After updating my server today, I noticed that Apache hadn't come back up after the reboot. When I tried to start Apache manually, I got a whole bunch of errors for all of my vhosts, stating:
Warning: DocumentRoot [/var/www/vhosts/example.com/httpdocs] does not exist
While in fact, the directories did exist and the apache user had read/write permissions to it. As it turned out after some searching around, a new SELinux policy (that was among the server updates) was responsible for this. I found all kind of answers on the web, varying from the most stupid ones:
"I had the same problem. Turned out to be SELINUX. Edit /etc/sysconfig/selinux and change it to disabled then reboot."
To some more serious ones stating that you should make sure that the DocumentRoot had the httpd_sys_content_t context. But, even setting this context did not work for me.
As it turned out, after running audit2allow on my audit.log file, access was denied because the root folder for the vhosts are in most of my cases also home directories for local users, so that when I add them, my local vsftpd install allows them to connect using their credentials and by setting their home directories to their vhost, their ftp user enters at that folder level. All I needed was just a SELinux setting that allows httpd to read user's home dirs:
setsebool -P httpd_enable_homedirs 1
Whether or not this a very good idea security-wise, I'm not too sure. But there were pretty much just hobby and testing vhosts on this specific server, so I didn't mind too much in this case. If you're running a pretty serious production server, I would reconsider if there are any better alternatives available to you.
SELinux can be a pain sometimes, but it's things like this that also make me appreciate the barriers it throws up that make you think over your server's security settings once more.