LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-05-2019, 04:35 PM   #1
witchkinkofangmar
Member
 
Registered: May 2019
Posts: 32

Rep: Reputation: Disabled
How to serve multiple sites with one public IP?


Do I just tell the firewall guys to point the external IP at the server address and this configuration will work if someone requests site1, site2, site3, etc..

Do I need A records, CNAME?

Code:
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf

IncludeOptional sites-enabled/*.conf

#NameVirtualHost *:80

ServerName servername.dmz.domain
DocumentRoot "/var/www/html"

<VirtualHost *:80>
        DocumentRoot /var/www/html
</VirtualHost>
<VirtualHost *:80>
        Redirect / https://servername.internal.domain
        DocumentRoot /var/www/html
        ServerName servername.internal.domain
        ServerAlias servername.internal.domain
</VirtualHost>
<VirtualHost *:443>
        DocumentRoot /var/www/html
        ServerName https://servername.internal.domain
        ServerAlias https://servername.internal.domain
        SSLEngine on
        <Directory "/var/www/html">
                Options FollowSymLinks ExecCGI
                AllowOverride AuthConfig FileInfo
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>


<VirtualHost *:80>
        Redirect / https://www.site1.com
        DocumentRoot /var/www/html/www.site1.com
        ServerName www.site1.com
        ServerAlias www.site1.com
        <Directory "/var/www/html/www.site1.com">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride AuthConfig FileInfo
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
<VirtualHost *:443>
        DocumentRoot /var/www/html/www.site1.com
        ServerName https://www.site1.com
        ServerAlias https://www.site1.com
        SSLEngine on
        <Directory "/var/www/html/www.site1.com">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride AuthConfig FileInfo
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>


<VirtualHost *:80>
        Redirect / https://www.site2.com
        DocumentRoot /var/www/html/www.site2.com
        ServerName /www.site2.com
        ServerAlias /www.site2.com
        <Directory "/var/www/html//www.site2.com">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride all
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
<VirtualHost *:443>
        DocumentRoot /var/www/html//www.site2.com
        ServerName https://www.site2.com
        ServerAlias https://www.site2.com
        SSLEngine on
        <Directory "/var/www/html/www.site2.com">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride all
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
 
Old 07-05-2019, 05:14 PM   #2
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.6
Posts: 3,802

Rep: Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279
Yes, you'll need A records for each site's domain name to route to the web server's IP address.

Couple of other comments:
ServerName and ServerAlias should be different (else why have an alias?)
We usually do:
Code:
ServerName site1.com
ServerAlias www.site1.com
I don't think your internal.server.name is going to work as coded, tho. Does it have a 'real' domain name?
I think what you have coded is going to route all requests to the internal server. I'm guessing tho.

Note that the first VirtualHost is the default, so, for example, an http://yourIPaddress will return the first VirtualHost only.
 
Old 07-08-2019, 10:09 AM   #3
witchkinkofangmar
Member
 
Registered: May 2019
Posts: 32

Original Poster
Rep: Reputation: Disabled
Thanks for the response. The first virtual host is the actual server.

If I create an "internal" a-record for all the virtual hosts on the actual IP of the server, and set that as the ServerAlias and set the ServerName to the actual requested site, would that work?

Code:
<VirtualHost *:80>
        Redirect / https://www.site1.com
        DocumentRoot /var/www/html/www.site1.com
        ServerName www.site1.com
        ServerAlias site1.dmz.domain (A-Record)
        <Directory "/var/www/html/www.site1.com">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride AuthConfig FileInfo
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
<VirtualHost *:443>
        DocumentRoot /var/www/html/www.site1.com
        ServerName https://www.site1.com
        ServerAlias https://site1.dmz.domain (A-Record)
        SSLEngine on
        <Directory "/var/www/html/www.site1.com">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride AuthConfig FileInfo
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
 
Old 07-08-2019, 02:31 PM   #4
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.6
Posts: 3,802

Rep: Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279
Quote:
Originally Posted by witchkinkofangmar View Post
Thanks for the response. The first virtual host is the actual server.

If I create an "internal" a-record for all the virtual hosts on the actual IP of the server, and set that as the ServerAlias and set the ServerName to the actual requested site, would that work?

Code:
<VirtualHost *:80>
        Redirect / https://www.site1.com
        DocumentRoot /var/www/html/www.site1.com
        ServerName www.site1.com
        ServerAlias site1.dmz.domain (A-Record)
        <Directory "/var/www/html/www.site1.com">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride AuthConfig FileInfo
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
<VirtualHost *:443>
        DocumentRoot /var/www/html/www.site1.com
        ServerName https://www.site1.com
        ServerAlias https://site1.dmz.domain (A-Record)
        SSLEngine on
        <Directory "/var/www/html/www.site1.com">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride AuthConfig FileInfo
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
I'm not sure what you mean by "internal" A record.
A request to a domain name is routed to the web server by a name server (DNS).
The A record needs to be in the name server.
ServerName and ServerAlias should not contain http(s):// parts, just the actual domain name(s) as defined in DNS*
The redirect for port 80 will automatically use port 443. The https is not explicitly coded for 443.

As defined (without the http(s) parts), the web server will serve the contents of /var/www/html/www.site1.com if the URI contains www.site1.com or site1.dmz.domain -- it will not know what to do with site1.com.

*One can put the domain name to IP relationship in a hosts file instead of using a name server.

