# Apache vhosts

## Re-JeeP

Hi!

I'm working on setting up a couple of vhosts for Apache.

I found the tool webapp-config which I planned on using.

Now. I have a couple of users that each should be able to set up a webserver.

Say that user1 wants to have more than one site. Should I create one vhost for that user and then the user could add folders in that folder for each site he wants? Or should I create one vhost for each site?

It should be possible to point a domain to each site!

And one more question about webapp-config. I don't know if you have to enter a app-name and app-version. Would this work for user1?

```
webapp-config -I -h project1 -u user1 -g user1 -d /home/user1/www/project1 -s apache
```

----------

## yaman666

As far as I am aware, webapp-config may only be used with web applications that have the special functionality in their ebuild, in order to be used with webapp-config.

What you want does not need webapp-config. If you want to make user home subdirectory accessible via the web, edit /etc/conf.d/apache2 and add USERDIR flag

```
APACHE2_OPTS="-D DEFAULT_VHOST -D USERDIR"
```

Then change /etc/apache2/httpd.conf and specify what you want subdirectory to be called. By default it will be /home/user/public_html accessible by www.server.com/~user

```
...

<IfModule mod_userdir.c>

    UserDir public_html

...

```

As far as creating vhosts file - you can do it any way you'd like. You can do one file per site, one per user, one altogether - just a matter of preference.

----------

## Re-JeeP

 *yaman666 wrote:*   

> As far as I am aware, webapp-config may only be used with web applications that have the special functionality in their ebuild, in order to be used with webapp-config.
> 
> What you want does not need webapp-config. If you want to make user home subdirectory accessible via the web, edit /etc/conf.d/apache2 and add USERDIR flag
> 
> ```
> ...

 

Hi, thanks for the answer!

Though I would like some more help!

I don't see how edit /etc/apache2/httpd.conf would help if a user wants more than one site or if more than one user wants one or more than one site. Can you please explain how to edit the file then?

And then about the vhosts files. One per user I think would be best. Should these files be in /etc/apache2/conf/vhosts/?

Could you give me an example of setting up a vhost environment?

Say that user adam should have two sites: private and public. And user peter wants one site: pictures. How should I set that up?

Sorry if I'm asking much but I've really tried my self by reading in the wiki and in the apache manual with no success... So I could really need some help!

----------

## martin20450

For each virtual host you want you need to create a domain.com.conf file in /etc/apache2/vhosts.d/domain.com.conf

For example:

```
<VirtualHost *:80>

    ServerName domain.com

    ServerAlias www.domain.com

    ServerAdmin bob@domain.com

    DocumentRoot "/path/to/user/directory"

</VirtualHost>
```

It's possible to setup a web interface for this using any number of languages, have the input written to a /tmp/hosts/* file and parse those through a cron job running as root, if it finds any files then it can check they're valid and move them to the /etc/apache2/vhosts.d/ directory and then restart apache, hope it helps.

----------

## yaman666

 *martin20450 wrote:*   

> For each virtual host you want you need to create a domain.com.conf file in /etc/apache2/vhosts.d/domain.com.conf

 

Correction: you may create a *.conf file. You may just as well create user1.conf with all user's domains in one file, or even stick everything into a single config.

 *martin20450 wrote:*   

> It's possible to setup a web interface for this using any number of languages, have the input written to a /tmp/hosts/* file and parse those through a cron job running as root, if it finds any files then it can check they're valid and move them to the /etc/apache2/vhosts.d/ directory and then restart apache, hope it helps.

 

I would recommend against this, as malicious user can give access to directories not intended to be shared. Unless this is an absolute must, just set them up manually. Or have a web script write "controlled" vhosts files based on certain parameters, don't use random uploaded files.

And finally, do not restart apache, but reload apache. Restarting will fail if you accidentally make an error, while reload will alert you of the error and abort restarting apache.  :Smile: 

----------

## Re-JeeP

 *yaman666 wrote:*   

>  *martin20450 wrote:*   It's possible to setup a web interface for this using any number of languages, have the input written to a /tmp/hosts/* file and parse those through a cron job running as root, if it finds any files then it can check they're valid and move them to the /etc/apache2/vhosts.d/ directory and then restart apache, hope it helps. 
> 
> I would recommend against this, as malicious user can give access to directories not intended to be shared. Unless this is an absolute must, just set them up manually. Or have a web script write "controlled" vhosts files based on certain parameters, don't use random uploaded files.

