PDA

View Full Version : httpd.conf



Barbara Moore
11-06-2006, 06:25 PM
For anyone coming here for the first time, I have found answers to all my questions and give an outline of how to set up a VPS on its own IP address in a post lower down. Can be used for single domain or multi-domain hosting, including subdomains.
======================================
Help! I put in a support ticket nearly 12 hours ago and still have not had a response.

Looking that the httpd.conf everything looks like the server has been named after the first domain to be hosted on the server rather than being named after the fully qualified domain name of the server.

In case you are wondering, this is a client's site and I did tell them not to mention the domain name when they set up the account, but looks like they just had to put it in.

First question:

Can I change the ServerName from the domain name to the FQDN of the host server?
[Just had a response from support that this is OK to do - will add comments on any further success and / or progress]

Second question:

Can I set up NameVirtualHost with the IP address?

3rd:

Next I want to set up a default domain on * rather than the IP address using VirtualHost and the FQDN of the host. This is so that there is somewhere to send all those hacking attempts and dumb search engines who look at IP addresses and their hosts and not domain names.

If I can get this sorted, then I really recommend this to everyone - since I set this up on my other servers all hacking sniffs at php, cgi and pl have gone to the default and not to any domain hosting - the code you need to set it up is

<VirtualHost _default_:*>
RedirectMatch permanent .* http://FQDN.whsites.net
</VirtualHost>

<VirtualHost IPaddress>
ServerName FQDN.whsites.net
DocumentRoot /www/html
</VirtualHost>
4th:

Then I want to set up the first domain to be hosted here with its own VirtualHost entry using IP - 2nd VirtualHost position.

Simple - that is how my other servers are set up but looking through the forum here, the setup on these VPSs is a minefield.

The recommendation is for the VirtualHost to be set up using IP address - any idea why the default config ignores this advice?

The domain is already correctly set up in the /var/named/db(can't remmember file name) so there is nothing to do through the control panel.

BTW - I can FTP to the server using the FQDN so somewhere down the line the host server knows that this is the correct name for the server.

I don't want to just make the above changes to the config in case it crashes the server and then I can't even FTP in.

That does not solve my problem of the client wanting their site up and running this week and this is the 3rd hosting I have looked at and the second that they have signed up for. I thought I had asked sales all the right questions concerning control over the config but using the domain name as the FQDN of the host was not something I even considered when the VPS is spec'ed as hosting multiple domains and subdomains and the sign-up page offers a FQDN when no domain is included in the package.

And I really don't want all those hacking bots filling up my domain logs with all those 404 errors.

Sorry to ramble on so, but this is still only day 1 on this server and I can't even start to load up any scripts until this is sorted.

rolling
11-07-2006, 07:19 AM
Be brave! Go ahead and make those changes. If you break something irrepairably , then use Live Chat (http://members.westhost.com/contactus.html) to contact Westhost, not the contact form. They'll get straight back to you - typically in seconds rather than hours. FTP, sendmail and QPopper appear to run under a separate inetd, so even if you break Apache, you should still be able to connect to your site using FTP or SSH.

As for why the default is to use names rather than IP addressses, I guess that this is because some packages do not come with static IPs.

Barbara Moore
11-10-2006, 04:46 AM
Thanks for replying Richard. Live Chat were not familiar with the _default_ VirtualHost settings so could only recommend the test and fix-if-necessary process.

I have put in all my changes, including using the IP address for the VirualHost configurations. Testing suggests that everything will work fine, with the real proof of the pudding when the DNS is switched next week. (I had a few crashes along the way and had both SSH and FTP running at the same time, switching from restarts to editing the config.)

Now I just need to go and rotate all those logs I have created while doing the testing.

For all those who are struggling to host more than one domain on their VPS I hope to post a note on what changes I have made to the default httpd.conf and why.

Barbara Moore
12-08-2006, 05:47 PM
The following basic set-up is also recommended even if you have only one site hosted on the server as it prevents the site from being called by both IP address and domain name.

While you may think that having a site answering to IP address is a good thing, it can cause many problems with search engines. IP address is also used by spam and hacking bots looking for vulnerable servers: these bots fill log files with their hacking attempts and keeping them out of your sites can only be a good thing.

Before you start, copy httpd.conf to httpd-original.conf. If anything goes wrong you can then go back to the original setting and have your site back up without any delay.

Recommendations in httpd.conf file order - search on the text string to find each item

NEED and MUST have their usual meanings in the text below

1. ServerName
This will be in one of two forms depending on the information you gave when requesting hosting:

ServerName www.domain.tld
ServerName FQDN.whsites.netwhere FQDN is the username you requested. (probably FQDN = domain.tld)

Recommended (and this needs to be used for the following changes to work)

ServerName FQDN.whsites.net
2. DocumentRoot
The default is fine to leave as it is. If you do not leave it as it is, you will not be able to access your control panel manager. When navigating using FTP or SSH, this is the path you need to use to find your site content.

