9.5. I Need Multiple Web Sites but Have Only One IP Address Even though there are over four billion IPv4 addresses, they're scarce in some areas. IPv4 addresses today are rationed through ISPs. Quite often, a site needs to offer many instances of a servereach with a different domain namebut has only one public IP address that they all have to share. For instance, you might be offering web sites to many users at low cost, or merging organizations but allowing each to keep its own web site with its original domain name. Apache lets you accomplish this through a feature called virtual hosting. Until Apache 2.0, it was difficult to configure more than one web site per IPv4 address. Now, you can configure as many web sites as you need using a single IP address. While virtual hosting has now been backported to the latest versions of Apache 1.x, I'll show you how to configure virtual hosts based on the default versions of Apache 2.x available for Debian Sarge, SUSE Linux Professional, and Red Hat Enterprise Linux/Fedora Linux.  | As the Apache web server is a complex system, I can cover only a few associated directives in detail here. For more information, start with http://httpd.apache.org and O'Reilly's Apache Cookbook by Ken Coar and Rich Bowen. |
|
9.5.1. Variations Among Distributions Each of our major distributions varies in its default Apache configurations, as well as how it accommodates virtual hosts: Red Hat/Fedora encourages configuration of virtual hosts as a part of the main Apache configuration file, /etc/httpd/conf/httpd.conf; sample commands are included near the end of the default version of this file. Debian's default Apache configuration file has an Include directive that allows you to configure virtual hosts in the /etc/apache2/sites-enabled directory. SUSE's default Apache configuration file has an Include directive that allows you to configure virtual hosts in the /etc/apache2/vhosts.d directory, in a .conf file.
In theory, you could take configuration files and directory structures from one distribution and copy them to another. However, every distribution may use different methods and defaults when it builds its Apache package. Related systems may process Apache directives differently. Even though each distribution starts with the same Apache source code, the results vary. 9.5.2. Configuring a Virtual Host In this section, I'll show you how to configure multiple virtual hosts on each of our major Linux distributions, using their default configuration files. First, I'll show you the more commonly configured directives. Then, in separate subsections, I'll show you how to modify the default configuration files for each of the covered distributions to create the virtual hosts you need. Assuming you're satisfied with the defaults in the configuration files, you'll want to focus on the following directives:
NameVirtualHost Set this directive to the IP address of your web server, e.g.: NameVirtualHost 192.168.0.11
Once you set the shared IP address for your web server, you can define each virtual host in stanzas, delineated by a <VirtualHost> container. In other words, every virtual host container on this web server will start with <VirtualHost 192.168.0.11> and end with </VirtualHost>.
UseCanonicalName Off Keep this Off; otherwise, this web server assumes the default ServerName is the URL for all virtual hosts.
ServerAdmin Set this directive to the email address of the administrator. Error messages normally include a link to this address. Include this directive within <VirtualHost> containers if each of your web sites has a different webmaster.
ServerName Within a <VirtualHost> container, set this directive to the FQDN for the web site.
DocumentRoot Assign the directory containing your web pages to this directive. Make sure to configure a different DocumentRoot directory for each virtual host. Create these directories if they don't already exist.
ErrorLog / CustomLog Assign these directives to the name and location you want for these logs. Once they are configured, you can measure access attempts (CustomLog) and errors (ErrorLog) for each web site. In my opinion, it's best if you use the same directory as DocumentRoot. However, you may also want to assign a subdirectory of /var/log so they're managed by the standard cron job, as defined in /etc/cron.daily/logrotate. Now I'll show you how these directives (and others) can be used to create virtual hosts, based on the default Apache configuration files associated with Debian, SUSE, and Red Hat/Fedora Linux. 9.5.2.1. Debian virtual hosts On a Debian Sarge system, the first step is to make sure you have the right packages installed. Apache 1.x and 2.x packages are available from the standard repositories. Don't install both, unless you're prepared to run them on different ports or, better yet, on different virtual machines such as Xen. For the purpose of this annoyance, install the apache2 packages. Taking advantage of dependencies, the easiest way to do so is with the following command: apt-get install apache2-utils
Before you start configuring a virtual host, take a look at the base Apache configuration file, /etc/apache2/apache2.conf. You'll see the following lines near the end of the file: # Include the virtual host configurations: Include /etc/apache2/sites-enabled/[^.#]*
