# httpd-users mailing list archives

##### Site index · List index
Message view
Top
From "Leif W" <warp-...@usa.net>
Subject Re: [users@httpd] Need a Virtual Host Refresher Course
Date Wed, 09 Feb 2005 15:55:43 GMT
> "David Blomstrom" <david_blomstrom@yahoo.com>; 2005-02-09@00:31 GMT-5
>
> First, am I going to run into problems if Apache 2 and
> IIS are both running on my computer?

The only problem I am aware of, is if you try to run both on the same
port.  The default port for the HTTP protocol is port 80.  Therefore if
you want to type http://somesite.tld/ in a browser, either Apache can be
configured for port 80, and handle the request, or IIS can be configured
for port 80 and handle the request, but NOT BOTH.  Now, if you wanted
Apache to handle the default case for this site and IIS to be available
for other sites, or for testing this site, you could change IIS to use
another port (over 1024), say 8080.  Then it's
http://othersite.tld:8080/ , where you manually specify the port in the
URL in the browser.

> Second, I ran into a few problems with paths last
> time. As I recall, you're suppposed to put your
> websites inside the Apache folder, or something like
> that. But I wanted to keep them separate. Thus, my
> websites are at C:\sites, while Apache is at
> C:\apachefriends\xampp\apache, so I had to copy some
> folders from XAMPP and move them into my sites folder,
> if I rembember correctly.

I don't know where you got this idea, but it is not correct.  You files
can be anywhere that the user the Apache process runs under has access
to read (and execute for some scripts or other programs, PHP needs only
read access).  Just remember to use the forward slash "/" and not the
back slash "\" for the path separator.  And it's a good habit to always
use double quotes "" around path names.  It only matters for path
nameswith spaces or maybe other odd characters.  But nonetheless it's a
good habit to do it always, as it doesn't hurt anything if you do it,
but might break if you have a space in a pathname and forget to quote.

> At any rate, I just wondered if there's a way to leave
> my Apache folder and websites right where they are -
> in separate folders - and still set up virtual hosts.

Depends upon your folder structure.  It only matters if it is designed
to do what you want.  It can be configured to serve files in any way by
Apache, but not always the way you want.

I mean, usually I'd do something like this:

C:/sites/site1
C:/sites/site2
C:/sites/site3

And inside each:

C:/sites/site1/cgi-bin
C:/sites/site1/logs
C:/sites/site1/private
C:/sites/site1/public_html
C:/sites/site1/ssl

And so on.  The DocumentRoot would be C:/sites/site1/public_html , all
the other folders should NEVER be inside a DocumentRoot, because they
should never allow their files to be served directly to the world.

> Finally, I wondered if anyone can recommend a good
> virtual hosts tutorial. As I recall, I had to search a
> while before I found one. (I'm using Windows XP and
> will be working with Dreamweaver.)

Probably learn nearly everything you need to know by reading the manual.
It should be at /manual on your site (http://localhost/manual/).  So far
for basic setups, the only gotchas I have experienced that weren't in
the docs were the global /manual/ being served and the explicit and
consistent use of ip:port even if the docs say it's optional.

1) ip:port should be specified in Listen, NameVirtualHost and
<VirtualHost> lines, and hostname:port should be specified in the
ServerName line.  This can avoid some subtle problems.  For example:

Listen 1.2.3.4:80
NameVirtualHost 1.2.3.4:80

<VirtualHost 1.2.3.4:80>
ServerName somesite.tld:80
# and the rest
</VirtualHost>

<VirtualHost 1.2.3.4:80>
ServerName othersite.tld:80
# and the rest
</VirtualHost>

2) The /manual/ directory is by default configured in the scope of the
main config (outside of any <VirtualHost> section).  As a result, ALL
<VirtualHost> sections inherit this and make it available to everyone.
The same is done with the /icons/ folder, which may be ok if you will
use auto indexing (<Directory> Options +Index).  The problem is that I
come to my site to read the Apache manual, when they likely have their
own copy, or can view the official, up-to-date manual at the Apache
site.  So I should like to restrict access to the manual to localhost
(the machine itself), and perhaps machines on the local network, or a
remote machine (home or office).  The easiest way I found to do this,
just cut the entire "Alias /manual" and "Directory C:/Apache2/manual"
lines, and paste then into a separate .conf file.  You can put the file
anywhere you like so long as Apache can read it.  But I just went into
the "C:/Apache2/conf" folder and made an "inc" folder, and put the file
"manual.conf" in there.  I did the same for the /icons/.  Then I just
use "Include C:/Apache2/conf/inc/manual.conf" inside a VirtualHost which
only Listens to localhost (127.0.0.1:80) or the LAN (192.168.1.10:80).
If I want to allow external IPs, I have to Listen on an external IP as
well, but need to use a modified Directory to "Order allow,deny" "Allow
from ip1 ip-range2 ip3" "Deny from all".  Some may simply say to do this
in the main conf, but then people can still see if /manual/ exists in
the site, and get a forbidden page, so it's not as clean as I'd like.

