|
Home > Archive > Web Servers on Unix and Linux > August 2005 > document root per dir Apache 2.0
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
document root per dir Apache 2.0
|
|
| Jonathan N. Little 2005-08-12, 2:48 am |
| I have 2 linux servers running Apache 1.3 & 2.0 for development and
local mirrors of client websites. Virtual servers for each client and
what I am try to discover how to set the document root for different
subdirectories with SSL to emulate common hosting situations where
clients 'share' the hosting companies certificate. An example may
illustrate my question:
typical setup:
http://www.foo.com with document root /var/clients/~foo
http://www.bar.com with document root /var/clients/~bar
and for SSL sharing certificate of 'www.somehosting.com':
https://www.somehosting.com/~foo with document root /var/clients/~foo
https://www.somehosting.com/~bar with document root /var/clients/~bar
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
| |
| Jorey Bump 2005-08-14, 5:54 pm |
| "Jonathan N. Little" <lws4art@centralva.net> wrote in news:sqVKe.941
$MP5.76170@monger.newsread.com:
> I have 2 linux servers running Apache 1.3 & 2.0 for development and
> local mirrors of client websites. Virtual servers for each client and
> what I am try to discover how to set the document root for different
> subdirectories with SSL to emulate common hosting situations where
> clients 'share' the hosting companies certificate. An example may
> illustrate my question:
>
>
> typical setup:
>
> http://www.foo.com with document root /var/clients/~foo
> http://www.bar.com with document root /var/clients/~bar
>
> and for SSL sharing certificate of 'www.somehosting.com':
>
> https://www.somehosting.com/~foo with document root /var/clients/~foo
> https://www.somehosting.com/~bar with document root /var/clients/~bar
Try AliasMatch in your SSL virtual host configuration:
AliasMatch: ^/~(.*) /var/clients/~$1
Or, for something prettier:
AliasMatch ^/secure(.*) /var/clients/~$1
| |
| Jonathan N. Little 2005-08-15, 5:51 pm |
| Jorey Bump wrote:
> "Jonathan N. Little" <lws4art@centralva.net> wrote in news:sqVKe.941
> $MP5.76170@monger.newsread.com:
>
>
>
>
> Try AliasMatch in your SSL virtual host configuration:
>
> AliasMatch: ^/~(.*) /var/clients/~$1
>
> Or, for something prettier:
>
> AliasMatch ^/secure(.*) /var/clients/~$1
>
Thank you Jorey, yes that would correct it for relative paths calls for
links, but in CGI the $ENV{'DOCUMENT_ROOT'} would still be incorrect.
The hosting companies actually set the 'DOCUMENT_ROOT' var per client
folder when references via their domain when sharing thier
certificate...that is what I am trying to do. So for SSL connections:
https://www.somehosting.com/ $ENV{'DOCUMENT_ROOT'}=/var/www/html
but for clients:
https://www.somehosting.com/~foo ENV{'DOCUMENT_ROOT'}=/var/clients/~foo
https://www.somehosting.com/~bar ENV{'DOCUMENT_ROOT'}=/var/clients/~bar
My question is how do they do this? So when you check the
'DOCUMENT_ROOT' var your cgi script gats the correct path for each client.
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
| |
| Jorey Bump 2005-08-15, 5:51 pm |
| "Jonathan N. Little" <lws4art@centralva.net> wrote in
news:J33Me.1473$MP5.115502@monger.newsread.com:
> Thank you Jorey, yes that would correct it for relative paths calls
> for links, but in CGI the $ENV{'DOCUMENT_ROOT'} would still be
> incorrect. The hosting companies actually set the 'DOCUMENT_ROOT' var
> per client folder when references via their domain when sharing thier
> certificate...that is what I am trying to do. So for SSL connections:
>
> https://www.somehosting.com/ $ENV{'DOCUMENT_ROOT'}=/var/www/html
> but for clients:
> https://www.somehosting.com/~foo
> ENV{'DOCUMENT_ROOT'}=/var/clients/~foo
> https://www.somehosting.com/~bar
> ENV{'DOCUMENT_ROOT'}=/var/clients/~bar
>
> My question is how do they do this? So when you check the
> 'DOCUMENT_ROOT' var your cgi script gats the correct path for each
> client.
