# Virtual hosting made easy

## delta407

Recently faced with a requirement for a small virtual hosting system, I developed a system whereby administration is made easy. It's reasonably generic (generic enough), reasonably robust, and sufficient for most purposes. It's designed with special emphasis on Typo3, a killer content management system that has some interesting requirements.

The services provided by this include:http:// for one or more arbitrary domain names

SSH/SCP/FTP access for your clients

MySQL username and database creation

Easy administration

The required programs:Apache

MySQL (what's a website without a database backend?)

OpenSSH

Pure-FTPd (optional, and others work too)

Standard Bourne shell, Unix text processing utilities, etc.

All in all, pretty standard stuff. Moving along...

With my setup, Apache uses mod_rewrite to do some special dynamic name-based hosting. Standard dynamic virtual hosts don't let you have a default host, my mod_rewrite-based one does) Included the following in apache.conf:

```
RewriteEngine On

# a ServerName derived from a Host: header may be any case at all

RewriteMap  lowercase  int:tolower

RewriteCond  %{REQUEST_URI}  !^/icons/

# Duplicate the above for whatever other system-wide aliases you have

RewriteCond  /pub/www/hosts/${lowercase:%{SERVER_NAME}} -d

RewriteRule  ^/(.*)$  /pub/www/hosts/${lowercase:%{SERVER_NAME}}/$1 [L]

RewriteCond  %{REQUEST_URI}  !^/icons/

# Duplicate the above for whatever other system-wide aliases you have

RewriteRule  ^/(.*)$  /pub/www/default/$1

# this log format can be split per-virtual-host based on the first field

LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon

CustomLog logs/access_log vcommon
```

This maps the request to /pub/www/hosts/www.domain.com/ if it exists, or /pub/www/default/ if it does not exist. Additionally, it makes the log format easy to handle. The following script (placed wherever you feel like) runs on a schedule (via cron) at 23:59 daily -- it splits the log file into its respective virtual hosts. The logs end up at http://www.domain.com/logs/YYYY-MM-DD.log for easy usage. (You probably want to protect it with a .htaccess...)

```
#!/bin/bash

# Initialization

cd /pub/www/hosts

hosts=`find -type d -maxdepth 1 | egrep -v ^.$ | sed -e 's/^.\///g'`

now=`date +%Y-%m-%d`

# Copy and chop logfile

cp /var/log/apache/access_log access_log

echo -n > /var/log/apache/access_log

# Do the splittin

for i in $hosts

do

        mkdir -p $i/logs

        echo "# Access log for ${now}" >> $i/logs/${now}.log

        egrep '^'${i}' ' access_log | awk -F"${i} " '{print $2}' >> $i/logs/${now}.log

done

# Remote temporary log

rm access_log
```

At this point, Apache is all set up. Now, just four little scripts -- pick some place in your path to put 'em. The first script (user-new) creates a user as specified on the command line.

```
#!/bin/bash

if [[ (-z "$1") || (-z "$2") || (-n "$4") || ("$1" = "--help") ]]

then

        echo "Uber-nifty user creation utility"

        echo "Written by delta407 (delta407@lerfjhax.com)"

        echo

        echo "    Usage: "`basename $0`" username \"Full Name\" [password]"

        exit 0

fi

# Gather configuration

uname=`echo $1 | tr -d ' :.'`

rname=$2

# Password config

pass=`echo "${uname} ${rname}" | md5sum | head -c 7`

[[ "$3" ]] && pass=$3

# Setup complete, prompt

echo "Creating user with the following settings:"

echo "  - User: ${uname}"

echo "  - Real name: ${rname}"

echo "  - Password: ${pass}"

echo

echo " Ctrl-C now to abort, enter to continue"

read i

# User didn't abort, let's work magic

/usr/sbin/useradd -d /home/${uname} -m -g users -G cron -s /bin/bash ${uname}

chfn "${rname}" ${uname}

# Hack to make passwd work

{ echo ${pass}; sleep 1; echo ${pass}; } | passwd ${uname} 2>/dev/null

echo "** User creation successful"
```

Run this script for every user you make. (BTW, it gives them access to cron, which may or may not be desirable. You'll probably want to tweak it anyway.) Next up is pub-newsite, complete with auto-configuration for Typo3.

```
#!/bin/bash

if [[ (-z "$1") || (-n "$3") || ("$1" = "--help") ]]

then

        echo "Uber-nifty website creation utility"

        echo "Written by delta407 (delta407@lerfjhax.com)"

        echo

        echo "    Usage: "`basename $0`" www.domain.com [skeleton]"

        exit 0

fi

# Gather configuration

domain=$1

uname=`echo $1 | sed -e 's/^www\.//' -e 's/\.com$//' -e 's/\.org$//' -e 's/\.net$//' -e 's/\./-/g' | head -c 16`

db=$uname

pass=`echo ${uname} | md5sum | head -c 6`

# Check skeleton parameter validity

if [ "$2" ]

then

        skel=invalid

        [[ -f /pub/www-skel/$2.tbz2 ]] && skel=$2

        if [ "$skel" == "invalid" ]

        then

                echo "Invalid skeleton file. Valid ones are:"

                cd /pub/www-skel/

                ls | sed -e 's/^/ - /' -e 's/.tbz2$//g'

                exit 1

        fi

fi

# Setup complete, prompt

echo "Creating site with the following settings:"

echo "  - Domain: ${domain}"

echo "  - Database: ${db}"

echo "  - Username: ${uname}"

echo "  - Password: ${pass}"

[ "${skel}" ] && echo "  - Skeleton: ${skel}"

echo

echo " Ctrl-C now to abort, enter to continue"

read i

# User didn't abort, let's work magic

# Create website directory if not exists

if [ ! -d /pub/www/hosts/${domain} ]

then

        echo "Creating website directory..."

        mkdir /pub/www/hosts/${domain}

        # Unpack skeleton if possible

        if [ "${skel}" ]

        then

                cd /pub/www/hosts/${domain}

                tar xjf /pub/www-skel/${skel}.tbz2

        fi

else

        [ "${skel}" ] && echo "** Directory already exists, not unpacking skeleton"

fi

# Do database stuff

dbsuccess=0

echo "REPLACE INTO mysql.user SET Host = 'localhost', User = '${uname}', Password = PASSWORD('${pass}'), Select_priv = 'N', Insert_priv = 'N', Update_priv = 'N', Delete_priv = 'N', Create_priv = 'N', Drop_priv = 'N', Reload_priv = 'N', Shutdown_priv = 'N', Process_priv = 'N', File_priv = 'N', Grant_priv = 'N', References_priv = 'N', Index_priv = 'N', Alter_priv = 'N';" > /tmp/usersql

echo "CREATE DATABASE IF NOT EXISTS \`${db}\`;" >> /tmp/usersql

echo "FLUSH PRIVILEGES;" >> /tmp/usersql

echo "GRANT Select, Insert, Update, Delete, Create, Drop, References, Index, Alter ON \`${db}\` . * TO '${uname}'@'localhost';" >> /tmp/usersql

cat /tmp/usersql | mysql --password=' *** ---MY ROOT DATABASE PASSWORD--- *** ' && dbsuccess=1

rm /tmp/usersql

[ $dbsuccess -eq 0 ] && echo "** Database operation failed" && exit 1

[ $dbsuccess -eq 1 ] && echo "** Database operation succeeded"

# Typo3? If so, update config automagically

if [ "$skel" == "typo3" ]

then

        cfg=/pub/www/hosts/${domain}/typo3conf/localconf.php

        echo '<?php' > $cfg

        echo '$TYPO3_CONF_VARS["BE"]["installToolPassword"] = "bacb98acf97e0b6112b1d1b650b84971";' >> $cfg

        echo "\$typo_db_username = '${uname}';" >> $cfg

        echo "\$typo_db_password = '${pass}';" >> $cfg

        echo "\$typo_db_host = 'localhost';" >> $cfg

        echo "\$typo_db = '${db}';" >> $cfg

        echo "\$TYPO3_CONF_VARS[\"SYS\"][\"sitename\"] = '${domain}';" >> $cfg

        echo '$TYPO3_CONF_VARS["GFX"]["im_combine_filename"] = "combine";' >> $cfg

        echo '$TYPO3_CONF_VARS["GFX"]["im_path"] = "/usr/local/bin/";' >> $cfg

        echo '$TYPO3_CONF_VARS["GFX"]["im_path_lzw"] = "/usr/local/bin/";' >> $cfg

        echo '?>' >> $cfg

        echo "** Updated Typo3 configuration"

fi

echo "** Site creation successful"
```

