| View previous topic :: View next topic |
| Author |
Message |
Re-JeeP
Apprentice
Joined: 10 Oct 2006
Posts: 294
Location: Sweden
|
 Posted: Wed Aug 08, 2007 10:14 am Post subject: Apache vhosts |
 |
|
Hi!
I'm working on setting up a couple of vhosts for Apache.
I found the tool webapp-config which I planned on using.
Now. I have a couple of users that each should be able to set up a webserver.
Say that user1 wants to have more than one site. Should I create one vhost for that user and then the user could add folders in that folder for each site he wants? Or should I create one vhost for each site?
It should be possible to point a domain to each site!
And one more question about webapp-config. I don't know if you have to enter a app-name and app-version. Would this work for user1?
| Code: | | webapp-config -I -h project1 -u user1 -g user1 -d /home/user1/www/project1 -s apache |
_________________
Dig where you stand! |
|
| Back to top |
|
 |
yaman666
Tux's lil' helper
Joined: 13 Dec 2002
Posts: 117
Location: Chicago, IL
|
| Posted: Thu Aug 09, 2007 3:17 pm Post subject: |
|
|
As far as I am aware, webapp-config may only be used with web applications that have the special functionality in their ebuild, in order to be used with webapp-config.
What you want does not need webapp-config. If you want to make user home subdirectory accessible via the web, edit /etc/conf.d/apache2 and add USERDIR flag
| Code: | | APACHE2_OPTS="-D DEFAULT_VHOST -D USERDIR" |
Then change /etc/apache2/httpd.conf and specify what you want subdirectory to be called. By default it will be /home/user/public_html accessible by www.server.com/~user
| Code: | ...
<IfModule mod_userdir.c>
UserDir public_html
...
|
As far as creating vhosts file - you can do it any way you'd like. You can do one file per site, one per user, one altogether - just a matter of preference. |
|
| Back to top |
|
|
Re-JeeP
Apprentice
Joined: 10 Oct 2006
Posts: 294
Location: Sweden
|
| Posted: Thu Aug 09, 2007 9:41 pm Post subject: |
|
|
| yaman666 wrote: | As far as I am aware, webapp-config may only be used with web applications that have the special functionality in their ebuild, in order to be used with webapp-config.
What you want does not need webapp-config. If you want to make user home subdirectory accessible via the web, edit /etc/conf.d/apache2 and add USERDIR flag
| Code: | | APACHE2_OPTS="-D DEFAULT_VHOST -D USERDIR" |
Then change /etc/apache2/httpd.conf and specify what you want subdirectory to be called. By default it will be /home/user/public_html accessible by www.server.com/~user
| Code: | ...
<IfModule mod_userdir.c>
UserDir public_html
...
|
As far as creating vhosts file - you can do it any way you'd like. You can do one file per site, one per user, one altogether - just a matter of preference. |
Hi, thanks for the answer!
Though I would like some more help!
I don't see how edit /etc/apache2/httpd.conf would help if a user wants more than one site or if more than one user wants one or more than one site. Can you please explain how to edit the file then?
And then about the vhosts files. One per user I think would be best. Should these files be in /etc/apache2/conf/vhosts/?
Could you give me an example of setting up a vhost environment?
Say that user adam should have two sites: private and public. And user peter wants one site: pictures. How should I set that up?
Sorry if I'm asking much but I've really tried my self by reading in the wiki and in the apache manual with no success... So I could really need some help!
_________________
Dig where you stand! |
|
| Back to top |
|
|
martin20450
Tux's lil' helper
Joined: 30 Sep 2005
Posts: 91
|
| Posted: Thu Aug 09, 2007 10:01 pm Post subject: |
|
|
For each virtual host you want you need to create a domain.com.conf file in /etc/apache2/vhosts.d/domain.com.conf
For example:
| Code: | <VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin bob@domain.com
DocumentRoot "/path/to/user/directory"
</VirtualHost> |
It's possible to setup a web interface for this using any number of languages, have the input written to a /tmp/hosts/* file and parse those through a cron job running as root, if it finds any files then it can check they're valid and move them to the /etc/apache2/vhosts.d/ directory and then restart apache, hope it helps. |
|
| Back to top |
|
|
yaman666
Tux's lil' helper
Joined: 13 Dec 2002
Posts: 117
Location: Chicago, IL
|
| Posted: Fri Aug 10, 2007 2:39 am Post subject: |
|
|
| martin20450 wrote: | | For each virtual host you want you need to create a domain.com.conf file in /etc/apache2/vhosts.d/domain.com.conf |
Correction: you may create a *.conf file. You may just as well create user1.conf with all user's domains in one file, or even stick everything into a single config.
