Solved

Doubt about VirtualHosts on Apache

Posted on 2015-02-12
29
115 Views
Last Modified: 2015-02-14
Hi.

I have an apache 2 server over linux with two sites configured by name-based virtual hosts.
Also I have a default web site so when a user access to the webserver without using any of the two names of the sites it appears a default web page. For all this configurations I'm using *:80 as configuration on apache virtualhosts.

Now I have added a new IP address to this server and I would like to add a diferent web site by using this IP. How should I configure the server for making this IP going to a different folder but maintain all the rest of configuration? Should I replace the * by the old IP or maybe is there a way to make the IP-rule execute before the * rule?

Thanks.
0
Comment
Question by:gplana
  • 13
  • 11
  • 2
  • +3
29 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40606864
You'll add that IP as (i.e.) ifcfg-eth0:0 (don't configure the gateway)

When DNS is configured to point to that IP, the proper virt host container will handle the action as long as you have:

<Virtualhost *:80>

or whatever port you're using.
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 167 total points
ID: 40606943
Below is the format I use for all of my Virtual Hosts files on my Ubuntu system.  I did not have to modify the 'eth0' setup, Apache does it when it reboots.  If you are using a different 'ethx' you might have to do something different.

NameVirtualHost 10.202.46.98
<VirtualHost 10.202.46.98>
     ServerAdmin webmaster@localhost
     ServerName aaa
     DocumentRoot /var/www/aaa/
     <Directory /var/www/aaa/>
         Options Indexes FollowSymLinks MultiViews
         AllowOverride None
         Order allow,deny
         allow from all
     </Directory>

     ErrorLog /var/log/apache2/error.log

     # Possible values include: debug, info, notice, warn, error, crit,
     # alert, emerg.
     LogLevel warn

     CustomLog /var/log/apache2/access.log combined
     ServerSignature On

</VirtualHost>

Open in new window

0
 
LVL 15

Author Comment

by:gplana
ID: 40606955
My question is: if I have more than one IP address on my server, can I configure one IP to a site, and the rest to another site? I mean, is it possible to put an IP and an asterisc ? How can we put more weight on the IP than on the * so the * is used as "default", i.e. is it used just if no other rule applies?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40607085
I have about 7 IPs on my Ubuntu server but there are all setup like above except for the default site.  I don't know what you think 'weight' means.  If you only have one site at a different IP address, then that is the only site that will appear at that IP address.  All the rest will appear at the default machine IP address.
0
 
LVL 32

Assisted Solution

by:shalomc
shalomc earned 167 total points
ID: 40607426
Place to IP specific vhost before the default * , like this

<Virtualhost 10.1.1.1:80>
....
</Virtualhost>


<Virtualhost *:80>
....
</Virtualhost>

Open in new window

0
 
LVL 15

Author Comment

by:gplana
ID: 40607442
Thank you for your answer shalomc.
Yes, this is what I need, however, shouldn't I put every site at a different file on sites-available (and then create a link on sites-enabled by using a2ensite) ?

If so, how can I teach apache to load one file before another?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40607471
shouldn't I put every site at a different file on sites-available (and then create a link on sites-enabled by using a2ensite) ?
Yes.  You don't need to teach Apache anything about loading the files.
0
 
LVL 15

Author Comment

by:gplana
ID: 40607498
Dave, I need to force the IP configured site be loaded first in order to make its rules with more priority than the default site (which has an asterisk (*) as its IP. The question is how to force the order of loading the site-enabled files.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40607509
Why do you think that?  Have you tried it the 'normal' way?  There is no priority when the site has a different IP address.  The site with the specified IP address should be the only one to respond to that IP address.  At least that the way it works here.
0
 
LVL 15

Author Comment

by:gplana
ID: 40607515
Dave, if you have a file with the specific IP, and another file with an asterisk as IP (which match any IP) then both files matches. Imagine that these files have configured the DocumentRoot at different folders. How can Apache decide which is the one? I have read first rule is that get more priority in case of conflict...

Hope my question is clear now.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40607518
an asterisk as IP (which match any IP)
That is misleading.  The server only listens on the machine IP address with '*'.  It just means that you don't have to specify it.  The virtual host with a specific IP address will only show up when you go to that address.  They don't get confused.

I have two Ubuntu servers here.  One has 9 IP based virtual hosts and the other has 7 in addition to the default site with '*' for the address.  I don't have any problems.  Apache seems to figure it out just fine without me doing anything about the 'loading order'.
0
 
LVL 15

Author Comment

by:gplana
ID: 40607591
Sorry Dave but I think you don't get it.

