Tag Archives: apache2

Setting Up Name Based Virtual Hosting

56 Replies

I do apologize again for some of the recent downtime on the blog. I’ve been researching tuning options all evening to try to bring the memory consumption lower. I did also add an additionl 256M RAM to the machine hoping that will help. Thanks for the patience during this bumpy ride.

I wanted to put down some of my notes concerning configuring Apache2 with virtual hosts for hosting multiple sites. This is something I have done quite a bit before but had a little trouble on this last setup. So in an attempt to better document my steps here is what I did.

Installing Apache 2

I’ll be discussing name based virtual hosting with Apache (Apache 2 to be specific). We’ll need to install that before we dive in:

sudo aptitude install apache2

Once these are setup you should be able to connect to localhost in your browser and see a test page.

NameVirtualHost

With the default configuration you are only serving up one site, and that site is based on your IP address. What I’m setting up is name-based virtual hosting, meaning the Apache server will serve specific content based on the domain name requested. In this way a single server can host multiple sites, and serve up unique content based on the domain requested.

My preferred method of using name based virtual hosting is creating a seperate file for each domain. These can all be done within one file, but I’ll be creating a new file for each site.

First we need to define to Apache that we’re using name based virtual hosting instead of IP based. You can append the following line to your /etc/apache2/apache2.conf to define this:

NameVirtualHost ip.address:port

The above should be your public facing IP address (assuming you’re creating a public site), and port is generally port 80 by default. After this we’ll create the base configuration for your virtual hosts. Debian and Ubuntu use /etc/apache2/sites-available/ and /etc/apache2/sites-enabled/ directories for defining virtual hosting. One nice thing about this is that you can have more sites “available” than you have “enabled”, meaning not everything configured is actually live and listening. This is nice to quickly disable a site for whatever reason.

I like to create unique files for each of my domains within the /etc/apache2/sites-available/ folder. For example I have a file called “ubuntu-tutorials.com” in that directory, with the following contents:

<VirtualHost 67.207.131.28:80>
ServerName ubuntu-tutorials.com
ServerAlias www.ubuntu-tutorials.com
ServerAdmin christer.edwards@ubuntu.com
DocumentRoot /var/www/ubuntu-tutorials.com/html
</VirtualHost>

What these settings do is as follows:

  • ServerName listens for requests asking for a certain domain
  • ServerAlias defines any additional domains that should match
  • ServerAdmin is the contact for the site
  • DocumentRoot is the path to the content for that site

Now that this file is created in the /etc/apache2/sites-available/ folder we’re just about ready to start, but we need to enable it. We can do that by creating a symbolic link from one folder to the next.

cd /etc/apache2/sites-enabled/
ln -s ../sites-available/ubuntu-tutorials.com .

This site is now available (as in configured) and enabled (as in listening) once we restart the apache service:

sudo /etc/init.d/apache2 restart

Testing

To test your configuration you can, temporarily, configure your /etc/hosts file to point the domain to your IP address and see if your server loads up the correct site. This is only needed if the hostname or domain name does not already resolve to your IP address. Editing the /etc/hosts by adding the following line:

ip.address domain.tld

Open your browser, try to access domain.tld and see if it loads the contents from your local DocumentRoot (from the configuration above). You might want to drop a file in the DocumentRoot to verify its pulling your local content.

cd /var/www/ubuntu-tutorials.com/html
echo "Hello World" > index.html

Conclusion

I hope I didn’t miss anything here. One of the main purposes of this writeup is to document what I did to setup my server. I do it so rarely I don’t always remember all the steps when I need to. If this helps you setup name based virtual hosting, great. Leave a comment and let me know. If I forgot anything critical please also let me know so I can update the contents.

Limiting Access to Websites/Directories with .htaccess

8 Replies

This post is not so much a tutorial as my own notes on restricting access with .htaccess files and apache. As has been the case with many of my previous tutorials, the basis is writing the steps down so I can refer to them later. Turns out making notes public on a blog is a good idea. In any event, this will outline restricting access to directories on a user-level with .htaccess.

Create the .htaccess file

To limit access to a directory we need to create a .htaccess file where we will outline the restrictions for the location. Any folder within your publicly accessible web page can have its own custom .htaccess file. note: some shared hosting companies do not allow custom .htaccess restrictions for individual sites. You may need to check with your host on this.

Within your .htaccess file you would include something along these lines:

# sample .htaccess file
AuthName "Private Website"
AuthType basic
AuthUserFile /path/to/.htpasswd
require user username (optional)

In the above sample config “Private Website” can be any message you want displayed to the user when trying to authenticate to that page. /path/to/.htpasswd is what we will work on next in generating usernames and hashed passwords for authentication. require user username can limit access to only those users listed.

Create the .htpasswd file

In the .htaccess file we’ve outlined a path/to/.htpasswd file which we need to also create. It is a good idea to keep this file in a non web-accessible location. For example, if your web root is /var/www/html/ you might put the .htpasswd file in /var/www/.htpasswd. This way it is not accessible publicly and limits the chances of someone being able to get a hold of and attempt to break your hashed passwords for access.

To populate the .htpasswd file we’ll use the command htpasswd. To initially create the file we’d use:

htpasswd -cm /var/www/.htpasswd user-one

The -c will initially create the file. The -m will md5 encrypt the passwords for additional security. The htpasswd command will prompt you for a password.

To add additional users to your .htpasswd access list use:

htpasswd -m /var/www/.htpasswd user-two

Be careful not to use the -c option when adding additional users as this will recreate the file and overwrite previous entries.

Once these two files are in place access to the folder containing the .htaccess file will be limited to only those users listed within the .htpasswd file and require authentication via a password. This is great for sharing web accessible files with only certain users, creating private folders, etc.

If your host allows custom .htaccess file creation but does not provide you access to the htpasswd command you can try to generate your .htpasswd file using an apache installation on a local machine and copying the resulting files over.