httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leif W" <warp-...@usa.net>
Subject Re: [users@httpd] Need a Virtual Host Refresher Course
Date Wed, 09 Feb 2005 19:36:51 GMT
> "David Blomstrom" <david_blomstrom@yahoo.com>; 2005-02-09@13:15 GMT-5
>
> OK, I set up a couple sites inside public_html
> folders, like this...
>
> C:\sites\politix\public_html\
>
> ...but now I can't preview them at all. In fact, I
> can't even preview the sites I didn't change, even
> though I could normally view them at
> http://localhost/mysite/

Ahh yes, this requires also that you have either the Servername 
registered in DNS (most common case), OR (probably you case, which I do 
for testing too) in your hosts file.

File: C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1    localhost
127.0.0.1    geozoo
127.0.0.1    politix

and so on.

If you want to view them at http://localhost/, then it's another config. 
Just go to the VirtualHost with the ServerName localhost, and add the 
Alias and Directory blocks for each host.  Or skip adding the directoy, 
and use a Redirect for each "mysite", to go to the actual site.  You 
would still need to update your hosts file with each site for the 
redirect, obviously.  If you have everything under localhost, then you 
are no longer doing virtual hosting, and all those sites are not 
independent, but part of the same site: localhost.  If everything in the 
sites is linked relatively (no links start with http://mysite/ , nor 
with /, only with path/to/filename, or ../../other/path/to/filename, 
this could be ok.

> The basic purpose of putting my content in a folder
> named public_html is security, right? So as long as no
> intruder gains access to my computer, I shouldn't need
> to both with public_html...right?

No only because of security but because it's the right way to do virtual 
hosting, which is what you asked about.  :-)  You could potentially be 
giving an intruder access to the computer.  You may listen only to IP 
address 127.0.0.1, but if this machine is connected to a network, there 
may be ways to come in from the outside and pretend to be coming from 
127.0.0.1, then they can look at the web site which you publish the logs 
for everyone to see, and you've got PHP available.  They can see path 
names in the logs, know where your Apache is, maybe know of a PHP 
vulnerability, upload their own scripts or content, run their own 
programs, reconfigure the server, change file timestamps and rewrite the 
logs to cover their tracks.  Even if I had the computer disconnected 
from the network, I would still never configure it this way, because it 
leads to not thinking of the consequences, and I might not be thinking 
of them when it really would matter.  Plus, once you get it right, it 
helps you to remember to keep doing it.  :-)

> So, if I go back to my original configuration...
>
> C:\sites\mysite\
>
> ...then would the following virtual host script still
> work, or do I have to modify it?
>
> <VirtualHost 127.0.0.1:80>
>    ServerAdmin webmaster@politix
>    ServerName politix:80
>    ServerAlias *.politix
>    CustomLog
> "C:/sites/politix/logs/politix-access.log" vcombined
>    ErrorLog "C:/sites/politix/logs/politix-error.log"
>    DocumentRoot "c:/sites/politix"
>    <Directory "c:/sites/politix">
>        Options None
>    </Directory>
>    ScriptAlias /cgi-bin/ "c:/sites/politix/cgi-bin/"
>    <Directory "C:/sites/politix/cgi-bin">
>        Options +ExecCGI
>    </Directory>
> </VirtualHost>

I'd still put the DocumentRoot in a separate folder.  The way you use 
it, it's the way I would use ServerRoot.  DocumentRoot is totally 
different from ServerRoot.  ServerRoot can only be in the main server 
config context (outside VirtualHost, never inside anything).  ServerRoot 
describes a folder with files that Apache needs to see, but should not 
ever serve to anyone (except manual, icons, error).  DocumentRoot 
describes folders with content that is most commonly served to anyone 
and everyone who can get a connection to Apache, by proper or imporper 
means.  The whole point of virtual hosting is to have separate 
servernames, and separate folders for content.

> Also, is this stuff case sensitive? In other words, if
> my physical path is actually C:\sites\GeoZoo\, should
> I write ServerName GeoZoo:80, or would geozoo:80 work?

* Hmm, all Apache tokens, I would assume are case sensitve (ServerName, 
not serverName).
* ServerName and ServerAlias values are not ever case sensitive.
* ServerAdmin should never be, but it depends on the mail server.  It's 
not standard to be case sensitive with email.  WaRp-9.9_(at)_uSa.NeT 
should work just fine to reach me.
* Path names in windows, it depends on the windows, but I would say are 
probably not case sensitive.  "C:/sites/geozoo" or "C:/sites/gEOzOO" 
should work.  They ARE case sensitive in Linux, FreeBSD, and probably in 
most Unix and possibly in other OSes.

Try to get just one site running first, the localhost, using the 
structure I outlined.  Start with putting folders in the right place, 
then changing the config to match the folders.  Never assume that you 
are prisoner to the existing broken config, and do not ever move folder 
to match the broken config, just because it works, or you won't fully 
understand how to do this stuff.  If it doesn't seem to work be sure to 
look at all of your access and error log files.  If you make a request, 
and the server responds with something, even a 404 not found or 403 
forbidden or 500 internal server error, then there should be something 
helpful in a log file.  Always check the main server's error log.  If 
you see nothing in a site-specific log file even after you made the 
request, check the main log.  Maybe the config told it to write to a 
file in a folder that didn't exist.  Apache will create a missing log 
file, but will not create a missing folder.  ;-)  Review the main config 
file.  Make sure you haven't got duplicate entries.  Comment out the 
other VirtualHosts until you get one working, then add one at a time. 
You basically need to learn how to do one site, then repeat the same 
process.  Once you understand enough to this point, you can come up with 
your own system, but you still do not ever want to place log files under 
your DocumentRoot.  ;-)

Leif



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message