LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 06-16-2004, 03:02 PM   #1
tawalker
Member
 
Registered: Jan 2004
Location: UK
Distribution: Red Hat 9
Posts: 52

Rep: Reputation: 15
Apache virtual hosts for intranet and external site


I have Apache running on my home LAN server "washu" (based on Fedora Core 2), and can request test pages successfully across the LAN. I want to set up both an intranet and a site for external visitors, and configure these as virtual hosts in Apache.
(I've done some minor edits to httpd.conf before, but haven't tried virtual host setup yet.)

My home network has a dynamic DNS hostname (with dyndns.org) for access from outside, and "washu" has an internal IP address of 192.168.123.101.

I'm aiming for the following:

- users from inside the network will enter http://washu/ (which resolves to 192.168.123.101 internally), and see the intranet pages
- visitors from outside will enter http://abc.dyndns.org/ (where "abc" is the real name ), and see the "external" pages (they should not be able to access the intranet)

To achieve the above, would I need to edit the httpd.conf file with something like this?

NameVirtualHost 192.168.123.101
NameVirtualHost *

# Intranet
<VirtualHost 192.168.123.101>
DocumentRoot /path/to/intranet/site/root
ServerName washu
ServerAlias intranet
</VirtualHost>

# External site
<VirtualHost *>
DocumentRoot /path/to/external/site/root
ServerName abc.dyndns.org
ServerAlias external
</VirtualHost>

Thanks,
Tim
 
Old 06-16-2004, 03:20 PM   #2
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
You don't need 2 instances of NameVirtualHost... you have a * beside the one, so that means it will respond to any IP address. To have another one with a specific IP is redundant and apache will probably ignore it. Also, serveralias is not correct... it's supposed to be alternate domain names that will work for that vhost instead of the ServerName.

I think you can probably do what you want without having to add any new vhost to your setup. Have you tried typing in http://washu into the browser? Does that work? I would think it does already. If not, you may want to get rid of the "intranet" virtual host you have there and in the other one, change your serveralias to "washu".
 
Old 06-17-2004, 02:33 PM   #3
tawalker
Member
 
Registered: Jan 2004
Location: UK
Distribution: Red Hat 9
Posts: 52

Original Poster
Rep: Reputation: 15
Quote:
You don't need 2 instances of NameVirtualHost... you have a * beside the one, so that means it will respond to any IP address. To have another one with a specific IP is redundant and apache will probably ignore it. Also, serveralias is not correct... it's supposed to be alternate domain names that will work for that vhost instead of the ServerName.
You probably worked out I'm not too familiar with Apache virtual hosts - thanks for untangling that

I probably wasn't too clear with my original explanation, though. I can already request pages successfully from Apache, but I don't want external visitors to get the pages intended for my home network. Just to clarify: I want to set up two separate sets of pages - one for inside my LAN, and one for outside.

Once I allow port 80 connections through my home router from outside, how would I make sure that external surfers will get an "external" site, but won't be able to access the "intranet" site?

Thanks

Tim
 
Old 06-17-2004, 03:31 PM   #4
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
Ah! Sorry I didn't realize that before. Well, that helps explain why you wrote those 2 vhost entries like you described in your first post. I think you may have been on the right track with that.

Let me make sure I understand... you have your router doing port forwarding so that people who access your external IP will be forwarded to your box sitting behind the router? So that means technically, all of your requests are being directed to your internal IP (i.e. 192.168...)

You can probably do this VERY easily if you don't mind using a non-standard port. Like you can add the Listen 8080 directive to your config file and then for the virtual host, you can put...

<VirtualHost 192.168.123.101:8080>

But that means you'd have to type in http://washu:8080 into the browser everytime, and I suspect you don't want to do that. Right?
 
Old 06-17-2004, 04:37 PM   #5
mgargiullo
LQ Newbie
 
Registered: Sep 2003
Posts: 6

Rep: Reputation: 0
Second almost as quick answer.

Add a second IP to the machine. One of the IP addresses will be set up on the 'internal' the other 'external'

Set your router to pass http traffic to the external IP address.

