DigitalOcean - Virtual Hosts - How deny access other directories? - virtualhost

I want use droplets to host multiple domains/sites, this is easy to do using virtual hosts, but how limit website X access files from directory of website Y?
In my droplet (testing), I have something like
/var/www/websiteX.com
/var/www/websiteY.com
/var/www/websiteZ.com
All working fine, but this websites using WordPress as CMS, so, users can install plugins and this is a problem, "deny access to directory of other website"...
I don't want give FTP/SSH access to each website.

There are options to turn on or off indexes in Apache. Here is a link that talks about it. https://www.techrepublic.com/article/how-to-make-apache-more-secure-by-hiding-directory-folders/
If you want to conditionally turn on or off indexes based on what domain a user is accessing I think you will have a very hard time.
Why are you trying to do this? You might want to reconsider trying to accomplish this.

Related

Correct Apache Configuration And Htaccess

I've just reset my Ubuntu 14.04 LAMP server hosted with digital ocean. Could someone tell me the 'proper' way to do server configuration. My goal is to do everything as clean as possible (and hopefully well structured).
I intend on using the server mainly for programming and data analytics, however I do plan on hosting my website in /var/www/html. I also plan on using letsencrypt/certbot to get an easy SSL. With this in mind, these are the main goals I would like to accomplish:
1) Redirect the website to ALWAYS be served through https AND www.
2) Enable HSTS for the entire website.
3) Enable clean url's (remove .php extensions and what not).
Since I would like all of these properties to be used across the entire website, should the configuration be done inside of the /etc/apache2/ folder? Or should it be done inside of .htaccess?
And if it should be done inside of apache2 configuration, which file should I add it to? And finally, how exactly should it be added? (for example vhost 80/443, inside of a mod_something section, etc).
Thank you in advance, I would appreciate and consider any advice about Apache and htaccess!

How to exclude subdomain directory from main website

I've setup a VPS with apache2.
I am using cloudflare for DNS management.
Now, I have my websites's files in "var/www/website" folder. Inside that, there is another folder for forum. like "var/www/website/forum" inside which there are all forum related files.
Now, suppose I have www.website.com pointing to "var/www/website"
and I also have a subdomain forum.website.com pointing to "var/www/website/forum".
What I want to do is make the files inside "var/www/website/forum" accessible via subdomain only. I don't want users to access forum via www.website.com/forum, but I want them to access it only via "forum.website.com"
What you need to do is set up what's called a virtual host. You would put your forum at /var/www/forum and website at /var/www/website.
inside /etc/apache2/sites-available, you'll need to add an additional configuration file for that site called forum.website.com.conf.
You'll then need to create a symbolic link to /etc/apache2/sites-enabled for that file so that apache sees it. From there, you reboot the server and are good to go.
Here's some documentation:
http://httpd.apache.org/docs/2.2/vhosts/
http://httpd.apache.org/docs/2.2/vhosts/examples.html
https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts
This may be a bit different depending on the flavor of linux, but should be about the same. Control panels like Cpanel, Plesk and WebMan can make this process a bit easier by abstracting the configuration to a web control panel.
Hope this helps you.

Trying to Properly configure the mod alias in Apache

I'm running apache 2.2.24 on Max OS X 10.9.1. Currently, we have a network drive that we access all of our Git repos on at /Volumes/GitWebsites. I would like to configure Apache to serve our PHP based repos from that directory. So, localhost (or 127.0.0.1)/phpsite1/ or /phpsite2? etc. will serve sites from /Volumes/GitWebsites/phpsite1/ or /phpsite2/ in the browser. My two questions are:
Do I simply modify the server root or do I need to use the mod-alias in the httpd.conf file?
What are the permission setting I need to in order for apache to access /Volumes/GitWebsites ?
I've done configuration changes like this in IIS 7.5 and set up a NodeJS dev environment but still new to make large scale changes to Apache. Thanks for any help given.
If you are happy with serving the contents of /Volumes/GitWebsites as it is then it should be fine to point the document root at it. It's also makes it easy to add sites later.
However this could be troublesome later if you want to manage php configuration later on for the sites separately.