It's possible that they are proxying requests to the desired host, which
would preserve the DOCUMENT_ROOT environment variable. Here's a simple
example using mod_rewrite in the SSL virtual host:
RewriteEngine On
RewriteRule ^/shared/(.*)$ http://www.example.com/cgi-bin/$1 [P]
If you set up a script to print out DOCUMENT_ROOT (such as the printenv
test script), you will see it is set to www.example.com's DocumentRoot when
you access it via your SSL host:
https://secure.example.net/shared/printenv
All that remains is to devise the appropriate regex for your setup to match
all of your hosts, but I'll leave that up to you. 
| |
| Jonathan N. Little 2005-08-15, 5:51 pm |
| Jorey Bump wrote:
<snip>
>
> It's possible that they are proxying requests to the desired host, which
> would preserve the DOCUMENT_ROOT environment variable. Here's a simple
> example using mod_rewrite in the SSL virtual host:
>
> RewriteEngine On
> RewriteRule ^/shared/(.*)$ http://www.example.com/cgi-bin/$1 [P]
>
> If you set up a script to print out DOCUMENT_ROOT (such as the printenv
> test script), you will see it is set to www.example.com's DocumentRoot when
> you access it via your SSL host:
>
> https://secure.example.net/shared/printenv
>
> All that remains is to devise the appropriate regex for your setup to match
> all of your hosts, but I'll leave that up to you.
>
Hi Jorey:
Firstly thank you for your time, I appreciate your input as a muddle
along here, but I think you are missing what I am asking. Both your
examples if I am not mistaken correct path's via a URI calls, i.e., an
http request to 'http://www.example.com/blah-blah.html' will be
connected to file location '/somePathOnTheServer/blah-blah.html' but CGI
scripts access data files via the local server's path and the
Document_Root var helps scripted determine this path. It is not the url
redirection that I want to control but the document root and
Document_Root variable with respect to different subdirectories. Let me
expand my example scenario:
Say hosting company 'www.bighost.com' has many clients and we will take
just two for this illustration, 'www.bigcorp.com' and 'www.littleguy.com'.
bighost set their document roots bast on their userID's
'/home/users/bigcorp' and '/home/users/littleguy' respectively. If each
had a cgi script 'printenv' in their '/cgi-bin' folder then a call to
the script 'http://www.bigcorp.com/cgi-bin/printenv' would print out
DOCUMENT_ROOT=/home/users/bigcorp and for littleguy
'http://www.littleguy.com/cgi-bin/printenv'would print out
DOCUMENT_ROOT=/home/users/littleguy. So if they had a script that loads
say a pricelist from a file the script could find the file via
DOCUMENT_ROOT var,
my $pricelist = $ENV{DOCUMENT_ROOT} . '/data/prices.txt'
Okay now here is the part that I am having trouble with, bighost allows
their clients to share their SSL Certificate, but to do so they must use
bighost domain name and their respective urls would be
'https//secure.bighost.com/bigcorp' and
'https//secure.bighost.com/littleguy'
Now here is the part I cannot figure out, bighost is able to set the
document root and the environmental variable DOCUMENT_ROOT to
'/home/users/bigcorp' for 'https//secure.bighost.com/bigcorp' requests
and also set to '/home/users/littleguy'
'https//secure.bighost.com/littleguy' requests.
Now when either client has a shopping cart script that need to load that
data file, event though for SSL their are using the same domain name
'secure.bighost.com' their document roots are different with respect to
their subdirectory|userID
So bigcorp's cart
'https//secure.bighost.com/bigcorp/cgi-bin/shoppingcart' finds its price
list with:
my $pricelist = $ENV{DOCUMENT_ROOT} . '/data/prices.txt' which will
equals '/home/users/bigcorp/data/prices.txt'
and littleguy's cart
'https//secure.bighost.com/littleguy/cgi-bin/shoppingcart' finds its
price list with:
my $pricelist = $ENV{DOCUMENT_ROOT} . '/data/prices.txt' which will
equals '/home/users/littleguy/data/prices.txt'
--------------------------------------------------
A little verbose, but you see it is the document root and the
DOCUMENT_ROOT variable that I want to set based upon the subdirectory of
a single domain, not the redirection for different virtual host domains.