-Mike
 
Old 06-18-2004, 01:25 AM   #6
Cerbere
Member
 
Registered: Dec 2002
Location: California
Distribution: Slackware & LFS
Posts: 799

Rep: Reputation: 33
This is really much easier to do with name-based virtual hosts, rather than IP-based. Check the Apache documentation for more info on virtual hosts. Your original config was pretty close. Try the following.
Code:
NameVirtualHost *

# External site
<VirtualHost *>
ServerName abc.dyndns.org
ServerAlias *.abc.dyndns.org
DocumentRoot /path/to/external/site/root
#ErrorLog /var/path/to/abc.dyndns_error.log
#CustomLog /var/path/to/abc.dyndns_access-log combined
</VirtualHost>

# Intranet
<VirtualHost *>
ServerName washu
DocumentRoot /path/to/intranet/site/root
#ErrorLog /var/path/to/washu_error.log
#CustomLog /var/path/to/washu_access-log combined
</VirtualHost>
Donboy was correct about your double NameVirtualHost directives and also about ServerAlias: it's there to handle cases where people enter www.abc.dyndns.org (for example).

I moved the external VH to the top because when Apache gets a request which is ambiguous, it will default to the first VH (and you said people from outside should never see the washu site).

You can also uncomment the ErrorLog and CustomLog directives in each VH to keep those seperate.

Of course, how well this will work is also dependent on your router. As mgargiullo said, you'll have to NAT port 80 requests from the WAN to 192.168.123.101.

Enjoy!
--- Cerbere

[edit] You may want to put a 'ServerAlias *.washu.*' line in the washu VH, in case someone enters www.washu.com. [/edit]

Last edited by Cerbere; 06-18-2004 at 01:28 AM.
 
Old 06-18-2004, 05:43 PM   #7
tawalker
Member
 
Registered: Jan 2004
Location: UK
Distribution: Red Hat 9
Posts: 52

Original Poster
Rep: Reputation: 15
Thanks everyone - you're all stars

Donboy: Yes, you were right about the router, in that I can forward requests for port 80 through to "washu" (at 192.168.123.101 internally). I could set up a different port (e.g. 8080) for one of the virtual hosts, though as you say, it might not be ideal for this purpose. (Could be useful for testing sites in future, so I'll bear it in mind - thanks for the idea!)

mgargiullo said:
Quote:
Add a second IP to the machine. One of the IP addresses will be set up on the 'internal' the other 'external'
That's too complicated for me, I'm afraid, but thanks for suggesting it (Just out of interest, would I set up the extra IP address as part of a virtual host in httpd.conf, or somewhere else?)

Cerbere: I think your idea looks like the most promising, so I'll give that a try and write back here with any news.

Thanks again for your ideas and feedback - this site rocks!

Tim.

P.S. Did anyone spot where the name "washu" comes from?
 
Old 06-18-2004, 09:13 PM   #8
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
You can add a second IP to the machine pretty easy... Here's how... Open the file /etc/sysconfig/network-scripts/ifcfg-eth0. In the first couple of lines, it will say DEVICE=eth0. Change that line to say DEVICE=eth0:0. Lower down in the same file, change the line that says IPADDR=123.456.789.10 to say whatever IP address you want. Leave everything else alone. Save the file as some other name (doesn't matter what). Now run the command service network restart and you should have a new IP address added to the machine.

What you have actually done is create something called an ip alias. Your network card now responds to 2 different ip addresses. If anything goes wrong, just delete that file and restart the network again.

Last edited by Donboy; 06-18-2004 at 09:18 PM.
 
Old 06-19-2004, 01:19 AM   #9
Cerbere
Member
 
Registered: Dec 2002
Location: California
Distribution: Slackware & LFS
Posts: 799

Rep: Reputation: 33
Quote:
Originally posted by tawalker
P.S. Did anyone spot where the name "washu" comes from?
Yeah, it came from your first post ;-)

Enjoy!
--- Cerbere
 
Old 06-19-2004, 01:37 PM   #10
tawalker
Member
 
Registered: Jan 2004
Location: UK
Distribution: Red Hat 9
Posts: 52

Original Poster
Rep: Reputation: 15
Thanks for the IP alias advice - I never knew you could do that with Linux. Must try that sometime!

