httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leif W" <warp-...@usa.net>
Subject Re: [users@httpd] Need a Virtual Host Refresher Course
Date Wed, 09 Feb 2005 15:55:43 GMT
> "David Blomstrom" <david_blomstrom@yahoo.com>; 2005-02-09@00:31 GMT-5
>
> First, am I going to run into problems if Apache 2 and
> IIS are both running on my computer?

The only problem I am aware of, is if you try to run both on the same 
port.  The default port for the HTTP protocol is port 80.  Therefore if 
you want to type http://somesite.tld/ in a browser, either Apache can be 
configured for port 80, and handle the request, or IIS can be configured 
for port 80 and handle the request, but NOT BOTH.  Now, if you wanted 
Apache to handle the default case for this site and IIS to be available 
for other sites, or for testing this site, you could change IIS to use 
another port (over 1024), say 8080.  Then it's 
http://othersite.tld:8080/ , where you manually specify the port in the 
URL in the browser.

> Second, I ran into a few problems with paths last
> time. As I recall, you're suppposed to put your
> websites inside the Apache folder, or something like
> that. But I wanted to keep them separate. Thus, my
> websites are at C:\sites, while Apache is at
> C:\apachefriends\xampp\apache, so I had to copy some
> folders from XAMPP and move them into my sites folder,
> if I rembember correctly.

I don't know where you got this idea, but it is not correct.  You files 
can be anywhere that the user the Apache process runs under has access 
to read (and execute for some scripts or other programs, PHP needs only 
read access).  Just remember to use the forward slash "/" and not the 
back slash "\" for the path separator.  And it's a good habit to always 
use double quotes "" around path names.  It only matters for path 
nameswith spaces or maybe other odd characters.  But nonetheless it's a 
good habit to do it always, as it doesn't hurt anything if you do it, 
but might break if you have a space in a pathname and forget to quote.

> At any rate, I just wondered if there's a way to leave
> my Apache folder and websites right where they are -
> in separate folders - and still set up virtual hosts.

Depends upon your folder structure.  It only matters if it is designed 
to do what you want.  It can be configured to serve files in any way by 
Apache, but not always the way you want.

I mean, usually I'd do something like this:

C:/sites/site1
C:/sites/site2
C:/sites/site3

And inside each:

C:/sites/site1/cgi-bin
C:/sites/site1/logs
C:/sites/site1/private
C:/sites/site1/public_html
C:/sites/site1/ssl

And so on.  The DocumentRoot would be C:/sites/site1/public_html , all 
the other folders should NEVER be inside a DocumentRoot, because they 
should never allow their files to be served directly to the world.

> Finally, I wondered if anyone can recommend a good
> virtual hosts tutorial. As I recall, I had to search a
> while before I found one. (I'm using Windows XP and
> will be working with Dreamweaver.)

Probably learn nearly everything you need to know by reading the manual. 
It should be at /manual on your site (http://localhost/manual/).  So far 
for basic setups, the only gotchas I have experienced that weren't in 
the docs were the global /manual/ being served and the explicit and 
consistent use of ip:port even if the docs say it's optional.

1) ip:port should be specified in Listen, NameVirtualHost and 
<VirtualHost> lines, and hostname:port should be specified in the 
ServerName line.  This can avoid some subtle problems.  For example:

Listen 1.2.3.4:80
NameVirtualHost 1.2.3.4:80

<VirtualHost 1.2.3.4:80>
    ServerName somesite.tld:80
    # and the rest
</VirtualHost>


<VirtualHost 1.2.3.4:80>
    ServerName othersite.tld:80
    # and the rest
</VirtualHost>

2) The /manual/ directory is by default configured in the scope of the 
main config (outside of any <VirtualHost> section).  As a result, ALL 
<VirtualHost> sections inherit this and make it available to everyone. 
The same is done with the /icons/ folder, which may be ok if you will 
use auto indexing (<Directory> Options +Index).  The problem is that I 
have had Google bots cache these files, and then people use Google and 
come to my site to read the Apache manual, when they likely have their 
own copy, or can view the official, up-to-date manual at the Apache 
site.  So I should like to restrict access to the manual to localhost 
(the machine itself), and perhaps machines on the local network, or a 
remote machine (home or office).  The easiest way I found to do this, 
just cut the entire "Alias /manual" and "Directory C:/Apache2/manual" 
lines, and paste then into a separate .conf file.  You can put the file 
anywhere you like so long as Apache can read it.  But I just went into 
the "C:/Apache2/conf" folder and made an "inc" folder, and put the file 
"manual.conf" in there.  I did the same for the /icons/.  Then I just 
use "Include C:/Apache2/conf/inc/manual.conf" inside a VirtualHost which 
only Listens to localhost (127.0.0.1:80) or the LAN (192.168.1.10:80). 
If I want to allow external IPs, I have to Listen on an external IP as 
well, but need to use a modified Directory to "Order allow,deny" "Allow 
from ip1 ip-range2 ip3" "Deny from all".  Some may simply say to do this 
in the main conf, but then people can still see if /manual/ exists in 
the site, and get a forbidden page, so it's not as clean as I'd like.

> If I remember correctly, the process was actually
> pretty simple. I think I just modified Apache's conf
> file, pasted the htdocs folder inside C:\sites with my
> websites, then restarted my computer. Does that sound
> about right?

There should be no need to restart the computer.  Either use the windows 
services dialog to stop and start, or much better (to catch any error 
messages), open a command prompt and use 
"C:\path\to\Apache2\bin\apache.exe -k restart".