DocumentRoot /var/www/html
3. AllowOverride (Allowing or disallowing .htaccess)
[Within the <Directory "/var/www/html"> configuration]
For every file request made by a browser, script or robot if the AllowOverride is set to All the server will look for an .htaccess file in every directory, including the current directory, above the current directory. This makes sense as an .htaccess file is applied to all files below the directory containing the .htaccess file.
If does not matter if you use .htaccess or not, this file will be looked for. This can slow your server down.
If you set AllowOverride to None the server will not look for any .htaccess files and will ignore any that exist (useful for resellers who want to limit the available features)

It makes more sense to put anything that you would usually place within the .htaccess file in a Directory section of the VirtualHost or within the main server configuration if you want to apply it server wide (see also, <Directory "/var/www/cgi-bin">)

Recommended

AllowOverride None
Can also be "All", or any combination of "Options", "FileInfo", "AuthConfig", and "Limit"

4. DirectoryIndex
This controls which files the server will search for if only the directory is mentioned in the URL. You can add any file name you use and remove any that you do not use or will limit clients from using in reseller accounts.
As a minimum, all directories should contain the index file, even a blank file, even where the directory only contains images.

Recommended

DirectoryIndex index.html index.php
5. CustomLog
Unless you have a need to have logs of every time someone requests an image, you can turn off the logging of images and any other files which are of little interest to you. This helps to keep the log files small. This can be used in either/both the server wide configuration or the VirtualHost only.

Recommended

SetEnvIf Request_URI \.gif image-request
SetEnvIf Request_URI \.jpg image-request
SetEnvIf Request_URI \.png image-request
CustomLog logs/access_log combined env=!image-requestDo not switch off the logging of image files in the error logs - you need to know if an image is not being found.

6. VirtualHost
This section controls which files are served by http requests to domain.tld - also look at the sample given in the httpd.conf file

a) NameVirtualHost
This determines which IP address the server listens to. You can use a wildcard * for listening on all IP addresses. If you have a dedicated IP address, use IP address. Using an IP address here is the recommended setting but not possible if your VPS is answering on a dynamic IP address, in which case you need to use *. The default setting is * which means that the server is listening for responses on all IP addresses, not just the IP address assigned to it.

Recommended

NameVirtualHost 123.123.123.123
b) Default VirtualHost
If anybody comes to look at your server without requesting a domain.tld you want to be able to control where they go on your server and what they can see. These are usually hackers and rogue bots that you do not want anywhere near your site anyway. You also want to prevent search engines from indexing the site on the IP address as well as the domain name, else one version will be penalised as duplicate content. The following sends these unwanted visitors away from your domain.tld DocumentRoot and away from spying on your site and any other scripts that may exist in this area. The default applies to all ports.


<VirtualHost _default_:*>
RedirectMatch permanent .* http://FQDN.whsites.net
</VirtualHost>

<VirtualHost IPaddress>
ServerName FQDN.whsites.net
DocumentRoot /var/www/html
</VirtualHost>NB. You must use the same IP address or wildcard used in NameVirtualHost

Lodge an index file in the server DocumentRoot (the server contains an index file here when it is set up). In the unlikely event of it being a search engine or genuine visitor that finds this page I always include a link to every site hosted on the server and include the robots meta tag with NOINDEX to prevent the file from being indexed.

The first position in the VirtualHost definitions is always delivered when requests are made on IP address.

To access the control panel, rather than going through your domain name, you must now go through the default server, i.e.
FQDN.whsites.net/manager/ or IPaddress/manager/

The server logs will refer to visits to this default.

c) all the rest of the domains hosted
Each domain or subdomain hosted on the server will be within its own pair of VirtualHost tags

<VirtualHost IPaddress>
...
domain.tld information goes here
...
</VirtualHost>The Control Panel needs to be used to create a new domain, after which you can edit to make your preferences.

The minimum requirements are:

ServerName www.domain.tld
DocumentRoot /var/www/html/path/to/domain/filesi.e. DocumentRoot /var/www/html/htdocs/domain.tld or
DocumentRoot /var/www/html/username
(using a different path from the default configuration path)
Site specific configurations go here, using <Directory /path> for any directory level configuration, i.e. whatever you would normally put in a directory .htaccess file can go here instead.

If you want site only access and error logs, you set them up here. They can be hosted in the same directory as the logs for the default setting, named after the domain or anything else you wish. Remember to update logrotate.d for any log files you create so that they can be rotated and archived.

Syntax is important - any errors in syntax will cause the server to crash. In particular, URi and URL must not contain any blank spaces (use % entities)

Using this setting gives you many areas which can be used to store non-public data which can be accessed by scripts or users.

If you have any questions, refer to the online apache manual which covers this area very well. Also, live.com has very relevant results when searching for any articles which also cover setting up apache servers.
=========================================
I hope that other users will add their little tricks for improvement to this thread.

jalal
12-09-2006, 02:05 AM
Great write-up Barbara, thanks. I'm sure that's going to be useful for a lot of folks.

Barbara Moore
12-19-2006, 04:34 AM
One more point for those who have more than one IP address on their VPS - read the apache manual which has a very good explanation and example of how to set up VirtualHosts for more than one IP address.
===============
Here is another tip for those sites that serve a lot of images per page:
Set up another subdomain on the same VirtualHost - pointing to the same DomumentRoot.
When you code your pages, split the requests for images between the subdomains and images will be loaded quicker by the browser.

Why does this work?

Simple - the browser will only have so many open requests to a domain. By splitting the image URLs over more than one subdomain, the browser will have more channels open at the same time.

REminder - keep robots out of all but your main domain to avoid any duplicate content issues.