ClearOS includes the Apache web server – the same software that powers many of the world's largest web sites.
If your system does not have this app available, you can install it via the Marketplace.
You can find this feature in the menu system at the following location:
The web server comes with built-in SSL encryption for enhanced security. If your website requires a username and password for login, then it is a good idea to use encryption. For instance, if you have the webmail or groupware solution installed, you should access their respective login pages via the secure web server. In your web browser, you should use the encrypted https://your.domain.com instead of the un-encrypted http://your.domain.com (https vs http). When enabled, all communication between the web server and user's web browser is encrypted using a 128-bit security key.
The server name is a valid name (for example, www.example.com) for your web server. This name is used on some infrequently used error pages, so it is not all that important.
<note warning>SSL encryption requires a web site certificate. ClearOS automatically generates a default certificate that is secure. However, this certificate is not verified by one of the web site certificate authorities. Your users will see the warning when connecting to the secure web server. Fully verified certificates can be purchased commercially or created using the Let's Encrypt app</note>
The web server includes support for hosting different domains, a feature that is sometimes referred to virtual hosting. For example, you can a default website for example.com along with a virtual web site anotherexample.com. However, the first thing you need to do is configure the default site.
Specify the base domain for the web site, e.g. example.com.
You may want your web site to respond to other subdomains, notably:
If that is the case, you can set an alias for your web site to *.example.com. Alternatively, you can have a list of aliases separated by spaces, for example:
Using an explicit list instead of a wildcard '*' is handy if you plan on configuring web applications for a subdomain. For example, you may want to create a second web site blog.example.com which will have the WordPress blogging software installed.
This controls who can upload to the Webserver. Not all options above will necessarily show here. It depends on which other components are installed in ClearOS.
Choose the group who can upload to the Web Server
Requires the ClearOS FTP Server. Select if upload by FTP is allowed. If FTP is allowed, use the default port, tcp:21. This takes you to the parent folder of all flexshares and websites. Select your web_site _hostname and if using the Standard Layout (see below) upload to there. If using the Sandbox Layout (see below) upload into the html subfolder.
Requires the ClearOS Windows Networking (Samba). Select if upload by Samba Shares/Windows Network Drive is allowed. The same comments about file locations apply as for the FTP server.
You can access the resource in Windows by running the IP address as a UNC in the Run dialog box.
If you want to map a network drive, the share name is \\your_server\your_web_site_hostname.
From Mac OSX, type Command+K in finder and type the address using the CIFS protocol.
This defaults to Standard for the default web site and gives a document root of /var/www/html
For virtual web sites there are two options, Standard and Sandbox:
Standard gives a document root of /var/www/virtual/your_web_site_hostname
Sandbox gives a document root of /var/www/virtual/your_web_site_hostname/html
Sandbox is the new default and allows you to keep the web site, logs and error pages separated from other web sites with the folder structure:
/var/www/virtual/your_web_site_hostname/html/ → Where you put your web accessible files
/var/www/virtual/your_web_site_hostname/logs/ → Access and error logs
/var/www/virtual/your_web_site_hostname/error/ → To override default Apache error pages <note>Once this setting has been saved, it cannot be changed. If you do want to change it, you must delete the virtual web site and recreate it.</note>
By default the web site is accessible to all. You can choose to restrict it to LAN only here.
By default the website access is unrestricted so any user can access it. You can enable authentication, in which case only users with a valid ClearOS account can access the server.
You can select which certificate you'd like to use for the web site. You can choose between the ClearOS Default self-signed certificate, any Let's Encrypt certificate or any External Certificate uploaded through the Certificate Manager.
Default is enabled. Sets the Options +Indexes or -Indexes in /etc/httpd/conf.d/flex-80.conf. If Show Index is enabled, browsers will display a listing of all files if there is no index page (for example, index.html, index.php etc.). This is normally only desirable if using the Flexshare as a file access service (similar to FTP). If you are running a website, this option should be disabled.
Default is enabled. Sets the Options +FollowSymLinks or -FollowSymLinks in /etc/httpd/conf.d/flex-80.conf.
Default is disabled. Sets the Options +IncludesNOExec or -IncludesNOExec in /etc/httpd/conf.d/flex-80.conf.
Default is enabled. Sets or removes “AllowOverride All” in /etc/httpd/conf.d/flex-80.conf. If you are installing a web application into your Flexshare, you will likely need to enable this feature.
Default is disabled. If enabled, CGI code should go in /var/www/virtual/your_web_site_hostname/cgi-bin/.
Default is enabled. Choose whether to enable PHP for the web site or not.
If you have the PHP Engines app installed from the Marketplace, this is where you choose the version you want for the web site.
There are many options for adding dynamic content to a website:
PHP and perl CGI are installed by default. The set-up and configuration of other engines are beyond the scope of this help document.
If you would like to customize the web server configuration, please review the following document:
<note>This section is under review and will be deleted when multiple versions of PHP become available from the marketplace.</note>
Some ISPs are known to block web (port 80) traffic to residential broadband connections in an attempt to cut down on illegal sites hosted on their network. If you think your configuration is set-up correctly and you suspect your ISP is blocking HTTP traffic, try a remote port scan.
A web server listens to client requests coming in on port 80 (HTTP) or 443 (HTTPS/secure). Did you remember to open the correct port(s)?