Jeremy Davis's picture

Over on Reddit, u/Solnse asked about setting up a LAMP/LAPP appliance to host multiple sites via different domains. AKA "name based virtual hosts". I've tried 3 times to post this over there as a reply, but for some reason, Reddit just keeps giving me a vague error message?!? Maybe it's too long? Regardless, I've given up and am posting here instead.

As a bit of background and context, under the hood, TurnKey is essentially Debian. The v18.x release is based on Debian 12/Bookworm. It includes Apache v2.4 and PHP v8.2. The Apache docs are pretty good IMO so are a great resource - especially for the gritty details. Also, you should find plenty of Debian tutorials online to assist you.

Regardless, I'll give you a (hopefully) solid starter. Note that I'm a CLI guy and so that's what I'll provide here, although it should all be possible via Webmin too if you prefer - but I can't offer much help with that. IMO doing it via CLI is quicker and easier.

First up create the directories that will house your sites. Create one for each site and give them relevant names. Many use the domain names which I think makes sense. So I'll use and So create these 2 directories:

mkdir /var/www/
mkdir /var/www/

Note that by default, they will be owned by root and that should work fine. However, depending what web software you are installing, you may need to give the webserver write access to some directories. E.g. if you have a cache directory:

chown -R www-data:www-data /var/www/

Or you want to hit it with a big hammer and give the webserver write access to everything, run the same command but with the directory to your doc root (i.e. /var/www/

Then create the Apache site config files in /etc/apache2/sites-available - one for each site. They are plain text files and need to have the .conf suffix. I suggest naming them the same as the domains and directories. I.e.: /etc/apache2/sites-available/ & /etc/apache2/sites-available/

Here's a simple site file - which will also redirect http -> https:

<VirtualHost *:80>
    UseCanonicalName Off
    ServerAdmin webmaster@localhost

    # redirect http -> https; except localhost/
    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^localhost [NC]
    RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
    RewriteCond %{HTTPS} off 
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

<VirtualHost *:443>
    # adjust ot your domain(s)

    SSLEngine on

    # Adjust these 2 lines to your domain(s)
    CustomLog ${APACHE_LOG_DIR}/example.net_access.log combined
    DocumentRoot /var/www/

<Directory /var/www/>

    # will ignore .htaccess files
    AllowOverride None

    # will disable all options
    Options None

Just change all the instances of to your domain. You can then copy that and adjust as per necessary for your other sites.

FWIW because the http (port 80) section is site agnostic, it could actually go in its own conf file and not be included in every site file, but it doesn't really matter...

Before you go any further, disable the default site:

a2dissite 000-default

Then once you have done your config files, enable them:


Repeating for each site.

As per above, to disable a site, use the a2dissite command with your site name (or the name of the .conf file). Then to load your updated config, restart Apache:

systemctl restart apache2

It should all "just work".

Also, while I'm here, I'll give you a little extra TurnKey specific info which might be useful. We install and enable mod_evasive by default. mod_evasive protects against DoS, DDoS and brute force attacks so is a good addition to security.

We use the Debian default config for mod_evasive and usually the Debian defaults are quite sane. However, we have had some users report problems. If you hit a page too fast (more than twice within one second), it will lock you out for 10 seconds.There are 3 ways you can resolve/ease that.

The first is to disable it altogether:

a2dismod evasive
systemctl restart apache2

The next is to whitelist your IP address. The limitation will still exist for others, but won't affect you. Edit /etc/apache2/mods-available/evasive.conf and within the ifmodule tags, add this line:


Where YOUR_IPADDRESS is your actual IP. IIRC additional IPs can be added, separated by a space (but I could be wrong?). Then restart Apache to apply.

The last option is to extend the number of times you can hit a page within a second before it locks you out. To do that edit the same config file and uncomment (remove the leading #) the DOSPageCount line and change the 2 to 5 (for example).

Hopefully that should get you going... :)


Add new comment