1.0 INTRODUCTION
Apache is by far the most used web server software used in the internet world today. One of the key features of web serving is the ability to host multiple sites from one server. In this project 5 different web sites will be created each with different rules and permissions, all running off of the same server in multiple conf files.
2.0 PROJECT
I. Requirements
• Linux based computer for server (Redhat)
• Zone Edit account
• Basic Linux knowledge
II. Installation
• Install your Linux distro of choice. I have used Red Hat 5.
• Once Linux is installed type yum update from a terminal to make sure your server is up to date.
• Type yum -y install httpd php mysql mysql-server php-mysql mod_auth_mysql to install Apache, MySQL, and PHP.
• It is important to configure these services to start up on reboots.
• Type #chkconfig --level 12345 httpd on and #chkconfig --level 12345 mysqld on to do this.
III. Configuration
Log Configuration
Log files do what they say they do, they log whatever they are set up to log. If we wanted to have the log report the name of the Virtual Host handling the request, the user making the request, the status of the request, and the number of bytes transferred. This is edited in httpd.conf file.
vi /etc/http/conf/httpd
Edit the LogFormat line to look like:
LogFormat "%v %h %l %u %t \"%r\" %>s %b"
Custom Error Page
There may be some occasions that you may want to use your own custom error pages. To do this we need to visit httpd.conf and uncomment out ErrorDocument 404 /error/default.html and change it to look like this.
Then type vim /var/www/error/default.html and create the custom page.
Virtual Hosts
Virtual Hosts give the web server the ability to host more than one website on a single IP address. We are going make 5 different .conf files in the /etc/http/conf.d/
Site1
1) Is to be configured as a publicly accessible site
2) The server should return a default page if no specific resource is requested
3) Indexing of this site should be turned off
Type vim /var/www/html/site1/index.html
Type “Site is up!!!” which will be displayed when this site is called
Type vim /etc/http/conf.d/site1.conf
Type the following Virtual Host.
VirtualHost *
ServerAdmin coreyk@itas.ca
DocumentRoot /var/www/html/site1
ServerName site1.infotechnow.ca
ErrorLog /etc/httpd/logs/error_log
CustomLog /etc/httpd/logs/access_log common
Directory "/var/www/html/site1"
options -indexes
DirectoryIndex index.html
/Directory
/VirtualHost
Type service network restart to apply settings.
Site 2
1) Is to be configured as a publicly accessible site, but with anonymous access
2) Visitors to the site must login as ‘anonymous’ or ‘guest’ – otherwise access is to be denied. (No password is set for this user)
3) Indexing of this site should be turned off. The server should return a default page if no specific resource is requested.
Type vim /var/www/html/site2/index.html
Type “Site is up!!!” which will be displayed when this site is called
First we need to make a folder that will hold all of our user names and passwords.
1) mkdir /var/www/secure
2) chown -R apache.apache /var/www/secure
Now let’s create the two users guest and anonymous by typing the following commands.
1) htpasswd -c /var/www/secure/.password guest
2) htpasswd -c /var/www/secure/.password anonymous
Now give ownership to apache
Type chown -R apache.apache /var/www/secure/.password
Type vim /etc/http/conf.d/site2.conf
Type the following Virtual Host.
VirtualHost *
ServerAdmin coreyk@itas.ca
DocumentRoot /var/www/html/site2
ServerName site2.infotechnow.ca
ErrorLog /etc/httpd/logs/error_log
CustomLog /etc/httpd/logs/access_log common
Directory "/var/www/html/site2"
AllowOverride AuthConfig
AuthType Basic
AuthName "Protected Files"
AuthUserFile /var/www/secure/.password
require valid-user guest anonymous
options -indexes
DirectoryIndex index.html
/Directory
/VirtualHost
Type service httpd restart
Site 3
1) Is to be configured as a private site – accessible from the private network only. (ITAS Range works)
2) Indexing of this site should be turned on
3) The site should contain 2 directories: RegularFiles and ProtectedFiles, each with 2 – 3 text or html pages inside (Dummy content)
4) Persons accessing this site should be able to enter either directory and see a list of files.
5) Files in the RegularFiles directory should be viewable to all, but files in the ProtectedFiles directory should be restricted by password protection to a group of users.
