Following on from the first Debian Lenny - Apache Virtual Hosts article, we can now look in detail at some of the settings available to us in the Virtual Hosts file.
This will enable us to have complete control of the domain we want to serve.
Some of the settings discussed were introduced in the previous article but some are new.
Take the time to read through the explanations and you will soon have an understanding of how powerful vhosts actually are.
Sets the email address for the server administrator - this will be used if you have setup the server to contact you on errors. It is also shown in the ServerSignature (if set to 'Email' - see below)
ServerName and ServerAlias
ServerName domain.com ServerAlias www.domain.com
Sets the domain name for the virtual host. You can have as many aliases as required. For example, you can have domain.com and domain.net point to the same content.
Note this is not a rewrite rule (we'll look at those later) but the domains defined here will serve the same content (assuming you have set the DNS to point to your Slice IP).
Defines the index file (the 'home' page that is shown on entering the domain address). Useful if you have want the user to be directed to an alternate page or to a non-standard home page.
Do note this is not a good way of redirecting users as they may go directly to a non specified page such as domain.com/index.php whilst the DirectoryIndex will only work for those entering domain.com.
The location of the domain's public files. Use an absolute path name.
ErrorLog and CustomLog
LogLevel warn ErrorLog /home/demo/public_html/domain.com/log/error.log CustomLog /home/demo/public_html/domain.com/log/access.log combined
Set the Log levels and the location for the Virtual Hosts log files. Very useful for easy analysis of the domain statistics.
ErrorDocument 404 /errors/404.html ErrorDocument 403 /errors/403.html
Used for all the standard error messages.
In these examples I have an 'errors' folder in my public directory. I created each error document and place them in the 'errors' folder. The paths shown are relative to the DocumentRoot folder defined above.
If not defined, Apache will generate its own error pages. Custom error pages are more user friendly and can be customised as much, or as little, as you want.
Sets whether the server details are displayed in any server generated error pages or index lists. Options are On, Off and Email.
Note the level of detail in the signature is configured via ServerTokens which cannot be set in the Virtual Hosts file — for Debian Lenny's Apache layout this is properly set in '/etc/apache2/conf.d/security'. See the Apache configuration #2 article for more details.
If set to Email, the ServerAdmin email will be displayed.
ScriptAlias /cgi-bin/ /home/demo/public_html/domain.com/cgi-bin/ <Location /cgi-bin> Options +ExecCGI </Location>
Enables the cgi-bin location as defined by the custom virtual hosts layout. You can, of course, leave the cgi-bin in the DocumentRoot location if you so wish.
<Directory /home/demo/public_html/domain.com/public> Options FollowSymLinks </Directory>
Set the Options for the specified directory - the example shown allows the Option FollowSymLinks to be enable for the public directory of domain.com
Listed below are further Options that can be set:
To turn off directory browsing use '-Indexes' or 'None'. To turn them on, use '+Indexes'.
This Option disables Server Side Inlcudes. SSI (Server Side Includes) are directives that are placed in HTML pages, and evaluated on the server while the pages are being served. They let you add dynamically generated content to an existing HTML page, without having to serve the entire page via a CGI program, or other dynamic technology.
Enable or disable the option to follow symlinks. Be careful with this option as it can lead to security risks (inadvertently linking to configuration folders).
You can consider using the SymLinksIfOwnerMatch directive instead of FollowSymLinks. The SymLinksIfOwnerMatch allows symbolic links to be followed only if the owner of the link is identical to the owner of the target file or directory (in terms of Linux filesystem ownership/permissions). Thus preventing many of the security risks that a simple FollowSymlinks directive can create.
Setting AllowOverride to none disables .htaccess support. Set to All to allow them.
You can also specify which .htaccess features to enable such as:
AllowOverride AuthConfig Indexes
Remember to specifically protect your .htaccess file. This can be done in two ways:
Firstly rename it to something obscure and, secondly, deny access to the file from external sources:
AccessFileName .myobscurefilename <Files ~ "^\.my"> Order allow,deny Deny from all Satisfy All </Files>
This will turn off all the available options.
We'll see more of this directive later.
Remember that the Options directives can be set per directory like this:
<Directory /> AllowOverride None Options None </Directory> <Directory /home/demo/public_html/domain.com/public> AllowOverride All </directory>
This will turn of all Options and disable .htaccess support for all directories.
However, the second Directory setting will override the first and allow .htaccess support for the domain.com/public directory.
The Virtual Hosts file is at once an easy tool to use and a very powerful one. My advice is to enter one setting and test it. Then enter the next setting and so on.
Once familiar you will see you have fine control over all of your web folders and files.