| martin20450 wrote: | | It's possible to setup a web interface for this using any number of languages, have the input written to a /tmp/hosts/* file and parse those through a cron job running as root, if it finds any files then it can check they're valid and move them to the /etc/apache2/vhosts.d/ directory and then restart apache, hope it helps. |
I would recommend against this, as malicious user can give access to directories not intended to be shared. Unless this is an absolute must, just set them up manually. Or have a web script write "controlled" vhosts files based on certain parameters, don't use random uploaded files.
And finally, do not restart apache, but reload apache. Restarting will fail if you accidentally make an error, while reload will alert you of the error and abort restarting apache.  |
|
| Back to top |
|
|
Re-JeeP
Apprentice
Joined: 10 Oct 2006
Posts: 294
Location: Sweden
|
| Posted: Fri Aug 10, 2007 7:33 am Post subject: |
|
|
| yaman666 wrote: | | martin20450 wrote: | | It's possible to setup a web interface for this using any number of languages, have the input written to a /tmp/hosts/* file and parse those through a cron job running as root, if it finds any files then it can check they're valid and move them to the /etc/apache2/vhosts.d/ directory and then restart apache, hope it helps. |
I would recommend against this, as malicious user can give access to directories not intended to be shared. Unless this is an absolute must, just set them up manually. Or have a web script write "controlled" vhosts files based on certain parameters, don't use random uploaded files. |
What is all this for?
Is all that I have to do these things?
1: Add USERDIR
| Code: | | APACHE2_OPTS="-D DEFAULT_VHOST -D USERDIR" |
2: Edit /etc/apache2/httpd.conf in some way I don't know...
| Code: | ...
<IfModule mod_userdir.c>
UserDir public_html
... |
3: Create conf files in /etc/apache2/vhosts.d/ for each user (say that I want one for each user).
| Code: | <VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin bob@domain.com
DocumentRoot "/path/to/user/directory"
</VirtualHost> |
Could I with this configuration create what I want? Every user shall have one folder in their /home/user dir. And every folder they put in that can a domain be pointed to?
Or would it be easier if the superuser only could create new sites?
Would the only thing I had to do then be to add conf-files in /etc/apache2/vhosts.d/?
_________________
Dig where you stand! |
|
| Back to top |
|
|
yaman666
Tux's lil' helper
Joined: 13 Dec 2002
Posts: 117
Location: Chicago, IL
|
| Posted: Fri Aug 10, 2007 3:47 pm Post subject: |
|
|
If users have actual domains you need to use, that forget about USERDIR. USERDIR is specifically to enable www.domain.com/~username WITHOUT having to set up vhosts etc.
