2008-10-19

Sysadmin Sunday: Apache Name Based Hosting mini-howto

Posted by Joel Kershner

Apache Name Based Hosting configuration
by Asmodian X

Contents
1. Description
2. Getting started
3. Base Filesystem Layout
4. Base Configuration
5. Name based hosting configuration (WWW only)
6. Name based hosting configuration (SSL single site)
7. Implementing the configuration

1. Description

Apache name based hosting configuration using Debian Linux or Ubuntu Linux Server edition. This is intended for intermediate Linux/UN*X administrators. You will require the Apache mod_vhost module, along with apache2, openssl and whatever other apache services you want.

2. Getting started

If you have not already installed apache ...

At the Ubuntu/Debian Linux prompt:


 $sudo apt-get install apache2
 $sudo a2enmod vhost_alias
 $sudo a2enmod ssl


3. Base Filesystem Layout
htdocs layout:

/data/sites
 •    ssl
     ⁃    symlink to site folder in www
 •    www
     ⁃    site_url
     ⁃    htdocs
     ⁃    cgi-bin


This could easily be turned into Suse's standard of /srv/www/sites/www ...etc . the site_url needs to be exactly what the end user will type in as their dns url. so there needs to be a folder

called host.example.com as well as www.host.example.com. This is easily accomplished with symlinks in Linux.

Config layout: (based off of ubuntu/debian standard)

/etc/apache
 •    sites_available
 •    sites_enabled
 •    modules_available
 •    modules_enabled
 •    ssl
     ⁃    sitename
     ⁃    certificate file

The ssl directory could easily be in /etc/ssl but this is up to you.

4. Base Configuration
This is the default Debian/ubuntu apache.conf file. No changes were made here.

  ServerRoot "/etc/apache2"
  LockFile /var/lock/apache2/accept.lock
  PidFile ${APACHE_PID_FILE}
  Timeout 300
  KeepAlive On
  MaxKeepAliveRequests 100
  KeepAliveTimeout 15
  <IfModule mpm_prefork_module>
  StartServers          5
  MinSpareServers       5
  MaxSpareServers      10
  MaxClients          150
  MaxRequestsPerChild   0
  </IfModule>
  <IfModule mpm_worker_module>
  StartServers          2
  MaxClients          150
  MinSpareThreads      25
  MaxSpareThreads      75
  ThreadsPerChild      25
  MaxRequestsPerChild   0
  </IfModule>
  User ${APACHE_RUN_USER}
  Group ${APACHE_RUN_GROUP}
  AccessFileName .htaccess
 <Files ~ "^\.ht">
  Order allow,deny
  Deny from all
 </Files>
  DefaultType text/plain
  HostnameLookups Off
  ErrorLog /var/log/apache2/error.log
  LogLevel warn
  Include /etc/apache2/mods-enabled/*.load
  Include /etc/apache2/mods-enabled/*.conf
  Include /etc/apache2/httpd.conf
  Include /etc/apache2/ports.conf
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common
  LogFormat "%{Referer}i -> %U" referer
  LogFormat "%{User-agent}i" agent
  ServerTokens Full
  ServerSignature On
  Include /etc/apache2/conf.d/
  Include /etc/apache2/sites-enabled/
  Listen 80
  Listen 443

5. Name based hosting configuration (WWW only)

UseCanonicalName Off
LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
DirectoryIndex index.html index.shtml index.php index.htm
<Directory /data/sites/www>
    Options FollowSymLinks
    AllowOverride All
</Directory>
<VirtualHost *:80>
    Servername host.example.com
    CustomLog /var/log/apache2/access_log.host.vhost vcommon
    VirtualDocumentRoot /data/sites/www/%0/htdocs/
    VirtualScriptAlias /data/sites/www/%0/cgi-bin/
 </VirtualHost>

WWW name based hosting requires the use of the mod_vhost apache2 module. Any interface that apache is listening to will check to see what hostname was being called and match it to a directory name in /data/sites/www/.

6. Name based hosting configuration (SSL single site)

UseCanonicalName Off
LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
DirectoryIndex index.html index.shtml index.php index.htm
<Directory /data/sites/ssl>
    Options FollowSymLinks
    AllowOverride All
</Directory>
<VirtualHost 1.2.3.4:443>
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/generic/generic.crt
    Servername host.example.com
    CustomLog /var/log/apache2/access_log.host.vhost vcommon
    VirtualDocumentRoot /data/sites/ssl/host.example.com/htdocs/
    VirtualScriptAlias /data/sites/ssl/host.example.com/cgi-bin/
 </VirtualHost>

Alternatively you can add another virtual host for port 80 in-case you want to exclude this site from the name based section above.

SSL wants a static port, IP or both. Its easier to have a static IP but either will do. Also, you will need a dedicated ssl certificate for each site (lest you get an SSL error message on the client side) or you need to get a Wildcard SSL certificate for your domain. This is assuming you are assigning sites under the example.com domain such as site1.example.com, site2.example.com ...etc.

If you are dealing with different DNS names for each site then individual certificates are needed.

7. Implementing the configuration
When installing the configuration take these steps:

1. Remove the /etc/apache2/sites_enabled/default configuration symlink
2. Create the generic name based hosting files (listed above) into files in the /etc/apache2/sites_available folder.
3. Create symlinks from the sites_available configuration files into the sites_enabled folder.
4. restart apache.

Labels: , ,

blog comments powered by Disqus
Subscribe to: Post Comments (Atom)