This deserves some explanation. You run the script and pass it a FQDN that you want to host, and it makes a directory, a MySQL database, and other assorted handy things. Additionally, you can make "skeleton" tarballs -- one I made was placed in /pub/www-skel/typo3.tbz2. If I want a new Typo3 site, I say "pub-newsite www.domain.com typo3" and it auto-extracts the Typo3 skeleton. Additionally, the last little block of code sets up the Typo3 configuration file to automatically connect using the database parameters, so the proud new owner of the site can push two buttons and start doing stuff in about four seconds without even touching a shell prompt.

Of course, no web host is complete without a way to redirect domain.com to www.domain.com, thus a handy little script for that purpose: pub-newredirect.

```
#!/bin/bash

if [[ (-z "$1") || (-z "$2") || (-n "$4") || ("$1" = "--help") ]]

then

        echo "Uber-nifty redirect creation utility"

        echo "Written by delta407 (delta407@lerfjhax.com)"

        echo

        echo "    Usage: "`basename $0`" www.domain.com destination [\"append\"]"

        exit 0

fi

# Gather configuration

# Strip trailing slashes

domain=`echo $1 | sed -e 's/\/$//'`

dest=`echo $2 | sed -e 's/\/$//'`

if [ -d /pub/www/hosts/${domain} ]

then

        echo "${domain} already exists."

        exit 0

fi

append=no

[[ ($3 = "append") || ($3 = "yes") ]] && append=yes

# Setup complete, prompt

echo "Creating redirect with the following settings:"

echo "  - Domain: http://${domain}/"

echo "  - Destination: http://${dest}/"

if [[ $append = "yes" ]]

then

        echo "  - Append: yes"

        echo "    (${domain}/filename.ext -> http://${dest}/filename.ext)"

fi

echo

echo " Ctrl-C now to abort, enter to continue"

read i

# User didn't abort, let's work magic

# Create website directory

mkdir /pub/www/hosts/${domain}

# Absolute redirect?

htaccess=/pub/www/hosts/${domain}/.htaccess

echo "RewriteEngine On" > $htaccess

if [[ $append = "yes" ]]

then

        echo "RewriteRule (.*) http://${dest}/\$1" >> $htaccess

else

        echo "RewriteRule (.*) http://${dest}" >> $htaccess

fi

echo "** Redirect creation successful"
```

Run "pub-newredirect domain.com www.domain.com append" and then requests for http://domain.com/products/ will become http://www.domain.com/products/, wheras if "append" is omitted it would simply redirect to the base site.

Great, we can create users and websites, but there's no way for the user to get at his website. So, the ever handy pub-link script:

```
#!/bin/bash

if [[ (-z "$1") || (-z "$2") || (-n "$3") || ("$1" = "--help") ]]

then

        echo "Uber-nifty website/user association utility"

        echo "Written by delta407 (delta407@lerfjhax.com)"

        echo

        echo "    Usage: "`basename $0`" www.domain.com username"

        exit 0

fi

# Validate

[[ ! -d /pub/www/hosts/$1 ]] && echo "** Domain '$1' does not exist." && exit 1

[[ ! -d /home/$2 ]] && echo "** User directory for $2 does not exist." && exit 1

# ...magic...

cd /home/$2

ln -s /pub/www/hosts/$1/ $1

# Permissions

chown -R $2:apache /pub/www/hosts/$1

chmod -R 664 /pub/www/hosts/$1

cd /pub/www/hosts/$1

find -type d | xargs chmod 775

echo "** $1 associated with $2"
```

This script puts a symlink in the user's home directory to his respective site(s), providing easy access. Note that the association script makes the site writable by Apache (which is good for Typo3), but that means that any mean person with an account on your system could do mean things to the other person's stuff. So, either trust everyone on your system or remove the applicable lines. (I'm doing small virtual hosting with nice people and a good backup policy, so I'm okay. Your situation is probably different.)

So, say "bgates" signs up for www.microsoftrulez.com with your service and wants the domain parked. Here's what you'd run (assuming you made the "parked" skeleton tarball):

```
# user-new bgates "Bill Gates" yayforgoats

# pub-newsite www.microsoftrulez.com parked

# pub-link www.microsoftrulez.com bgates
```

All done. bgates can ftp, ssh, scp, or http his stuff around as much as he likes after those three commands. No restarting Apache, no interrupting the rest of your users.  :Very Happy: 

Have fun, but be sure to understand what the scripts are doing before you do anything with them.

----------

## pjp

Wow.  You need an assistant, don't you.  :Wink: 

----------

## delta407

So, I was thinking: what's virtual hosting without DNS service too?

Required software:djbdns

bash, standard *nix utilities, etc.

