I have a cloud-based apache2 web server, which serves multiple sites using various virtualhost conf files.
One of the websites is for my development only, and is currently configured to only allow my current IP address.
Order deny,allow
Deny from all
Allow from 1.2.4.5
However my IP changes once a week or so - so I'd prefer to use my dynamic DNS hostname. Alas this...
Allow from abc.ddns.net
... does not work. Can it be done?
It can work, but it requires your DNS to be setup perfectly. If you use allow from {hostname} then for each relevant URI path, Apache requests a reverse DNS lookup of the IP for the connection, and then if that returns the correct host name from your allow directive Apache then rechecks that that name resolves to the IP of the original connection.
This is all a relatively expensive set of operations and is normally not recommended. Allow from {ip address} would normally be preferred.
Related
I bought a domain and registered it on a dns server. But I wonder how my web server know whether the coming request is from my domain. E.g. someone registered his domain on my server too. Obviously apache should reject other domain's request. I just wanna know more details about how a web server (like apache) detect this. Does it simply set in the config file (maybe ServerName?) and do some string comparison?
Short answer: By default, if another person points their domain to your website, by default the webpages that are sent to their computer are the same webpages you use for www.yourdomain.com. You can also program your webserver to deny/redirect requests from other domains.
Long answer (I recommand you read):
A common newbie misconception is that domains are "TIED" to a web server. However, that is not true. They are completely different and somewhat unrelated. A domain is just shorthand for an IP address that correlates to your web server. An IP address is really what is TIED with your web server.
For example:
www.example.com could 'resolve'/correlate to 1.1.1.1
and
www.randomdomain.com could also resolve to 1.1.1.1
If 1.1.1.1 is the ip address your web server is correlated to, THEN these requests will both get sent to your web server.
Now, if you think about it, with this logic, you should be able to access your web server by just typing in 1.1.1.1 That is true!
Real world example:
www.google.com goes to Google
172.217.6.78 also goes to Google because 172.217.6.78 is one of the web servers google.com will correlate/resolve to. Go ahead and type 172.217.6.78 into your web browser. It will take you to google.com.
DNS servers point your domain to the IP address of your web server.
On your webserver:
Your server will run a software that will respond to requests it gets from the outside internet. This software will usually know how to respond to this requests using the correct syntax and also be able to handle multiple requests at the same time. When this software gets a request, it will load a file (that you specify) and send it to the user/client.
Common examples of this software include Apache (most famous/popular - runs like 40% of all websites you browse including facebook.com) and nginx (becoming more popular).
The default config of an Apache/nginx/etc web server is to serve that user (at port 80) the documents that are in the 'www' folder. However, (for Apache) if you would like to serve multiple domains on one web server (www.example.com & login.example.com), you would usually create virtual hosts. Creating virtual hosts can be done by editing your Apache configuration file. (If you're hosting on GoDaddy/namecheap or something similar, you won't have access to this.)
An example of a basic virtual host could be:
<VirtualHost *:80> #80 for port 80 - the standard port for unencrypted web traffic
ServerName www.yourdomain.com
DocumentRoot /where/your/web/files/are/located
<VirtualHost>
You could then create another virtual host to reject/forward another domain's traffic
<VirtualHost *:80>
ServerName www.randomotherdomain.com
#here, you could either serve new content to this domain using "DocumentRoot" or you can forward all traffic to your website
Redirect / http://www.yourdomain.com
<VirtualHost>
However, by default, if another person points their domain to your website, by default the webpages that are sent to their computer are the same webpages you use for www.yourdomain.com
Is it possible to run multiple apache sites on the same IP, domain and port (meaning the <VirtualHost> tags are exactly identical and no ServerName is given) while using SSL (not sure whether SSL makes a difference here)?
I would like to separate my web services into files in etc/apache2/sites-available to be able to activate or deactivate them on demand. Basically Apache should just take all files and string them together internally, but leave me the possibility to a2dissite certain parts.
Further clarification:
By "sites", I mean files in the etc/apache2/sites-available directory. "Web services" in this context are certain application like phpMyAdmin or an Etherpad which run on the Apache and whose configuration (e.g. Alias or ProxyPass) I want to write into its own configuration file ("site"),
The short answer is no.
SSL operates at a level between TCP and HTTP. But the virtual host name is sent via HTTP. So how does SSL know which certificate to use for a virtual host?
There is a way to do it - basically start up the HTTP over TCP then switch to SSL after the virtual host name (in the Host header) is sent. However this is complex, error prone and generally considered a bad idea.
Best practice is to have one IP per SSL. One machine can have multitple IP addresses, even a single network port can have mulitple IP addresses.
I am from a country with severe internet censorship. I want to surf the internet freely.
I have a VPS installed with CentOS5.5 and Apache 2 in U.S. Assume the VPS has the IP 12.34.56.78.
I want to config it as a browser proxy, like this: 12.34.56.78:8080. (I know how to use the ssh method, but I want to config the VPS as a browser proxy. Put 12.34.56.78:8080 in the browser Firefox, then I can surf the internet freely.)
I have found this link:http://www.vo1dmain.info/how-to-configure-private-proxy-on-vps.But It requires ssh client on your home computer. And I have dynamic IP, by the way.
Thanks a lot!
You can do it through Apache; the link you posted tells you how. Here's another one: http://www.enterpriseitplanet.com/networking/features/article.php/11315_3319671_1
And you have several options for your dynamic IP:
Order Deny, Allow
Deny from all
Allow from 192.168.1 .mcslp.pri
You can specify multiple entries made up for IP prefix, domain name, IP address subnets, and IPv6 addresses and subnets. As shown here, it is preferable to specify an IP address and domain, just to be sure (from the posted url).
And you'll need an ssh client... grab putty if you're on Windows.
I want to allow access to a file (secret.txt) only from my ip.
Below is the .htaccess I'm using.
It works great at my provider's server.
However, at my localhost this .htaccess does not allow me to access the file.
<Files "secret.txt">
order deny,allow
deny from all
allow from 1.2.3.4
</Files>
Where my external ip is "1.2.3.4"
I use Apache server locally.
How can I make things work at localhost also?
What Address are you using to access your local Apache server? If you're addressing it as localhost then you're probably not going all the way out of your machine via the network and back in again. This means that as far as your local Apache server is seeing you, you're coming from a loopback address.
Try putting 127.0.0.1 in instead of your external IP, and see if that works.
Try looking into your local server's access logs: does your local server see 1.2.3.4 when you are accessing the file from the computer that should be allowed? You may see a different IP address (due to NATs and whatnot).
What should do to setup a sub-domain for the users when they sign-up into my site.
What are the infrastructure required? I am using Linux servers.
You can either use a specific DNS (CNAME or A/AAAA) entry for each known subdomain, or a wild-card DNS entry that'll accept *.example.com:
$ORIGIN example.com
foo IN A 12.34.6.78
bar IN A 12.34.6.78
or
$ORIGIN example.com
* IN A 12.34.6.78
The advantage of this latter is that no changes are required to either DNS or Apache configuration once the service is running. The disadvantage is that all such wildcard lookups must (by definition) end up returning the same IP address.
The Apache configuration will depend on your requirements, both for end-user control and security. Note that if the users have permission to run CGI scripts on the server then additional setup will be needed to ensure that that's done securely.
Depending on whether content is static or dynamic this will also affect your configuration:
Use mod_vhost_alias to map individual virtual hosts into their individual directories on the server.
If you really want, create a separate <VirtualHost> section for each known site, but then you'll have to restart Apache each time a new user signs up
Use a single <VirtualHost> and then look at the hostname part of the requested URL (from the $SERVER_NAME environment variable) in the scripts that render the output to figure out which user's content to display.
You can make a CNAME entry/ A Record in your DNS settings, for each subdomain
A CNAME record is a record in your
Domain Management Settings that allows
you to control a subdomain of your
domain.
To automate it along with registration, you can write a script which is executed for each user, when s/he registers.
You can refer to this link, as well, for a step-by-step process for Apache:
How to setup subdomains in apache
(since you mentioned Linux, I assume it must be APache. Please mention if it is otherwise)
Alternate Solution
You can also refer to the wildcard solution, given by Alnitak, in the same thread. I find his is an easier way. :)
infrastructure includes access the the dns server to add a wildcard entry, and rewrite rules in Apache.
Try these answers:
How to let PHP to create subdomain automatically for each user?
How to make subdomain user accounts in a webapp
or this link:
http://jam.jrox.com/docs/index.php?article=76
If your using Linux server's I'm assuming your using Apache as your webserver.
You'll have to setup proper DNS routing for the sub domain as well as a virtual host.
Virtual Hosts are fairly easy to setup but I'm not sure how easy it is to do them on the fly progmatically.
Most of the time it's as easy as editing your apache config file and adding the following:
Port 80
ServerName www.mydomain.com
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /www/user-bob
ServerName bob.mydomain.com
...
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /www/user-sally
ServerName sally.mydomain.com
...
</VirtualHost>
The VirtualHost Documention will probably of some use to you.
Apache allows you to specify any number of 'sites' based on subdomains on a single server. Creating a new 'site definition' file with the appropriate subdomain information in it, along with proper DNS wildcards, will do what you want.
In other words, the process is like this:
Setup wildcards so that *.mysite.com directs to the proper server.
When a new user signs up, create the proper Apache site definition file - you'll probably have a base template that you put the right subdomain information into and save.
Make Apache re-read its configuration.
Profit.
IMPORTANT This is based on a Debian-style Apache configuration, where the config files are included in a directory, and the main configuration reads all the config files in that directory. This will simplify things a great deal, because adding/removing subdomains will mean adding/removing files, rather than editing a single file, and so the process will be much easier to automate.