This particular Include directive incorporates the code within all files from the specified /etc/apache2/sites-enabled/ directory. Now make a copy of the default file from the noted directory. Store the copy in that same directory. Once configured, you can use the a2ensite command as described in the following list of instructions to create a symbolic link in the /etc/apache2/sites-enabled/ directory. My copy of the default file starts with the NameVirtualHost directive, which suggests that this file should contain all VirtualHost web site containers for this web server. To create your first virtual host, take the following steps: If you haven't already done so, make a copy of the default file in the /etc/apache2/sites-available directory and open the copy in a text editor. Change the NameVirtualHost directive to point to the IP address that you're sharing for your web serversfor example: NameVirtualHost 192.168.0.11:80
You don't need the :80 at the end of the directive if you include the following directive in the main /etc/apache2/apache2.conf file: Listen 80
Copy the <VirtualHost> container, with default contents. Make a copy for each web site that you want to configure on this server. Configure your first web site. Start with the first <VirtualHost> container. Set the ServerAdmin directive to the email address of the webmaster of this web site. ServerAdmin webmaster@example.com
Set the DocumentRoot to the directory that will contain the files for this web site. DocumentRoot /var/www/yum
Generally, you don't need to change the defaults for the <Directory /> container; they support symbolically linked files, which are often necessary for links to images, as well as to prevent crackers from changing access permissions on this web server. <Directory /> Options FollowSymLinks AllowOverride None </Directory>
Configure access to the directory for this web site. At minimum, change the <Directory /var/www> directive to match the DocumentRoot. The default Options directive supports showing an index of files if there's no DirectoryIndex file in the DocumentRoot directory, following symbolic links outside the directory and content negotiation based on the default language of the browser. The other directives forbid overrides, allow access from all users, and allow redirection to a different directory (/etc/apache2-default/): <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all # This directive allows us to have apache2's default start page # in /apache2-default/, but still have / go to the right place RedirectMatch ^/$ /apache2-default/ </Directory>
Generally, you won't need to change the next stanza either. CGI programs are commonly used on web sites; the default ScriptAlias directive links such programs in the cgi-bin/ subdirectory of DocumentRoot with the /usr/lib/cgi-bin directory. The Options directive supports execution of CGI scripts, prevents content negotiation, and follows symbolic links only if they are owned by the same user: ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory>
Configure the logfiles for your virtual host so they're segregated from others. You can configure them in a subdirectory of the DocumentRoot or a subdirectory of /var/log/apache2. You can segregate logfiles with the following directives in your virtual host container: ErrorLog /var/log/apache2/yum/error.log CustomLog /var/log/apache2/yum/access.log combined ServerSignature On
Generally, you won't need to change the next Alias directive and stanza; they specify a link to a documents directory accessible only on the web server computer. Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory>
Now return to step 3 and repeat the process for the other web sites you want to configure on this system. Make sure to add appropriate entries to your DNS server. Most DNS servers allow a CNAME record to specify more than one hostname for each IP address, so you can simply list all your virtual hosts' URLs in your DNS database. Make sure you have directories and appropriate web site files for each of the directives shown. Run the a2ensite command, which creates a link from the configuration you created to the /etc/apache2/sites-enabled directory. Restart the Apache server. Add appropriate HTML files to the DocumentRoot directory for each web site. Test your new virtual host-based web sites.
9.5.2.2. SUSE virtual hosts SUSE strongly encourages the use of YaST for most configuration tasks; however, I've found this to be problematic for virtual hosts. I will therefore show you how to configure a SUSE virtual host from the configuration files. On SUSE Linux 9.3, they are organized similarly to Debian's. The Apache 2.x packages have names beginning with apache2. The configuration files are stored in the /etc/apache2 directory. The main Apache configuration file for SUSE is httpd.conf. Look near the bottom of the default version of this file; it includes a section entitled Virtual Server Configuration, with one directive: Include /etc/apache2/vhosts.d/*.conf
This directive includes the code from any .conf files in the vhosts.d/ subdirectory. To make this work with one IP address, you'll also need to include a NameVirtualHost directive in the main httpd.conf configuration file, with the shared IP address. For example, the following directive shares 192.168.0.11: NameVirtualHost 192.168.0.11:80
You may not need the :80 at the end of the directive, if you include the following Listen directive: Listen 80
With the following steps, I show you how you can use the vhosts.template file. While you can include almost any Apache directive, these steps are limited to the active default directives, which I've modified slightly, assuming a web site URL of yum.example.com: Make a copy of vhosts.template. The following commands match the aforementioned Include directive. You can make additional copies if you're configuring more than one virtual host: cd /etc/apache2/vhosts.d cp vhosts.template vhost1.conf
Open the copy that you've created of vhosts.template in a text editor. Add the IP address that you're using to the VirtualHost container directive: <VirtualHost 192.168.0.12:80>