Behold, the dns-new script:

```
#!/bin/bash

if [[ (-z "$1") || (-n "$2") || ("$1" = "--help") ]]

then

        echo "Uber-nifty virtual hosting DNS creation utility"

        echo "Written by delta407 (delta407@lerfjhax.com)"

        echo

        echo "    Usage: "`basename $0`" domain.com [wildcard]"

        exit 0

fi

# Configurables

# What nameserver(s) will serve this zone file?

nameservers="1.2.3.4 5.6.7.8 9.10.11.12"

# What computer will provide the services?

web_ip="209.98.98.98"

mail_ip="208.42.42.42"

# Command line stuffs

[[ -n $2 ]] && wildcard=1

# Setup complete, prompt

echo "Creating the following DNS entries:"

for ns in $nameservers

do

        [[ ! ${has_soa} ]] && echo "  - $1 IN SOA ${ns} (RP hostmaster@$1)"

        has_soa=1

        # hack that gives letters for to six nameservers (stupid octal)

        # nothing breaks beyond then, it just isn't all that smart

        num=`expr 0${num} + 1`

        echo -e "  - $1 IN NS \14${num}.ns.$1"

done

num=0

for ns in $nameservers

do

        num=`expr 0${num} + 1`

        echo -e "  - \14${num}.ns.$1 IN A ${ns}"

done

echo "  - $1 IN A ${web_ip}"

echo "  - $1 IN MX ${mail_ip}"

if [[ $wildcard ]]

then

        echo "  - *.$1 IN A ${web_ip}"

        echo "  - *.$1 IN MX ${mail_ip}"

else

        echo "  - www.$1 IN A ${web_ip}"

        echo "  - ftp.$1 IN A ${web_ip}"

        echo "  - mail.$1 IN A ${mail_ip}"

fi

echo

echo " Ctrl-C now to abort, enter to continue"

read i

# User didn't abort, let's work magic

# Do nameserving entries first

for ns in $nameservers

do

        if [[ ! $did_soa ]]

        then

                echo ".$1:${ns}" >> /var/tinydns/root/data

        else

                echo "&$1:${ns}" >> /var/tinydns/root/data

        fi

        did_soa=1

done

echo "+$1:${web_ip}" >> /var/tinydns/root/data

echo "@$1:${mail_ip}" >> /var/tinydns/root/data

if [[ $wildcard ]]

then

        echo "+*.$1:${web_ip}" >> /var/tinydns/root/data

        echo "@*.$1:${mail_ip}" >> /var/tinydns/root/data

else

        echo "+www.$1:${web_ip}" >> /var/tinydns/root/data

        echo "+ftp.$1:${web_ip}" >> /var/tinydns/root/data

        echo "+mail.$1:${mail_ip}" >> /var/tinydns/root/data

fi

cd /var/tinydns/root && /usr/bin/tinydns-data

if [[ $? -eq 0 ]]

then

        echo "** DNS creation successful"

else

        echo "** DNS data written but reloading failed"

fi
```

And, of course, the dns-del script (I'll make deletion scripts for the rest later, okay?  :Wink: ):

```
#!/bin/bash

if [[ (-z "$1") || (-n "$3") || ("$1" = "--help") ]]

then

        echo "Uber-nifty virtual hosting DNS deletion utility"

        echo "Written by delta407 (delta407@lerfjhax.com)"

        echo

        echo "    Usage: "`basename $0`" domain.com"

        exit 0

fi

# Prompt

echo `basename $0`" will delete ALL ENTRIES CONTAINING '$1'"

echo "(So, '"`basename $0`" domain.com' will also delete sub.domain.com,"

echo "'"`basename $0`" sub.net' will delete sub.network.com and so forth.)"

echo

echo " Ctrl-C now to abort, enter to preview changes"

read i

# User didn't abort, let's work magic

cd /var/tinydns/root

# Back up current data

cp data data-before-deleting-$1

grep -v $1 data-before-deleting-$1 > data-after-deleting-$1

# Preview changes

{

        echo "Changes to be made:"

        echo

        diff data-before-deleting-$1 data-after-deleting-$1 | grep '<'

} | less -S

echo " Ctrl-C now to abort, enter to apply changes"

read i

mv data-after-deleting-$1 data

/usr/bin/tinydns-data

if [[ $? -eq 0 ]]

then

        echo "** DNS deletion successful"

else

        echo "** DNS data written but reloading failed"

fi
```

----------

## delta407

And, of course, it might be helpful to make domain.com map transparently www.domain.com -- you know, without a redirect. This can be done with a symlink, but why not make a handy little script to do that for you?  :Very Happy: 

Thus, pub-newalias is born:

```
#!/bin/bash

if [[ (-z "$1") || (-z "$2") || (-n "$3") || ("$1" = "--help") ]]

then

        echo "Uber-nifty alias creation utility"

        echo "Written by delta407 (delta407@lerfjhax.com)"

        echo

        echo "    Usage: "`basename $0`" www.domain.com other.domain.com"

        exit 0

fi

# Gather configuration

# Strip trailing slashes

domain=`echo $1 | sed -e 's/\/$//'`

dest=`echo $2 | sed -e 's/\/$//'`

if [ -d /pub/www/hosts/${domain} ]

then

        echo "${domain} already exists."

        exit 1

fi

if [ ! -d /pub/www/hosts/${dest} ]

then

        echo "${dest} does not exist."

        exit 1

fi

# Setup complete, prompt

echo "Creating alias with the following settings:"

echo "  - Domain: http://${domain}/"

echo "  - Destination: http://${dest}/"

echo

echo " Ctrl-C now to abort, enter to continue"

read i

# User didn't abort, let's work magic

# Yay for symlinks

cd /pub/www/hosts

ln -s ${dest} ${domain}

echo "** Alias creation successful"
```

----------

## mezz

Sweet, thanks!

----------

## delta407

As hinted at by the DNS stuff above, I was planning on adding mail support. Here it is. (The things I do for you...  :Rolling Eyes: )

Required software:

Postfix

Courier-IMAP (if so desired)

mutt (so your users can get at their mail via ssh)

bash  :Very Happy: 

Anyway, configuration goes like this. Do the following to set up Postfix:

```
# emerge postfix (if you haven't)

# echo 'virtual_maps = hash:/etc/postfix/virtual' >> /etc/postfix/main.cf

# touch /etc/postfix/virtual

# postmap /etc/postfix/virtual

# /etc/init.d/postfix start (if it isn't)
```

Do the following to set up Courier-IMAP:

```
# emerge courier-imap (if you haven't)

# /etc/init.d/courier-imapd start (if it isn't)
```

Of course, you'll want to rc-update add each of the services you like. You can also use courier-pop3d and/or the SSL varieties of each.

If you want a catch-all for a domain, run mail-newdomain:

```
#!/bin/bash

if [[ (-z "$1") || (-z "$2") || (-n "$3") || ("$1" = "--help") ]]

then

        echo "Uber-nifty mail catch-all creation utility"

        echo "Written by delta407 (delta407@lerfjhax.com)"

        echo

        echo "    Usage: "`basename $0`" domain.com username"

        exit 0

fi

# Gather configuration

uname=`echo $2 | tr -d ' :.'`

domain=$1

# Setup complete, prompt

echo "Creating domain catch-all with the following settings:"

echo "  - Domain: ${domain}"

echo "  - Local user: ${uname}"

echo

echo " Ctrl-C now to abort, enter to continue"

read i

# User didn't abort, let's work magic

virtual=/etc/postfix/virtual

echo "postmaster@${domain} root" >> $virtual

echo "hostmaster@${domain} root" >> $virtual

echo "@${domain} ${uname}" >> $virtual

postmap $virtual

postfix reload

echo "** Catch-all creation successful"
```

If you want to forward some specific address to a local user or another specific address, run mail-newforward:

```
#!/bin/bash

if [[ (-z "$1") || (-z "$2") || (-n "$3") || ("$1" = "--help") ]]

then

        echo "Uber-nifty mail forward creation utility"

        echo "Written by delta407 (delta407@lerfjhax.com)"

        echo

        echo "    Usage: "`basename $0`" addr@domain.com username"

        exit 0

fi

# Gather configuration

addr_from=$1

addr_to=`echo $2@$HOSTNAME | awk -F@ '{print $1 "@" $2}' | sed -e "s/@$HOSTNAME//"`

# Setup complete, prompt

echo "Creating mail forward with the following settings:"

echo "  - Originally to: ${addr_from}"

echo "  - Routed to: ${addr_to}"

echo

echo " Ctrl-C now to abort, enter to continue"

read i

# User didn't abort, let's work magic

virtual=/etc/postfix/virtual

echo "${addr_from} ${addr_to}" >> $virtual

postmap $virtual

postfix reload

echo "** Forward creation successful"
```

Also, recall that users can control their own mail delievery with a .forward file in their home directory. (So, if they don't want your IMAP/POP3 stuff, they can forward their mail to an account of their choosing.)