Here's an example of multiple domains per user:
/etc/apache2/vhosts/jsmith.conf
| Code: |
#John Smith's file
# Domain www.dom1.com and catchall *.dom1.com
<VirtualHost *:80>
DocumentRoot "/var/www/dom1.com/htdocs"
ServerName www.dom1.com
ServerAlias *.dom1.com
ErrorLog /var/www/dom1.com/logs/error_log
CustomLog /var/www/dom1.com/logs/access_log combined
</VirtualHost>
# Domain www.dom2.com
<VirtualHost *:80>
DocumentRoot "/var/www/dom2/htdocs"
ServerName www.dom2.com
ErrorLog /var/www/dom2.com/logs/error_log
CustomLog /var/www/dom2.com/logs/access_log combined
</VirtualHost>
|
/etc/apache2/vhosts/tbrown.conf
| Code: |
#Tom Brown's file
# Domain www.tbrown.com - public
<VirtualHost *:80>
DocumentRoot "/var/www/tbrown.com/htdocs/public"
ServerName www.tbrown.com
ErrorLog /var/www/tbrown.com/logs/error_log
CustomLog /var/www/tbrown.com/logs/access_log combined
</VirtualHost>
# Domain private.tbrown.com - private
<VirtualHost *:80>
DocumentRoot "/var/www/tbrown.com/htdocs/private"
ServerName private.tbrown.com
ErrorLog /var/www/tbrown.com/logs/error_log
CustomLog /var/www/tbrown.com/logs/access_log combined
</VirtualHost>
|
Don't forget to give appropriate permissions to all those folders. I.e.:
| Code: | chown -R jbrown:apache /var/www/dom1.com
find /var/www/dom1.com -type f -exec chmod 644 {} \;
find /var/www/dom1.com -type d -exec chmod 755 {} \;
|
And you can figure out the rest of the details. Hope this helps! |
|
| Back to top |
|
|
Re-JeeP
Apprentice
Joined: 10 Oct 2006
Posts: 294
Location: Sweden
|
| Posted: Sat Aug 11, 2007 8:35 am Post subject: |
|
|
Hi! I think I found a solution! =)
I have one more question though. How can I reach the different sites from another computer?
Say that I have the sites temp, temp2 and localhost.
I tried with <myip>/{temp, temp2, localhost} but no success!
_________________
Dig where you stand! |
|
| Back to top |
|
|
MickKi
Veteran
Joined: 08 Feb 2004
Posts: 1179
|
| Posted: Sat Aug 11, 2007 12:41 pm Post subject: Total noob in apache configuration! |
|
|
| Re-JeeP wrote: | | I tried with <myip>/{temp, temp2, localhost} but no success! |
Same here . . .
I want to set up a LAN server for website development, but I do not run a DNS server (other than the Netgear router) to resolve these names. Also, these websites exist in the wild and pointing a browser from within the LAN to website1.com will resolve through the router to the remote (real) server, as opposed to the LAN (development) server.
What's the best way to achieve this if I too want to have different websites on the same machine and additionally be able to run webapps (e.g. drupal) on most of them?
_________________
Regards,
Mick |
|
| Back to top |
|
|
yaman666
Tux's lil' helper
Joined: 13 Dec 2002
Posts: 117
Location: Chicago, IL
|
| Posted: Sat Aug 11, 2007 2:15 pm Post subject: |
|
|
Well, the default localhost should be simply accessible by ip. It should be a catch-all when requested address doesn't match any of the domains in vhost files.
And as far as accessing the domains - you could tinker with iptables rules, but the easiest thing I found is to just temporarily edit hosts file.
linux:
windows:
| Code: | | c:\windows\System32\drivers\etc\hosts |
Let's say you set up www.domain1.com, www.domain2.com and private.domain2.com on local machine (127.0.0.1), then you edit hosts file and add:
So now your request goes to appropriate machine with appropriate url and matches your "www.domain1.com" in your vhosts file. |
|
| Back to top |
|
|
MickKi
Veteran
Joined: 08 Feb 2004
Posts: 1179
|
| Posted: Sat Aug 11, 2007 3:06 pm Post subject: |
|
|
| yaman666 wrote: | | Well, the default localhost should be simply accessible by ip. It should be a catch-all when requested address doesn't match any of the domains in vhost files. |
Well, if I type 192.168.0.2 I get the localhost default apache configuration. If I type 192.168.0.2/website1.com I get a not found error.
| yaman666 wrote: | | And as far as accessing the domains - you could tinker with iptables rules, but the easiest thing I found is to just temporarily edit hosts file. |
Unfortunately, one of the clients is a MS Windows machine. Modifying the LMHosts file would be an option, but then I would need to change it back every time, to be able to connect to the real website on the WAN server.