Set the ServerAdmin to the email address of the webmaster for this site, the ServerName to the URL that you want used for the site, and the DocumentRoot to an exclusive directory: ServerAdmin michael@example.com ServerName yum.example.com DocumentRoot /srv/www/vhosts/yum.example.com
Configure the logfiles. The following directives identify them with the name of the web site, in the standard directory where they're stored with other logfiles: ErrorLog /var/log/apache2/yum.example.com-error_log CustomLog /var/log/apache2/yum.example.com-access_log combined
The following default directives, in order, eliminate lookups of the URL of the requesting browser; allow the use of different URLs for each individual virtual host; and add a footer, normally with a link to the webmaster's email address, to error messages: HostNameLookups Off UseCanonicalName Off ServerSignature On
If you have CGI scripts, the following directive and Directory stanza allow you to store those scripts in the noted directory. The options in the Options directive support execution of CGI scripts and prevent the use of server-side includes: ScriptAlias /cgi-bin/ "/srv/www/vhosts/yum.example.com/cgi-bin/" <Directory "/srv/www/vhosts/dummy-host.example.com/cgi-bin"> AllowOverride None Options +ExecCGI -Includes Order allow,deny Allow from all </Directory>
You can allow users to browse their home directories with the following stanza, but I do not recommend it. This stanza may allow others to browse individual home directories. I therefore recommend that you comment out the following directives: <IfModule mod_userdir.c> UserDir public_html Include /etc/apache2/mod_userdir.conf </IfModule>
You should also configure settings for the directory with web site files for this virtual host. The example shown here supports directory listings if there is no index.html page, as well as symbolic links: <Directory "/srv/www/vhosts/yum.example.com"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>
Now return to step 1 and repeat the process for the other web sites you want to configure on this system. Make sure to add appropriate entries to your DNS server. For example, on a regular DNS server, a CNAME record can support more than one hostname for each IP address. Make sure you have directories and appropriate web site files for each of the directives shown. Restart the Apache server. Test your new virtual host-based web sites.
9.5.2.3. Red Hat/Fedora virtual hosts On a Red Hat Enterprise Linux or a Fedora Linux system, the first step is to make sure you have the right Apache packages installed. For these distributions, they have names such as httpd. Taking advantage of dependencies, the easiest way to install the packages is with the following command: up2date -u httpd
| If you want a secure web site using the HTTPS protocol on RHEL or Fedora, you'll also need to install the mod_ssl RPM, which installs a sample virtual host configuration in /etc/httpd/conf.d/ssl.conf. |
|
On Red Hat-based distributions, virtual hosts are most easily configured as part of the main /etc/httpd/conf/httpd.conf configuration file. Sample code is already available in the default version of this file. I'll show you how you can configure virtual hosts using these suggested directives: #NameVirtualHost *: #<VirtualHost *:80> # ServerAdmin webmaster@dummy-host.example.com # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com # ErrorLog logs/dummy-host.example.com-error_log # CustomLog logs/dummy-host.example.com-access_log common #</VirtualHost>
If you prefer to configure virtual hosts in separate files, you can add an appropriate Include directive. As SUSE and Debian both configure virtual hosts in separate files, you can find guidance on how to configure the Include directive in those sections listed earlier. Now, for Red Hat-based guidance on creating virtual hosts, start by making a backup of the default httpd.conf file. Copy the commented code shown above and place it at the end of the file. Make as many copies as you need virtual hosts. Then take the following steps: Uncomment the code that you're planning to use. Specify the IP address that you're using for the web server by uncommenting the following directive and adding the IP address that you're using for your virtual hosts (in this case, 192.168.0.11): NameVirtualHost 192.168.0.11:80
If you've installed the mod_ssl RPM, you need to specify the port (80 for standard web sites) to distinguish this virtual host from a secure virtual host. Add the IP address to the VirtualHost container for your first web site: <VirtualHost 192.168.0.11:80>
Specify an email address for the administrator for the web site: ServerAdmin michael@example.com
Set a DocumentRoot and ServerName for the web site; Red Hat encourages the use of the web site URL in the directory. I use yum.example.com here: DocumentRoot /www/docs/yum.example.com ServerName yum.example.com
Configure appropriate logfiles. Based on the ServerRoot directive earlier in the file, these logs are stored in a subdirectory of /etc/httpd; the logs subdirectory is linked to /var/log/httpd. ErrorLog logs/yum.example.com-error_log CustomLog logs/yum.example.com-access_log common
Now return to step 1 and repeat the process for the other web sites you want to configure on this system. Make sure to add appropriate entries to your DNS server. For example, on a regular DNS server, a CNAME record can support more than one hostname for each IP address. Make sure you have directories and appropriate web site files for each of the directives shown. Restart the Apache server. Test your new virtual host-based web sites.
|