To bring everything together now... if a user wants a new site with everything currently provided (HTTP, MySQL, SSH, FTP, IMAP, POP3), do the following:

```
# user-new hsmith "Your Mom (Helga Smith)"

# pub-newsite www.yourmomsface.com

# pub-link www.yourmomsface.com hsmith

# mail-new yourmomsface.com hsmith
```

Now, to make it all web-based...  :Wink: 

----------

## delta407

 *delta407 wrote:*   

> (The things I do for you... )

 

Yep, I've upped the ante again. Behold:

vhost-install

I'm still testing it, but the general idea is this:

```
< follow Gentoo install guide, reboot, login >

# wget http://.../vhost-install

# chmod +x vhost-install

# ./vhost-install BUILD WEB MAIL SQL DNS FTP MISC
```

...and, like magic, all the stuff in the previous posts is done for you. The install process is broken down into a few phases.

 *vhost-install --help wrote:*   

> Uber-nifty Virtual Hosting System
> 
> Written by delta407 (delta407@lerfjhax.com)
> 
>   Usage: vhost-install PHASENAME [PHASENAME ...]
> ...

 

It then pokes around in your configuration (specifically, guessing an IP to bind FTP/DNS to, seeing if you're NATed, etc.) and then performs whatever operations you tell it to. Anyway, once vhost-install completes, everything should work out-of-the-box. (Except for dns-new, which might need a little bit of configuration...)

I'm currently testing this on a stage 3 tarball of 1.4_rc1 inside VMware -- if anyone wants to test it on their box, let me know. I'll post instructions here once I'm happy with it.

----------

## PimpNasty

I would be willing to try out the vhost stuff out.  I have an extra machine laying around waiting for something like this.

Anther question, how much work would it be to use PostgreSQL instead of MySQL?

----------

## delta407

 *PimpNasty wrote:*   

> Anther question, how much work would it be to use PostgreSQL instead of MySQL?

 

Well, I don't have any experience PostgreSQL, so auto database/user creation would be difficult.

I'll e-mail you the script within 24 hours.

----------

## delta407

Okay, consider this a public beta. My e-mail contained the following

 *I wrote:*   

> The virtual hosting install script worked under Gentoo 1.4 with a couple minor exceptions, that I believe have been corrected now.
> 
> At any rate, to use it, do the following:
> 
> # wget http://gentoo.swchs.org/projects/vhost/vhost-install
> ...

 

Feedback?

----------

## sebest

Adding mod_php mod_ssl and a webmail like squirrelmail or imp and you would have a full Webmail solution

----------

## huhmz

Oh my god just saw this thread, I'll just quit learning stuff now and check this page from time to time and let you do all the administration for me.  :Laughing: 

Seriously, It's nice stuff here, saves me a ton of time and shell scripting (which I suck at, I do all "shell scripts" in perl   :Embarassed:  )

Just wanted to let you know that this stuff is very useful for me.

Keep em comin'   :Wink: 

----------

## tewlz

Thanks a *LOT* for this thread. Great work, great tips - *very* much appreciated.

----------

## karwoski

I've been looking for just this sort of thing.  Can't wait to try it out.  Thanks.  Any further developments?

----------

## delta407

Yes; there were some problems with the way DNS works (it needs a :a, :b on the end of the NS fields) that some script modifications address. (These modifications are not yet public, but they will be once I get around to it.) Major advances are unlikely until my next big project gets going...  :Wink: 

This next project is a virtual private network that consists of a series of point-to-point links; i.e. not client connecting to some local network but a series of separate machines creating a virtual network between themselves. The killer feature is that it has a mesh topology, so that computer A can talk directly to computer C without going through computer B. Additionally, it is flexible enough to allow, say, end-to-end bzip2 compression of every packet (if you really wanted to), the ability for any of the clients to obtain a world-routable IP address from anywhere (assuming you have the address space), and other nifty things like masquerading as legitimate HTTP traffic to allow full access to the network from behind a transparent proxy or a Nazi firewall. (This is done, it just needs a nice interface. It will likely be web-based, using LISSARD.)

This system was designed as a result of the increased demands mobility is placing on data distribution. I own and control a lot of computers in a lot of different places (on a lot of different Internet connections too). The idea is that one machine at home can be providing NAT for the other internal boxes as well as VPN access via ssh and over wireless. A big, beefy machine that is doing NAT on a beefier DSL line can provide VPN access via ssh, do some serious file serving, and has enough high-availability components that I can make it the central administrative point. I have a Pentium 2 with negligible amounts of disk that is only doing DNS, but it's on a nice fat pipe, so I can make it route traffic between nodes in the event that a direct connection fails. (As long as they can connect to this machine, a route can be made between them.) The list goes on; I have the machines needed, they just don't have a convenient way of talking to each other. This is that convenient way.  :Very Happy: 

I am looking to implement one of the nifty caching network filesystems (probably Coda) on top of this. This would allow me to grab my laptop, wander out of wireless range, and still have all of the music I was just listening to. And it would allow me to work on networked documents (i.e. edit them) unplugged, plug in from a Starbucks (with the Nazi firewall), and sync up with one of the master servers.

How does this relate to virtual hosting? Each of them could have the same tinydns data files and share the same /pub directory, meaning you could theoretically enable DNS round-robin and have several web servers sharing content. Other nifty stuff is possible too.  :Wink: 

----------

## puddpunk

well delta407, you've really outdone yourself this time.

This was a brilliant peice of work man, and i commend you for it. And thank you for posting it to us feeble beings (we're not worthy!).

/me hands delta his crown. The real Bodhisattva crown!

----------

## Carlo

 *huhmz wrote:*   

> Oh my god just saw this thread, I'll just quit learning stuff now and check this page from time to time and let you do all the administration for me. 

 

I thought the same.

@delta407: wow & thx  :Exclamation: 

Carlo

----------

## mrhodes

This may seem like a simple problem,  I hop it is  :Smile: 

I can't create new sites with this script... I get an SQL error....

ERROR 1045: Access denied for user: 'root@localhost' (Using password: YES)

** Database operation failed

can anyone help me out?

Thanks,

Mike

----------

## delta407

Make sure to change 'empty' to your real MySQL root user's password.

----------

## mrhodes

Ok, great...

thanks  :Smile: 

Mike

PS.  One thing I noticed about your script was that after I ran everything, my prompt went for having colours to being a basic prompt.... Also, my path was erased as well.  I booted off the gentoo CD and just copied the /etc/profile file back, and everything worked out fine...

other then that, great script!

