I followed Falco's tutorial and everything now works as expected for 2 users (e.g. john and alice) with their relevant directories (/var/www/john
and /var/ww/alice
).
Now, I want to go to the next level: instead of defining different vhosts at /etc/apache2/sites-available/<username>
and restarting Apache, I need dynamically configured mass virtual hosting (http://httpd.apache.org/docs/2.2/vhosts/mass.html).
Say, my DNS server has records for: another.site.example.com
, I want it's home directory to be at /var/www/another.site/web
.
The problem is all these configuration settings for suexec and mod_fcgid.
I ended to this draft of my httpd.conf
(or should I create a file like /etc/apache2/sites-available/mass_virtual
?):
NameVirtualHost *:80
#default virtual host
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
ServerAdmin webmaster@example.com
DocumentRoot /var/www/root/web/
<IfModule mod_fcgid.c>
SuexecUserGroup web-admin web-admin
<Directory /var/www/root/web/>
Options +ExecCGI
Options -Indexes
AllowOverride All
AddHandler fcgid-script .php
FCGIWrapper /var/www/php-fcgi-scripts/root/php-fcgi-starter .php
Order allow,deny
Allow from all
</Directory>
</IfModule>
# ErrorLog /var/log/apache2/error.log
# CustomLog /var/log/apache2/access.log combined
ServerSignature Off
</VirtualHost>
#3rd-level subdomain virtual hosts
<VirtualHost *:80>
UseCanonicalName Off
ServerAlias *.example.com
#problematic email!
ServerAdmin webmaster@example.com
#is this /var/www/another.site/web or /var/www/www.another.site/web for
#a request for www.another.site.example.com ?
VirtualDocumentRoot /var/www/%-3+/web
<IfModule mod_fcgid.c>
#problematic group and user!
SuexecUserGroup web1 web1
<Directory /var/www/*/web/>
Options +ExecCGI
Options -Indexes
AllowOverride All
AddHandler fcgid-script .php
FCGIWrapper /var/www/php-fcgi-scripts/*/php-fcgi-starter .php
Order allow,deny
Allow from all
</Directory>
</IfModule>
# ErrorLog /var/log/apache2/error.log
# CustomLog /var/log/apache2/access.log combined
ServerSignature Off
</VirtualHost>
-
As you can see from the comments I have a problematic
ServerAdmin webmaster@example.com
, aSuexecUserGroup web1 web1
and aVirtualDocumentRoot /var/www/%-3+/web
configuration! -
Moreover, to ensure security I think
IfModule
shouldn't exist-if
mod_fcgid
can't load then neither should the server and, -
instead of
Alow from all
, I think I should haveDeny from all
and open-up a
php-library directory instead! -
As I said, my intention is a request for www.another.site.example.com to be directed to user at /var/www/another.site/web but as I've read at "Using suEXEC" we can call suexec without the SuexecUserGroup directive in VirtualHost definitions but with the help of mod_userdir! So, what if a request for
www.another.site.example.com
is transformed transparently towww.example.com/~another.site
with the help of mod_rewrite and then use mod_userdir to enable suexec???
Any ideas or directives that implement all these?
Thanks.
Best Answer
in practice the dynamic vhost feature is not optimal, because you are not flexible enough (.htaccess is in some cases not enough). use a script to generate the vhosts or use something like puppet to define the vhosts (https://github.com/puppetlabs/puppetlabs-apache).
btw: for your php setup i would use php-fpm (ondemand) with (mod_proxy_fcgi or mod_fastcgi). with php-fpm you don't need suexec - every user gets his own port or socket.