I have installed the open source status page Cachet on my macbook's local web server and it works perfectly but during the set up it tells you to change your apache's virtual host to route all traffic to Cachet. I am trying to allow Cachet to run by going to the main domain but if I go to domain/test I would like it to go to another web page. I tried adding another vhost like this:
<VirtualHost *:80>
ServerName http://domain/test
DocumentRoot /Users/macbook/Sites/
</VirtualHost>
but this does not work, I just get error 404 when trying to reach /test page.
Cachet is built using the Laravel framework, so there is a front controller in the public/ directory. That's why you need to route all the requests to this file. But you do not need to route all the traffic of your server to Cachet, that's just the traffic of the site (Cachet), in order to /setup and others are executed by /public/index.php.
Your vhost file may be simple, below an example of what it could be.
It is a simple vhost configured in Mamp, on OSX.
<VirtualHost *:80>
DocumentRoot "/Applications/MAMP/htdocs/Cachet/public"
ServerName status.mysite.com
<Directory /Applications/MAMP/htdocs/Cachet/public>
AllowOverride All
</Directory>
</VirtualHost>
The routing to the public/index.php file is performed by a .htaccess file, so you don't have to write this configuration in your vhost. All you need to do in your vhost is to allow the .htaccess execution.
Note for local web server
If you want to use a custom domain name, you'll need to
update the /etc/hosts file to match the domain with your loopback IP
address.
Related
I have a corporate private network(VPN) and on one VM a website is hosted which can be accessed internally only. e.g. https://internal.com/welcome.html
Now, I want to allow few pages of the site to be accessible from outside but with their own url.
e.g. they will open http://theirdoamin.com/welcome.html which will be redirected into my private network and internally it will be mapped/proxied to https://internal.com/welcome.html.
This way outside will never know the actual url (i.e https://internal.com/welcome.html.
My question is, can we achieve this using Apache Reverse proxy server sitting in-front of my hosted VM?
Second question, can I also limit the access to welcome.html page only and not others?
My colleague already implemented using Apache Nifi but I still believe it can be simple done using Apache Reverse Proxy setup.
Please advise.
Thanks
1) Yes, Apache reverse-proxy is able to do that.
2) You can limit access as you like.
1) I'd set up two vhosts (for examples), one with the original name and one with the VPN-accessable name.
Listen 80
#If you are running a Apache 2.2 you'll need the following line, for 2.4 you won't
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot "srv/www/example1"
ServerName internal.com
<Directory "/srv/www/example1">
Require all granted
</Directory>
# Other directives here, if needed
</VirtualHost>
<VirtualHost *:80>
ServerName external.com
ProxyPreserveHost On
RewriteEngine On
RewriteRule ^ https://internal.com/welcome.html [P]
ProxyPassReverse / https://internal.com/
</VirtualHost>
You'll need the RewriteRule to target a specific file instead of a whole domain. Otherwise a simple ProxyPass would have been enough.
This requires the modules mod_rewrite, mod_proxy and mod_proxy_http to be activated.
2) is done by the RewriteRule. It only allows access to that specific target-file (welcome.html).
I have asked a similar question before
Restrict access to directories through ip address
at that time the problem was solved for apache 2.2. Recently I re-installed the OS (to Debian 8) and it comes with apache 2.4.
I want to restrict access to files - when the request comes "by" IP. Mainly if in the browser I try to open http://192.168.252.178/test/image.jpg it should show error - 403 forbidden. Directory test is in www directory of apache. However I should be able to access that image if I type http://www.example.com/image.jpg - considering that example.com points to that test directory.
With apache version 2.2 I would simply put this lines in my default site config file - and the problem was solved
<Files ~ ".+">
Order allow,deny
Deny from all
</Files>
Now, trying the same thing does not work: I am getting 403 forbidden even if I try to open any site by the domain name.
Considering the changes in 2.4 I also tried this, but again getting the the same 403 forbidden when trying to open some site.
<Files ~ ".+">
Require all denied
</Files>
My goal is to prevent any kind of access to directories and files - if they are being accessed through ip address. I have also this lines in my default site's config to prevent the directory access and this works fine.