----------

## delta407

Yes... that's part of the MISC phase. Specifically, it's supposed to add /root/bin/ to root's path, but apparently it didn't work.

```
mv /etc/profile /etc/profile.bak

cat /etc/profile.bak | sed -e 's/${ROOTPATH}"/${ROOTPATH}:~\/bin/"' > /etc/profile
```

(It did make a backup, though.)

----------

## mrhodes

Hi.. I used your scripts, and have a pretty good server going now.  My goal is to start a web hosting company, and I am very interested in Typo3... however, I'm not sure how to set it up  :Sad:   I know it's not up to you (original poster) to explain this as it is not part of gentoo, but I would be very interested in where you got the skel file for typo3...

thanks,

Mike

----------

## delta407

I just sort of made the tarball one day. Standard Typo3 stuff -- appropriate symlinks for index.php, t3lib/, typo3/, etc. and an autogenerated config file (including database settings) -- just packed into typo3.tar.bz2. Nothing overly complicated, but I would suggest poking around in the Typo3 testsite before you try to host real websites with it.

----------

## mrhodes

Ok, thanks for the quick reply...

I'm looking over the typo site now, and going through the install guide.

This program / system looks very good!

Do you have any sites that were create / modified with it that I could look at?

Thanks,

Mike

----------

## delta407

Continuing discussion via PM.

----------

## DiamondDog

Keep up the good work ppl like you are the foundation of our communinty

the open source community    :Twisted Evil: 

I just recieved my new server i will test it asap.

GoodJob Again Diamond

----------

## nikl

 *delta407 wrote:*   

> Continuing discussion via PM.

 

hi delta,

I read your scripts with great interest and applied them slightly modified on my little homeserver a couple weeks ago. How much feedback have you received through PM yet? Would you or anyone else be interested to enhance these ideas a little more in terms of developing a more "complete" set of server administration scripts?

----------

## delta407

I'm sure there's interest in it, but the real trick would be to make it all web-based...  :Very Happy:  (Actually, after one command -- a `wget http://mysite/install.sh -O - | bash` -- one could, in theory, perform a completely automated installation to the point of allowing web-based administration...)

To be honest, I don't have time right now to work on these scripts, but if there's a glaring error I will probably correct it. If anyone has ideas, feel free to post 'em here.

----------

## nikl

1) provide a web-frontend, that'd sure be sweet!

2) provide a commandline-interface, but I'd prefer Python rather than bash  :Wink: 

3) possibly store configuration in a db of any kind (bdb, sql, ldap, ...)

just my 2 cents

----------

## geoffs

hey delta, just wondering if instead of using apache, apache2 will work?

looks like some great work.

----------

## delta407

 *geoffs wrote:*   

> hey delta, just wondering if instead of using apache, apache2 will work?

 Probably, but I haven't tried it. As long as you have custom logging capabilities (for the auto log-splitting) and mod_rewrite available you should be good -- nothing but the installer modifies your Apache configuration.

----------

## ZoneRanger

Delta,

I like what I see and would like to give this a try, but I can't find the vhost-install.  Can you give me the full URL for the wget command?

Thanks

Scott

----------

## ZoneRanger

Delta,

Nevermind,  I found it.  Keep up the great work though.

Thanks again

----------

## LoT-Soma

wow thanx theyu should put this into the news letter  :Smile: 

----------

## steveb

 *delta407 wrote:*   

> Yes... that's part of the MISC phase. Specifically, it's supposed to add /root/bin/ to root's path, but apparently it didn't work.
> 
> ```
> mv /etc/profile /etc/profile.bak
> 
> ...

 

change it to something like this:

```
cat /etc/profile.bak | sed -e '/^[\t ]*export PATH/{s/:~\/bin:/:/g;s/:~\/bin\"/\"/g;s/\"~\/bin:/\"/g;s/\"~\/bin\"/\"\"/g;}' | sed -e '/^[\t ]*export PATH/s/\(\${ROOTPATH}\)\([\":]\)/\1:~\/bin\2/' > /etc/profile
```

fist this strips away any ~/bin entry and then adds one just after ${ROOTPATH}.

if you would have (don't ask me why) a path entry like ~/bin/~/bin, then it will not break that entry:

```
# echo -ne "\texport PATH=\"~/bin/~/bin:/bin:/sbin:/usr/bin:/usr/sbin:\${ROOTPATH}\"\n" | sed -e '/^[\t ]*export PATH/{s/:~\/bin:/:/g;s/:~\/bin\"/\"/g;s/\"~\/bin:/\"/g;s/\"~\/bin\"/\"\"/g;}' | sed -e '/^[\t ]*export PATH/s/\(\${ROOTPATH}\)\([\":]\)/\1:~\/bin\2/'

        export PATH="~/bin/~/bin:/bin:/sbin:/usr/bin:/usr/sbin:${ROOTPATH}:~/bin"
```

and if you already have a ~/bin entry it would not double the ~/bin entry again, instead it will clean all the ~bin entries and add a last one:

```
#  echo -ne "\texport PATH=\"~/bin:~/bin:/bin:~/bin:/sbin:~/bin:/usr/bin:~/bin:/usr/sbin:~/bin:\${ROOTPATH}:~/bin\"\n" | sed -e '/^[\t ]*export PATH/{s/:~\/bin:/:/g;s/:~\/bin\"/\"/g;s/\"~\/bin:/\"/g;s/\"~\/bin\"/\"\"/g;}' | sed -e '/^[\t ]*export PATH/s/\(\${ROOTPATH}\)\([\":]\)/\1:~\/bin\2/' 

        export PATH="/bin:/sbin:/usr/bin:/usr/sbin:${ROOTPATH}:~/bin"
```

and it will only modify lines having a export PATH statement at the beginning:

```
# echo -ne "#\texport PATH=\"/bin:/sbin:/usr/bin:/usr/sbin:\${ROOTPATH}\"\n\texport PATH=\"/bin:/sbin:/usr/lib/distcc/bin:/usr/lib/ccache/bin:/usr/bin:/usr/sbin:\${ROOTPATH}\"\n" | sed -e '/^[\t ]*export PATH/{s/:~\/bin:/:/g;s/:~\/bin\"/\"/g;s/\"~\/bin:/\"/g;s/\"~\/bin\"/\"\"/g;}' | sed -e '/^[\t ]*export PATH/s/\(\${ROOTPATH}\)\([\":]\)/\1:~\/bin\2/'

#       export PATH="/bin:/sbin:/usr/bin:/usr/sbin:${ROOTPATH}"

        export PATH="/bin:/sbin:/usr/lib/distcc/bin:/usr/lib/ccache/bin:/usr/bin:/usr/sbin:${ROOTPATH}:~/bin"
```

cheers

SteveB

----------

## cryos

Wow! This is totally great. I have really learnt a lot from just reading this thread, and it has answered several questions I had about some of the cleverer things you can do with virtual hosting. 

One thing I have always wanted to do is create my own customised web based admin for creating new users, mail accounts etc. How would one go about doing this? I thought of using PHP, but it would need root access for several operations. Perl was another thought. I would love some tips on how to make good, secure web based admin scripts. 

I might be able to transform some of these amazing scripts into web based ones then. I am pretty good with PHP/Perl, and so just need to figure out how to give my web based scripts root access in a safe way... 