_________________
Regards,
Mick |
|
| Back to top |
|
|
yaman666
Tux's lil' helper
Joined: 13 Dec 2002
Posts: 117
Location: Chicago, IL
|
| Posted: Sun Aug 12, 2007 12:22 am Post subject: |
|
|
| MickKi wrote: | | Well, if I type 192.168.0.2 I get the localhost default apache configuration. If I type 192.168.0.2/website1.com I get a not found error. |
That is proper behaviour. Unless there's a directory website1.com within /var/www/localhost/htdocs, it won't be found. You could | Code: | | ln -s /var/www/website1.com/htdocs /var/www/localhost/htdocs/website1.com |
if you wanted that behavior.
| MickKi wrote: | | Unfortunately, one of the clients is a MS Windows machine. Modifying the LMHosts file would be an option, but then I would need to change it back every time, to be able to connect to the real website on the WAN server. |
In this case you can either link it under localhost as mentioned above, or add a SeverAlias dev.website1.com to the vhosts file and map dev.website1.com to the local lan ip, while keeping www.website1.com to production server. |
|
| Back to top |
|
|
MickKi
Veteran
Joined: 08 Feb 2004
Posts: 1179
|
| Posted: Sun Aug 12, 2007 8:15 am Post subject: |
|
|
| yaman666 wrote: | | In this case you can either link it under localhost as mentioned above, or add a SeverAlias dev.website1.com to the vhosts file and map dev.website1.com to the local lan ip, while keeping www.website1.com to production server. |
When you say "map dev.website1.com to the local lan ip" do your mean changing <VirtualHost *:80> to <VirtualHost 192.168.0.2:80> in the vhost.conf file, or are you still talking about editing /etc/hosts and LMHosts files?
I think I am getting myself confused . . .
Under /var/www/locahost/htdocs I have set up the link: | Code: | | /var/www/locahost/htdocs/website1.com -> /var/www/website1/htdocs |
The vhosts.conf file reads: | Code: | <VirtualHost 192.168.0.2:80>
ServerName www.website1.com
ServerAlias website1.com *.website1.com
DocumentRoot /var/www/website1/htdocs
</VirtualHost> |
Now, when I click on 192.168.0.2 I do not see the Apache page anymore, but the website1 page. 
_________________
Regards,
Mick |
|
| Back to top |
|
|
Re-JeeP
Apprentice
Joined: 10 Oct 2006
Posts: 294
Location: Sweden
|
| Posted: Sun Aug 12, 2007 11:19 am Post subject: |
|
|
| MickKi wrote: | | yaman666 wrote: | | In this case you can either link it under localhost as mentioned above, or add a SeverAlias dev.website1.com to the vhosts file and map dev.website1.com to the local lan ip, while keeping www.website1.com to production server. |
When you say "map dev.website1.com to the local lan ip" do your mean changing <VirtualHost *:80> to <VirtualHost 192.168.0.2:80> in the vhost.conf file, or are you still talking about editing /etc/hosts and LMHosts files? |
Isn't <VirtualHost ip:port> for ip based virutal hosting?
But I cant understand why you can't specify which virutal host you want to connect to in the URL!?
_________________
Dig where you stand! |
|
| Back to top |
|
|
MickKi
Veteran
Joined: 08 Feb 2004
Posts: 1179
|
| Posted: Sun Aug 12, 2007 12:10 pm Post subject: |
|
|
You can specify it in the URL but you will also need a DNS configuration to allow your client(s) to find it. That's what yaman666 suggested, by changing the /etc/hosts and LMHosts files.
_________________
Regards,
Mick |
|
| Back to top |
|
|
Re-JeeP
Apprentice
Joined: 10 Oct 2006
Posts: 294
Location: Sweden
|
| Posted: Sun Aug 12, 2007 4:29 pm Post subject: |
|
|
Well... I have three vhosts on my machine: temp, temp2 and localhost.
On my laptop I edited /etc/hosts and added the domains.
| Code: | 192.168.1.33 temp
192.168.1.33 temp2 |
And then I restarted the network:
| Code: | | /etc/init.d/net.eth1 restart |
But I cant reach either site by enter the URL: http://temp or http://temp2. But I can reach localhost on that computer by enter http://192.168.1.33 in the browser.
