Author Topic: User Configuration of virtual webservers  (Read 8120 times)

thorsten

  • Guest
User Configuration of virtual webservers
« on: January 20, 2012, 12:27:32 am »
Hi there,

according to the manual it should be possible to configure virtual web servers:

Quote
The DocumentRoot or root directory for each page is in the /srv/www/<domain>/ directory. In addition, it is possible to apply a customised Apache configuration to each Virtual host by adding a file to the /etc/apache2/sites-available/user-ebox-<domain>/ directory.

see here http://doc.zentyal.org/en/web.html

however, what is the convetion on that: what should be the file name, e.g. to set up an intranet webserver? can I add .htaccess files in here?
Is it correct that the file my contain Apache2 code, e.g.

Code: [Select]
<VirtualHost *:80>
        ServerAdmin webmaster@Sonne.lan

        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>
        <Directory "/usr/share/doc/">
               Options Indexes MultiViews FollowSymLinks
               AllowOverride None
               Order deny,allow
               Deny from all
               Allow from 127.0.0.0/255.0.0.0 ::1/128
         </Directory>
</VirtualHost>



TIA
Thorsten

stuartiannaylor

  • Guest
Re: User Configuration of virtual webservers
« Reply #1 on: January 20, 2012, 07:30:12 am »
I usually leave the default alone and add each domain on the web server module as a virtual domain.

In /usr/share/zentyal/stubs/webserver you will see a list of various .mas files that act as templates for /etc... settings.

Don't edit /etc... directly as any restarts or updates will overwrite your settings. You need to edit the above .mas templates not the end results.

.htaccess is in the root folder of each folder. Basically yes you can add a .htaccess or edit them.

default web site /var/www.

virtual domains /srv/www

thorsten

  • Guest
Re: User Configuration of virtual webservers
« Reply #2 on: January 20, 2012, 01:25:31 pm »
Hi Stuart,

I don't think it is necassary to edit the respective .mas file - it would be even contraproductive: If an update is applied, my changes to the master will be lost. OK; I will have backup copy, but if I do not check possible changes on a daily basis, a configuration change might apply without notice.

If I am right, this seems to be a much easier cascading subsystem:

  • /etc/apache2/sites-available/ does contain the 000-default configuration file and it is created by Zentyal
  • It does also contain a configuration file for each vitual host noticed by appending the virtual host name. It does reflect all settings the admin-user makes to a virtual host on the web interface.
  • AND there is an additonal emptydirectory /etc/apach2/sites-available/user-ebox-<virtual-domain>/

Now read the quote from the documentation. I think this means, a user can add an own configuration file containing e.g. further restrictions. If this is correct, it would be exactly what I need: An Intrant virtual host would be possible by simply adding a config file containing restrictions for IP ranges /  WAN in the respecitve directory.

However, there are just 3 1/2 open questions:
1) Is my opinion correct as the documentation is not specific in this case.
2+1/2) What is the required config file name in the empty directory and what is the correct configuration notation, e.g. same as "Apache2" notation?
3) If this is correct, is there a similar mechanism to config the document root of the default server (which does not have virtual host name)

TIA
Thorsten
« Last Edit: January 20, 2012, 01:30:14 pm by thorsten »

stuartiannaylor

  • Guest
Re: User Configuration of virtual webservers
« Reply #3 on: January 20, 2012, 01:49:17 pm »
What are you trying to do thorsten?

Might make it easier for me to answer as a lot such php config can be done in .htaccess.

the ebox-user files are included so the answer is yes also. Had to have a look though.

Also being totally honest I have always been slightly confused to the default website.

There are several settings for zarafa / webmail (roundcube) and dhcp that allow virtual domain control. This isn't true of the default domain? I dunno.

Maybe someone else can answer this?

Stuart
« Last Edit: January 20, 2012, 02:00:37 pm by stuartiannaylor »

thorsten

  • Guest
Re: User Configuration of virtual webservers
« Reply #4 on: January 20, 2012, 09:30:22 pm »
Dear Stuart,

yes, you are right, I need to be more precise, however, I am not really firm with Linux, Apache and HTML code or server settings. So I try to explain what I know or think.

1. I would like to create a virtual host for www data on my Zentyal server. My Zentyal server is behind a firewall and not directly connected to the internet. I use the route as a gateway. The name of the virtual host is www.<host>.dyndns.org, it does contain just my private homepage. This one shall be open to the public, Zentyal provides everything I need for that.

2. As my router forwards any requests on port 443 and 80 to my Zentyal server. Therefore I transfered the admin dashboard login from 443 to a different port. Additionally I created a second virtual host, mailservice.<host>.dyndns.org and forced it to SSL via Zentyal Dashboard settings using port 443. This virtual domain host ist bond to Zarafa: I can access my Zarafa Mail account via a SSL secured web interface. Additonally, I can take advantage of Z-Push using mobile devices.

3. Now the first problem occurs: If someone enters <host>.dyndns.org (simply leaving out www. OR by just writing <nonsens>.<host>.dyndns.org), he is redirected to the default Web page reading "It works .." from Zentyal default. Badly, if someone adds /phpmyadmin or /cgi-bin/apcupsd/multimon.cgi, one can access my MySQL server (if he has the passwords) or one can see my UPS running parameters. The MySQL server is open to brute force attacks from WAN ..... Therefore I would like to prohibit the WAN access to theses directories, while the /~userpages shall still be accessible. I think the best way for that is a .htaccess file in the respective root directory (which is in my opinion /var/www/ , isn't it?) Additionally, I will change the config.inc.php file in order to allow just LAN access. ALTERNATIVELY, the solution as I describe i 4) might be adequate, too, simply following a LINUX wisdom: All roads lead to Rome

4. I would like to provide an Intranet to LAN users, so I would set up a third virtual host on Zentyal, e.g. intranet.<host>.dyndns.org. Here I found  the cited Zenyal documention. If I suppose right, I can add user customized Apache configuration data, e.g.

