What is Virtual Hosting?
Virtual hosting configures Apache to be able to host more than one website on the same computer. As an example, let's say this Apache Web Server will host both www.earth.com and www.krypton.com. Here is how the process works,
- Register domain names www.earth.com and www.krypton.com
- Point to the server's ip address.
- User types in either url into their browser which would send a request to Apache.
- Apache reads the request header (which contains the url) where the user wanted to go.
- Based on the url, apache checks for a matching virtual host entry and directs the user to that virtual server's home directory.
In the future, I will put a diagram to illustrate.
Apache Differences on Ubuntu
Ubuntu/Debian organizes things slightly different than other systems when it comes to Apache. If you read other website that talk about Apache you might get confused. So here's how Ubuntu does things. You have the following key files,
/etc/apache2/apache2.conf - this is the default file provided during install and contains the default settings. If possible do not modify this file.
/etc/apache2/httpd.conf - location for global user configured options.
/etc/apache2/site-available/* - this is where you store your different virtual hosts.
/etc/apache2/sites-enabled/* - symbolic links here used to enable sites from site-available.
This is enough to get us started, but feel free to read more details at Control-Escape.
My Virtual Hosting Strategy
There are so many different ways of doing this it's quite mind boggling. Here's my overall strategy:
- I want clients to come in and manage the pure html aspects of their website, so each website will have it's own group and clients will belong to the website's group.
- Logging will be Virtual Host Based Logging. The pros and cons are are discussed in Apache Log Management.
- Each virtual host will also have a,
- browse-able "shared" folder to easily distribute files
- "shared.private' where .htaccess is enabled so users can set their own authentication parameters and indexing
- Most people only have one IP address to I'll use the "name based" hosting approach.
I find this approach is complex enough to address the needs of even complex banking applications and at the same simple enough to implement for the intermediate level user.
Create Virtual Host Files
There is another approach to this (provided most virtual hosts have the same requirements) where virtual hosts are created through mod rewrite, convention and customization is acheived using .htaccess or <Directory>.
Looking in /etc/apache2/apache2.conf you will see a reference to the directory, /etc/apache2/sites-enabled/. Apache will look in this directory and load any virtual host file configurations.
Assuming you are logged in as a member of the staff group, we will be creating groups and users with reserved ids as mentioned in the basic setup,
cd /home sudo mkdir www.krypton.com # Home directory for the website. sudo mkdir www.earth.com cd /home/www.krypton.com sudo mkdir www # Folder for static content cd /home/www.earth.com sudo mkdir www # Folder for static content sudo addgroup --gid 3100 wgkryptonian # Special work group to distinguish users who should have access to the website. sudo addgroup --gid 3101 wgearthling cd /home sudo chown -R serveradmin:wgkryptonian ./www.krypton.com/ sudo chown -R serveradmin:wgearthling ./www.earth.com/ sudo chmod -R 775 www.krypton.com # Only svradm and users in the kryptonian group can manage. Apache(other's) still need to be able to read and browse. sudo chmod -R 775 www.earth.com
Now we create users that will have access to their respective websites,
sudo useradd -d /home/kalel -m -u 2500 -G wgkryptonian -c "Client" -s /bin/bash kalel # Add user kalel with additional group and make the user's home directory sudo useradd -d /home/jorel -m -u 2501 -G wgkryptonian -c "Client" -s /bin/bash jorel sudo passwd kalel sudo passwd jorel sudo useradd -d /home/loislane -u 2502 -m -G wgearthling -c "Client" -s /bin/bash loislane sudo useradd -d /home/jimmyolsen -u 2503 -m -G wgearthling -c "Client" -s /bin/bash jimmyolsen sudo passwd loislane sudo passwd jimmyolsen
Next you create your physical virtual host file in /etc/apache2/sites-available and then create a symbolic link in /etc/apache2/sites-enabled/.
Use the default virtual host file as a template
cd /etc/apache2/sites-available sudo cp default www.krypton.com sudo cp default www.earth.com
sudo Edit www.krypton.com and remove all the extra lines and modify the matching lines,
<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName www.krypton.com ServerAlias krypton.com DocumentRoot /home/www.krypton.com/www # This restrictive a precedence for ALL directory blocks. <Directory /> Options FollowSymLinks # This prevents use of .htaccess AllowOverride None </Directory> # Main location of static content for the websites. <Directory /home/www.krypton.com/www/> Options +MultiViews Order Allow,Deny Allow from all </Directory> ErrorLog /var/log/apache2/www.krypton.com.error.log # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn CustomLog /var/log/apache2/www.krypton.com.access.log combined </VirtualHost>
Some notes on not so obvious entries in the virtual host file,
- MultiViews - uses Content Negotiation choose the best representation of a resource based on the browser-supplied preferences for media type, languages, character set and encoding.
- A keen eye will notice the +MultiViews. The plus symbol indicates we are adding to the existing Options inherited from parent blocks rather than resetting.
- combined - This is a predefined log format set by LogFormat in apache2.conf
Note that there is a disadvantage with specifying specific log files per virtual hosts because you can run out of file descriptors. The pro of course is simplicity and easy separation of your logs. There may be alternatives but don't hold your breath for me to find a solution and publish it. My clients rarely keep more than 3 virtual sites on the same machine.
Enable Virtual Host
Just because you created the virtual host does not mean it is enabled. To enable the virtual hosting,
sudo a2ensite www.krypton.com # enable a virtual host sudo a2ensite www.earth.com # enable a virtual host
As an side note, a2ensite is a shortcut command which creates a symbolic link. It is exactly the same things as doing this,
cd /etc/apache2/sites-enabled/
sudo ln -s ../sites-available/krypton.com ./krypton.com
You will then be promoted to execute sudo /etc/init.d/apache2 reload to reload the Apache configuration file for changes to take effect. This command is useful because it does not affect users currently browsing your other sites. However, I have found this sometimes does not work for me. In that case, I usually issue a full restart,
sudo /etc/init.d/apache2 stop
sudo /etc/init.d/apache2 start
Type in your browser, www.krypton.com. Because directory listing is enabled and there is no default html page usually index.html you should see an directory page listing the contents of /home/serveradmin/www.krypton.com/.
Disable Virtual Host
You can disable your reference using the equivalent sudo a2dissite .Again you must must restart Apache for the changes to take effect.
Under the Covers
The Ubuntu packaging enabled certain directives for you. If you are using a vanilla implementation of Apache you might need to do some more work namely using the Listen and NameVirtualHost directives.
Ubuntu already added these directives as shown,
tpham@krypton:/etc/apache2$ find . -type f | xargs grep -i listen ./ports.conf:Listen 80 ./ports.conf: Listen 443 tpham@krypton:/etc/apache2$ find . -type f | xargs grep -i namevirtualhost ./ports.conf:NameVirtualHost *:80 ./ports.conf: # NameVirtualHost statement here tpham@krypton:/etc/apache2$
Next
There's much more to Apache than this. For example, we could set up public and private Online Shares. If you are serving real traffic you might want to read the next step about configuring logging. If you are just playing around then you can skip to setting up an application server.
Resources
http://httpd.apache.org/docs/2.0/vhosts/examples.html - official examples from Apache
http://mail-archives.apache.org/mod_mbox/httpd-users/200603.mbox/%3C200603161214.10191.mymaillists@gmx.at%3E - good working example of how to do virtual hosting with different ports.