Creating a Virtual Web Host

From Gruff Goat Wiki

Contents 1 Create a Virtual Site 1.1 Create directories 1.2 Create user and group 1.3 Change file ownership and group 1.4 Add FTP user for site 1.5 Apache virtual site 2 Password Protect Directories 2.1 Htaccess 2.2 User-Level Protection 2.2.1 Htpasswd

Create a Virtual Site

Create directories

If this is a new site then

 cp -R /home/sites/skel /home/sites/sitenum
 ln -s /home/sites/sitenum /home/sites/fqdn.com

Create user and group

 pw group add sitenum
 adduser
   Username= username
   Fullname= fullname
   UID=
   Login group=
   Invite groups= sitenum
   Login class=
   Shell= nologin
   Home directory= /home/sites/sitenum
   Use password= yes
   Empty password= no
   Random password= yes
   Lock account= no

Change file ownership and group

 chown -R username /home/sites/sitenum
 chgrp -R sitenum /home/sites/sitenum

Add FTP user for site

Use PureFTPd and PureDB for FTP server and virtual users. PureFTPd website

My PureFTPd pages

 pure-pw useradd username -u username -g sitenum -d /home/sites/sitenum
 pure-pw mkdb

Apache virtual site

Virtual site configurations are stored in the a separate file, such as

 /usr/local/etc/apache2/virt/sitenum

Each site needs a line added to the end of the httpd.conf.

 echo 'Include etc/apache2/virt/sitenum' >> /usr/local/etc/apache2/httpd.conf

This is a typical virtual site configuration

 # WWW.DOMAIN.COM
 #NameVirtualHost 65.23.156.168
 
 <Directory /home/sites/sitenum/web>
   Order allow,deny
   Allow from all
 </Directory>
 <Directory /home/sites/sitenum/web/usrbin>
   Options +ExecCGI
 </Directory>
 
 <VirtualHost 65.23.156.168>
   ServerName www.domain.com
   ServerAlias domain.com
   ServerAdmin admin@domain.com
   DocumentRoot /home/sites/sitenum/web
   ErrorDocument 401 /error/401-authorization.html
   ErrorDocument 403 /error/403-forbidden.html
   ErrorDocument 404 /error/404-file-not-found.html
   ErrorDocument 500 /error/500-internal-server-error.html
   RewriteEngine on
   RewriteCond %{HTTP_HOST}                !^65.23.156.168(:80)?$
   RewriteCond %{HTTP_HOST}                !^www.domain.com(:80)?$ [NC]
   RewriteRule ^/(.*)                      http://www.domain.com/$1 [L,R]
   RewriteOptions inherit
 
   # BEGIN WebScripting SECTION.
   #AddHandler cgi-wrapper .cgi
   #AddHandler cgi-wrapper .pl
   #AddHandler cgi-script .cgi .pl
   # END WebScripting SECTION.
 </VirtualHost>
 
 # end WWW.DOMAIN.COM

Reload Apache

 /usr/local/etc/rc.d/apache2.sh reload

Password Protect Directories

Htaccess

To protect a specific web directory, you must either set the appopriate directives in an .htaccess file or in the <Directory> section of the configuration files. I prefer to make the setting in the each virtual host configuration file. Either way, the directives are same.

For more detailed information on htaccess, please see the following:

• Using .htaccess Files with Apache
• .htaccess Tutorial - Part 1
• Apache Tutorial: .htaccess files - Apache HTTP Server
• Comprehensive guide to .htaccess- intro

User-Level Protection

Htpasswd

Do not place you password file in your web document tree. Also create it as a hidden file and change the permissions on the file. The file iteself may be named anything you wish, though it is common to call it .htpasswd. If your web documents exist in ~/web then:

 htpasswd -c ~/access/.htpasswd username  # Creates a new file
 htpasswd ~/access/.htpasswd username     # Adds or modifies the user in the current file
 # Each of these command will require you to enter the password twice

Change the permissions on the file to make it more secure.

 chown siteowner:webserver ~/access/.htpasswd
 chmod 640 ~/access/.htpasswd