Code: [Select]
<Directory /srv/www/intranet.<host>.dyndns.org>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order deny, allow
                Allow from 172.17.0.0
</Directory>

It seems that I can store a file containing the respective code (what is the required name) simply in /etc/apach2/sites-available/user-ebox-<virtual-domain>/ ... no need to change the .mas file of the zentyal configuration....

5) I have no Idea on how to handle my last Idea: I do run the sage project on a different phyiscal maschine, just for some calculations. Sage is an interactive web-based calulation solution for math. It does provide a http web server where you can enter and solve equations etc. As all http requests are forwared from my router to the Zentyal server, it would be great if Zentyal recognizes the virtual host sage.<host>.dyndns.org and forwards it to the LAN maschine where the sage project is running. I think, this can be done by the config file, as suggested in 3), tool

So, I hope I made my problems more clear and I would appreciate any help, hint and tip.

TIA
Thorsten

stuartiannaylor

  • Guest
Re: User Configuration of virtual webservers
« Reply #5 on: January 21, 2012, 05:47:20 pm »
A few things that I do.

Firstly for some reason I always leave the default domain alone. I have no idea why really but this is what I do.
Also I have a tendency to change the .mas script in the /usr/share/zentyal/stubs (did I get that right?).
The only thing I really change here is to append a server alias of www.virtualdomain.

Also if you have private lan domains then I would install the DNS module and create entries for your local lan.

phpmyadmin if you edit apache.conf /etc/phpmyadmin and something like

<Directory /users/me/private> Order deny,allow Allow from 192.168.4 Deny from all </Directory>


I use webmin and as it runs on a port I find the firewall a good way to access it,

Be wary of webmin but the filemanager and having both postgre and mysql all in a package is good for me.

« Last Edit: January 21, 2012, 06:12:23 pm by stuartiannaylor »

Marcus

  • Forum Moderator
  • Zen Samurai
  • *****
  • Posts: 395
  • Karma: +12/-0
    • View Profile
    • Professional IT Service
Re: User Configuration of virtual webservers
« Reply #6 on: January 22, 2012, 07:57:00 pm »
Hello thorsten,

I'll use "exemple1.com" for my website name. Make sure to change it according to your <host>.dyndns.org.

[...]  he is redirected to the default Web page reading "It works .." from Zentyal default.
You may replace that page by removing/adding your own page in the /var/www/ folder.  **Be careful on the owner - It should be www-data**

If you do want to add the "www." prefix, please copy&paste this command line in a terminal
Code: [Select]
echo 'ServerAlias www.exemple1.com' >> /etc/apache2/sites-available/user-ebox-exemple1.com/serveralias
Let's add your #4 to the configuration:
Code: [Select]
cat > /etc/apache2/sites-available/user-ebox-exemple1.com/restriction <<-END_RESTRICT
<Directory /srv/www/intranet.<host>.dyndns.org>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order deny, allow
                Allow from 172.17.0.0
</Directory>
END_RESTRICT

Now, with phpMyAdmin...
Let's remove the general alias:
Code: [Select]
sed -i 's/Alias/#Alias/g' /etc/apache2/conf.d/phpmyadmin.conf
Followed by adding it on a per website basis.
Code: [Select]
echo 'Alias /phpmyadmin /usr/share/phpmyadmin' >> /etc/apache2/sites-available/user-ebox-exemple1.com/phpmyadmin
And for your #5, you may run multiple web servers behind Zentyal by following this tutorial:
http://forum.zentyal.org/index.php/topic,3054.msg13231.html#msg13231

** Don't forget to restart your web server **
Zentyal >> Dashboard >> Web server (Restart)


Good luck

Marcus

thorsten

  • Guest
Re: User Configuration of virtual webservers
« Reply #7 on: January 22, 2012, 11:15:23 pm »
Dear Marcus,

wow - allmost all solutions - I will try everything ... redirection to a different host Nr. 5 does work already perfectly.
Funny Part on that: my Sage server is not a physical machine on my LAN it is a KVM virtual machine running within Zentyal via Network bridge  ;)

OK, just ohne question on that:

You put several files into the respecitve directory:
/etc/apache2/sites-available/user-ebox-exemple1.com/

In one case uit is "severalias" or "modproxy" or "restrictions"

Am I right, if I guess:
All files in the directory are processed by Apache2? It does not matter what the name is - all of them are used to configure the respecitve virtual host.

Is this correct?

THX (for all)
Thorsten

stuartiannaylor

  • Guest
Re: User Configuration of virtual webservers
« Reply #8 on: January 23, 2012, 09:27:12 am »
I was up early but you will see a line in the configuration "include" where each file is just appended at that point.

stuartiannaylor

  • Guest
Re: User Configuration of virtual webservers
« Reply #9 on: January 23, 2012, 09:33:57 am »
Also Marcus the server alias is a pretty common requirement that the base domain is going to have a www.domain. I have always wondered if this should just be automatic? IE in the .mas file.

I edit the .mas file so its automatic. As on a fairly regular basis I am adding a virtual domain, its just something I do before clients are required to purchase web hosting. Maybe its unusual to be putting up and pulling down as many sites as I do.

Should www. alias be the norm?

Stuart.
« Last Edit: January 23, 2012, 09:35:42 am by stuartiannaylor »