_________________
Dig where you stand! |
|
| Back to top |
|
|
yaman666
Tux's lil' helper
Joined: 13 Dec 2002
Posts: 117
Location: Chicago, IL
|
| Posted: Sun Aug 12, 2007 4:32 pm Post subject: |
|
|
So when you ping temp and temp2 from your laptop, you get 192.168.1.33?
And on 192.168.1.33 there is an entry in vhost file with ServerName temp and temp2?
(There's no need to restart the network, just apache when you change configuration.) |
|
| Back to top |
|
|
Re-JeeP
Apprentice
Joined: 10 Oct 2006
Posts: 294
Location: Sweden
|
| Posted: Sun Aug 12, 2007 4:36 pm Post subject: |
|
|
| yaman666 wrote: | | So when you ping temp and temp2 from your laptop, you get 192.168.1.33? |
| Code: | $ ping temp
PING temp (192.168.1.33) 56(84) bytes of data.
From temp (192.168.1.33) icmp_seq=1 Destination Port Unreachable
From temp (192.168.1.33) icmp_seq=2 Destination Port Unreachable
From temp (192.168.1.33) icmp_seq=3 Destination Port Unreachable
From temp (192.168.1.33) icmp_seq=4 Destination Port Unreachable
From temp (192.168.1.33) icmp_seq=5 Destination Port Unreachable
--- temp ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 3999ms
, pipe 3 |
| yaman666 wrote: | | And on 192.168.1.33 there is an entry in vhost file with ServerName temp and temp2? |
| Code: | <VirtualHost *:80>
DocumentRoot "/home/rejeep/temp_www"
ServerName temp
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/home/rejeep/temp_www2"
ServerName temp2
</VirtualHost> |
_________________
Dig where you stand! |
|
| Back to top |
|
|
yaman666
Tux's lil' helper
Joined: 13 Dec 2002
Posts: 117
Location: Chicago, IL
|
| Posted: Sun Aug 12, 2007 5:16 pm Post subject: |
|
|
| What error message are you getting when you try to access http://temp then? Site not found or something like forbidden, no permissions, etc? Is it even accessing the server? If so - check your apache log files, see if there's anything there. |
|
| Back to top |
|
|
Re-JeeP
Apprentice
Joined: 10 Oct 2006
Posts: 294
Location: Sweden
|
| Posted: Sun Aug 12, 2007 5:25 pm Post subject: |
|
|
| yaman666 wrote: | | What error message are you getting when you try to access http://temp then? Site not found or something like forbidden, no permissions, etc? Is it even accessing the server? If so - check your apache log files, see if there's anything there. |
Hmm... All of a sudden it started to work...!
Thanks a lot for the help! I have all the information I need now! 
_________________
Dig where you stand! |
|
| Back to top |
|
|
yaman666
Tux's lil' helper
Joined: 13 Dec 2002
Posts: 117
Location: Chicago, IL
|
| Posted: Tue Aug 14, 2007 5:40 pm Post subject: |
|
|
| MickKi wrote: | | yaman666 wrote: | | In this case you can either link it under localhost as mentioned above, or add a SeverAlias dev.website1.com to the vhosts file and map dev.website1.com to the local lan ip, while keeping www.website1.com to production server. |
When you say "map dev.website1.com to the local lan ip" do your mean changing <VirtualHost *:80> to <VirtualHost 192.168.0.2:80> in the vhost.conf file, or are you still talking about editing /etc/hosts and LMHosts files?
I think I am getting myself confused . . .
Under /var/www/locahost/htdocs I have set up the link: | Code: | | /var/www/locahost/htdocs/website1.com -> /var/www/website1/htdocs |
The vhosts.conf file reads: | Code: | <VirtualHost 192.168.0.2:80>
ServerName www.website1.com
ServerAlias website1.com *.website1.com
DocumentRoot /var/www/website1/htdocs
</VirtualHost> |
Now, when I click on 192.168.0.2 I do not see the Apache page anymore, but the website1 page. |
By mapping I mean map ip to name in your /etc/hosts or c:\windows\System32\drivers\etc\hosts (Not sure what the LMHosts file is). For example:
That will make your local machine go to that ip instead of what www.website1.com normally resolves to. When requests comes to apache it uses virtual host directives to determine which host to serve.