Keep up the great work, you've taught me a lot about virtual hosting in this thread!   :Very Happy: 

----------

## goldeneye

Some notes on setting up virtual hosts on a machine with a single ip address with Apache 2.

Establishing a vhost is quite easy there, you just have to put the following in your /etc/apache2/conf/vhosts/vhost.conf:

```
NameVirtualHost *

# default host

<VirtualHost *>

  ServerName default.domain.tld

  DocumentRoot /home/httpd/htdocs

</VirtualHost>

# your extra, virtual hosts

<VirtualHost *>

  ServerName vhost1.domain.tld

  DocumentRoot /path/to/vhost1

  <Directory /path/to/vhost1 >

    Options Indexes FollowSymLinks

    Allow from All

  </Directory>

</VirtualHost>

<VirtualHost *>

  ServerName vhost2.domain.tld

  DocumentRoot /path/to/vhost2

  <Directory /path/to/vhost2 >

    Options Indexes FollowSymLinks

    Allow from All

  </Directory>

</VirtualHost>

```

The first virtual host is the default one. This is the one you should have configured in /etc/apache2/conf/apache2.conf outside any <VirtualHost> with ServerName and DocumentRoot.

All directories I named /path/to/vhost* above should have permissions set with user=vhost user and group=apache.

The following will prepend the name of the vhost to each log message. You can use the script split-logfile to split them into several ones as delta407 is doing with his script on a daily basis. See http://httpd.apache.org/docs-2.0/vhosts/fd-limits.html#splitlogs for more info on that.

```
LogFormat "%v %h %l %u %t \"%r\" %s %b" vhost

CustomLog logs/access_log vhost

```

If you wanna do more with vhosts consider apaches manual: http://httpd.apache.org/docs-2.0/vhosts/

Alex

----------

## delta407

 *cryos wrote:*   

> One thing I have always wanted to do is create my own customised web based admin for creating new users, mail accounts etc. How would one go about doing this?

 Carefully.  :Wink: 

 *cryos wrote:*   

> I thought of using PHP, but it would need root access for several operations.

 

```
# emerge sudo
```

With sudo and a handful of carefully set up shell scripts, you can let your web server user securely perform a limited number of operations as root (specifically, the shell scripts).

 *cryos wrote:*   

> Perl was another thought.

 Was?  :Wink: 

 *cryos wrote:*   

> I would love some tips on how to make good, secure web based admin scripts.

 Security has several levels. One is making sure that the user is who they say they are, another is making sure that user is allowed to perform the operation they are attempting to, another is to make sure that operation works exactly as intended without giving that user any more power than intended. <plug type="shameless"> The first two can be handled easily with a web application framework, such as LISSARD. </plug>

The last one is left to a utility, like sudo, and careful coding. (The shell scripts are so that the web server isn't directly performing operations, but telling something else to. They can be 700/root:root, meaning that if someone gained web server privs then they can't see exactly what your script is doing.)

 *cryos wrote:*   

> I might be able to transform some of these amazing scripts into web based ones then. I am pretty good with PHP/Perl, and so just need to figure out how to give my web based scripts root access in a safe way...

 Again, check out sudo, and make sure your target scripts carefully scrutinize their inputs. (My scripts do not.) Check for shell metacharacters and so on before elevating to root.

 *cryos wrote:*   

> Keep up the great work, you've taught me a lot about virtual hosting in this thread!  

 No problem.

 *goldeneye wrote:*   

> Establishing a vhost is quite easy there, you just have to put the following in your /etc/apache2/conf/vhosts/vhost.conf:

 One of the perks of -- indeed, the primary reason for -- setting up virtual hosting in this manner is that one may create a new virtual host by simply creating a directory. No poking in config files, no killing/restarting the web server, etc. That's why I'm using this crazy mod_rewrite thing instead of the built-in Apache virtual hosting directives: it's far easier to automate.

----------

## WaMan

Thanks for the nice set of scripts - I'm slowly trying to figure everything out.  

One thing I can't figure out is whether the routing to the virtual hosts is supposed to be done automatically, or if I am supposed to add

```
<VirtualHost *>

    ServerName www.otherdomain.tld

    DocumentRoot /www/otherdomain

    </VirtualHost>
```

manually.

Here's my problem:  I'm just testing things out, so I put www.otherdomain.com in my hosts file at 127.0.0.1.  When I take a look at www.otherdomain.com in my browser, I can only see the default website, not www.otherdomain.com.  Is this 1) because I cheated by using my hosts file, 2) becuase I'm supposed to manually add the virtual domain, or 3) for some other reason?

Thanks for your help

----------

## delta407

 *WaMan wrote:*   

> One thing I can't figure out is whether the routing to the virtual hosts is supposed to be done automatically, or if I am supposed to add
> 
> ```
> <VirtualHost *>
> 
> ...

 It's automatic. Just create /pub/www/hosts/my.host.name and your machine will answer as my.host.name, serving files from that directory. (mod_rewrite is, truly, the Apache swiss army knife.)

 *WaMan wrote:*   

> Is this 1) because I cheated by using my hosts file, 2) becuase I'm supposed to manually add the virtual domain, or 3) for some other reason?

 Guessing 3. What does your Apache access/error log report? Does /pub/www/hosts/www.otherdomain.com exist?

----------

## WaMan

Hi delta407,

Thanks for the response.  Here are the logs you suggested and yes, the domain directories are created.  Below, I fire up apache and then look at localhost followed by www.mydomain.ca

 *Quote:*   

> 
> 
> # more access_log
> 
> 127.0.0.1 - - [04/May/2003:01:10:19 -0400] "GET / HTTP/1.1" 200 1464 "-" "Mozilla/5.0 Galeon/1.2.8 (X1
> ...

 

 *Quote:*   

> 
> 
> more error_log
> 
> [Sun May  4 01:10:09 2003] [alert] apache: Could not determine the server's fully qualified domain nam
> ...

 

----------

## delta407

 *WaMan wrote:*   

> 
> 
> ```
> 
> # more access_log
> ...

 It seems as if your browser is sending a Host: header of 127.0.0.1 instead of "www.mydomain.ca"...?

At this point, I would use Ethereal to sniff the loopback traffic in order to find out what Host: header your browser is actually sending in the HTTP request. Are you using a proxy on localhost or anything silly like that?

----------

## WaMan

I'm not really sure if I understand your concern.  The log was created by first looking at [url]http://localhost [/url]

in my browser (just as a reference) and then I typed in [url]www.mydomain.ca [/url] - so there are 2 seperate events in there.  The one that doesn't work is

 *Quote:*   

> 
> 
> 127.0.0.1 - - [04/May/2003:01:10:25 -0400] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 Galeon/1.2.8 (X11; Linux i6
> 
> 86; U;) Gecko/20030302"
> ...

 

This still shows that the host of interest is "http://www.mydomain.ca/", at least for the gif request.

----------

## delta407

The first field in the log file indicates the virtual host; the second to last field (which reads mydomain.ca) indicates the referrer. In short, something strange is happening in wonderland.  :Wink: 

----------

## WaMan

Hi Delta407,

Sorry to pester you again - thanks for your help.  I think my problem is just some really stupid permission problem in my commonapache.conf.  Even without the virtual hosting it seems that I can only serve documents from /home/httpd/htdocs.  I have changed all the settings I thought were relevant, so I must have a typo or something silly somewher.  Would you be so kind as to post yours? 

Thanks again

----------

## delta407

If you have the necessary "<Directory ___>" section, it's probably an issue with Apache reading the parent directories. Because of the way .htaccess files are read -- Apache checks /full/path/to/dir, /full/path/to, /full/path, /full, and /  for .htaccess files. It Apache can't read /full/path, it doesn't matter what the permissions are elsewhere, it throws a 403 Forbidden.

I would suggest checking the directory permissions, and then tell me if you still have issues.

----------

## WaMan

All the directories and their parents are chmod 755.

What should DocumentRoot be set to?

----------

## delta407

Mine is /pub/www/, but even with that in place I have no problems serving files symlinked into /home/httpd/htdocs and elsewhere.

----------

## splooge

Stupid question.   I have RTFM and STFW.  (see sig.)  I just need some clarification on this:

axfrdns seems to be the program for zone transfers.

dnscache seems to be the program to be a caching name server (for a lan or similar)

The problem: they both run on the same port: 53.  Thus: I can't load them both at the same time.

How can I get axfrdns and dnscache to act as if they were running on the same port?  (Is this the right question to ask?)  I understand how DNS works, I just don't quite understand how djbdns works with its separate programs.  BIND seemed to handle all this on the same port (I think?).

I'm sure it's a simple solution that just hasn't 'clicked' yet in my head.  Thanks for your time  :Smile: 

----------

## delta407

Slightly OT, but okay. axfrdns does zone transfers, yes, but it listens on port 53 TCP -- dnscache listens on port 53 UDP. The problem comes in making dnscache and tinydns cooperate, as they both use UDP.  :Wink: 

----------

## puke

 *Quote:*   

> axfrdns seems to be the program for zone transfers.
> 
> dnscache seems to be the program to be a caching name server (for a lan or similar)
> 
> The problem: they both run on the same port: 53. Thus: I can't load them both at the same time. 

 

You can run them both at the same time, just bind them to different interfaces.  Your dnscache should run on your internal LAN interface, your tinydns should run on your external interface (if you are an internet name server).   :Wink: 

If you are doing a split-horizon setup, check http://www.fefe.de/djbdns/#splithorizon

----------

## pastorJ

Is it possible?  I want to be able to give accounts to virtual users, and have those accounts forward to yahho or hotmail etc... How can this be done with the mysql'd virtual users?

----------

## Crash&Burn

Three Cheers for the information in this thread I have found it very usefull and will put it to the test next week. I do have a question though concerning Typo3; I do not find a listing for it as an emege and there are no post in this thread indicating that anyone other than delta407 mentioning it so if someone is familiar with it let me know what they think of it and the complications in setting it up. Would be much appreciated.

Once again thanks for all your work delta407 will get back to you with my own trials and tribulations in this set up soon.

Cheers Crash

----------

## delta407

 *pastorJ wrote:*   

> Is it possible?  I want to be able to give accounts to virtual users, and have those accounts forward to yahho or hotmail etc... How can this be done with the mysql'd virtual users?

 This is more for virtual mail hosting, which isn't really addressed by my scripts. I have successfully used the virtual mail howto with my web virtual hosting, which is probably what you're looking for. (Add an entry in the `virtual` table.)

----------

## delta407

 *Crash&Burn wrote:*   

> so if someone is familiar with it let me know what they think of it and the complications in setting it up.

 Not easy. It's a very complex system, and as such, is difficult at first.

One of the things you want is ImageMagick 4.2.9. Later versions have bugs that negatively impact Typo3's ability to do cool stuff with images, and earlier versions lack critical features. Thus, I've packed up ImageMagick 4.2.9 with all of the libraries it needs in a nice, handy-dandy source tarball. http://gentoo.swchs.org/typo3/

Another thing Typo3 benefits from is a GIF-enabled libgd. If you're outside the U.S. (or if you don't mind stomping all over the Unisys patent), you can build a GIF-enabled libgd by using modified tarballs from this page. The easiest solution is to edit the libgd ebuild to use the appropriate tarball, do an `emerge -f` on it, then `ebuild digest` to make Portage accept the new hashes. Then, `emerge libgd`, re-emerge mod_php, and you have GIF support.

For Typo3 itself, I unpacked the source tarball inside of /pub/www/ and symlinked /pub/www/typo3_src to typo3_3.5.0 or whatever the current version is. I then made a 'skeleton' tarball (for my scripts) that include symlinks of the appropriate directories (t3lib, typo3, etc.) and appropriate files (clear.gif, index.php, .htaccess) to their /pub/www/typo3_src/ counterparts. So, upon creation of a new site, everything is automagically symlinked to the system-wide copy of Typo3 and Typo3 already has a preliminary configuration (database access).

Easy, isn't it?  :Wink:  (Don't worry, it took me a few weeks of on-and-off tinkering to learn all this.)

----------

## ericdes

I just came across this module: mod_vdbh, it is supposed to do mass virtual hosting, the virtual host paths being translated from a MySQL database at request time.

I'm wondering if anybody has ever tried that solution?

Eric.

----------

## GXTi

i noticed half the people replying here are n00bs...then again so am i  :Very Happy: 

----------

## phattmatt

@WaMan

Hi, I was having the same problem. After a late night and some apache doc reading I changed a setting in '/etc/apache/conf/commonapache.conf'

from:

```
UseCanonicalName On
```

to

```
UseCanonicalName Off
```

I believe this is fairly important in allowing delta407's mod_rewrite stuff do it's thing.

After turning off canonicalname my server started directing the requests to the right places...    :Very Happy: 

Matt.

P.S. At the very least this stuff is making me read and learn   :Wink: 

----------

## phattmatt

@delta407

First of all thanks for your scripts, they are just the kind of thing I was looking for to setup a virtual web host.

Apart from the same problem that WaMan was experiencing (which I think I've solved), I have only had one difficulty.

Pure-FTP doesn't want to setup correctly when going through the './vhost-install FTP' stage.

An error along the lines of " sed unknown command ''' " is displayed with the end result being the config file doesn't get setup properly.

Any help would be appreciated.

Regards,

Matt.

----------

## ariejan

Delta! My hero!

Well, you've been hearing that quite a lot here. Well, you deserve it. 

I'm still installing here, but everything should be okay. I've finished the web part, and that works great!

Thanks!

----------

## entropicrune

Delta, I am trying to understand your scripts. They appear to call two other scripts which do not seem to be in the downloaded archives, or in a plain vanilla system.

One of these is tinydns-setup, and the other is rotate-logs. Could you elucidate?

Thank you.

----------

## Zues

Does anyone know how to setup either pure-ftpd or vsftpd to handle virtual domains?

----------

## rjreb

 *Zues wrote:*   

> Does anyone know how to setup either pure-ftpd or vsftpd to handle virtual domains?