This example should be in your config file:
Code:
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *:80>
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>

Last edited by scasey; 07-08-2019 at 03:54 PM.
 
Old 07-08-2019, 03:43 PM   #5
jefro
Moderator
 
Registered: Mar 2008
Posts: 19,217

Rep: Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926
Opps. wrong answer.
 
Old 07-08-2019, 04:51 PM   #6
witchkinkofangmar
Member
 
Registered: May 2019
Posts: 32

Original Poster
Rep: Reputation: Disabled
I have access to set up A-records for internal DNS. I'm on a segmented VLAN or something so I have to request external redirects to an "internal" dmz vlan. I changed my virtual hosts to better reflect your config. How does apache know to not use the first virtual host every time? I guess I just don't understand how a request for site2.com can be directed without an IP.

Code:
NameVirtualHost *:80
NameVirtualHost *:443

ServerName prod-web.dmz.domain
DocumentRoot "/var/www/html"

#<VirtualHost *:80>
#        DocumentRoot /var/www/html
#</VirtualHost>
#<VirtualHost *:80>
#        Redirect / https://servername.internal.domain
#        DocumentRoot /var/www/html
#        ServerName servername.internal.domain
#        ServerAlias servername.internal.domain
#</VirtualHost>
#<VirtualHost *:443>
#        DocumentRoot /var/www/html
#        ServerName https://servername.internal.domain
#        ServerAlias https://servername.internal.domain
#        SSLEngine on
#        <Directory "/var/www/html">
#                Options FollowSymLinks ExecCGI
#                AllowOverride AuthConfig FileInfo
#                Order allow,deny
#                Allow from all
#        </Directory>
#</VirtualHost>



#SITES START HERE

<VirtualHost *:80>
        Redirect / https://www.test1.com
        DocumentRoot /var/www/html/www.test1.com
        ServerName test1.com
        ServerAlias www.test1.com
        <Directory "/var/www/html/www.test1.com/">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride AuthConfig FileInfo
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
<VirtualHost *:443>
        DocumentRoot /var/www/html/www.test1.com
        ServerName test1.com
        ServerAlias www.test1.com
        SSLEngine on
        <Directory "/var/www/html/www.test1.com/">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride AuthConfig FileInfo
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>

#SITE2
<VirtualHost *:80>
        Redirect / https://test2.com
        DocumentRoot /var/www/html/test2.com
        ServerName www.test2.com
        ServerAlias test2.com
        <Directory "/var/www/html/test2.com/">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride all
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
<VirtualHost *:443>
        DocumentRoot /var/www/html/test2.com
        ServerName www.test2.com
        ServerAlias test2.com
        SSLEngine on
        <Directory "/var/www/html/test2.com/">
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride all
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
 
Old 07-08-2019, 06:18 PM   #7
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.6
Posts: 3,802

Rep: Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279
Quote:
Originally Posted by witchkinkofangmar View Post
I have access to set up A-records for internal DNS. I'm on a segmented VLAN or something so I have to request external redirects to an "internal" dmz vlan. I changed my virtual hosts to better reflect your config. How does apache know to not use the first virtual host every time? I guess I just don't understand how a request for site2.com can be directed without an IP.
That's done in the DNS. The DNS A record will point the domain name to the IP address of the web server.
That's done on the DNS server that's authoritative for the domain name. A
Code:
dig site1.com ns
will display which name server that is.

There's a line in the httpd config:
Code:
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to 
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen *:80
Right?
You'll also need a
Code:
Listen *:443
so the server is listening for the https connections as well.
In apache 2.4, the ssh definitions are often in a separate config file, however, and thats where the Listen *.443 will be. You'll get an error if you define it twice, 'cause the second one will hit a busy port and the web server won't start.

The web server will match the domain name in the URI to the ServerName directive in the VirtualHost container.

So, if https://site1.com is entered in a web browser, the name is resolved to the IP of the web server via DNS, then the request is received by the web server and the web server delivers the content in the DocumentRoot for that ServerName.

Take a look at the Apache HTTP Server Version 2.4 Documentation. Everything is in there.

Last edited by scasey; 07-08-2019 at 06:20 PM.
 
Old 07-08-2019, 08:24 PM   #8
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 15,440
Blog Entries: 25

Rep: Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441
What OP is referring to sounds a lot like "shared hosting," where multiple websites exist on the same web server (not in VPNs). This Wikipedia article provides a nice intro to shared hosting: https://en.wikipedia.org/wiki/Shared...osting_service
 
1 members found this post helpful.
Old 07-08-2019, 08:36 PM   #9
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.6
Posts: 3,802

Rep: Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279
Quote:
Originally Posted by frankbell View Post
What OP is referring to sounds a lot like "shared hosting," where multiple websites exist on the same web server (not in VPNs). This Wikipedia article provides a nice intro to shared hosting: https://en.wikipedia.org/wiki/Shared...osting_service
I agree. That article gives an excellent explanation.
 
  


Reply

Tags
apache 2.4.7, centos7, httpd, ssl, virtual host


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
To serve or not to serve? Create servers? loftus49 Linux - Newbie 10 07-09-2010 12:52 AM
E-Mail server discussion, to serve or not to serve? gankoji Linux - Server 8 08-05-2009 10:13 AM
Annoying AVC Denial of Home Public Directory that I want to serve. algogeek Linux - Networking 4 07-04-2008 03:47 AM
To Serve or Not To Serve justanothersteve Linux - General 3 09-15-2006 09:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration