# apache2 virtual hosting questions

## Seather

I currently use name-based virtual hosts for a whole list of virtual hosts. All of their DocumentRoot directories are listed in /var/www. I have a couple of questions though:

1) Is there any way that I can set a "default" webpage, for example, have my list of virtual hosts, but if it matches against any of them, or the ip address is used, go to /var/www/localhost/htdocs with all the default settings and don't use any of the vhosts at all?

2) I'd also like to use ssl for that "default" host but not for any of the virtual hosts, is that possible? If so, how?

3) Currently for every single virtual host I need the following:

```
<Directory /var/www/whicheverhostname>

   AllowOverride All

     Order deny,allow

</Directory>
```

Otherwise the virtual host doesn't work, any workaround for this?

4) Soon I am going to get a second and third IP Address for the server, is it possible to use two for seperate virtual hosts with ssl enabled and all of the rest on one single ip address with name based virtual hosting?

5) At the moment I also use a seperate name based virtual host who's servername and serveralias is set to mail.allmyvirtualhostsseperately this points to my one central squirrelmail installation. I somehow find this a bit ugly, isn't there a better/different way to do that?

6) I want to add a cgi-bin directory for each and every virtual host, is putting it directly in each virtual host's documentroot dir?

I would feel much more comfortable doing what I am doing if I can find properly explained answers to the questions above. I really hope that I have made some sense!

Thank you

----------

## starachna

hello i use .htaccess in my root dirs, thus if they enter the machines ip, the get redirected to where i want them to go, additionally i rename the ssl-vhosts file in modules.d in apache dir ... and add this in my normal vhosts file ...

```

<VirtualHost *:80>

    ServerAdmin www-admin@domain

    DocumentRoot /www/hosts/domain

    ServerName domain

    ServerAlias www.domain

    ServerAlias www.domain

    ServerAlias domain

    ErrorLog /www/logs/domain-error_log

    CustomLog /www/logs/domain-access_log combined

</VirtualHost>

################## MOD_SSL VHOST CONFIG BEGINS 

<IfModule mod_ssl.c>

<VirtualHost *:443>

    DocumentRoot /www/hosts/domain

    ServerName www.domain

    ServerAdmin www-admin@domain

    ErrorLog /www/logs/domain-ssl_error_log

    CustomLog /www/logs/domain-access_log combined

    

    <IfModule mod_log_config.c>

       TransferLog /www/logs/domain-ssl_access_log

    </IfModule>

    SSLEngine on

    SSLCipherSuite LL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile conf/ssl.crt/www.domain.crt

    SSLCertificateKeyFile conf/ssl.key/www.domain.key

    <Files ~ "\.(cgi|shtml|phtml|php?)$">

       SSLOptions +StdEnvVars

    </Files>

    <IfModule mod_setenvif.c>

       SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \

       downgrade-1.0 force-response-1.0

    </IfModule>

    <IfModule mod_log_config.c>

       CustomLog /www/logs/ssl_request_log \

       "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    </IfModule>

</VirtualHost>

</IfModule>

```

that way you only deal with one vhosts file ... i tried mod_vdbh but never got it quite right ... vhosts in db ...

i see your from south africa! great where abouts?

ciao

----------

## Seather

I have now moved 41_mod_ssl.default-vhost.conf out of the way and set up my vhosts.conf as follows below. However when I do try https://domain2 or https://domain3 firefox tells me "The connection to domain# has terminated unexpectedly, some data may have been transferred" Is this okay? Is there no better way? I get this in the error-log:

```
==> /var/log/apache2/access_log <==

165.165.146.215 - - [07/Oct/2004:02:51:40 +0200] "\x80g\x01\x03" 200 31 "-" "-"
```

Also is the <Directory> derivative that I put in there okay or is it risky?

And finally, I get this in each of my virtual hosts' error logs:

```
[Wed Oct 06 22:15:10 2004] [error] [client 165.165.146.215] File does not exist: /var/www/domain/favicon.ico
```

Whats with that? And I get it even if I put in a blank index.html file?

Anyway, here goes vhosts.conf:

```

<Directory /var/www>

   AllowOverride All

      Order deny,allow

</Directory>

<VirtualHost ipaddress1:80>

   AccessFileName .htaccess

   ServerName domain1.com

   ServerAlias domain1.com www.domain1.com

   DocumentRoot /var/www/localhost/htdocs

   Setenv VLOG /var/log/apache2

   ErrorLog /var/log/apache2/domain1-error.log

</VirtualHost>

<IfModule mod_ssl.c>

<VirtualHost ipaddress1:443>

   AccessFileName .htaccess

   DocumentRoot /var/www/localhost/htdocs

   ServerName domain1.com

   ServerAlias domain1.com www.domain1.com

   Setenv VLOG /var/log/apache2

   ErrorLog /var/log/apache2/domain1-error.log

   SSLEngine on

   SSLCipherSuite LL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

   SSLCertificateFile conf/ssl/server.crt

   SSLCertificateKeyFile conf/ssl/server.key

    <Files ~ "\.(cgi|shtml|phtml|php?)$">

       SSLOptions +StdEnvVars

    </Files>

   

    <IfModule mod_setenvif.c>

       SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \

       downgrade-1.0 force-response-1.0

    </IfModule>

</VirtualHost>

</IfModule>

   

# Set ip address for name based virtual hosts

NameVirtualHost ipaddress2:80

       

# email hostnames

<VirtualHost ipaddress2:80>

   ServerName mail.domain2.za.net

   ServerAlias mail.domain2.za.net mail.domain3.co.za mail.domain1.com

   DocumentRoot /var/www/localhost/htdocs/squirrelmail

   Setenv VLOG /var/log/apache2

   ErrorLog /var/log/apache2/squirrelmail-error.log

</VirtualHost>

 

# domain2.za.net

<VirtualHost ipaddress2:80>

   AccessFileName .htaccess

   ServerName domain2.za.net

   ServerAlias domain2.za.net www.domain2.za.net

   DocumentRoot /var/www/domain2.za.net/htdocs

   Setenv VLOG /var/log/apache2

   ErrorLog /var/log/apache2/domain2-error.log

</VirtualHost>

# domain3.co.za

<VirtualHost ipaddress2:80>

   AccessFileName .htaccess

   ServerName domain3.co.za

   ServerAlias domain3.co.za www.domain3.co.za

   DocumentRoot /var/www/domain3.co.za

   Setenv VLOG /var/log/apache2

   ErrorLog /var/log/apache2/domain3-error.log

</VirtualHost>

```

starachna:  *Quote:*   

> i see your from south africa! great where abouts?

 

east rand...

----------

## starachna

hello, you can only host one ssl site per ip, the ssl stuf fhappens before vhosts, so when apache gets it he doesn't know for which vhost it is ?!? ref: apache site

i suggest getting one site working before moving on to the rest, yep that directive tag is fine, i ad mine in vhosts to.

ps. shouldn't you be looking at ssl logs for ssl requests, or do they go into accesslog too? mine would be ...

/www/logs/domain-ssl_access_log

all the best

----------

## Seather

I know only one site per IP,

Remember what I am doing here, both ip-based virtual hosting and name based virtual hosting. I have a seperate ip for domain1 which is on ip-based virtual hosting and has ssl, where as domain2 and domain3 are both on name based virtual hosting on my second IP. 

All my sites are working, I am just wondering about the error I get when trying to access https on sites that's not supposed to have https (all those on my name-based virtual hosting). I only want my ip-based-virtual-hosting site (domain1) to have ssl support.

Other than that everything is working fine!

----------

## starachna

i don't know why you are getting "some data may have been transferred" i have only gottan that once or twice, and it was a config error, as far as favicon is concerned, it's the little icon you see in bookmarks ... if you look at the address part of your browser, in the forums, you'll see the gentoo favicon ...

have a great day!

----------

## splooge

Actually it's one ssl certificate per ip, not one ssl site per ip.  You can run multiple vhosts if they all use the same ssl certificate.

As for taking care of messy virtualhosts -- along with a "default" web site -- I use Delta407's recommendation: mod_rewrite.  These next 5 lines are going to amaze you:

```
RewriteEngine On 

RewriteMap  lowercase  int:tolower 

RewriteCond  /var/www/${lowercase:%{SERVER_NAME}} -d 

RewriteRule  ^/(.*)$  /var/www/${lowercase:%{SERVER_NAME}}/$1 [L]

RewriteRule  ^/(.*)$  /var/www/default/$1
```

Put those 5 lines in your apache.conf, and lose all the other vhost stuff.

Then in commonapache.conf:

```
UseCanonicalName Off
```

Change your documentroot and directory directives in commonapache.conf from /var/www/localhost/htdocs to:

```
DocumentRoot: /var/www

<Directory /var/www>
```

Then make your document roots under /var/www:

```
mkdir /var/www/www.mysite.com

mkdir /var/www/mail.mysite.com

mkdir /var/www/default
```

This accomplishes the following:

1) When apache reads the request from the web browser, it reads the hostname that the client supplied.  It will then use the documentroot of /var/www/hostname.

2) If /var/www/hostname doesn't exist, it will default to /var/www/default

3) Making a new virtual host is as easy as creating a new directory.  No need to re-read config files or restart apache every time you add a vhost.

4) No messy vhosts file.  In fact, no vhosts file at all!

----------

## trossachs

What about individual log files for each virtual host, how will Apache know where to log them individually within /var/log/apache2?

----------

## gestah

@splooge 

I tried to do it the way you told me...but it doesn't work.  :Confused: 

The browser returns : access forbidden:403.

----------

## trossachs

IT WORKS FOR ME and I am soooooooo grateful! Splooge, what errors are you getting, does it refer to some entry in the logs listed as "default?"

----------

## starachna

@splooge, that's what i meant  :Wink: 

Delta407's scripts are such an asset!! the problem for me comes in when you use other things inconjunction with apache, like mod_jk and urchin, so i still need vhost file to lurk around, 

ciao

----------

## trossachs

Regarding these now working virtual hosts that I have. How can I enable Apache to report individual error and access logs for each host?

----------

## splooge

Well, Delta407 put this in his apache.conf file:

```
# this log format can be split per-virtual-host based on the first field 

LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon 

CustomLog logs/access_log vcommon
```

But I'm not sure if that does what you want it to do, I've never tried splitting up the logs.  Sorry, I can't really help out with that.

----------

## trossachs

Well have added this line, but all it has done is to report what is already there in the /var/log/apache2/access_log file. I need individual error and access logs for each VH.

----------

## starachna

JulesF, there is a bash script that does it for you, check that post ...

here is the url ... https://forums.gentoo.org/viewtopic.php?t=16597

and here is the code ** praises and comments to delta407 **

```

#!/bin/bash

# Initialization

cd /pub/www/hosts

hosts=`find -type d -maxdepth 1 | egrep -v ^.$ | sed -e 's/^.\///g'`

now=`date +%Y-%m-%d`

# Copy and chop logfile

cp /var/log/apache/access_log access_log

echo -n > /var/log/apache/access_log

# Do the splittin

for i in $hosts

do

        mkdir -p $i/logs

        echo "# Access log for ${now}" >> $i/logs/${now}.log

        egrep '^'${i}' ' access_log | awk -F"${i} " '{print $2}' >> $i/logs/${now}.log

done

# Remote temporary log

rm access_log
```

----------

## trossachs

Thanks for this starachna. But I am assuming that this script is to be just run and left, not to be added to Apache's normal config files? Forgive my ignorance.

----------

## TheWoopWoop

With mod_rewrite does this mean that if I want the site to respond on both domain.com as well as www.domain.com that I would need to have two separate directories?

----------

## TheWoopWoop

Here's a method of doing the exact same thing without using mod_rewrite.

It's built into apache.

http://httpd.apache.org/docs-2.0/vhosts/mass.html

It is worth pointing out that this method does not allow you to have a default value unlike delta's method above.

----------

## starachna

@JulesF

you can add it to cron

[/code]

----------

## splooge

 *TheWoopWoop wrote:*   

> With mod_rewrite does this mean that if I want the site to respond on both domain.com as well as www.domain.com that I would need to have two separate directories?

 

ln -s /var/www/mysite.com /var/www/www.mysite.com

It's in delta407's scripts, linked above.

----------

## trossachs

Thanks starachna. That wasa bit silly I should have realised! But I am still somewhat concerned at the complexity of something that was previously so simple. I have to run a cron job to activate at certain times, I assume, during the day to update log files, when Apache used to simply record realtime information about my individual virtual hosts.

I notice also there is no provision being made for an error_log but only for access information. An access_log is fine to confirm what you already know, but what happens when there are problems and errors that I need to investigate? Do I simply create two cron jobs and adjust the naming convention accordingly?

I'm sure this script that everyone is harking about, does absolute wonders for my CPU utilization, but is there anything somewhat simpler?

----------

## starachna

well, not neccecarely cron, you should already be using logrotatr to rotate your logs, you can put that as a prerun script ... i'm sure if you give it a whirl on a test box you'll be able to check what it does, and should help make things not that complex  :Wink: 

about your errors, they will all end up in errorlog.

i also still use vhosts file because i have customised stuff in there, but i'm sure for a box where everything is standard this would work great!

ciao

----------

## rILLEST

splooge,

I followed the directions you posted from delta407's guide and it works great, thanks to both of you!

However.. I don't know how to set this up to work with ssl.. what  I'd like is a virtual host like https://secure.mydomain.com

All I've done so far is create the dir (/var/www/secure.mydomain.com) 

I run apache2  with (APACHE2_OPTS="-D PHP4 -D SSL") in /etc/conf.d/apache2

in my ssl_error_log I get this:

[warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?

Thankful for any help!

rillest

----------