 

What is all this for?

Is all that I have to do these things?

1: Add USERDIR

```
APACHE2_OPTS="-D DEFAULT_VHOST -D USERDIR"
```

2: Edit /etc/apache2/httpd.conf in some way I don't know...

```
...

<IfModule mod_userdir.c>

    UserDir public_html

... 
```

3: Create conf files in /etc/apache2/vhosts.d/ for each user (say that I want one for each user).

```
<VirtualHost *:80>

    ServerName domain.com

    ServerAlias www.domain.com

    ServerAdmin bob@domain.com

    DocumentRoot "/path/to/user/directory"

</VirtualHost>
```

Could I with this configuration create what I want? Every user shall have one folder in their /home/user dir. And every folder they put in that can a domain be pointed to?

Or would it be easier if the superuser only could create new sites?

Would the only thing I had to do then be to add conf-files in /etc/apache2/vhosts.d/?

----------

## yaman666

If users have actual domains you need to use, that forget about USERDIR. USERDIR is specifically to enable www.domain.com/~username WITHOUT having to set up vhosts etc.

Here's an example of multiple domains per user:

/etc/apache2/vhosts/jsmith.conf

```

#John Smith's file

# Domain www.dom1.com and catchall *.dom1.com

<VirtualHost *:80>

    DocumentRoot "/var/www/dom1.com/htdocs"

    ServerName www.dom1.com

    ServerAlias *.dom1.com

    ErrorLog /var/www/dom1.com/logs/error_log

    CustomLog /var/www/dom1.com/logs/access_log combined

</VirtualHost>

# Domain www.dom2.com

<VirtualHost *:80>

    DocumentRoot "/var/www/dom2/htdocs"

    ServerName www.dom2.com

    ErrorLog /var/www/dom2.com/logs/error_log

    CustomLog /var/www/dom2.com/logs/access_log combined

</VirtualHost>

```

/etc/apache2/vhosts/tbrown.conf

```

#Tom Brown's file

# Domain www.tbrown.com - public

<VirtualHost *:80>

    DocumentRoot "/var/www/tbrown.com/htdocs/public"

    ServerName www.tbrown.com

    ErrorLog /var/www/tbrown.com/logs/error_log

    CustomLog /var/www/tbrown.com/logs/access_log combined

</VirtualHost>

# Domain private.tbrown.com - private

<VirtualHost *:80>

    DocumentRoot "/var/www/tbrown.com/htdocs/private"

    ServerName private.tbrown.com

    ErrorLog /var/www/tbrown.com/logs/error_log

    CustomLog /var/www/tbrown.com/logs/access_log combined

</VirtualHost>

```

Don't forget to give appropriate permissions to all those folders. I.e.:

```
chown -R jbrown:apache /var/www/dom1.com

find /var/www/dom1.com -type f -exec chmod 644 {} \;

find /var/www/dom1.com -type d -exec chmod 755 {} \;

```

And you can figure out the rest of the details. Hope this helps!

----------

## Re-JeeP

Hi! I think I found a solution! =)

I have one more question though. How can I reach the different sites from another computer?

Say that I have the sites temp, temp2 and localhost.

I tried with <myip>/{temp, temp2, localhost} but no success!

----------

## MickKi

 *Re-JeeP wrote:*   

> I tried with <myip>/{temp, temp2, localhost} but no success!

 Same here . . . 

I want to set up a LAN server for website development, but I do not run a DNS server (other than the Netgear router) to resolve these names.  Also, these websites exist in the wild and pointing a browser from within the LAN to website1.com will resolve through the router to the remote (real) server, as opposed to the LAN (development) server.

What's the best way to achieve this if I too want to have different websites on the same machine and additionally be able to run webapps (e.g. drupal) on most of them?

----------

## yaman666

Well, the default localhost should be simply accessible by ip. It should be a catch-all when requested address doesn't match any of the domains in vhost files.