What's the directory structure should be for multiple domains under a single user? (apache)

I have an account on some VPS(friend's apache server with cPanel) and there I have one public_html directory.
We have in there about 5-6 websites:
/home/myusername/public_html/domain-1.name/index.php
/home/myusername/public_html/domain-2.name/index.php
but I don't like this way, I'd like to orginise it better and be able to separate and isolate some stuff for each website.
So what if I create like that:
/home/myusername/websites/domain-1.name/public_html/index.php
/home/myusername/websites/domain-2.name/public_html/index.php and so on
Would it be a correct way of structurising web directories?
And would apache work like that?
Perhaps there are out there some other conventions or common workarounds?
Thanks
This is perfectly fine. In fact I'd highly recommend against using the domain folder as the document root as typical web application will also contain data that is not publically accessable (e.g. configuration files, management scripts, version control files, etc.)
Personally I prefer the name htdocs and I keep my sites under /srv/http
For example:
/srv/http/user1/domain1/htdocs/
/srv/http/user1/domain2/htdocs/
/srv/http/user1/domain3/htdocs/
/srv/http/user2/domain4/htdocs/
/srv/http/user3/domain5/htdocs/
That way you can set the DocumentRoot to the htdocs directory and put other stuff that is not meant to be delivered by the web server in a different sub directory of the domain directory.
Ok, I want just to conclude and to outline the way I went with.
Thanks to #bikeshedder for ideas!
So having a single account(none-root) /home/myusername/ under linux VPS server, I didn't want to abstract completely from existent directory structure, but at the same time I wanted to create proper environment to isolate and separate clients and their spaces.
Main goals were:
* The new directory structure should help to keep all files and folders in a nice and clear order.
* Easy to navigate and browse.
* Each developer or client would have access only to their space.
The structure:
/home/myusername/http/client-1/domain-1/public_html/index.php
/home/myusername/http/client-1/domain-1/resources/
/home/myusername/http/client-1/domain-1/configuration.php
/home/myusername/http/client-1/domain-2/public_html/index.php
/home/myusername/http/client-1/client's_resource_dir/
/home/myusername/http/client-2/domain-3/public_html/index.php
/home/myusername/http/client-2/domain-3/subdomain/public_html/index.php
As result:
* We have isolated client's space and isolated domain space. That makes enough room for any type of web projects.
* Files and dirs are not mixed up with other projects, domains and clients anymore.
* For subdomain paths it can be
- as subdirectories /domain-3.name/subdomain/public_html/
- or additional subdomain directory /subdomain.domain-3.name/public_html/depending on requirements or size of subdomain website.
* Public_html is going to be a DocumentRoot for each website.
I did not go for srv/ and var/www dirs, cuz to me it sounds like server in the server and also I don't feel variable data var/ in current setup falls under web stuff.
Though it may make sense for our coming soon local web/file sharing server
But here now I have another question:
How would I specify new path to be a default one for cPanel? and only for my user?
Cuz now there is going to be multiple DocumentRoot directories in one user space.
Is that possible by Apache design?
I better create new question :) And then will edit my question with answer
Any suggestion welcome!
Normally go with this once hosting from 5-30++ sites, depending on complexity of content, traffic, perceived future migration strategies to more dedicated virtual or bare metal servers/instances.
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/index.<html|php|jsp|aspx|what-not>
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/assets/...
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/index.<html|php|jsp|aspx|what-not>
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/assets/...
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/index.<html|php|jsp|aspx|what-not>
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/assets/...
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/index.<html|php|jsp|aspx|what-not>
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/assets/...
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/index.<html|php|jsp|aspx|what-not>
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/assets/...

Create Apache VitualHost for each User

I'm trying to setup a server at www.domain.com that will allow me to create hosting accounts for each user I add.
Basically my goal is to create a user and map a name-based vhost to their home dir, so:
"joe.domain.com" would point to "/home/joe"
I've tried setting up vhosts in httpd.conf but I'm not having any luck and wondering if there's a way to either 1. script this process or 2. setup some sort of variable in a generic vhost entry that will automatically create this entry.
Without knowing the details of your setup, I can tell you that:
Yes, you can script the process.
Apache configuration files are just text files, so it's very easy to generate the programatically.
Yes, you can configure some sort of generic virtual host entry.
The Dynamically configured mass virtual hosting documentation from Apache addresses this case quite nicely.