 

We got it set up. Here's a basic breakdown.

vsftpd.conf

anon_world_readable_only=NO

anonymous_enable=NO

anon_upload_enable=YES

anon_mkdir_write_enable=NO

anon_other_write_enable=NO

virtual_use_local_privs=NO

#background=YES

chroot_local_user=YES

##chroot_list_enable=YES

#force_dot_files=YES

#ftpd_banner=some ftp server

guest_enable=YES

guest_username=virtual

#hide_ids=YES

#listen=YES

#listen_address=192.168.0.82

local_enable=YES

#log_ftp_protocol=YES

listen_port=21

#max_client#s=50

#max_per_ip=5

#nopriv_user=ftp

#pasv_address=192.168.0.82

#pasv_enable=YES

#pasv_min_port=30000

#pasv_max_port=30999

#session_support=NO

#use_localtime=YES

userlist_deny=YES

userlist_enable=YES

userlist_file=/etc/vsftpd/denied_users

#virtual_use_local_privs=YES

xferlog_enable=YES

write_enable=NO

user_config_dir=/etc/vsftpd/users

nopriv_user=nobody

#async_abor_enable=YES

##chmod_enable=YES

#cmds_allowed=QUIT,CHMOD

connect_from_port_20=YES

##dirlist_enable=YES

#ascii_upload_enable=YES

download_enable=NO

#local_umask=0027

#pasv_enable=YES

#port_enable=YES

Create a text file (e.g., logins.txt) with

user1

password1

user2

password2

etc

Then run

db3_load -T -t hash -f logins.txt /etc/vsftpd_login.db

Inside /etc/vsftpd/users you can individulize each user.

Hope that helps

----------

## wizy

This is just beautiful.  I will be setting it up on a server next week.  I hope it works as good as it looks.

----------

## delta407

I'm getting a new colocated box -- actually, in about six hours now -- that I'll put this on. FYI, everything worked with Apache 2 when I last checked, though I personally would do the installation manually rather than having vhost-install do it for you.

Of course, there have been improvements (like making awstats automagically go through your recently-split log files) since this was created many months ago. Maybe I'll write it up some time.  :Wink: 

----------

## delta407

 *Zues wrote:*   

> Does anyone know how to setup either pure-ftpd or vsftpd to handle virtual domains?

 

BTW, in case any one is wondering, FTP doesn't do virtual domains unless you have a different IP for each virtual domain.

Thought I'd add a reminder to prevent anyone from getting confused.  :Rolling Eyes: 

----------

## wizy

Has anyone worked on the "Delete" versions of some of these scripts, and also has anyone worked on a web interface to this nice system?

I would like to use this, for myself I would use the shell scripts.  But I have a couple others who would need a web interface.

----------

## nalin

Delta...awesome

For those who wish to aviod banging their heads against the wall with apache2 perhaps the following will help...

```

# get the server name from the Host: header

UseCanonicalName Off

<Directory "/pub/www">

Options Indexes MultiViews

AllowOverride None

Order allow,deny

Allow from all

</Directory>

RewriteEngine On

# a ServerName derived from a Host: header may be any case at all

RewriteMap  lowercase  int:tolower

RewriteCond  %{REQUEST_URI}  !^/icons/

# Duplicate the above for whatever other system-wide aliases you have

RewriteCond  /pub/www/hosts/${lowercase:%{SERVER_NAME}} -d

RewriteRule  ^/(.*)$  /pub/www/hosts/${lowercase:%{SERVER_NAME}}/$1 [L]

RewriteCond  %{REQUEST_URI}  !^/icons/

# Duplicate the above for whatever other system-wide aliases you have

RewriteRule  ^/(.*)$  /pub/www/default/$1

# this log format can be split per-virtual-host based on the first field

LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon

CustomLog logs/access_log vcommon

```

The apache2.conf file seems to need the updated directory information in order to allow pages to be served despite the fact that the <rant>PERMISSIONS HAVE BEEN RIGHT FOR THE BETTER PART OF AN F'IN DAY AND THE REWRITE BASED VHOSTS ACCESIBLE FROM APACHE2 DOCS OVERLOOKS THIS STEP</rant>.  Sorry, enogh bitching from me.

The rewrite stuff is i think all the same as in the original post, just been added for placement (and probably could go anywhere else in the file).

Regaurding the post asking whether apache2 works with this, with very limited testing it seems to so far...

Anyway hope this helps...

Again, thanks delta

----------

## delta407

 *nalin wrote:*   

> Regaurding the post asking whether apache2 works with this, with very limited testing it seems to so far...

 I just rolled out Apache2 with this on my shiny new Gentoo server. Web hosting was working properly (though it took some futzing with the order that config files were included), and then an upstream machine stopped routing packets to that box.  :Evil or Very Mad:  (BTW, the page linked above happens to be hosted on that machine.)

<sigh>

So, in conclusion, Apache2 doesn't seem to be a problem after some initial hiccups which can be solved quickly, even with a crude trial-and-error methodology.  :Rolling Eyes: 

----------

## wizy

Has anything else been done with this?

----------

## nalin

 *wizy wrote:*   

> Has anything else been done with this?

 

Yeah Delta, virtual web mail dns ... ... ..., IS THAT ALL?   :Very Happy: 

----------

## RaymaN

hi,

nice scripts. Where can i download these?

bye bye

ray

 :Cool: 

----------

## Sweetest_thing

When I try to write ./vhost-install BUILD WEB MAIL SQL DNS FTP MISC I just get the help provided.. It can't install.. why?

----------

## witalis

I have made virtual hosting which stores all data in mysql database. soft used:

 apache2 + mod_vdbh

 postfix, curus_imap, cyrus_pop3 

 mydns

Mydns is really grat dns daemon which stores all data in sql table, so administration is really easy (eg. "update mydns.soa set serial=serial+1" - update all zones data).

I also developed python scripts to manage all thiz. If anyone interested - mail me mpulczynski@escom.net.pl - however all  is in very beta-stage but working for me.

----------

## wizy

Has this been updated at all for apache2?  Has anyone changed it to use the default /var/www directory yet?

I know its not complex to do.  Just wondering if anyone has kept this system up to date.  It would be nice to know that this install script and all its associated scripts still works on a gentoo 2005.0 system with apache2.

----------

## nightcanton

Is this thread still alive?  Is there a newer script out there other than on the first page?

----------

## petlab

I'd like to know that too.  lets try contacting him.

----------

## linux_girl

 *delta407 wrote:*   

> I'm sure there's interest in it, but the real trick would be to make it all web-based...  (Actually, after one command -- a `wget http://mysite/install.sh -O - | bash` -- one could, in theory, perform a completely automated installation to the point of allowing web-based administration...)
> 
> To be honest, I don't have time right now to work on these scripts, but if there's a glaring error I will probably correct it. If anyone has ideas, feel free to post 'em here.

 

i ma curuntly using our scripts with some mod like to avoid arbitrary file overwriting by making a symLINK to /tmp/=>passwd 

may be this sumer i will try to make a java applet to make it esayer to manages servers/upload conf and restart servers manages file permes ...

----------

## geforce

EDIT: Resolved in other threadsLast edited by geforce on Sun Jan 14, 2007 6:19 am; edited 1 time in total

----------

## linux_girl

i am not a guru but your conf file is a bit mutch complicated use more simpler  conf to avoid screwing you up

MOD EDIT: Please don't quote the entire post above yours if you only want to add a one-liner. This isn't a mailing list, people can just scroll up to see what you're replying to... --plate

----------