Quote:
Quote:
P.S. Did anyone spot where the name "washu" comes from?
Yeah, it came from your first post ;-)
Didn't quite mean it like that It was just in case there were any Tenchi Muyo! fans out there...

Thanks again!

Tim
 
Old 06-24-2004, 02:47 PM   #11
tawalker
Member
 
Registered: Jan 2004
Location: UK
Distribution: Red Hat 9
Posts: 52

Original Poster
Rep: Reputation: 15
Update on the virtual hosts

Well, I gave Cerbere's solution a try, just to see what happened. Actually, I'm still trying to work out what did happen...!

Just to recap, I have set up two virtual hosts, one for an intranet and one for when I let visitors in from the WAN side. The lines in httpd.conf are:
Code:
# External site
<VirtualHost *>
ServerName abc.dyndns.org
ServerAlias *.abc.dyndns.org
DocumentRoot /var/www/external
</VirtualHost>
                                                                                
# Intranet
<VirtualHost *>
ServerName washu
ServerAlias *washu*
DocumentRoot /var/www/html
</VirtualHost>
Two strange things here. First, if this line is present:
Code:
NameVirtualHost *
I get this error page, code 400 ("Bad Request"):
Code:
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
There is a comment in the file about needing a port specifier if mod_ssl is being used (I don't think it is, or at least it shouldn't be). So, if I change the line to
Code:
NameVirtualHost *:80
I don't get the 400 page, but this is the second problem: I see the "external site", even if I'm viewing from the LAN (and should therefore get the intranet page).

This may be relevant: I just restarted Apache with /usr/sbin/apachectl graceful, and got this message:
Code:
[Thu Jun 24 19:39:58 2004] [warn] NameVirtualHost *:80 has no VirtualHosts
When I changed the two <VirtualHost *> tags to <VirtualHost *:80>, I got the intranet page, as I was hoping for. OK, it works, but I wonder if it's a bit of a "jerry-rigged" solution, and there might be a more elegant way to solve the problem?

Thanks for reading, and for your fine help so far

Tim

Last edited by tawalker; 06-25-2004 at 11:57 AM.
 
Old 06-25-2004, 05:39 AM   #12
Cerbere
Member
 
Registered: Dec 2002
Location: California
Distribution: Slackware & LFS
Posts: 799

Rep: Reputation: 33
First off, you may want to edit your previous post to hide your actual domain name (your earlier posts suggest you didn't intend to reveal it).

Next, look through your httpd.conf for a line which reads either:

Port 80
or
Listen 80

If you don't see such a line, that might explain why you need to declare the port in NameVirtualHost and VirtualHost (and they must agree regardless).

There's nothing wrong with your current setup, as long as it's working, but it is curious that you should have to specify in your VH directives that the server listen on port 80.

Enjoy!
--- Cerbere
 
Old 06-25-2004, 12:01 PM   #13
tawalker
Member
 
Registered: Jan 2004
Location: UK
Distribution: Red Hat 9
Posts: 52

Original Poster
Rep: Reputation: 15
Quote:
First off, you may want to edit your previous post to hide your actual domain name (your earlier posts suggest you didn't intend to reveal it).
D'oh! Thanks for pointing that out (red face on other side of monitor)... I've changed the domain name in the post, though I suppose it's been Google-cached by now

Strangely enough, there is a "Listen 80" directive in the conf file, so maybe I'll have to look through the rest to see if anything else is amiss.

Thanks for your help - at least I have a working setup now

Tim
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd, web uploads, vsftpd virtual users, apache virtual hosts, home directories jerryasher Linux - Software 7 02-18-2007 07:29 AM
Virtual hosts on a intranet giuli4n0t Linux - Networking 1 10-24-2004 11:30 AM
How to setup virtual hosts for a web site? George2 Linux - Software 4 10-21-2003 04:46 AM
Apache virtual hosts Mil0 Linux - Software 5 06-02-2003 12:58 AM
apache virtual hosts jonfa Linux - General 1 06-04-2002 02:50 AM


All times are GMT -5. The time now is 07:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration