Configuring Virtual Hosts in Apache on OES 2
Everyone knows about the default web page for Apache on SLES or the Welcome page on OES 2. What if I want to be able to access another location on the server without changing the defaults or asking users to remember a long url? That’s where Virtual Hosts come into play. You can create a location on your server, place your web documents inside and then configure Apache to take you there.
In this article, we will configure a simple virtual host for users to access company policies or whatever you want to put there. We’ll give the virtual host it’s own domain name and DNS record. And as an added bonus, we’ll configure it for eDirectory authentication and access based on group membership.
- Create location for our files
- Create a virtual host
- Create a default web page
- Add eDirectory authentication
For those who prefer using a GUI in lieu of down and dirty command line, refer to Dave Simons’ AppNote. How to Setup and Configure Apache Web Server in SLES 10
Location for web files
First of all, we need a location for our virtual host. If you want only eDirectory-based users adding or modifying the files, and have an NSS volume mounted, create the directory within that mount point.
If you want non-eDirectory users to be able to access the site (read only), create the directory under /usr/share
Create Virtual Host
Create a CNAME record or alias for your virtual host to point to your real server name.
Now we’ll create a virtual host for our new site. We don’t want to change the existing structure of Apache’s configuration, so instead of modifying any of the *.conf files, we’ll create a new one based on the templates.
Change your current directory to /etc/apache2/vhosts.d
Notice there is a file called vhosts.template? That’s the file we will use to create our new virtual host or you can create a blank file and add directives as desired.
Copy this file to myvhost.conf
cp /etc/apache2/vhosts.d/vhosts.template /etc/apache2/vhosts/myvhost.conf
Open the file for editing and make changes that correspond to your server.
# Start of myvhost.conf # Virtual Host file for my companies policies for users to view. NameVirtualHost *:80 # add this so we listen port 80 on all IP addresses <VirtualHost *:80> # Define the virtual host here. # This is optional and if there is an error Apache displays this email address for the user ServerAdmin firstname.lastname@example.org # This is the CNAME DNS record that points to the host's IP. ServerName policies.mydomain.com # this is the base directory where the virtual host will default. DocumentRoot /media/nss/DATA/policies # If your virtual host site will have any cgi, modify this line. For this example, rem it out. # ScriptAlias /cgi-bin/ "/srv/www/vhosts/dummy-host.example.com/cgi-bin/" # Here we set permissions for Apache. These are not related to eDirectory. <Directory "/media/nss/DATA/policies"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost> # End of myvhost.conf
We can add multiple <VirtualHost> sections, defining multiple virtual hosts. However, if the user, browses to this host and uses unknown hostnames, Apache defaults the user to the first virtual host in the list. This can be avoided by placing the following directive in your virtual host configuration file.
This is also defined in /etc/apache2/default-server.conf
If you want Apache to listen on a particular IP address or port for your virtual host, specify those items in the <VirtualHost> directive:
You can add multiple IP addresses to this directive, separated by a space.
The ServerName directive is the name the users will put in their browsers to get to your virtual host.
DocumentRoot tells us where the base directory or “/” (root) for this virtual host resides.
Based on our statement above, DocumentRoot /media/nss/DATA/policies AND we placed a default index.html file there:
We browse to our vhost, http://policies.mydomain.com/ we would see the contents of that index.html
Create a default web page – index.html
<html> <head> </head> <body> <h1>We're Here!</h1> </body> </html>
Place this file in your Document Root.
Save your files and now we need to restart Apache
Let’s test it before we go any further.
Open a browser and type in the new host. http://policies.mydomain.com
Ok. Now let’s add the eDirectory authentication piece, so only users with a certain group membership can access this site.
Open your newly created virtual host configuration file.
Scroll down to the “Allow from all” in the <Directory …> section and place these lines after:
AuthType Basic AuthName “Protected” require group cn=PolicyAdmins, o=myorg AuthLDAPAuthoritative On AuthLDAPURL ldaps://your_edirectory_server.mydomain.com/o=myorg?uid
Replace the group DN with your own group DN.
Replace the AuthLDAPURL with your own eDirectory server name and your base dn
Save the file and restart Apache.
Let’s test again using an account that is a member of PolicyAdmins.
Browse to our new URL http://policies.mydomain.com
Notice we are prompted to login first.
Here is an example of a user that is not a member of the group PolicyAdmins.
You can modify the settings in the vhosts configuration to allow non-admins and then eDirectory ACLs will apply as to what they can or can’t see or do.
Apache is a very versatile and powerful web server. I even run a scaled down version of it on my SLED laptop for testing new ideas. The product I use is XAMPP www.xampp.org. It’s an open source, full blown LAMP server that has Apache2, MySQL, PHP 5 and Perl, in one package that you can launch locally. I test all my web stuff on it before putting it on a real server. Enjoy.