?
Solved

I have two named websites that I want to serve from the same machine using apache (www.firstsite.com and www.secondsite.com).  One site is to be externally accessible, in other words, you could get t

Posted on 2008-10-05
13
Medium Priority
?
397 Views
Last Modified: 2013-11-30
I have two named websites that I want to serve from the same machine using Apache on Windows XP (www.firstsite.com and www.secondsite.com).  One site is to be externally accessible, in other words, viewable from anywhere on the Internet.  The other site is to be accessible only on the local machine.  

It sounds simple, but I've tried a million ways from sunday and can't get it to work right.  What's the best way to do this?

Thanks
0
Comment
Question by:jacobs4020
  • 7
  • 5
13 Comments
 
LVL 5

Expert Comment

by:libin_v
ID: 22646153
You add an entery in the hosts file

Linux ( /etc/hosts )
127.0.0.1                  localhost              www.secondwebsite.com

Windows ( c:\windows\system32\drivers\etc\hosts )
127.0.0.1                   www.secondwebsite.com

The use virtual host configuration. Refer http://httpd.apache.org/docs/1.3/vhosts/name-based.html
 NameVirtualHost *

    <VirtualHost *>
    ServerName www.firstwebsite.com
    DocumentRoot /www/first
    </VirtualHost>

    <VirtualHost *>
    ServerName www.secondwebsite.com
    DocumentRoot /www/second
    </VirtualHost>
0
 
LVL 4

Expert Comment

by:urgoll
ID: 22650760
To make sure I'm covering all the bases, can you provide which version of Apache you are using ? I'm going to suppose it's version 2.0 for the rest of this email.

The snippet provided by libin_v aboive will configure the two virtualhosts you want using the servername as discriminent. This means that DNS (or any other naming scheme) must be correctly setup for this to work, as web clients will specify which hostname they want to contact in the "Host: " header, which apache will match against the ServerName and ServerAlias directives.

What the snippet does not is to take care of access control. Since the second  site is to be accessible only from the local machine, you need to prevent access from other places. In addition to the /etc/hosts modification presented above, you  need an "Allow" statement. Should you need to access it from other places, you can allow additional subnets.

Please refer to Apache's documentation for the meaning of those statements.


Hope this helps,
Christophe
NameVirtualHost *
 
<VirtualHost *>
   ServerName www.firstwebsite.com
   ServerAlias firstwebsite.com
   DocumentRoot /www/first
</VirtualHost>
 
<VirtualHost *>
   ServerName www.secondwebsite.com
   ServerAlias secondwebsite.com
   DocumentRoot /www/second
   Order allow,deny
   allow from 127.0.0.1
</VirtualHost>

Open in new window

0
 

Author Comment

by:jacobs4020
ID: 22651635
I get an error from Apache saying that Order isn't allowed in that spot.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:jacobs4020
ID: 22651643
I got an error saying that "Order" is not allowed at that spot.
0
 
LVL 4

Accepted Solution

by:
urgoll earned 500 total points
ID: 22651674
MY bad. Let's try this :
<VirtualHost *>
   ServerName www.firstwebsite.com
   ServerAlias firstwebsite.com
   DocumentRoot /www/first
   <Directory /www/first>
      Order allow,deny
      allow from all
   </Directory></VirtualHost>
 
<VirtualHost *>
   ServerName www.secondwebsite.com
   ServerAlias secondwebsite.com
   DocumentRoot /www/second
   <Directory /www/second>
      Order allow,deny
      allow from 127.0.0.1
   </Directory>
</VirtualHost>

Open in new window

0
 

Author Comment

by:jacobs4020
ID: 22654247
OK.  I've made the suggested changes.  My local-view-only site (www.secondsite.com) works fine.  It's accessible on my machine and not accessible from the outside.  My external view site i(www.firstsite.com) is accessible from other machines within my lan.  BUT....when accessed from outside the lan,  the index page appears to load, but it's blank.  There are no error messages or timeouts, just white space.  I tried changing the index page to something really simple (just test text), but the problem persists.  What's that about?
0
 
LVL 4

Expert Comment

by:urgoll
ID: 22655690
Can you look at the access_log and error_log files and see if there are entries related to your accessing the first site from outside of your LAN ? Off the top of my head, I can't see anything different between accessign from within and without your LAN.

If you are able to do a snoop/tcpdump on the server port 80 while accessing your firstsite from outside your LAN, it would help to look at the HTTP conversation.

Regards,
Christophe
0
 

Author Comment

by:jacobs4020
ID: 22656105
I've been using an anonymous proxy (www.hidemyass.com) to see how my site looks from the outside.  Thinking the blank page might be a problem with the proxy, I've used 2 or 3 others, but with the same result, so I don't think it's the proxy.  The access log shows the IP of the proxy, time/date, and then "GET / HTTP/1.0" 200 1174.  There is no corresponding entry in the error log.  

When I access the site from inside my lan, the access log shows the localhost IP, time/date, and then "GET /favicon.ico HTTP/1/1" 404 209.  In this case, there is a corresponding entry in the error log indicating that favicon.ico couldn't be found.  Until a couple of minutes ago, I didn't know what favicon.ico was, but now that I know, I can't see that would be a problem.  And, in this case (inside the lan) I can see the page just fine.

I'll be happy to do the snoop/tcpdump if you can tell me how to do it.

Thanks for your help.
0
 
LVL 4

Expert Comment

by:urgoll
ID: 22656136
Sure: as root:
# iptrace -a -i en1 -b  -p 80 trace.out

this assumes that your network interface is en1 - replace as necessary. Once it runs, do your network access, then CTRL-C when done. This will create a file named trace.out that you can post. I hope this works, I don't have access to an AIX server to confirm, this is from reading the man page on the 'net.
0
 

Author Comment

by:jacobs4020
ID: 22656231
Sorry.  I should have mentioned that I'm running XP Pro, not Linux.  Iptrace is a unix command right?
0
 
LVL 4

Expert Comment

by:urgoll
ID: 22656506
Yes, it is a Unix command. I have no expertise with Windows, but apparently this KB can point you in the right direction to generate a packet trace:

http://support.microsoft.com/kb/148942

Hopefuly this will work for you and you can post the resulting file.
0
 

Author Comment

by:jacobs4020
ID: 22661359
It turns out that it was a firewall problem.  I have Zonealarm free running and have the XP firewall disabled via the Security Center.  Apparently some vestiges of the XP firewall remain operational even when it is supposedly turned off.  I found a registry tweak to it off for good, and now the site is accessible externally.

Thank you for your help.
0
 

Author Closing Comment

by:jacobs4020
ID: 31503250
Many thanks for your competent help.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question