And as far as accessing the domains - you could tinker with iptables rules, but the easiest thing I found is to just temporarily edit hosts file.

linux:

```
/etc/hosts
```

windows: 

```
c:\windows\System32\drivers\etc\hosts
```

Let's say you set up www.domain1.com, www.domain2.com and private.domain2.com on local machine (127.0.0.1), then you edit hosts file and add:

```
127.0.0.1 www.domain1.com

127.0.0.1 www.domain2.com

127.0.0.1 private.domain2.com
```

So now your request goes to appropriate machine with appropriate url and matches your "www.domain1.com" in your vhosts file.

----------

## MickKi

 *yaman666 wrote:*   

> Well, the default localhost should be simply accessible by ip. It should be a catch-all when requested address doesn't match any of the domains in vhost files.

 Well, if I type 192.168.0.2 I get the localhost default apache configuration.  If I type 192.168.0.2/website1.com I get a not found error.

 *yaman666 wrote:*   

> And as far as accessing the domains - you could tinker with iptables rules, but the easiest thing I found is to just temporarily edit hosts file.

 Unfortunately, one of the clients is a MS Windows machine.  Modifying the LMHosts file would be an option, but then I would need to change it back every time, to be able to connect to the real website on the WAN server.

----------

## yaman666

 *MickKi wrote:*   

> Well, if I type 192.168.0.2 I get the localhost default apache configuration.  If I type 192.168.0.2/website1.com I get a not found error.

 

That is proper behaviour. Unless there's a directory website1.com within /var/www/localhost/htdocs, it won't be found. You could 

```
ln -s /var/www/website1.com/htdocs /var/www/localhost/htdocs/website1.com
```

 if you wanted that behavior.

 *MickKi wrote:*   

> Unfortunately, one of the clients is a MS Windows machine.  Modifying the LMHosts file would be an option, but then I would need to change it back every time, to be able to connect to the real website on the WAN server.

 

In this case you can either link it under localhost as mentioned above, or add a SeverAlias dev.website1.com to the vhosts file and map dev.website1.com to the local lan ip, while keeping www.website1.com to production server.

----------

## MickKi

 *yaman666 wrote:*   

> In this case you can either link it under localhost as mentioned above, or add a SeverAlias dev.website1.com to the vhosts file and map dev.website1.com to the local lan ip, while keeping www.website1.com to production server.

 When you say "map dev.website1.com to the local lan ip" do your mean changing <VirtualHost *:80> to <VirtualHost 192.168.0.2:80> in the vhost.conf file, or are you still talking about editing /etc/hosts and LMHosts files?

I think I am getting myself confused . . .

Under /var/www/locahost/htdocs I have set up the link:

```
/var/www/locahost/htdocs/website1.com -> /var/www/website1/htdocs
```

The vhosts.conf file reads:

```
<VirtualHost 192.168.0.2:80>

  ServerName www.website1.com

  ServerAlias website1.com *.website1.com

  DocumentRoot /var/www/website1/htdocs

</VirtualHost>
```

Now, when I click on 192.168.0.2 I do not see the Apache page anymore, but the website1 page.    :Confused: 

----------

## Re-JeeP

 *MickKi wrote:*   

>  *yaman666 wrote:*   In this case you can either link it under localhost as mentioned above, or add a SeverAlias dev.website1.com to the vhosts file and map dev.website1.com to the local lan ip, while keeping www.website1.com to production server. When you say "map dev.website1.com to the local lan ip" do your mean changing <VirtualHost *:80> to <VirtualHost 192.168.0.2:80> in the vhost.conf file, or are you still talking about editing /etc/hosts and LMHosts files?

 

Isn't <VirtualHost ip:port> for ip based virutal hosting?

But I cant understand why you can't specify which virutal host you want to connect to in the URL!?

----------

## MickKi

You can specify it in the URL but you will also need a DNS configuration to allow your client(s) to find it.  That's what yaman666 suggested, by changing the /etc/hosts and LMHosts files.

----------

## Re-JeeP

Well... I have three vhosts on my machine: temp, temp2 and localhost.

On my laptop I edited /etc/hosts and added the domains.

```
192.168.1.33 temp

192.168.1.33 temp2
```

And then I restarted the network:

```
/etc/init.d/net.eth1 restart
```

But I cant reach either site by enter the URL: http://temp or http://temp2. But I can reach localhost on that computer by enter http://192.168.1.33 in the browser.

