceful.
  5. Check that HTTP redirects to HTTPS with: curl -I http://example.com.

Tips

  • Apache uses separate certificate and key files, unlike HAProxy which wants one combined PEM — this builder keeps them separate and matches the Let’s Encrypt file layout.
  • Options -Indexes prevents Apache from serving a directory listing when an index file is missing — always include it.
  • If TLS terminates at a load balancer upstream, generate the HTTP variant instead and configure your app to trust the X-Forwarded-Proto header to know the original scheme.
  • For PHP or framework apps that use .htaccess routing (Laravel, WordPress), set AllowOverride All in the Directory block so rewrite rules in .htaccess are honoured.