Admin/SetupGuides/ApacheVhostSetup

Guidelines on Apache2 Vhost Setup

For setting up an Apache2 Virtual Host for a particular service on Skynet, the following guidelines must be followed:

  1. Apt-get install as much as possible, putting configs and files in their default apt locations.

  2. Serve Everything from /srv/name_of_vhost/public_html/

  3. Symlink in default locations of files and configs into /srv/name_of_vhost/ (as required)

The Above allows us to use:

VirtualDocumentRoot /srv/%1/public_html
VirtualScriptAlias  /srv/%1/public_html/cgi-bin

Once $service.skynet.ie exists and points to the server in question, and /srv/$service exists, then the vhost automagically works, with no further configuration necessary. As a result, it is best for the /srv subdir to be the name of the vhost, rather than the name of a package etc. As a result of above (vhost requiring no further configuration), keep service-specific configuration to either /srv/service/.htaccess or /srv/service/public_html/.htaccess were possible.

  1. SSL Certs can be generated by CACert Skynet Admins. "Https can only have one cert per host:port The reason being that the ssl stuff is negioated immediately on connect, before the browser can tell the webserver which vhost it's trying to access" - diamond. A *.skynet.ie cert can be generated for general https use, and should cause NO issues.

  2. Services which require https: a careful redirect from http to https must take place. There are several methods. Having "SSLRequireSSL" in a htaccess file will cause a 403 if accessed over http. The following line in the http vhost can be "ErrorDocument 403 [WWW] https://securehost.skynet.ie" redirecting it over. This is but one method.

  3. Apache2 reads /etc/apache2/sites-enabled in Alphabetical Order. Typically a 000-default vhost will be placed in /etc/apache2/sites-enabled/ and it will contain NameVirtualServer Information:

NameVirtualHost *:80
NameVirtualHost *:443

Note: The first vhost to appear in alphabetical order in /etc/apache2/sites-enabled/vhost will also be accessible via [WWW] http://ipaddress_of_server.

Note: Only one instance of NameVirtualHost can exist - otherwise Apache2 will give out. It should appear at the beginning of the first vhost.

  1. Thats about it. Please add in more comments/critiques here as required.

--steviewdr

last edited 2006-08-25 08:34:44 by 136