----------

## yaman666

So when you ping temp and temp2 from your laptop, you get 192.168.1.33?

And on 192.168.1.33 there is an entry in vhost file with ServerName temp and temp2?

(There's no need to restart the network, just apache when you change configuration.)

----------

## Re-JeeP

 *yaman666 wrote:*   

> So when you ping temp and temp2 from your laptop, you get 192.168.1.33?

 

```
$ ping temp

PING temp (192.168.1.33) 56(84) bytes of data.

From temp (192.168.1.33) icmp_seq=1 Destination Port Unreachable

From temp (192.168.1.33) icmp_seq=2 Destination Port Unreachable

From temp (192.168.1.33) icmp_seq=3 Destination Port Unreachable

From temp (192.168.1.33) icmp_seq=4 Destination Port Unreachable

From temp (192.168.1.33) icmp_seq=5 Destination Port Unreachable

--- temp ping statistics ---

5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 3999ms

, pipe 3
```

 *yaman666 wrote:*   

> And on 192.168.1.33 there is an entry in vhost file with ServerName temp and temp2?

 

```
<VirtualHost *:80>

    DocumentRoot "/home/rejeep/temp_www"

    ServerName temp

</VirtualHost>

<VirtualHost *:80>

    DocumentRoot "/home/rejeep/temp_www2"

    ServerName temp2

</VirtualHost>
```

----------

## yaman666

What error message are you getting when you try to access http://temp then? Site not found or something like forbidden, no permissions, etc? Is it even accessing the server? If so - check your apache log files, see if there's anything there.

----------

## Re-JeeP

 *yaman666 wrote:*   

> What error message are you getting when you try to access http://temp then? Site not found or something like forbidden, no permissions, etc? Is it even accessing the server? If so - check your apache log files, see if there's anything there.

 

Hmm... All of a sudden it started to work...!   :Confused: 

Thanks a lot for the help! I have all the information I need now!   :Laughing: 

----------

## yaman666

 *MickKi wrote:*   

>  *yaman666 wrote:*   In this case you can either link it under localhost as mentioned above, or add a SeverAlias dev.website1.com to the vhosts file and map dev.website1.com to the local lan ip, while keeping www.website1.com to production server. When you say "map dev.website1.com to the local lan ip" do your mean changing <VirtualHost *:80> to <VirtualHost 192.168.0.2:80> in the vhost.conf file, or are you still talking about editing /etc/hosts and LMHosts files?
> 
> I think I am getting myself confused . . .
> 
> Under /var/www/locahost/htdocs I have set up the link:
> ...

 

By mapping I mean map ip to name in your /etc/hosts or c:\windows\System32\drivers\etc\hosts (Not sure what the LMHosts file is). For example:

```
192.168.0.2 www.website1.com
```

That will make your local machine go to that ip instead of what www.website1.com normally resolves to. When requests comes to apache it uses virtual host directives to determine which host to serve. 

So <virtualhost 192.168.0.2:433> will listen only on port 433, only on ip 192.168.0.2, while <virtualhost *:80> will listen on all ips on port 80.

When your request comes in, it looks at the url next, so if you have your website1.com mapped to 192.168.0.2, you need this in your apache config. Keep in mind that www.website.com != website.com.

```
<virtualhosts *:80>

  ServerName website1.com

  ServerAlias *.website1.com

  DocumentRoot /var/www/website1.com/htdocs

</virtualhost>

<virtualhosts *:80>

  DocumentRoot /var/www/localhost/htdocs

</virtualhost>
```

The first one will catch all website1.com and *.website1.com requests, while the second will catch everything else.

Does this make sense now?

----------

## MickKi

Thank you so much!

It all makes sense now and I have it working as I wanted.  Next stage is to set up s/ftp access, but this brings me to the issue of access rights and what not.

The server is meant to be accessed by different users who will be modifying website files.  These users do not have a linux user account on the box.  There is an apache user (default installation) but I don't know what the passwd is - I didn't set one up yet.  How would you recommend I go about setting up this server so that website developers can access it for the purpose of modifying the htdocs only?

How do I go about setting up sftp access?

