apache virtualhost

Discussion in 'Server Operation' started by koi, May 2, 2007.

  1. koi

    koi New Member

    Hi, I am running debian etch 4.0 (stable)
    I am in trouble with apache.

    I have reigistered a domain name, for example www.mydomain.com.
    But I can't associate it with an ip cause i don't have a fixed ip, but a dinamic one. So i have made a cname that make www.mydomain.com to point to www.mydinamic-ip.dyndns.org.
    So i am able to use this domain with my web-server, but i have a lot of questions:
    I am only able to run one domain/web-server: what if I want to run more domains?
    Hove do you have to set exacty the files in /etc/apache2/sites-avaiable/ ?
    Do I have to put all virtualhosts inside the file named default, or create for each domain a new configuration file?
    And, if I want to run also a website but only for my internal lan, who can I do it?

    Thanks in advance.
  2. zcworld

    zcworld New Member

    i dont have a installed copy of debian
    but doest it have any explame files of how to config the Vhost file

    /etc/apache2/sites-avaiable/ ?

    but i check the httpd.conf file to make sure that the
    vhost path is enale
    than its just like

    to see the sites i would also
    make the DNS name to the IP address <LAN PC IP>
    to make sure its works for you localy
    but get a friend to test all the diff URLS out that you got to make sure they got the right site on them :)

    ok to the fun part
    here is a copy of my Vhost file

    cat /etc/apache2/vhosts.d/vdb.lan.conf

    # -*- mode: apache; -*- // ignore this line
    # $Id: vhost.template,v 1.5 2006/10/13 18:13:28 shane Exp $

    <VirtualHost *:80>
    ServerName vdb.lan
    ServerAlias www.vdb.lan
    ServerAdmin [email protected]
    DocumentRoot /srv/www.vhosts/vdb.lan/htdocs

    CustomLog /srv/www.vhosts/vdb.lan/logs/access_log combined
    ErrorLog /srv/www.vhosts/vdb.lan/logs/error_log

    ## No .htaccess reading
    <Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All

    <Directory "/srv/www.vhosts/vdb.lan/htdocs">
    Options -Indexes

    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    # Options FileInfo AuthConfig Limit
    # leave as None to keep apache running faster (unless needed)
    AllowOverride None

    Order deny,allow
    Allow from all

    # delete the cgi-bin block if you do not want
    # this vhost to have it's own cgi-bin/
    ## BEGIN: cgi-bin
    ScriptAlias /cgi-bin/ "/srv/www.vhosts/vdb.lan/cgi-bin/"
    <Directory "/srv/www.vhosts/vdb.lan/cgi-bin">
    AllowOverride None
    Options None
    Order deny,allow
    Allow from all
    ## END: cgi-bin


    to the other part of the qus
    And, if I want to run also a website but only for my internal lan, who can I do it?

    arrr sorry i dont know
    if my friend gets his backside back online i will bug him for 30 secs to get a answer to your qus
    im sure he knows :)
  3. koi

    koi New Member

    Thanks for the reply.
    Waiting your friend help, I have another question: what's the right file permission in debian about sites?

    I mean: /var/www/directory-where-the-site-lives

    the files inside it have to be owned by root or by www:data?
    the direcoty itself shuold be owned by root or by www:data too?

    The debian default directory is apache2-default and everything is owned by root.

  4. koi

    koi New Member

    I am in panic.

    Cause The only services I have is apache and postfix (i have followed the guide in this site (Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) ant the only port opened are the one for apache /postfix 80, 143, 25, 993)

    I didn't receive mail from time, so i checked the situation and I saw that postfix didn't work right, that's the error: Starting mail transport agent: Postfixpostsuper: fatal: scan_dir_push: open directory defer: Permission denied.