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
| |
| Jorey Bump 2005-08-16, 2:48 am |
| "Jonathan N. Little" <lws4art@centralva.net> wrote in
news:nj7Me.1488$MP5.119447@monger.newsread.com:
> Jorey Bump wrote:
>
> <snip>
>
> Hi Jorey:
>
> Firstly thank you for your time, I appreciate your input as a muddle
> along here, but I think you are missing what I am asking. Both your
> examples if I am not mistaken correct path's via a URI calls, i.e., an
> http request to 'http://www.example.com/blah-blah.html' will be
> connected to file location '/somePathOnTheServer/blah-blah.html' but
No, this only happens with AliasMatch.
[snip]
> Now here is the part I cannot figure out, bighost is able to set the
> document root and the environmental variable DOCUMENT_ROOT to
> '/home/users/bigcorp' for 'https//secure.bighost.com/bigcorp' requests
> and also set to '/home/users/littleguy'
> 'https//secure.bighost.com/littleguy' requests.
>
> Now when either client has a shopping cart script that need to load
> that data file, event though for SSL their are using the same domain
> name 'secure.bighost.com' their document roots are different with
> respect to their subdirectory|userID
>
> So bigcorp's cart
>
> 'https//secure.bighost.com/bigcorp/cgi-bin/shoppingcart' finds its
> price list with:
>
> my $pricelist = $ENV{DOCUMENT_ROOT} . '/data/prices.txt' which will
> equals '/home/users/bigcorp/data/prices.txt'
>
> and littleguy's cart
>
> 'https//secure.bighost.com/littleguy/cgi-bin/shoppingcart' finds its
> price list with:
>
> my $pricelist = $ENV{DOCUMENT_ROOT} . '/data/prices.txt' which will
> equals '/home/users/littleguy/data/prices.txt'
>
> --------------------------------------------------
> A little verbose, but you see it is the document root and the
> DOCUMENT_ROOT variable that I want to set based upon the subdirectory
> of a single domain, not the redirection for different virtual host
> domains.
This is exactly what happens with the mod_rewrite example. There is no
redirection, only a proxy. The browser negotiates SSL with the
appropriate host in the certificate (the proxy), but the CGI script runs
within the environment of the (non-SSL) desired host, using the correct
DOCUMENT_ROOT. You can proxy an unlimited number of sites through one
host, this way. Give it a try.
| |
| Jonathan N. Little 2005-08-16, 5:57 pm |
| Jorey Bump wrote:
<snip>
>
>
> This is exactly what happens with the mod_rewrite example. There is no
> redirection, only a proxy. The browser negotiates SSL with the
> appropriate host in the certificate (the proxy), but the CGI script runs
> within the environment of the (non-SSL) desired host, using the correct
> DOCUMENT_ROOT. You can proxy an unlimited number of sites through one
> host, this way. Give it a try.
>
>
Thanks I will study your example and try it out on one of my servers. I
have read the 'URL Rewriting Guide' several times but find it a bit
bewildering! Back to my 'Appaloosa' book!....
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
| |
| Jorey Bump 2005-08-16, 5:57 pm |
| "Jonathan N. Little" <lws4art@centralva.net> wrote in
news:k4mMe.1538$MP5.128122@monger.newsread.com:
> Jorey Bump wrote:
>
>
> Thanks I will study your example and try it out on one of my servers.
> I have read the 'URL Rewriting Guide' several times but find it a bit
> bewildering! Back to my 'Appaloosa' book!....
Here's an even simpler example to get you started. Don't worry about SSL,
for now, it's a separate issue. Assuming you have two virtual hosts,
bigguy.example.com and littleguy.example.com, put this in the config for
bigguy:
RewriteEngine On
RewriteRule ^/showme$ http://littleguy.example.com/cgi-bin/printenv [P]
Get the printenv script running in littleguy, then visit:
http://bigguy.example.com/showme
You will see littleguy's DOCUMENT_ROOT.
| |
| Jonathan N. Little 2005-08-16, 5:57 pm |
| Jorey Bump wrote:
<snip>
> Here's an even simpler example to get you started. Don't worry about SSL,
> for now, it's a separate issue. Assuming you have two virtual hosts,
> bigguy.example.com and littleguy.example.com, put this in the config for
> bigguy:
Yes is agree, what is important is acccess a client's website via the
hosting sites domain.
