Ubuntu Hardy - Apache Virtual Hosts #2

Following on from the first Ubuntu Hardy - Apache Virtual Hosts article, we can now look in detail at some of the settings available to us in the Virtual Hosts file.

This will enable us to have complete control of the domain we want to serve.


Some of the settings discussed were introduced in the previous article but some are new.

Take the time to read through the explanations and you will soon have an understanding of how powerful vhosts actually are.

Email

ServerAdmin

ServerAdmin webmaster@domain.com

Sets the email address for the server administrator - this will be used if you have setup the server to contact you on errors. It is also shown in the ServerSignature (if set to 'Email' - see below)

Domain Name

ServerName and ServerAlias

ServerName domain.com
ServerAlias www.domain.com

Sets the domain name for the virtual host. You can have as many aliases as required. For example, you can have domain.com and domain.net point to the same content.

Note this is not a rewrite rule (we'll look at those later) but the domains defined here will serve the same content (assuming you have set the DNS to point to your Slice IP).

Index Files

DirectoryIndex

DirectoryIndex index.html

Defines the index file (the 'home' page that is shown on entering the domain address). Useful if you have want the user to be directed to an alternate page or to a non-standard home page.

Do note this is not a good way of redirecting users as they may go directly to a non specified page such as domain.com/index.php whilst the DirectoryIndex will only work for those entering domain.com.

Documents

DocumentRoot

DocumentRoot /home/demo/public_html/domain.com/public

The location of the domain's public files. Use an absolute path name.

Log Files

ErrorLog and CustomLog

LogLevel warn
ErrorLog  /home/demo/public_html/domain.com/log/error.log
CustomLog /home/demo/public_html/domain.com/log/access.log combined

Set the Log levels and the location for the Virtual Hosts log files. Very useful for easy analysis of the domain statistics.

Error Documents

ErrorDocument

ErrorDocument 404 /errors/404.html
ErrorDocument 403 /errors/403.html

Used for all the standard error messages.

In these examples I have an 'errors' folder in my public directory. I created each error document and place them in the 'errors' folder. The paths shown are relative to the DocumentRoot folder defined above.

If not defined, Apache will generated its own error pages. Custom error pages are more user friendly and can be customised as much, or as little, as you want.

Apache Footers

ServerSignature

ServerSignature On

Sets whether the server details are displayed in any server generated error pages or index lists. Options are On, Off and Email.

Note the level of detail in the signature is configured via ServerTokens which cannot be set in the Virtual Hosts file - only in the main apache2.conf. See the Apache configuration #2 article for more details.

If set to Email, the ServerAdmin email will be displayed.

cgi-bin

ScriptAlias

ScriptAlias /cgi-bin/ /home/demo/public_html/domain.com/cgi-bin/
<Location /cgi-bin>
  Options +ExecCGI
</Location>

Enables the cgi-bin location as defined by the custom virtual hosts layout. You can, of course, leave the cgi-bin in the DocumentRoot location if you so wish.

Directory

<Directory xxx/xxx>

<Directory /home/demo/public_html/domain.com/public>
  Options FollowSymLinks
</Directory>

Set the Options for the specified directory - the example shown allows the Option FollowSymLinks to be enable for the public directory of domain.com

Listed below are further Options that can be set:

Directory Browsing

Options

Options -Indexes

To turn off directory browsing use '-Indexes' or 'None'. To turn them on, use '+Indexes'.

SSI

Options

Options -Includes

This Option disables Server Side Inlcudes.

Symlinks

Options

Options -FollowSymLinks

Enable or disable the option to follow symlinks. Be careful with this option as it can lead to security risks (inadvertently linking to configuration folders).

Dejay Clayton made a good suggestion in using SymLinksIfOwnerMatch instead of FollowSymLinks.

The SymLinksIfOwnerMatch allows symbolic links to be followed only if the owner of the link is identical to the owner of the target file or directory. Thus preventing many of the security risks than a simple FollowSymlinks can create.

.htaccess

AllowOverride

AllowOverride None

Setting AllowOverride to none disables .htaccess support. Set to All to allow them.

You can also specify which .htaccess features to enable such as:

AllowOverride AuthConfig Indexes

The Apache AllowOverride docs has more information on the different features.

Remember to specifically protect your .htaccess file. This can be done in two ways:

Firstly rename it to something obscure and, secondly, deny access to the file from external sources:

AccessFileName .myobscurefilename
<Files ~ "^\.my">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

No Options

Options

Options None

This will turn off all the available options.

Hierarchy

Remember that the Options directives can be set per directory like this:

<Directory />
  AllowOverride None
  Options None
</Directory>

<Directory /home/demo/public_html/domain.com/public>
  AllowOverride All
</directory>

This will turn of all Options and disable .htaccess support for all directories.

However, the second Directory setting will override the first and allow .htaccess support for the domain.com/public directory.

Summary

The Virtual Hosts file is at once an easy tool to use and a very powerful one. My advice is to enter one setting and test it. Then enter the next setting and so on.

Once familiar you will see you have fine control over all of your web folders and files.

PickledOnion.

Article Comments:

WS commented Tue Jul 08 22:41:40 UTC 2008:

Great article. Thanks.

dedekind commented Thu Jul 31 23:15:38 UTC 2008:

You rule so much that I didn't even know it was possible to rule that much until now. Thanks for all of these articles.

Kamal Thakur commented Sun Aug 17 00:00:59 UTC 2008:

Well. I could never follow so deep into configuration files.

These articles are more than any support that can be offered.

James commented Wed Sep 24 09:41:39 UTC 2008:

Yes, triple that. You are awesome. Thanks.

Richard commented Mon Sep 29 02:29:15 UTC 2008:

Yes, quadruple that. Fantastic job writing these, they are such a valuable resource.

Ivan Storck commented Fri Nov 14 06:15:09 UTC 2008:

I just wanted to say quintuple. Seriously, good job on these articles!

Chip Tinder commented Mon Dec 22 02:01:24 UTC 2008:

6x! (sextuple?) Wonderful! I'm really glad I picked slicehost!

Matthew Birks commented Sat Jan 10 06:05:31 UTC 2009:

Can I echo what others have said above and on other tutorial pages - these articles are awesome and coherently and simply condense what is scattered all over the interwebs. The fact that PO (and Slicehost obviously) has bothered to put this up shows that they understand the needs of their clients. Top notch!

Abed commented Sun Jan 18 06:51:26 UTC 2009:

Reiterating the sentiments already expressed...

*nix is like an alien spacecraft to me, was on the Wiki looking to follow things there but the instructions were too verbose. Followed your articles to get a web server up and running and for the most part it has been a smooth, anxiety-free ride.

Thanks and please do keep up the good work. =)

Musfuut commented Sat Feb 14 00:16:25 UTC 2009:

I just wanted to point out for customers wanting to use the SuExec module to run cgi scripts as their "owner" and not as "www-data" that I believe at least the cgi-bin directories for users must be located under "/var/www" not in the user home directories.

If I am wrong anyone is free to correct me, just wanted to point that out as it could be a major headache for some. :)

p5yk0tik commented Tue Nov 10 22:05:58 UTC 2009:

Thanks for the great articles. These make more sense than the Apache manual. Even skimming over your articles give a better insight as to how the whole Virtual Host system works, which is not easily gleaned from Apache's manual.

ASF should take you on as their documentation specialist ;-)

Anyway, thanks for the articles, they made it into physical form here at work, and I will be referencing them quite a bit in the next few weeks.

Cheers! p5yk

Want to comment?


(not made public)

(optional)

(use plain text or Markdown syntax)