[Balug-talk] confused about Virtual Hosting
Heather Stern
star at starshine.org
Fri Jun 6 19:19:02 PDT 2003
On Thu, Jun 05, 2003 at 05:22:19PM -0700, Sean Van Couwenberghe wrote:
> I have been trying to set up virtual hosts on my Apache web server
> (httpd.conf exerpt below), but I am having some difficulties. I had a
> stand-alone server for this site, but it was hacked (my own fault I'm
> afraid), so I want to set it up as a Virtual site on my secure server.
Fair enough...
Remmeber that CGIs with bugs are always a hole even if you use SSL, and
even packet filtered up the wazoo, because that's an authorized process,
even if the initial level of authority isn't much.
> At first the port I specified for the santarosayouth.org server as 81.
> This does not seem correct (and I was right, as it didn?t work), since
> web traffic only occurs on port 80. When I try to put them both on 80,
> requests for each site are sent to only one site. This I do not
> understand, and I must be doing something wrong.
probably...
> Here is how I have the server set up. I have DSL going to my router,
> with traffic over port 80 going to my server. My server has a private IP,
> and cannot be directly accessed in any way (other than web traffic over
> port 80) from the outside.
standard port forwarding.
The HTTP discussion (if the browsers are 1.1 compliant) should include
the name of the site they think they are accessing. If you were
handling this by proxied instead of port forwarded request the chance of
that conversation getting screwed up is greater.
> With these conditions, is it possible to set up virtual hosting? Do I
> need public IP?s to make this work? Even if I set up two private IP's, I
> believe that there is no way for my router to differentiate the traffic,
> and send it to the correct private IP.
I have a private staging server where every single staged area goes to
IP's on the localhost range. 127.0.0.4, etc. though all of 'em still
run on port 80.
However, you also need to grant directory permissions. Here's a
relevant fragment from that staging server. Notice I declare them by
number, then have server name and serveralias settings. These names
also exist in my /etc/hosts file, this makes them exist when I'm using
my web browser to visit them.
In your example you will want something like
<VirtualHost priv.ate.addr.ess:81>
. . .
<VirtualHost priv.ate.addr.ess:82>
. . .
<VirtualHost priv.ate.addr.ess:83>
etc.
You may also add defenses on Order/Allow and for my publicly visible
stages, I do - but those aren't shown here.
# for the most part the permissions within each virtual will be the same
<Directory /home/App/Webdaemon>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
# :: Local Users :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NameVirtualHost 127.0.0.1
#NameVirtualHost local
#NameVirtualHost localhost
<VirtualHost 127.0.0.1>
ServerName localhost
ServerAlias local
ServerAdmin star+gemini at starshine.org
DocumentRoot /home/App/Webdaemon/betel
ErrorLog /var/log/apache/local-error_log
CustomLog /var/log/apache/local-access_log common
# ErrorDocument 403 /Err/403.html
# ErrorDocument 302 /Err/302.html
ErrorDocument 500 /Err/500.html
ErrorDocument 404 /Err/404.html
ErrorDocument 410 /Err/410.html
</VirtualHost>
# :: BayLISA :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NameVirtualHost 127.1.0.3
#NameVirtualHost blw
<VirtualHost 127.1.0.3:80>
ServerName blw.g.starshine.org
ServerAlias blw
ServerAdmin star+blw at localhost
DocumentRoot /home/App/Webdaemon/baylisa
ErrorLog /var/log/apache/baylisa-error_log
CustomLog /var/log/apache/baylisa-access_log common
# ErrorDocument 404 /404.html
</VirtualHost>
# :: Conchord ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NameVirtualHost 127.1.0.4
#NameVirtualHost cc
<VirtualHost 127.1.0.4>
ServerName cc.g.starshine.org
ServerAlias cc
ServerAdmin star+cc at localhost