So <virtualhost 192.168.0.2:433> will listen only on port 433, only on ip 192.168.0.2, while <virtualhost *:80> will listen on all ips on port 80.
When your request comes in, it looks at the url next, so if you have your website1.com mapped to 192.168.0.2, you need this in your apache config. Keep in mind that www.website.com != website.com.
| Code: | <virtualhosts *:80>
ServerName website1.com
ServerAlias *.website1.com
DocumentRoot /var/www/website1.com/htdocs
</virtualhost>
<virtualhosts *:80>
DocumentRoot /var/www/localhost/htdocs
</virtualhost> |
The first one will catch all website1.com and *.website1.com requests, while the second will catch everything else.
Does this make sense now? |
|
| Back to top |
|
|
MickKi
Veteran
Joined: 08 Feb 2004
Posts: 1179
|
| Posted: Sat Aug 18, 2007 10:44 am Post subject: |
|
|
Thank you so much!
It all makes sense now and I have it working as I wanted. Next stage is to set up s/ftp access, but this brings me to the issue of access rights and what not.
The server is meant to be accessed by different users who will be modifying website files. These users do not have a linux user account on the box. There is an apache user (default installation) but I don't know what the passwd is - I didn't set one up yet. How would you recommend I go about setting up this server so that website developers can access it for the purpose of modifying the htdocs only?
How do I go about setting up sftp access?
Thanks again for all your help.
_________________
Regards,
Mick |
|
| Back to top |
|
|
yaman666
Tux's lil' helper
Joined: 13 Dec 2002
Posts: 117
Location: Chicago, IL
|
| Posted: Sun Aug 19, 2007 12:43 am Post subject: |
|
|
| MickKi wrote: | | Next stage is to set up s/ftp access, but this brings me to the issue of access rights and what not. The server is meant to be accessed by different users who will be modifying website files. These users do not have a linux user account on the box. How do I go about setting up sftp access? |
If you want to prevent the user from using regular shell commands look into rssh or scponly
http://www.pizzashack.org/rssh/
http://sublimation.org/scponly/wiki/index.php/Main_Page
| MickKi wrote: | | There is an apache user (default installation) but I don't know what the passwd is - I didn't set one up yet. |
Don't touch apache user, noone should use it.
| MickKi wrote: | | How would you recommend I go about setting up this server so that website developers can access it for the purpose of modifying the htdocs only? |
Once you set up sftp/scp only accounts, you can | Code: | | ln -s /var/www/usersite/htdocs /home/user/www |
(I think it should work with rssh/scponly, never done it myself before).
And give appropriate permissions to the files inside htdocs, so that user has full access to read/write/delete and apache has read access (write if necessary). Such as | Code: | | chown -R user:apache /var/www/usersite/htdocs |
|
|
| Back to top |
|
|
MickKi
Veteran
Joined: 08 Feb 2004
Posts: 1179
|
| Posted: Sun Aug 19, 2007 3:31 pm Post subject: |
|
|
| yaman666 wrote: | | MickKi wrote: | | How would you recommend I go about setting up this server so that website developers can access it for the purpose of modifying the htdocs only? |
Once you set up sftp/scp only accounts, you can | Code: | | ln -s /var/www/usersite/htdocs /home/user/www |
(I think it should work with rssh/scponly, never done it myself before). |
Are you saying that I should first create Linux user accounts for each person that I want to be able to access and modify and the htdocs?
_________________
Regards,
Mick |
|
| Back to top |
|
|
yaman666
Tux's lil' helper
Joined: 13 Dec 2002
Posts: 117
Location: Chicago, IL
|
| Posted: Mon Aug 20, 2007 12:45 am Post subject: |
|
|
| MickKi wrote: | | Are you saying that I should first create Linux user accounts for each person that I want to be able to access and modify and the htdocs? |
Well you don't want different users to access each other accounts, do you? Give them each their own account, a limiting shell such as rssh, and access to only their files. |
|
| Back to top |
|
|
|
Networking & Security
