jacobs4020
asked on
I have two named websites that I want to serve from the same machine using apache (www.firstsite.com and www.secondsite.com). One site is to be externally accessible, in other words, you could get t
I have two named websites that I want to serve from the same machine using Apache on Windows XP (www.firstsite.com and www.secondsite.com). One site is to be externally accessible, in other words, viewable from anywhere on the Internet. The other site is to be accessible only on the local machine.
It sounds simple, but I've tried a million ways from sunday and can't get it to work right. What's the best way to do this?
Thanks
It sounds simple, but I've tried a million ways from sunday and can't get it to work right. What's the best way to do this?
Thanks
To make sure I'm covering all the bases, can you provide which version of Apache you are using ? I'm going to suppose it's version 2.0 for the rest of this email.
The snippet provided by libin_v aboive will configure the two virtualhosts you want using the servername as discriminent. This means that DNS (or any other naming scheme) must be correctly setup for this to work, as web clients will specify which hostname they want to contact in the "Host: " header, which apache will match against the ServerName and ServerAlias directives.
What the snippet does not is to take care of access control. Since the second site is to be accessible only from the local machine, you need to prevent access from other places. In addition to the /etc/hosts modification presented above, you need an "Allow" statement. Should you need to access it from other places, you can allow additional subnets.
Please refer to Apache's documentation for the meaning of those statements.
Hope this helps,
Christophe
The snippet provided by libin_v aboive will configure the two virtualhosts you want using the servername as discriminent. This means that DNS (or any other naming scheme) must be correctly setup for this to work, as web clients will specify which hostname they want to contact in the "Host: " header, which apache will match against the ServerName and ServerAlias directives.
What the snippet does not is to take care of access control. Since the second site is to be accessible only from the local machine, you need to prevent access from other places. In addition to the /etc/hosts modification presented above, you need an "Allow" statement. Should you need to access it from other places, you can allow additional subnets.
Please refer to Apache's documentation for the meaning of those statements.
Hope this helps,
Christophe
NameVirtualHost *
<VirtualHost *>
ServerName www.firstwebsite.com
ServerAlias firstwebsite.com
DocumentRoot /www/first
</VirtualHost>
<VirtualHost *>
ServerName www.secondwebsite.com
ServerAlias secondwebsite.com
DocumentRoot /www/second
Order allow,deny
allow from 127.0.0.1
</VirtualHost>ASKER
I get an error from Apache saying that Order isn't allowed in that spot.
ASKER
I got an error saying that "Order" is not allowed at that spot.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK. I've made the suggested changes. My local-view-only site (www.secondsite.com) works fine. It's accessible on my machine and not accessible from the outside. My external view site i(www.firstsite.com) is accessible from other machines within my lan. BUT....when accessed from outside the lan, the index page appears to load, but it's blank. There are no error messages or timeouts, just white space. I tried changing the index page to something really simple (just test text), but the problem persists. What's that about?
Can you look at the access_log and error_log files and see if there are entries related to your accessing the first site from outside of your LAN ? Off the top of my head, I can't see anything different between accessign from within and without your LAN.
If you are able to do a snoop/tcpdump on the server port 80 while accessing your firstsite from outside your LAN, it would help to look at the HTTP conversation.
Regards,
Christophe
If you are able to do a snoop/tcpdump on the server port 80 while accessing your firstsite from outside your LAN, it would help to look at the HTTP conversation.
Regards,
Christophe
ASKER
I've been using an anonymous proxy (www.hidemyass.com) to see how my site looks from the outside. Thinking the blank page might be a problem with the proxy, I've used 2 or 3 others, but with the same result, so I don't think it's the proxy. The access log shows the IP of the proxy, time/date, and then "GET / HTTP/1.0" 200 1174. There is no corresponding entry in the error log.
When I access the site from inside my lan, the access log shows the localhost IP, time/date, and then "GET /favicon.ico HTTP/1/1" 404 209. In this case, there is a corresponding entry in the error log indicating that favicon.ico couldn't be found. Until a couple of minutes ago, I didn't know what favicon.ico was, but now that I know, I can't see that would be a problem. And, in this case (inside the lan) I can see the page just fine.
I'll be happy to do the snoop/tcpdump if you can tell me how to do it.
Thanks for your help.
When I access the site from inside my lan, the access log shows the localhost IP, time/date, and then "GET /favicon.ico HTTP/1/1" 404 209. In this case, there is a corresponding entry in the error log indicating that favicon.ico couldn't be found. Until a couple of minutes ago, I didn't know what favicon.ico was, but now that I know, I can't see that would be a problem. And, in this case (inside the lan) I can see the page just fine.
I'll be happy to do the snoop/tcpdump if you can tell me how to do it.
Thanks for your help.
Sure: as root:
# iptrace -a -i en1 -b -p 80 trace.out
this assumes that your network interface is en1 - replace as necessary. Once it runs, do your network access, then CTRL-C when done. This will create a file named trace.out that you can post. I hope this works, I don't have access to an AIX server to confirm, this is from reading the man page on the 'net.
# iptrace -a -i en1 -b -p 80 trace.out
this assumes that your network interface is en1 - replace as necessary. Once it runs, do your network access, then CTRL-C when done. This will create a file named trace.out that you can post. I hope this works, I don't have access to an AIX server to confirm, this is from reading the man page on the 'net.
ASKER
Sorry. I should have mentioned that I'm running XP Pro, not Linux. Iptrace is a unix command right?
Yes, it is a Unix command. I have no expertise with Windows, but apparently this KB can point you in the right direction to generate a packet trace:
http://support.microsoft.com/kb/148942
Hopefuly this will work for you and you can post the resulting file.
http://support.microsoft.com/kb/148942
Hopefuly this will work for you and you can post the resulting file.
ASKER
It turns out that it was a firewall problem. I have Zonealarm free running and have the XP firewall disabled via the Security Center. Apparently some vestiges of the XP firewall remain operational even when it is supposedly turned off. I found a registry tweak to it off for good, and now the site is accessible externally.
Thank you for your help.
Thank you for your help.
ASKER
Many thanks for your competent help.
Linux ( /etc/hosts )
127.0.0.1 localhost www.secondwebsite.com
Windows ( c:\windows\system32\driver
127.0.0.1 www.secondwebsite.com
The use virtual host configuration. Refer http://httpd.apache.org/docs/1.3/vhosts/name-based.html
NameVirtualHost *
<VirtualHost *>
ServerName www.firstwebsite.com
DocumentRoot /www/first
</VirtualHost>
<VirtualHost *>
ServerName www.secondwebsite.com
DocumentRoot /www/second
</VirtualHost>