>
> RewriteEngine On
> RewriteRule ^/showme$ http://littleguy.example.com/cgi-bin/printenv [P]
>
> Get the printenv script running in littleguy, then visit:
>
> http://bigguy.example.com/showme
>
> You will see littleguy's DOCUMENT_ROOT.
>
Dang! I am getting confused here so of my actual clients on my
development server (Just being a bit DUMB here). My server is
mother.lws.lan (Aliens' fan) its document root is the standard Apache
/var/www/html
I put the clients sites higher at '/var/www/html/sites/[clientID]'
so for 2 of my clients 'cadopugs.com' & 'bigbra.com' document roots are
'/var/www/html/sites/cadopugs' & '/var/www/html/sites/bigbra'
respectively. So I guess what I want to do is for the server's default
'mother.lws.lan' server definition add the rewrite
RewriteEngine On
RewriteRule ^/([^/]+)/(.*)$ /var/www/html/sites/%1/%2 [P]
/or/
RewriteRule ^/([^/]+)/(.*)$ /sites/%1/%2 [P]
I did something wrong because I get a Forbidden error, with
http://mother.lws.lan/cadopugs/index.html
but before the rewrite rule it was accessable as
http://mother.lws.lan/sites/cadopugs/index.html. Also if a correct
whatever error that I am making in my regexp would this actually mean
the DOCUMENT_ROOT would become '/var/www/html/sites/cadopugs' for
http://mother.lws.lan/cadopugs/...
and '/var/www/html/sites/bigbra' for http://mother.lws.lan/bigbra/...
and not mother.lws.lan's '/var/www/html' ?
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
| |
| Jorey Bump 2005-08-16, 5:57 pm |
| "Jonathan N. Little" <lws4art@centralva.net> wrote in
news:DApMe.1554$MP5.132922@monger.newsread.com:
> Dang! I am getting confused here so of my actual clients on my
> development server (Just being a bit DUMB here). My server is
> mother.lws.lan (Aliens' fan) its document root is the standard Apache
> /var/www/html
>
> I put the clients sites higher at '/var/www/html/sites/[clientID]'
> so for 2 of my clients 'cadopugs.com' & 'bigbra.com' document roots
> are '/var/www/html/sites/cadopugs' & '/var/www/html/sites/bigbra'
No wonder you're confused. May I suggest a different layout:
/var/www/sites/mother.lws.lan
/var/www/sites/www.cadopugs.com
/var/www/sites/www.bigbra.com
Having sites within sites is chaos. You can stop using the /var/www/html
directory entirely (unless you need it for suexec). This layout is a lot
more flexible, especially if you ever use mass virtual hosting.
Also, don't use these as the document root, each should have a
subdirectory (such as website/) to serve that purpose, and even a
separate cgi-bin directory, if needed (parallel to website/, not in it).
This allows you to put support files outside of the DocumentRoot, where
they can't be accessed directly by a browser.
> respectively. So I guess what I want to do is for the server's default
> 'mother.lws.lan' server definition add the rewrite
>
> RewriteEngine On
> RewriteRule ^/([^/]+)/(.*)$ /var/www/html/sites/%1/%2 [P]
> /or/
> RewriteRule ^/([^/]+)/(.*)$ /sites/%1/%2 [P]
>
> I did something wrong because I get a Forbidden error, with
> http://mother.lws.lan/cadopugs/index.html
>
> but before the rewrite rule it was accessable as
> http://mother.lws.lan/sites/cadopugs/index.html. Also if a correct
> whatever error that I am making in my regexp would this actually mean
> the DOCUMENT_ROOT would become '/var/www/html/sites/cadopugs' for
> http://mother.lws.lan/cadopugs/...
> and '/var/www/html/sites/bigbra' for http://mother.lws.lan/bigbra/...
> and not mother.lws.lan's '/var/www/html' ?