Type vim /var/www/html/site3/index.html
Type “Site is up!!!” which will be displayed when this site is called
First make the File files.
1) mkdir /var/www/site3/RegularFiles
2) mkdir /var/www/site3/ProtectedFiles
Now give apache ownership.
1) chown -R apache.apache /regularFiles
2) chown -R apache.apache /protectedFiles
Next we need to make a group for the protectedFiles.
vim /var/www/secure/groups
and enter the following line
Restricted: kyle corey
and finally give ownership to apache
chown -R apache.apache /var/www/secure/groups
Type vim /etc/http/conf.d/site3.conf
Now we must edit the http.conf file once again and add DirectoryIndex index.html to the area of it. It should look like this after:
Directory "/var/www/html"
Options Indexes FollowSymLinks DirectoryIndex index.html index.html.var index.php
AllowOverride None
Order allow,deny
Allow from all
/Directory
You will also have to comment out the line further down the file.
#DirectoryIndex index.html index.html.var
Type the following Virtual Host.
VirtualHost *
ServerAdmin coreyk@itas.ca
DocumentRoot /var/www/html/site3
ServerName site3.infotechnow.ca
ErrorLog /etc/httpd/logs/error_log
CustomLog /etc/httpd/logs/access_log common
options +Indexes
Directory "/var/www/html/site3"
Options Indexes
/Directory
Directory "/var/www/html/site3/protectedFiles"
AllowOverride AuthConfig
AuthType Basic
AuthName "Protected Files"
AuthUserFile /var/www/secure/.password
AuthGroupFile /var/www/secure/groups
Options Indexes
Order deny,allow
Deny from all
Allow from 142.25.97
Limit GET POST
Require group Restricted
/Limit
/Directory
/VirtualHost
Type service httpd restart
Site 4
1) Is a site you are hosting for a client; Configure this site so that the client can make changes to his/her web site without needing you to have restart the server. Hint: .htaccess
2) Create a user account for this client so that they can log in (using sftp or SSH) to make changes to the appropriate file(s).
3) Demonstrate this configuration by first setting the site up for unrestricted access – then have the client (logged in as him/herself – non-root) make the changes so as to require a username/password to access the site – without restarting Apache.
4) The configuration file used to do this should be placed in the root of web space, but must not be accessible in any way via the web.
Type vim /var/www/html/site4/index.html
Type “Site is up!!!” which will be displayed when this site is called
Firstly we must add a user
useradd remoteclient
and add the user to the apache group
usermod -G apache remoteclient
We must now make a virtual link /var/www/site4 to /home/remoteclient/public/
mkdir –r /var/www.site4/* /home/remoteclient/site4
Next we need to create an .htaccess file for this user to allow them to connect initially. Eventually they will modify it themselves to allow more traffic to their web site, but for now and for testing purposes it will limit just them.
vim /home/crunk/public/.htaccess
Type the following information into the file
order deny,allow
deny from all
allow from 142.25.97.167
Now give ownership to remoteclient
chown –R remoteclient.apache /home/remoteclient
Type vim /etc/http/conf.d/site4.conf
Type the following Virtual Host.
VirtualHost *
ServerAdmin coreyk@itas.ca
DocumentRoot /var/www/html/site4
ServerName site4.infotechnow.ca
ErrorLog /etc/httpd/logs/error_log
CustomLog /etc/httpd/logs/access_log common
Directory "/var/www/html/site4
AllowOverride AuthConfig
AllowOverride All
AuthType Basic
AuthName "Protected Files"
/Directory
Type service httpd restart
Site 5
1) Is to be configured as an information site for your web administrators.
2) Site will authenticate against a MySQL database table on the server hosting the site.
3) Site to be accessible by username and password only when users password and username are equal to that of the database.
4) Site will display three choices once logged in, a working copy of PhpMyAdmin, a working copy of Mambo content management system, and the latest Moodle.
Type vim /var/www/html/site5/index.html
Type “Site is up!!!” which will be displayed when this site is called
First we need to make some new directories for the new programs.
1) mkdir /var/www/html/phpMyAdmin
2) mkdir /var/www/html/moodle
3) mkdir /var/www/html/mambo
From the respective folders type the following commands
1) wget http://download.moodle.org/stable18/moodle-weekly-18.tgz
2) wget http://prdownloads.sourceforge.net/phpmyadmin/ phpMyAdmin-2.11.9.3-english.tar.gz?download
3) wget http://downloads.sourceforge.net/mambo/MamboV 4.6.2.tar.gz?modtime=1177400440&big_mirror=0
untar each file in their respective folders. Once that is done open your web browser to each site and follow the set up instructions.
Type vim /etc/http/conf.d/site5.conf
Type the following Virtual Host.
VirtualHost *
ServerAdmin coreyk@itas.ca
DocumentRoot /var/www/html/site6
ServerName site6.infotechnow.ca
ErrorLog /etc/httpd/logs/error_log
CustomLog /etc/httpd/logs/access_log common
Directory "/var/www/html/site6"
AllowOverride AuthConfig
AuthType Basic
AuthName "Can you ENTER??"
AuthMYSQLEnable on
AuthMySQLUser user
AuthMySQLPassword password
AuthMySQLDB auth
AuthMySQLUserTable users
AuthMySQLNameField User
AuthMySQLPasswordField Password
DirectoryIndex index.html index.php
Limit GET POST
Require valid-user
/Limit
Order deny,allow
deny from all
Allow from 142.25.97.37
Allow from 142.25.97.167
Allow from 142.25.97.79
/Directory
/VirtualHost
Type service httpd restart
IV. Testing
For testing purpose we will use my URL’s.
Site 1
Open browser and type site1.infotechnow.ca
It should open up and display the index.html page you created.
Site 2
Open browser and type site2.infotechnow.ca
It should prompt for a user name and password. Enter guest or anonymous and hit enter and you should have access and see you index.html.
Site 3
Open browser and type site3.infotechnow.ca
You will see you index.html file you created. Delete this and try again. Because indexing is on you now should see only regularFiles. Type site3.infotechnow.ca/protectedFiles in your browser.
Now you should be prompted for a user name and password. Enter the correct information and you should now have access to the protectedFiles as well.
Site 4
Open browser and type site4.infotechnow.ca
If you are on the computer you listed in the allow parameter in the Virtual Host, then you will see you index.html, if not you will get a permission denied error. The user will be able to change this in the future.
Site 5
Open browser and type site4.infotechnow.ca
You should be confronted with a Username and Password screen. Because we are using a MySQL db to validate it enter the valid username and password to gain access. Successful entry will allow you to enter Mambo, phpMyAdmin or Moodle.
V. BACK UP
It is always a good idea to have a backup plan in case the unthinkable happens. Here is my crontab. Access it by typing crontab –e and enter this information. It will back up all info at 11 pm each night deleting the previous day’s version.
0 23 * * 1,2,3,4,5,6,7 rm -rf /backup/mysql/*
0 23 * * 1,2,3,4,5,6,7 mysqlhotcopy -u root -p 424261 auth /backup/mysql/
0 23 * * 1,2,3,4,5,6,7 mysqlhotcopy -u root -p 424261 information_schema /backup/mysql/
0 23 * * 1,2,3,4,5,6,7 mysqlhotcopy -u root -p 424261 infotechnow_drupal /backup/mysql/
0 23 * * 1,2,3,4,5,6,7 mysqlhotcopy -u root -p 424261 moodle /backup/mysql/
0 23 * * 1,2,3,4,5,6,7 mysqlhotcopy -u root -p 424261 mysql /backup/mysql/
0 23 * * 1,2,3,4,5,6,7 mysqlhotcopy -u root -p 424261 site6_mambo /backup/mysql/
0 23 * * 1,2,3,4,5,6,7 rm -rf /backup/www/html/*
0 23 * * 1,2,3,4,5,6,7 cp -Rf /var/www/html/* /backup/www/html/
3.0 SUMMARY
As you can see there is a lot of power added to a web server when one uses Virtual Hosts to set up multiple websites and once it is done it very easy to manage, making you look like the superstar you are.
4.0 References
www.mysql.org
www.linuxquestions.org
www.bluewind.ca
www.orangespike.ca
www.derekulrich.com