Configuring a web server

From SoftwarePractice.org

What we've done so far, in Building a web server, is to create a web site that is known by the same name as the machine on which it is hosted. Usually, we want multiple web sites on one server machine. This is known as "virtual" hosts.

Also, we don't usually want the machine name to mean anything for the purposes of web serving. Suppose that the machine is known as server1.myorg.net. We don't want people to use the name "server1.myorg.net" to get to a website, as the actual machine that is used as the web server might change! Instead, we want to create a name for the website itself, such as, oh, www.myorg.net. When server1 gets old and we upgrade the web server to the shiny new server10, the users of the website don't see any difference.

So, what we are going to do here is to make the machine name not server any useful content, and set things up so that we can have an arbitrary number of websites ("virtual hosts") running on that one machine.

Contents 1 Set up the default site 2 Create a virtual host 3 Install phpMyAdmin 4 Create a database 5 Install a PHP application 6 Related pages

Set up the default site

If the web server is accessed by any name other than one of its specified virtual hosts (next section), we want it to simply display a page that points you somewhere more useful. This default website contains just a single file, index.html.

1. Earlier we created the /usr/www directory for holding websites. Create a subdirectory underneath it, so you get something like this:

   /usr/www/
            default/
                    logs
                    public_html/
   

2. Create an index.html file:

   echo "Nothing to see here, move along" > /usr/www/default/public_html/index.html
   

3. Open the file /usr/local/apache2/conf/httpd.conf, and at the bottom add:

   NameVirtualHost *:80
   
   <VirtualHost *:80>
     ServerName server1.myorg.net
     DocumentRoot /usr/www/default/public_html
     ErrorLog  /usr/www/default/logs/error_log
     CustomLog /usr/www/default/logs/access_log common
     <Directory /usr/www/default/public_html>
       Order Deny,Allow
       Allow from all
     </Directory>
   </VirtualHost>
   

   What this does is tell Apache to serve files from the document root at /usr/www/default/public_html. As long as this VirtualHost block is the first on the httpd.conf file, this directory will be used for all hosts that do not match any other virtual host. (See below.)

   The Directory block is used to override Apache's default restriction that prevents the server from accessing any files at all! Unless specifically over-ridden, that is, as we are doing here. (This behavior is new in 2.2, I think.)

4. Restart Apache:

   /usr/local/apache2/bin/apachectl restart
   

   Make sure that an access to http://server1.myorg.net is returning the correct file. You can also check /usr/www/default/logs/access_log to see the access.

5. I prefer to keep the search engines out of my default site. They have a remarkable ability to find things you don't want found... to do so, add a file called robots.txt to /usr/www/default/public_html with these contents:

   User-agent: *
   Disallow: /
   

Create a virtual host

Now we want to create a website that does something useful. Let's assume that we need to create a site www.client1.com. Once we have done that, any further websites are the same, with just a few things changed to reflect the site name.

1. Create the directories for the new site.

   /usr/www/
            default/
                    logs
                    public_html/
            client1.com/
                        logs
                        public_html/
   

   Create an index.html file in client1.com/public_html, for testing.

2. In httpd.conf, below the default site virtual host, add:

   <VirtualHost *:80>
     ServerName www.client1.com
     ServerAlias client1.com
     DocumentRoot /usr/www/client1.com/public_html
     ErrorLog /usr/www/client1.com/logs/error_log
     CustomLog /usr/www/client1.com/logs/access_log common
     <Directory /usr/www/client1.com/public_html>
       Order Deny,Allow
       Allow from all
     </Directory>
   </VirtualHost>
   

3. On your own computer, open up your hosts file to temporarily add the two domains. On Unix variants (including Mac OS/X) it's located at /etc/hosts. On Windows machines, it's somewhere like c:\winnt\system32\drivers\etc\hosts. Add the line:

   123.45.678.90 www.client1.com
   

   (You can, of course, remove this once you get get DNS set up for the new domain.)

4. Browse to the site http://www.client1.com. You should see the index file.
5. Look at the access_log file. You should see your access to index.html. It will look something like this:

   222.24.246.114 - - [15/May/2006:15:29:49 -0400] "GET / HTTP/1.1" 304 -
   

You can now repeat this process for more virtual hosts.

Install phpMyAdmin

As a prelude to creating a database for the client1.com site, install phpMyAdmin. In the following I'm assuming that you are the only person who needs to access it, so install it in the default server directory.

1. Following the principle of security by obscurity, place it under another directory level and give it a different name:

   /usr/www/
            default/
                    logs
                    public_html/
                                aloha/
                                      admin/   <-- this is phpMyAdmin
   

2. Copy the configuration file to the right location:

   cd /usr/www/default/public_html/aloha/admin/
   cp libraries/config.default.php config.inc.php
   

3. You will want to make sure that you have the right permissions:

   cd /usr/www/default/public_html
   chown -R apache:apache .
   

Load the phpMyAdmin page into your browser. Note that at this point, your installation is completely insecure, so don't be telling anybody about it just yet!

http://server1.myorg.net/aloha/admin/

Create a database

Now create a database for the site client1.com. I prefer, as much as possible, to have just one database for each website. Each also has its own database user, in order to help prevent possible catastrophes with programs from different sites accessing the wrong database.

The following is all done in phpMyAdmin. The interface is fairly easy to follow.

1. Create a database called, say client1.
2. Follow the "Privileges" link and create a user also called client1. (Max lenght of user name is 16 characters.) Select "localhost" as the host, and enter a password.
   • I generally get the password by combining a common password for all database users with the username. It's still reasonably secure and I'm less likely to forget the passwords...
   • I also find it best to avoid punctuation in database passwords, except for underscores, as it makes shell use of the mysql utilities awkward.
   • The max password length is 41 characters.
   Press "Go." Note: don't give the user any global privileges.
3. Scroll down to the "database-specific privileges" section of the page and select the client1 database. A screen will display with individual privileges -- click on "Select All" and then press Go.

You now have a user client1 with privileges on the database client1. You might wish to check that all is as you think. In the shell:

/usr/local/mysql/bin/mysql -u client1 -pmypassword client1

(Note: no space between the -p flag and the password.) You will get the mySQL prompt. Type say "show tables;" -- you will get a response that there are no tables. Fair enough too. Exit.

Install a PHP application

You may as well go ahead and install a PHP application now. Pick something with a simple install -- CMS Made Simple is a good candidate. Download it and replace the client1/public_html directory with the untarred distribution. Load www.client1.com into the browser, and the installer will take care of the rest. You may want to first look into Installing ImageMagick if the application deals with images in any way. Have fun!

Related pages

Don't forget about Securing a web server before telling anyone about the new site...