No, you're missing the point here. In order to use a proxy rewrite, you
must use an URL as the target, not a file location:
RewriteEngine On
RewriteRule ^/cadopugs/(.*)$ http://www.cadopugs.com/$1 [P]
RewriteRule ^/bigbra/(.*)$ http://www.bigbra.com/$1 [P]
If you only have a few sites, start with this, rather than trying to
devise a generic regex that is too complex for your needs.
| |
| Jonathan N. Little 2005-08-16, 8:47 pm |
| Jorey Bump wrote:
> No wonder you're confused. May I suggest a different layout:
>
> /var/www/sites/mother.lws.lan
> /var/www/sites/www.cadopugs.com
> /var/www/sites/www.bigbra.com
>
> Having sites within sites is chaos. You can stop using the /var/www/html
> directory entirely (unless you need it for suexec). This layout is a lot
> more flexible, especially if you ever use mass virtual hosting.
>
Whew! I thought I was just slow! Seriously, I am an artist, but as a
Renaissance man my knowledge is wide but not as deep as I like! But here
is central VA when I say Linux or Apache I receive a long blank stare!
;-) I am self-taught. So if you indulge me I have a few more questions
Ok, 'mother' is my Apache 2.0 server, I have another 'Bob' that runs
Apache 1.3. The only thing I use mother's web site for is the Apache
document ion on the default document root /var/www/html/ so I'd like to
keep it, but like your suggestion to move clients off the main server's
document root
/var/www/sites/cadopug
/var/www/sites/bigbra
....
The way I have things on my LAN setup private or experimental sites are
under my private LAN domain 'lws.lan'. I don't publicly host, inside my
router client sites for which they have actual public FQD I have the
local 'Dev|Maintenance' copies as w3.cadopug.com and my LAN's DNS is
authoritative. The public versions www.cadopugs.com are forwardered out
handled by public DNS and respective hosting servers.
> Also, don't use these as the document root, each should have a
> subdirectory (such as website/) to serve that purpose, and even a
> separate cgi-bin directory, if needed (parallel to website/, not in it).
> This allows you to put support files outside of the DocumentRoot, where
> they can't be accessed directly by a browser.
I agree but the the cgi-bin is best out of the document root, but the
hosting companies that I am dealing with have it within. I am trying to
mirror what they do so that a site that I test on my private LAN as
w3.someclient.com will work like the public www.someclient.com! I like
to get the bugs out before I go public! At least I try ;-)
>
Now if my client sites are moved out side of the main server's document
root, i.e.,
/var/www/sites/ not under /var/www/html/...
and I am trying to mimic the SSL certificate sharing like the hosting
companies, I use the dummy one I setup for mother. Originally I had
these sites under mother's document root so the
41_mod_ssl.default-vhost.conf the default <VirtualHost _default_:443>
section handled it.
<embarrassment>I kludge some <Directory> sections to allow the virtual
host's cgi-bin to work... </embarrassment>
How would I define the client sites in
41_mod_ssl.default-vhost.conf
so that they would they would be accessed via
https://mother.lws.lan/cadopugs now they are not under mother's default
SSL definition, but I am sharing the dummy SSL certificate?
Also I have to get their respective cgi-bin directories to work since
some have shopping cart scripts!
> No, you're missing the point here. In order to use a proxy rewrite, you
> must use an URL as the target, not a file location:
>
> RewriteEngine On
> RewriteRule ^/cadopugs/(.*)$ http://www.cadopugs.com/$1 [P]
> RewriteRule ^/bigbra/(.*)$ http://www.bigbra.com/$1 [P]
>
> If you only have a few sites, start with this, rather than trying to
> devise a generic regex that is too complex for your needs.
>
Would I use some rule like:
RewriteRule ^/cadopugs/(.*)$ https://mother.lws.lan/$1 [P] in the
_default_443 section and change _default_443 document root to
'/var/www/sites' ?
Sorry to ask so many questions, I am reluctant to do too many major
changes at this moment (without full understanding) because I have my
own business website mirrored on this server and I have to keep it
synced with my online one for my business sales....
I guess I could fool with 'Bob', the Apache1.3 server the config should
be fairly similar, just appears that 2.0 splits the conf into several
sub-conf files....
Again, thank you for all your help!
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
|
|
|
|
|