Imagine I have one file with this configuration:

<Virtualhost 10.1.1.1:80>
   DocumentRoot /var/www/aaa/
   ...
</Virtualhost>

Open in new window


and another file with this configuration:

<Virtualhost *:80>
   DocumentRoot /var/www/zzz/
   ....
</Virtualhost>

Open in new window


If I go to http://10.1.1.1 which application will be shown? aaa or zzz ? It depends on the order the files are loaded, don't it?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40607616
No, it doesn't.  I am sitting here at my Ubuntu system.  Debian is similar, CentOS is Not.  The last two lines in 'apache2.conf' are:
# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/

Open in new window


This is my 'sites-enabled' directory.  You can see that there is nothing that forces any particular order.  At least none that I can find.
sites-enabled
I just configured an IP based Virtual Host on my CentOS sytem and it is done differently and was a pain in the pattootie.  It's all done in 'httpd.conf' and I had to add the IP address to the network configuration separately which I did not have to do with Ubuntu.  At least I don't remember doing it!!
0
 
LVL 15

Author Comment

by:gplana
ID: 40607621
I'm doing some tests. I think files on sites-enabled are loaded in alphabetical order. I will test it and let you know.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40607632
I have no idea about the order.  The order in which they are listed is because of the file viewer, not because of any 'natural' order.  It is almost impossible to get the 'natural order' of the files in any modern file viewer on any system.  They always sort them for viewing.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40607634
I'm done for tonight.  I'll check in again tomorrow.
0
 
LVL 15

Author Comment

by:gplana
ID: 40607820
I have made a couple of tests. It looks that no matter what is the name of the file, it applies the IP rule first. Maybe apache is inteligent and when there is a conflict of rules it applies the most restrictive?

The important thing is that it seems to work now, but I would like to understand. I have looked at some documentations but I haven't found this explained...
0
 
LVL 20

Accepted Solution

by:
Daniel McAllister earned 166 total points
ID: 40607908
The order the files are loaded are the order any includes are executed.

That said, when you include an entire folder, the results are indeed in lexical order (not quite alphabetical). (In other words, CAPS come before lower case)... this is a Linux/UNIX thing, not an APACHE thing.... on a Windows server (yes, you can run apace on Windows), they would be in true alphabetical order (if not creation order).

So, Apache loads the rules in the order in which they appear while reading the config files. Then, the FIRST virtualhost entry that matches an inquiry should be one used -- there is no "intelligence" involved -- kinda like looking for your lost sock -- as soon as you find a match, you go with it... you don't keep looking to perhaps find a better matching sock!

Thus if you have:
   <Virtualhost *:80>
      Website A
   </Virtualhost>
before you have
   <Virtualhost 192.1.1.1:80>
      Website B
   </Virtualhost>

A request coming in on IP address 192.1.1.1:80 will still load Website A (because it matches the *:80 first).
Simply reverse the order, and you'll get the desired result.... that is, put
   <Virtualhost 192.1.1.1:80>
      Website B
   </Virtualhost>
before you have
   <Virtualhost *:80>
      Website A
   </Virtualhost>

And NOW you'll have the preferred behavior.

NOTE: This is why you need to be careful where you load your files -- in general, load them MOST restrictive FIRST, and your default must be LAST.

I hope this helps...

Dan
IT4SOHO
0
 
LVL 15

Author Comment

by:gplana
ID: 40608154
Thanks it4soho. But in my case website B is loaded even if I rename the file to go after 000default (on site-enabled folder). It seems to run always the more restrictive rule, even if I force the reload of apache (service apache2 reload) and empty the cache on the browse in client machine.

Why could this be happening?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40608350
On my CentOS Apache 'httpd.conf', it says the exact opposite, to put the '*' entry before the IP entry.  On my Ubuntu system, it seems to load the virtual host files and figure it out so they come up where and when they should.
0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 40608374
I will avoid making any remarks about working differently on one version of Linux vs. another. If you're using Apache httpd, the behavior is the same -- only the config files are different (and they, naturally, set the behavior).

Per http://stackoverflow.com/questions/5474477/how-to-debug-an-apache-virtual-host-configuration, I suggest looking at the output of what the SERVICE says it has read as its configuration. Often, a simple syntax error changes what WE (as humans) think we're setting up, vs what IT (the computer) thinks we're setting up.... and getting the computer to share it's version of the configuration (sans comments and human-readable distractions) often reveals the disconnect.

In your case, that's probably simply running httpd -S

Dan
0
 
LVL 15

Author Comment

by:gplana
ID: 40609489
I'm in debian, and no httpd.conf file on my apache (I'm running apache2, not apache). https -S says the command is not recognized.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40609500
Debian is like Ubuntu and uses 'apache2.conf' and 'apache2 -S' will display the virtual hosts.

CentOS and Redhat will have 'httpd.conf' and 'httpd -S' will display the virtual hosts on them.

Yes, I just checked that on both systems.
0
 
LVL 15

Author Comment

by:gplana
ID: 40609511
It says: apache2: bad user name ${APACHE_RUN_USER}
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40609513
Please post the entire message.  That isn't enough.  You did use a capital S right?
0
 
LVL 15

Author Comment

by:gplana
ID: 40609764
Sorry but after:
 apache2 -S

Open in new window

it says:
 apache2: bad user name ${APACHE_RUN_USER} 

Open in new window

That's all
0
 
LVL 27

Expert Comment

by:serialband
ID: 40609801
For a one time deal you just need to set the environment variable.

export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data


You'll should edit /etc/apache2/apache2.conf and add:

User www-data
Group www-data


Then edit /etc/apache2/envvars and add

APACHE_RUN_USER=www-data
APACHE_RUN_GROUP=www-data
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40609917
This page http://ubuntuforums.org/showthread.php?t=804436 may explain what you are seeing and what @serialband is saying.  On my Ubuntu system, my 'normal' user is set up as a 'superuser' or admin so I don't see that problem.  This might work:

sudo apache2 -S
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40609939
So I fired up my Ubuntu and CentOS systems again.  Seems Ubuntu uses 'www-data' for the Apache user and CentOS uses 'apache' for the Apache user.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now