DocumentRoot /home/App/Webdaemon/conchord
ErrorLog /var/log/apache/conchord-error_log
CustomLog /var/log/apache/conchord-access_log common
# ErrorDocument 404 /404.html
</VirtualHost>
# :: ACCU ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NameVirtualHost 127.1.0.2
#NameVirtualHost accu
<VirtualHost 127.1.0.2>
ServerName accu.g.starshine.org
ServerAlias accu
ServerAdmin star+accu at localhost
DocumentRoot /home/App/Webdaemon/accu
ErrorLog /var/log/apache/accu-error_log
CustomLog /var/log/apache/accu-access_log common
# ErrorDocument 404 /404.html
</VirtualHost>
# :: starshine :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NameVirtualHost 127.0.0.2
#NameVirtualHost palomar
<VirtualHost 127.0.0.2>
ServerName palomar.g.starshine.org
ServerAlias palomar
# for the moinmoin wiki
Alias /wiki/ "/home/App/Webdaemon/palomar/"
ScriptAlias /treki "/usr/share/moin/treki/moin.cgi"
ServerAdmin star+palomar at localhost
DocumentRoot /home/App/Webdaemon/palomar
ErrorLog /var/log/apache/palomar-error_log
CustomLog /var/log/apache/palomar-access_log common
ErrorDocument 404 /404.html
</VirtualHost>
<Directory //usr/local/share/moin/htdocs/>
Options SymLinksIfOwnerMatch
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
<Directory //usr/local/share/moin/treki/>
Options SymLinksIfOwnerMatch
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
NameVirtualHost 127.127.0.1
#NameVirtualHost griffith
<VirtualHost 127.0.0.2>
ServerName griffith.g.starshine.org
ServerAlias griffith
ServerAdmin star+griffith at localhost
DocumentRoot /home/App/Webdaemon/griffith
ErrorLog /var/log/apache/griffith-error_log
CustomLog /var/log/apache/griffith-access_log common
ErrorDocument 404 /404.html
</VirtualHost>
NameVirtualHost 127.0.0.3
#NameVirtualHost nova
<VirtualHost 127.0.0.3:80>
ServerName nova.g.starshine.org
ServerAlias nova
ServerAdmin star+nova at localhost
DocumentRoot /home/App/Webdaemon/nova
ErrorLog /var/log/apache/nova-error_log
CustomLog /var/log/apache/nova-access_log common
ErrorDocument 404 /404.html
</VirtualHost>
NameVirtualHost 127.0.0.4
#NameVirtualHost wolfrayet
<VirtualHost 127.0.0.4>
ServerName wolfrayet.g.starshine.org
ServerAlias wolfrayet
ServerAdmin star+wolfrayet at localhost
DocumentRoot /home/App/Webdaemon/wolfrayet
ErrorLog /var/log/apache/wolfrayet-error_log
CustomLog /var/log/apache/wolfrayet-access_log common
ErrorDocument 404 /Err/404.html
</VirtualHost>
# :: mirroring the world :::::::::::::::::::::::::::::::::::::::::::::::::::::
NameVirtualHost 127.1.0.5
#NameVirtualHost lg
# lg
<VirtualHost 127.1.0.5>
ServerName lg.g.starshine.org
ServerAlias lg
ServerAdmin star+lg at localhost
DocumentRoot /home/App/Webdaemon/world/www.linuxgazette.com
ErrorLog /var/log/apache/lg-error_log
CustomLog /var/log/apache/lg-access_log common
</VirtualHost>
NameVirtualHost 127.2.0.1
#NameVirtualHost mirror
#NameVirtualHost world
# general
<VirtualHost 127.2.0.1>
ServerName world.g.starshine.org
ServerAlias world mirror
ServerAdmin star+world at localhost
DocumentRoot /home/App/Webdaemon/world
ErrorLog /var/log/apache/world-error_log
CustomLog /var/log/apache/world-access_log common
</VirtualHost>
# :: advertisement squisher ::::::::::::::::::::::::::::::::::::::::::::::::::
NameVirtualHost 127.127.0.2
#NameVirtualHost ads
<VirtualHost 127.127.0.2>
ServerName adverts.g.starshine.org
ServerAlias ads
ServerAdmin star+adverts at localhost
DocumentRoot /home/App/Webdaemon/adverts
DirectoryIndex ad-blocked.gif index.html
ErrorLog /var/log/apache/adverts-error_log
CustomLog /var/log/apache/adverts-access_log common
ErrorDocument 404 /8pt.banner.gif
ErrorDocument 403 /8pt.banner.gif
ErrorDocument 400 /8pt.banner.gif
</VirtualHost>
# ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
# :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /heather ::
# ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
More information about the Balug-talk-balug.org
mailing list