> If I remember correctly, the process was actually
> pretty simple. I think I just modified Apache's conf
> file, pasted the htdocs folder inside C:\sites with my
> websites, then restarted my computer. Does that sound

There should be no need to restart the computer.  Either use the windows
services dialog to stop and start, or much better (to catch any error
messages), open a command prompt and use
"C:\path\to\Apache2\bin\apache.exe -k restart".

> Below is an example of what my virtual hosts looked
> like with my original XAMPP/Apache installation:

Listen 127.0.0.1:80
NameVirtualHost 127.0.0.1:80

Well, first make sure you have your Listen in the main conf file
(usually httpd.conf).

> <VirtualHost 127.0.0.1>
> DocumentRoot "c:/sites"
> ServerName localhost
> ErrorLog logs/localhost_error.log
> CustomLog logs/localhost_access.log common
> </VirtualHost>

This looks odd.  You want to show all sites hosted on the computer, and
access them by http://localhost/site1/ , http://localhost/site2/ ,
http://localhost/site3/ ?  Because that is what you have specified here.
I would say it's a security concern if it wasn't 127.0.0.1 but an
external IP, because you've just given a list of all your sites, and
full access to the log files of every other site, and probably source
codes of all programs, which might contain database passwords, among
other things.  I would not ever use this VirtualHost.  If you want a
list of all sites on the box, I'd keep track of it another way, and
access those sites directly.

> <VirtualHost 127.0.0.1>
> DocumentRoot "c:/sites/htdocs"
> ServerName htdocs
> ServerAlias *.htdocs
> ErrorLog logs/geobop-error.log
> ScriptAlias /cgi-bin/ "c:/sites/htdocs/cgi-bin/"
> <Directory "c:/sites/htdocs">
> Options All Includes Indexes
> </Directory>
> </VirtualHost>

Too much to change, so Ill comment and recap below.

Change the VirtualHost to 127.0.0.1:80, make sure it matches exactly
what is in Listen and NameVirtualHost, to avoid problems.

Again, if you have other folder under "htdocs", then you've just granted

C:/sites/geobop
C:/sites/geobop/cgi-bin (this is why you use the ScriptAlias, to insert
this other folder into the web tree that starts at DocRoot)

Also, those logs are being stored relative to the ServerRoot, because
they have a relative path, not an absolute path (starting with C:/).
This may be what you want, to have the logs all in one folder.  Another
option, which may or may not suit your tastes, is to create a folder and
specify an absolute path.

Folder: C:/sites/geobop/logs
ErrorLog "C:/sites/geobop/logs/geobop-error.log".

The convenience for me, is I can fiddle with scripts, and not have to
search through other folders for the log file, so it's nearby.  The
point is moot though, if you keep the logs open in a text editor that is
aware of changes and reloads.  You may want the logs all in the same
place, to process easily, so that was why you put in the ServerRoot.
But if you use the exact same directory structure, and the log
processing program understand wildcards, you can specify
C:/sites/*/logs/*-error.log.  Same with access logs.  Which brings me to
my next point.

I don't see any access logs here, which means it's all being stuffed
into the main access log file.  That's fine, but you want to be able to
easily tell which line belongs to which site, and the default "Common
Log Format" or "combined log format" will not let you do this.  Apache
can easily log the virtual host name.  Just copy the LogFormat line for
"combined", and add %v or %V at the beginning, and change the "combined"
to "vcombined" (or something else) to distinguish the name.  Go to some
first section after the summary, named "Custom Log Formats".  Then use
"CustomLog C:/sites/geobop/logs/access-log vcombined".

Options All implies Includes and Indexes.  Are you using server-side
includes?  If not, don't give the option, one less thing to worry about.
Are you going to allow everyone to view the contents of every folder
that doesn't have a file specified by the DirectoryIndex directive?
This may be fine, or not, depending on the contents of the folder.  It's
usually a better idea to disable it at the root and then explicitly
enable it only for the places you are consciously aware that you want
it.  Uually I give Options None and consciously grant options later if I
need them.

ServerAdmin of an htdocs folder, or of a site named geobop?  It's fairly
trivial but one of those things I noticed.

ServerName htdocs?  Shouldn't it be geobop?  Don't forget to specify the
port.  ServerAlias needs no port, and will break if you try to use one,
but shouldn't it be geobop again?  the *. will match www.geobop and
mail.geobop and so on.

ScriptAlias is just about right, except it was geobop, not htdocs.

Directory, specify geobop...

Additionally, you may need to specify a Directory to correspond to the
ScriptAlias, and allow Options ExecCGI.  Alias and ScriptAlias inject
the folder into the DocumentRoot, and Directory lets you specify Options
(among other things).

To recap the changes:

<VirtualHost 127.0.0.1:80>
ServerName geobop:80
ServerAlias *.geobop

CustomLog "C:/sites/geobop/logs/geobop-access.log" vcombined
ErrorLog "C:/sites/geobop/logs/geobop-error.log"

DocumentRoot "c:/sites/geobop"
<Directory "c:/sites/geobop">
Options None
</Directory>

ScriptAlias /cgi-bin/ "c:/sites/geobop/cgi-bin/"
<Directory "C:/sites/geobop/cgi-bin">
Options +ExecCGI
</Directory>
</VirtualHost>

Leif

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.