<Directory /home/username/www>
Options -Indexes
AllowOverride All
Require all granted
</Directory>
So, the question is - how to prevent file access through IP address. Also I need to achieve this by apache config, by htaccess is not a solution for me. And I need to achieve this for all the directories/files inside www recursively, so specifying the exact file names and/or directories is not a solution either.
Thanks
When you use name based virtual hosts, the main server goes away. Apache will choose which virtual host to use according to IP address (you may have more than one) and port first, and only after this first selection it will search for a corresponding ServerName or ServerAlias in this subset of candidates, in the order in which the virtual hosts appear in the configuration.
If no virtual host is found, then the first VHost in this subset (also in order of configuration) will be choosen. More.
I mention this because it will be important you have only one type of VirtualHost directive:
<VirutalHost *:80>
or
<VirtualHost 123.45.67.89:80>
I'll use the wildcard in the example.
You need a directory like /var/www/catchall with a file index.html or similar, as you prefer.
<VirtualHost *:80>
# This first-listed virtual host is also the default for *:80
# It will be used as the catchall.
ServerName 123.45.67.89
# Giving this DocRoot will avoid any request based on IP or any other
# wrong request to get to the other users directories.
DocumentRoot "/var/www/catchall"
<Directory /var/www/catchall>
...
</Directory>
</VirtualHost>
# Now you can add as usuall the configuration for any other VHost you need.
<VirtualHost *:80>
ServerName site1.com
ServerAlias www.site2.com
DocumentRoot "/home/username1/www"
<Directory /home/username1/www>
...
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName site2.com
ServerAlias www.site2.com
DocumentRoot "/home/username2/www"
<Directory /home/username2/www>
...
</Directory>
</VirtualHost>
Debian specific :
For Debian, you ideally put one VHost configuration per file, and put the file in the /etc/apache2/sites-available directory.
Name the files as you like, only the file containing the catchall vhost should be named something like 000-catchall, because they will be read in alphabetic order from the /etc/apache2/sites-enabled directory.
Then you disable Debian's usual default site :
a2dissite 000-default
and you enable the new catchall site and the other VHosts if needed :
a2ensite 000-catchall
An ls /etc/apache2/sites-enabled command should show the catchall as the first of list, if not change its file name so that it will always be the first. Restart Apache: service apache2 restart
Of course you could do all this changes in the original default VHost config file, but I usually prefer keep an original model.
I'm trying to get Apache 2.4.10 on Debian 8 "Jessie" up and running with multiple websites hosted on it. This might be an obvious and already answered question but I've never had the need to set-up a dedicated web host (usually just drop a WAMP server for development needs or pick up a web hosting service) and so far I have not had any luck finding an answer to my problem (I've found the complete opposite answers of what I'm trying to achieve). I need to get this working because apart from just hosting a couple of websites, there will be additional software set-up, for which, a regular web hosting service won't do.
Everything seems to be working as intended but the only problem is that I can't seem to find an optimal configuration which wouldn't just block access to default vhost with 403 - Forbidden. What I need is Apache to ignore requests (not just return a 404 document but tell the browser there's nothing there) from anyone accessing the default vhost or by accessing the server directly through it's designated IP. The designated IP should be left for SSH access only (since I don't have any kind of physical access to this server).
Basically, the web server should be accessible from a web browser through "FQDN-1" and "FQDN-2" (each located in their individual directories) and access to any other web address on this server should be ignored (invoking browser "404 not found" instead of returning a server error document, which would indicate that something is there).
my current vhost files:
<VirtualHost *:80>
ServerName FQDN-1
ServerAlias www.FQDN-1
ServerAdmin mail#FQDN-1
DocumentRoot /var/www/FQDN-1/public_html
ErrorLog /var/www/FQDN-1/logs/error.log
CustomLog /var/www/FQDN-1/logs/access.log combined
</VirtualHost>
And
<VirtualHost *:80>
ServerName FQDN-2
ServerAlias www.FQDN-2
ServerAdmin mail#FQDN-2
DocumentRoot /var/www/FQDN-2/public_html
ErrorLog /var/www/FQDN-2/logs/error.log
CustomLog /var/www/FQDN-2/logs/access.log combined
</VirtualHost>
The default vhost has been disabled through "a2dissite 000-default"
Iptables block everything except tcp port 80 and 22 (SSH access is whitelisted in iptables to just few specific iPs).