Thanks again for all your help.    :Smile: 

----------

## yaman666

 *MickKi wrote:*   

> Next stage is to set up s/ftp access, but this brings me to the issue of access rights and what not. The server is meant to be accessed by different users who will be modifying website files.  These users do not have a linux user account on the box.  How do I go about setting up sftp access?

 

If you want to prevent the user from using regular shell commands look into rssh or scponly

http://www.pizzashack.org/rssh/

http://sublimation.org/scponly/wiki/index.php/Main_Page

 *MickKi wrote:*   

> There is an apache user (default installation) but I don't know what the passwd is - I didn't set one up yet.

 

Don't touch apache user, noone should use it.

 *MickKi wrote:*   

> How would you recommend I go about setting up this server so that website developers can access it for the purpose of modifying the htdocs only?

 

Once you set up sftp/scp only accounts, you can 

```
ln -s /var/www/usersite/htdocs /home/user/www
```

 (I think it should work with rssh/scponly, never done it myself before).

And give appropriate permissions to the files inside htdocs, so that user has full access to read/write/delete and apache has read access (write if necessary). Such as 

```
chown -R user:apache /var/www/usersite/htdocs
```

----------

## MickKi

 *yaman666 wrote:*   

>  *MickKi wrote:*   How would you recommend I go about setting up this server so that website developers can access it for the purpose of modifying the htdocs only? 
> 
> Once you set up sftp/scp only accounts, you can 
> 
> ```
> ...

 

Are you saying that I should first create Linux user accounts for each person that I want to be able to access and modify and the htdocs?

----------

## yaman666

 *MickKi wrote:*   

> Are you saying that I should first create Linux user accounts for each person that I want to be able to access and modify and the htdocs?

 Well you don't want different users to access each other accounts, do you? Give them each their own account, a limiting shell such as rssh, and access to only their files.

----------

## MickKi

Just to get this clear in my head:

1. We have Linux OS user accounts.

2. We also have apache user accounts (created using htpasswd).

The former is needed to allow access to the box.

The latter is needed to additionally allow access to the htdocs.

Is this correct?

What happens if we have no OS user account called Mick, but we create an apache user called Mick1?  What will Mick1 be able to access/do?

Thank you for all your help.

----------

## yaman666

Those apache users are for accessing the website itself, through browser, not the files. In fact, those linux users will be able to create apache users themselves for use with .htaccess.

----------

## MickKi

I understand now.   :Smile: 

A linux user account is a must for allowing access to the htdocs to change the website files.

An apache user account is needed for allowing secure access (via authentication) to the web pages using a browser.

It took me ages to get it!    :Rolling Eyes: 

Thank you very much.

----------

## Re-JeeP

Hello again!

I have some trouble connecting from work to my server at home through http.

I created this vhost:

```
<VirtualHost *:80>

        DocumentRoot "/home/rejeep/www"

        ServerName rejeep

        ServerAlias rejeep

        ErrorLog /home/rejeep/www/logs/error_log

        CustomLog /home/rejeep/www/logs/access_log combined

</VirtualHost>
```

And in my work computer I added:

```
x.x.x.x   rejeep
```

in /etc/hosts.

But I can't reach it. I get this message:

```
Network Error (dns_server_failure)

Your request could not be processed because an error occurred contacting the DNS server.

The DNS server may be temporarily unavailable, or there could be a network problem.

For assistance, contact your network support team.
```

----------

## yaman666

That doesn't look like it's apache related. That error is on your work computer, right? Can you ping the ip?

----------

## Re-JeeP

 *yaman666 wrote:*   

> That doesn't look like it's apache related. That error is on your work computer, right? Can you ping the ip?

 

Yes, the error is on the work computer (though I have tried with one Windows machine and one Gentoo machine and I get the same error).

Sure... I can ping. I can also connect through ssh!

And I can reach the default vhost by enter the ip only!

----------

## yaman666

No idea on this one, sorry. You'd probably be better off pulling this out into a new thread.

----------

## Re-JeeP

 *yaman666 wrote:*   

> No idea on this one, sorry. You'd probably be better off pulling this out into a new thread.

 

It seemed to be some internal problem at work. At another net it works fine...

Thanks!

----------

