This chapter discusses the following:
 | Note: The instructions in this chapter assume that you already have network access to Linuxconf on the machine being configured to host the virtual servers.
You can do this by selecting Launch Linuxconf from the SGI Internet Server Web administration graphical user interface (GUI) Management Web page or by pointing your browser to http://hostname:98/. |
Virtual servers are used for hosting multiple Web sites using the same instance of the same software; the pages reside in different subdirectory trees.
This section covers the following:
Both hardware and software virtual servers require that entries be made to the DNS server(s) used by any client wishing to connect to a given virtual server:
At the Linuxconf main Web page, select the Start button.
Select the following links in order:
Networking -> IP Aliases for virtual hosts -> Select the appropriate network device
Enter one or more IP addresses and, optionally, appropriate netmask(s).
Select the Accept button.
Select the following links in order:
Linuxconf 1.xx xxxx (upper left corner of page) -> Control panel -> Activate configuration -> Activate the changes
Test your changes.
Use telnet(1) to connect to the server and add the following directives to the Apache configuration file /etc/httpd/conf/httpd.conf (the sequence should be preserved:
VirtualHost ip.address.of.your.ip-based.virtualhost
This line is the opening VirtualHost directive. It defines the IP address of virtual server.
ServerName virtualhost.some_domain.com
This directive defines the fully qualified virtual domain/server name.
Note: Your DNS should map that name to the IP address in VirtualHost directive above. DocumentRoot /Document-directory-for-virtual-server
This directive defines the relative or absolute directory from which the virtual server's documents are served.
/VirtualHost
This line is the closing VirtualHost directive.
Note: Almost any Apache directive may be used between opening and closing VirtualHost directives. For more information, see Apache documentation at the following location: http://mainservername/manual/vhosts/index.html Reload the configuration file with the following command:
/etc/rc.d/init.d/httpd reload
Test the changes.
To set up a name-based (non-IP) virtual Web server in Apache, do the following:
Use telnet(1) to connect to the server and add the following directives to the Apache configuration file /etc/httpd/conf/httpd.conf (the order should be preserved):
NameVirtualHost ip.address.of.your.name-based.virtualhost
This directive defines the IP address for name-based virtual hosts.
VirtualHost ip.address.of.your.name-based.virtualhost
This line is the opening VirtualHost directive. It defines the IP address of virtual server.
ServerName virtualhost.some_domain.com
This directive defines the fully qualified virtual domain/server name. This is the alias name put into a CNAME record on the DNS.
DocumentRoot /Document-directory-for-virtual-server
This directive defines the relative or absolute directory from which the virtual server's documents are served.
/VirtualHost
This line is the closing VirtualHost directive.
Note: Almost any Apache directive may be used between opening and closing VirtualHost directives. For more information, see Apache documentation at the following location: http://mainservername/manual/vhosts/index.html Reload the configuration file with the following command:
/etc/rc.d/init.d/httpd reload
Test the changes.
To create a post-office (POP) email account, do the following:
At the Linuxconf main web page, select the Start button.
Select the following links in order:
Users accounts -> POP accounts (mail only)
Select the Add button.
Fill in at least the login name and full name fields on the User account creation page.
Select the Accept button.
Enter the new user's password, then select the Accept button.
Reenter the password to confirm it, then select the Accept button.
Select the following links:
Linuxconf 1.16 (subrev 1-3) (upper left corner of page) -> Control panel -> Activate configuration -> Activate the changes
To allow your hosted customers to manage the content of their site, you must provide a means for uploading files to your server and deleting files on your server.
One common mechanism is FTP uploads. To enable these for your users, you must do the following:
Add regular user accounts. For the home directory, specify the document root of the virtual server you created for this hosted customer. For example, /home/httpd/html/foobar for the virtual server www.foobar.com.
Open up ports 20 and 21 in the INPUT chain for ipchains(8). See the information about Bastille in SGI Internet Server Start Here.
Security recommendations:
Unless you are planning to allow anonymous access to your FTP server, you should delete the predefined ftp account.
Use the predefined ftp group for the hosted accounts
Ensure that the home directories of the hosted accounts are owned by them and group ftp. Files inside the home directories must be readable by the web server user (typically nobody). Subdirectories must be readable and executable by the web server user.
Unless you intend to allow the execution of CGI scripts that capture user data into files stored in the hosted account home directories, it is not necessary to give the web server user write permissions in any directory owned by hosted customer.
Modify the /etc/inetd.conf file to launch the ftpd(8) server with the option -u 0022. This ensures that newly uploaded files and subdirectories will be created such that only the hosted account owner, and the superuser, can modify or delete them.
Consider modifying /etc/inetd.conf to launch the ftpd server with the option -r , with docroot representing the global document root for the web server (typically /home/httpd/html). This ensures that each invocation of the ftpd server is confined to a chroot(8) prison and attacks based on hosted accounts cannot ever affect parts of the file system other than docroot.
For proper operation of a changed-root FTP server, you must provide copies of ls(1) and other commands in the appropriate subdirectories of the chroot prison. See the ftpd(8) man page for instructions in the analogous case of anonymous ftp access.