    So I checked /var/run and I saw this!!!!!!!!!!! :eek: :eek: :eek:

    drwxr-xr-x 2 www-data www-data 48 2006-07-28 11:07 apache2
    -rw-r--r-- 1 root root 5 2007-05-02 11:59 apache2.pid
    drwxr-xr-x 3 www-data www-data 216 2007-05-02 11:59 courier
    -rw-r--r-- 1 root root 5 2007-05-02 11:59 crond.pid
    ---------- 1 root root 0 2007-05-02 11:59 crond.reboot
    drwxr-xr-x 2 www-data www-data 104 2007-05-02 11:59 cups
    -rw-r--r-- 1 root root 5 2007-05-02 11:59 ddclient.pid
    -rw-r--r-- 1 root root 5 2007-05-02 11:59 inetd.pid
    -rw-r--r-- 1 root root 5 2007-05-02 11:59 klogd.pid
    -rw-r--r-- 1 root root 5 2007-05-02 11:59 mdadm.pid
    drwxr-xr-x 2 www-data www-data 48 2007-05-02 11:57 mysqld
    drwxr-xr-x 2 www-data www-data 48 2005-03-23 19:04 pppconfig
    drwx--x--- 2 root sasl 48 2007-01-20 16:35 saslauthd
    drwxr-xr-x 2 root root 48 2006-11-01 00:03 sshd
    -rw-r--r-- 1 root root 5 2007-05-02 12:02 sshd.pid
    -rw-r--r-- 1 root root 5 2007-05-02 11:59 syslogd.pid
    drwxr-xr-x 2 www-data www-data 48 2005-04-07 18:37 usb
    -rw-rw-r-- 1 www-data utmp 4224 2007-05-02 12:02 utmp

    Someone have changed the ownership of my services!!!! in www-data, the default group of apache!!!!!!!!!!!!!

    So do i have been hacked? And how? the only thing I have done is to put the web-server files (/var/www/direcoty-of-the-site) owned by www-data like i have read in some guides.

    Please help!
  5. zcworld

    zcworld New Member

    not sure what user/group has rightts on the deb system
    but have a look at the default html folder to see the user / group and work off that as the default owners

    sorry if thats not any help
  6. koi

    koi New Member

    the default is:

    /var/www/ is owned by root:root
    /var/www/apache2-default/ is owned by root:root too.

    what to do?
  7. koi

    koi New Member

    and the permisson of the files inside /var/www/site-direcoty/ are 0644
  8. fr0m_heaven

    fr0m_heaven New Member

    RE :: permisson of the files inside /var/www/site-direcoty/

    watch out for ur apache user in httpd.conf /apache.conf (depending upon ur distro)
    usually the apache user will be "www-data" or "root" or "apache"
    say its "www-data"

    #chown -R www-data:root /var/www/site-dorectory/
    and u are done .. be sure that either one of "user" or "groups" owning the directory are the "apache user from httpd.conf"
    also dont forget to
    #chmod -R 770 /var/www/site-directory
    hope this helps ...
  9. koi

    koi New Member

    Hi, thanks for reply:

    in /etc/apache2/apache2.conf

    I have

    User www-data
    Group www-data

    And i had /var/www/ root:root and /var/www/site/ www-data:www-data
    And waht if I leave root:root also in /var/www/site/?

    So it's official: have I been hacked?
    But is it possible that I have been hacked for file permission in /var/www/direcotry-ot-the-site????
  10. falko

    falko Super Moderator ISPConfig Developer

    You can check your server: http://www.howtoforge.com/faq/1_38_en.html
  11. koi

    koi New Member

    Thanks for reply, I have installed the progs you have linked.
    But the server where i think to have been hacked has gone...formatted! :D

    What about all other questions? ;)
  12. zcworld

    zcworld New Member

    if i can get my act together maybe i will mod a ver of Vhost maker script i got to work on the deb system

    i will do it from an Ubuntu build
    but it should work on deb due to deb is the core
  13. koi

    koi New Member

    Dear friends, no news? :(

Share This Page