> Below is an example of what my virtual hosts looked
> like with my original XAMPP/Apache installation:

I'll make changes and comments.

Listen 127.0.0.1:80
NameVirtualHost 127.0.0.1:80

Well, first make sure you have your Listen in the main conf file 
(usually httpd.conf).

> <VirtualHost 127.0.0.1>
> ServerAdmin admin@localhost
> DocumentRoot "c:/sites"
> ServerName localhost
> ErrorLog logs/localhost_error.log
> CustomLog logs/localhost_access.log common
> </VirtualHost>

This looks odd.  You want to show all sites hosted on the computer, and 
access them by http://localhost/site1/ , http://localhost/site2/ , 
http://localhost/site3/ ?  Because that is what you have specified here. 
I would say it's a security concern if it wasn't 127.0.0.1 but an 
external IP, because you've just given a list of all your sites, and 
full access to the log files of every other site, and probably source 
codes of all programs, which might contain database passwords, among 
other things.  I would not ever use this VirtualHost.  If you want a 
list of all sites on the box, I'd keep track of it another way, and 
access those sites directly.

> <VirtualHost 127.0.0.1>
> ServerAdmin webmaster@htdocs
> DocumentRoot "c:/sites/htdocs"
> ServerName htdocs
> ServerAlias *.htdocs
> ErrorLog logs/geobop-error.log
> ScriptAlias /cgi-bin/ "c:/sites/htdocs/cgi-bin/"
> <Directory "c:/sites/htdocs">
> Options All Includes Indexes
> </Directory>
> </VirtualHost>

Too much to change, so Ill comment and recap below.

Change the VirtualHost to 127.0.0.1:80, make sure it matches exactly 
what is in Listen and NameVirtualHost, to avoid problems.

Again, if you have other folder under "htdocs", then you've just granted 
access to things which people should not have access to.

Change your folder stucture.

C:/sites/geobop
C:/sites/geobop/htdocs (this is your DocRoot)
C:/sites/geobop/cgi-bin (this is why you use the ScriptAlias, to insert 
this other folder into the web tree that starts at DocRoot)

Also, those logs are being stored relative to the ServerRoot, because 
they have a relative path, not an absolute path (starting with C:/). 
This may be what you want, to have the logs all in one folder.  Another 
option, which may or may not suit your tastes, is to create a folder and 
specify an absolute path.

Folder: C:/sites/geobop/logs
ErrorLog "C:/sites/geobop/logs/geobop-error.log".

The convenience for me, is I can fiddle with scripts, and not have to 
search through other folders for the log file, so it's nearby.  The 
point is moot though, if you keep the logs open in a text editor that is 
aware of changes and reloads.  You may want the logs all in the same 
place, to process easily, so that was why you put in the ServerRoot. 
But if you use the exact same directory structure, and the log 
processing program understand wildcards, you can specify 
C:/sites/*/logs/*-error.log.  Same with access logs.  Which brings me to 
my next point.

I don't see any access logs here, which means it's all being stuffed 
into the main access log file.  That's fine, but you want to be able to 
easily tell which line belongs to which site, and the default "Common 
Log Format" or "combined log format" will not let you do this.  Apache 
can easily log the virtual host name.  Just copy the LogFormat line for 
"combined", and add %v or %V at the beginning, and change the "combined" 
to "vcombined" (or something else) to distinguish the name.  Go to some 
Apache2 manual, and read about the formats in mod_log_config under the 
first section after the summary, named "Custom Log Formats".  Then use 
"CustomLog C:/sites/geobop/logs/access-log vcombined".

Options All implies Includes and Indexes.  Are you using server-side 
includes?  If not, don't give the option, one less thing to worry about. 
Are you going to allow everyone to view the contents of every folder 
that doesn't have a file specified by the DirectoryIndex directive? 
This may be fine, or not, depending on the contents of the folder.  It's 
usually a better idea to disable it at the root and then explicitly 
enable it only for the places you are consciously aware that you want 
it.  Uually I give Options None and consciously grant options later if I 
need them.

ServerAdmin of an htdocs folder, or of a site named geobop?  It's fairly 
trivial but one of those things I noticed.

ServerName htdocs?  Shouldn't it be geobop?  Don't forget to specify the 
port.  ServerAlias needs no port, and will break if you try to use one, 
but shouldn't it be geobop again?  the *. will match www.geobop and 
mail.geobop and so on.

ScriptAlias is just about right, except it was geobop, not htdocs.

Directory, specify geobop...

Additionally, you may need to specify a Directory to correspond to the 
ScriptAlias, and allow Options ExecCGI.  Alias and ScriptAlias inject 
the folder into the DocumentRoot, and Directory lets you specify Options 
(among other things).

To recap the changes:

<VirtualHost 127.0.0.1:80>
    ServerAdmin webmaster@geobop
    ServerName geobop:80
    ServerAlias *.geobop

    CustomLog "C:/sites/geobop/logs/geobop-access.log" vcombined
    ErrorLog "C:/sites/geobop/logs/geobop-error.log"

    DocumentRoot "c:/sites/geobop"
    <Directory "c:/sites/geobop">
        Options None
    </Directory>

    ScriptAlias /cgi-bin/ "c:/sites/geobop/cgi-bin/"
    <Directory "C:/sites/geobop/cgi-bin">
        Options +ExecCGI
    </Directory>
</VirtualHost>


Leif



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message