You can let the built-in name-based vhosting do the work for you. You can simply setup an additional (non default / non-first listed for *:80) virtualhost with
ServerName your-ip
and put a simple rule like
RewriteEngine ON
RewriteRule ^ .* [F]
or
Redirect 403 /
I want to setup my host file to
127.0.0.2:5050 domain2.com => this is a local domain
when a type in my browser domain2.com, this return me : HTTP Error 404. The requested resource is not found.
i use this in apache
<VirtualHost 127.0.0.9:5050>
ServerAdmin info#domain2.com
DocumentRoot "C:/Users/My_Dir/LOOP/WebEnginer-2011/domain2_Dir/"
ServerName domain2.com
DirectoryIndex index.php index.html index.htm
ServerAlias www.domain2.com
ErrorLog "c:/wamp/xxxx/xxxx.log"
CustomLog "c:/wamp/xxxx/xxxx.log" common
</VirtualHost>
<VirtualHost 127.0.0.9:5050>
ServerAdmin info#domain2.com
DocumentRoot "C:/Users/My_Dir/LOOP/WebEnginer-2011/domain2_Dir/admin_Dir/"
ServerName admin.domain2.com
DirectoryIndex index.php index.html index.htm
ServerAlias www.admin.domain2.com
ErrorLog "c:/wamp/xxxx/xxxx.log"
CustomLog "c:/wamp/xxxx/xxxx.log" common
</VirtualHost>
but when i type 127.0.0.2:5050 i can see a web page. I want to use subdomain like admin.domain2.com
i can't use port 80 because IIS use that port.
How can i set up my host file to listen domain2.com?
That won't work since the hosts file only serves the purpose of mapping a hostname to an IP-address. The port number of a service is a different concept and is not handled by the "hosts" file nor the DNS-System. In Short: you can't supply a port number in the "hosts" file.
If your Webserver works on another port, you have to supply that information in the URL: http://domain2.com:5050.
The only other solution is to configure your Webservers to listen on a specific IP so that they don't interfere with each other. For example the IIS could listen on 127.0.0.1 and the Apache on 127.0.0.2 (the way you have already configured it).
There's a HOWTO for achieving that with the IIS. I'm not sure if that works for 127.0.0.x-IP's but I think it's worth a try.
It might be:
Your DNS resolver not resolving that properly
Some Apache webserver misconfiguration
Try this to get more information about that:
What if you ping domain2.com?
Also, try what happens if you put something like domain2.local in your hosts file. It might be some windows security c** disallowing you to overwrite the ip of an existing domain.
Why didn't you use 127.0.0.1? That should be fine, however
Make sure you have a properly configured VirtualHost that accepts requests to "domain2.com", or you just have a default virtualhost.
EDIT
What did you actually add to hosts file? The correct syntax would be:
127.0.0.2 domain2.com
Lets' asume I have 1 domain on a Ubuntu Server in the following directory:
/var/www/domain1.com/httpdocs
and that the ip address is 100.100.100.100
If I go to www.domain1.com, Apache will server the files inside the httpdocs folder.
How can I avoid that if the following file exists:
/var/www/domain1.com/privatefile.html
.. apache shows it by going to:
http://100.100.100.100/domain1.com/privatefile.html
In other words, I want to display the content in the httpdocs only, no by ip address.
In a vhost setup, Apache will use the first vhost defined as the default one to serve when a request comes in by IP. So just make a "dummy" vhost that points nowhere, and make sure it's the first one in the config file:
<VirtualHost *:80>
ServerName nothing.nowhere
ServerAdmin nobody#nothing.nowhere
DocumentRoot /var/empty
<Directory /var/empty>
Order Allow,Deny
</Directory>
</VirtualHost>