Apache ignore missing DocumentRoot - apache

I would like to configure my apache different. Now, if one of DocumentRoots is missing, all server fail to start. That's annoying..
Is there any option, how to ignore this error?

Based on the assumption that your DocumentRoot directive is used synonomously with a VirtualHost, you could separate the VirtualHosts configuration into separate conf files, place these individually into their document roots and then include them with a directory wide include directive in a generic, serverwide conf. See below for an example:
Create a conf in the directory below:
/etc/apache/sites-enabled/sites.conf
add the following
Include /data/www/sites/
This will include any conf file in the above directory and any subdirectory
For a host with the following DocumentRoot
/data/www/sites/website-one
Create a VirtualHost conf file and place it in the above directory e.g:
/data/www/sites/website-one/website-one.conf
And your conf file will contain all the information about the VirtualHost including the DocumentRoot e.g
<VirtualHost *:80>
DocumentRoot /data/www/sites/website-one
ServerName www.website-one.com
# Other directives here
</VirtualHost>
If the DocumentRoot doesn't exist, then the conf file doesn't get loaded and the DocumentRoot directive never executed. For security reasons be careful that your conf files don't become dereferenceable. This should probably be disabled at a server level, but it is something to be aware of. Finally, the above pattern means that any bad conf files in the /data/www/sites directory and subdirectories will cause the server not to start.

Related

Include external file in apache conf

I am running apache 2.4 on my web servers and I am always trying to find ways to streamline. Is it possible to include a conf file for every Joomla website and another one for every Wordpress site that I host? I put the Joomla .htaccess configuration (https://docs.joomla.org/Special:MyLanguage/Preconfigured_htaccess) inside of the domainname.com.conf file and specify Allowaccess none for performance reasons.
It would be great to have a single file for different versions of Joomla, Wordpress or other apps that require Apache configurations instead of needing to edit dozens of conf files when the app requirements change.
I found the include directive from Apache, but not sure if it would work on an individual vhost. http://httpd.apache.org/docs/2.4/mod/core.html#include
The Include does work for individual vhosts.
The documentation you linked (https://httpd.apache.org/docs/2.4/mod/core.html#include) states this in the header block of the section:
Context: server config, virtual host, directory
That means that the "Include" directive can be used, amongst other places, in the virtual host section of the configuration.
See here for a definition of the contexts: https://httpd.apache.org/docs/2.4/mod/directive-dict.html#Context
So you could do this:
<VirtualHost *:80>
ServerName joomla1.example.com
Include "conf/joomla.conf"
</VirtualHost>
<VirtualHost *:80>
ServerName joomla2.example.com
Include "conf/joomla.conf"
</VirtualHost>
<VirtualHost *:80>
ServerName wordpress1.example.com
Include "conf/wp.conf"
</VirtualHost>
<VirtualHost *:80>
ServerName wordpress2.example.com
Include "conf/wp.conf"
</VirtualHost>
joomla.conf and wp.conf would contain the directives that are common to either Joomla or Wordpress.

Prevent access to files through ip address - apache 2.4

I have asked a similar question before
Restrict access to directories through ip address
at that time the problem was solved for apache 2.2. Recently I re-installed the OS (to Debian 8) and it comes with apache 2.4.
I want to restrict access to files - when the request comes "by" IP. Mainly if in the browser I try to open http://192.168.252.178/test/image.jpg it should show error - 403 forbidden. Directory test is in www directory of apache. However I should be able to access that image if I type http://www.example.com/image.jpg - considering that example.com points to that test directory.
With apache version 2.2 I would simply put this lines in my default site config file - and the problem was solved
<Files ~ ".+">
Order allow,deny
Deny from all
</Files>
Now, trying the same thing does not work: I am getting 403 forbidden even if I try to open any site by the domain name.
Considering the changes in 2.4 I also tried this, but again getting the the same 403 forbidden when trying to open some site.
<Files ~ ".+">
Require all denied
</Files>
My goal is to prevent any kind of access to directories and files - if they are being accessed through ip address. I have also this lines in my default site's config to prevent the directory access and this works fine.
<Directory /home/username/www>
Options -Indexes
AllowOverride All
Require all granted
</Directory>
So, the question is - how to prevent file access through IP address. Also I need to achieve this by apache config, by htaccess is not a solution for me. And I need to achieve this for all the directories/files inside www recursively, so specifying the exact file names and/or directories is not a solution either.
Thanks
When you use name based virtual hosts, the main server goes away. Apache will choose which virtual host to use according to IP address (you may have more than one) and port first, and only after this first selection it will search for a corresponding ServerName or ServerAlias in this subset of candidates, in the order in which the virtual hosts appear in the configuration.
If no virtual host is found, then the first VHost in this subset (also in order of configuration) will be choosen. More.
I mention this because it will be important you have only one type of VirtualHost directive:
<VirutalHost *:80>
or
<VirtualHost 123.45.67.89:80>
I'll use the wildcard in the example.
You need a directory like /var/www/catchall with a file index.html or similar, as you prefer.
<VirtualHost *:80>
# This first-listed virtual host is also the default for *:80
# It will be used as the catchall.
ServerName 123.45.67.89
# Giving this DocRoot will avoid any request based on IP or any other
# wrong request to get to the other users directories.
DocumentRoot "/var/www/catchall"
<Directory /var/www/catchall>
...
</Directory>
</VirtualHost>
# Now you can add as usuall the configuration for any other VHost you need.
<VirtualHost *:80>
ServerName site1.com
ServerAlias www.site2.com
DocumentRoot "/home/username1/www"
<Directory /home/username1/www>
...
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName site2.com
ServerAlias www.site2.com
DocumentRoot "/home/username2/www"
<Directory /home/username2/www>
...
</Directory>
</VirtualHost>
Debian specific :
For Debian, you ideally put one VHost configuration per file, and put the file in the /etc/apache2/sites-available directory.
Name the files as you like, only the file containing the catchall vhost should be named something like 000-catchall, because they will be read in alphabetic order from the /etc/apache2/sites-enabled directory.
Then you disable Debian's usual default site :
a2dissite 000-default
and you enable the new catchall site and the other VHosts if needed :
a2ensite 000-catchall
An ls /etc/apache2/sites-enabled command should show the catchall as the first of list, if not change its file name so that it will always be the first. Restart Apache: service apache2 restart
Of course you could do all this changes in the original default VHost config file, but I usually prefer keep an original model.

Apache VirtualHost : multiple sites on same IP

Let assume that blah.com, blah2.com all point to the same server with IP=5.31.111.7.
I would like that:
accessing blah.com serves /var/www/site1
accessing blah2.com serves /var/www/site1
accessing 5.31.111.7 serves /var/www/site2
I tried
<VirtualHost *:80>
DocumentRoot /var/www/site1
</VirtualHost>
<VirtualHost 5.31.111.7:80>
DocumentRoot /var/www/site2
</VirtualHost>
but now everything goes to /var/www/site2, which is not what I wanted.
How to configure the VirtualHost, such that the served website depends on the URL ?
PS: why should I do this in /etc/apache2/sites-enabled/000-default instead of /etc/apache2/apache2.conf ? I don't understand this sites-enabled / sites-available/default naming... Why are there so many different config files by default on Debian, for such a simple thing?
What you want to do is called Name-Based Virtual Hosting, you'll need
NameVirtualHost *:80
to enable it on port 80, and for each VirtualHost, you need to give the name(s):
<VirtualHost *:80>
ServerName blah2.com
ServerAlias www.blah2.com
DocumentRoot /var/www/site1
</VirtualHost>
Note that there are limitations on SSL/TLS when doing name-based virtual hosting, but it's a bit of a moot point since post-POODLE, people start to require TLS anyway, so ancient browsers are out of luck anyway.
As to the config files, it's very very useful to have two classes of config files: the ones with defaults that a package update will overwrite, and your local ones that it will not touch, or better even, a directory full of the former and a directory full of the latter. (Because additional packages might want to make configuration settings, they'll all install in the former place, and you should only ever change/override config in the second place.)

Access Apache virtual hosts stored in /users directory

I just upgraded my Mac to Yosemite and managed to get my development environment almost back to normal. In my old set up (which I didn't create), I stored all of my virtual hosts in /etc/apache2/users as separate .conf files.
I'm now no longer able to access those sites and I need to set up my virtual hosts in the /etc/apache2/extra in the httpd-vhosts.conf file. While it does work, I'd rather not have to do this as it's easier for me to organize all of these extra sites when they're in separate files.
Is there anything I can do to get it back to my original set up? Using my old httpd.conf file doesn't work and I've left the new file that originally came with the Yosemite installation because at the very least it left my development environment functional.
The contents of the .conf files I set up in /etc/apache2/users look like this
<directory "/Users/dev/Sites/*/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
#Require all granted
</directory>
NameVirtualHost *:80
<virtualhost *:80>
DocumentRoot "/Users/dev/Sites/mysitename"
ServerName mysitename.dev
</virtualhost>
I was able to get my virtual hosts working by putting them all inside of the httpd-vhosts.conf file. I only had to add the virtualhost bock and left the directory block and the namevirtualhost *:80 line out as that was already inside of the httpd-vhosts.conf file.
Apache's Configuration file /etc/apache2/httpd.conf can include separate configuration files for processing through the Include and IncludeOptional directive (the difference being, if Include doesn't get a matching file it will fail with error but IncludeOptional will just ignore it)
What you can do now is, add this line at the very bottom of your httpd.conf
IncludeOptional users/*.conf
and place your separate configuration .conf files in /etc/apache2/users directory for including them in the main httpd.conf file

How do you set the default website to serve when your IP address is entered as URL?

I have a server with multiple websites hosted and distinguishable using name-based virtual hosting of apache.
How do I set it so that a specific website is hosted when the ip of my server is entered in the address bar?
What you want to use is the _default_ VirtualHost.
<VirtualHost _default_:80>
DocumentRoot /www/default80
# ...
</VirtualHost>
It's described here. Basically if nothing else match the request the _default_ host will be used.
EDIT
This could also be written as:
<VirtualHost *>
DocumentRoot /www/default
# ...
</VirtualHost>
Is is important that this is the first VirtualHost in the configuration since Apache will start matching them from top to bottom, selecting the one that fit the best based on ServerName and ServerAlias.
This post might also be of interest:
Apache default VirtualHost
just find the Include sites-enabled/ line in your apache2.conf file and add the path to the conf file you want to be site default above it. from:
Include sites-enabled/
to
Include sites-enabled/mydefault.conf
Include sites-enabled/
When you first install apache2, there is a site configuration file named 000-default.conf. This is going to be the default because it is very likely to appear first in the list of files under /etc/apache2/sites-enabled.
To have your own file as the default, you can either replace the file under /etc/apache2/sites-available/000-default.conf with your own, or replace the link like so:
sudo rm /etc/apache2/sites-enabled/000-default.conf
sudo ln -s ../sites-available/my-site-setup.conf /etc/apache2/sites-enabled/000-default.conf
Then restart apache2 (or just reload).
The _default_ as mentioned by the other answer is for defining a virtual host which can be found with the default IP address. It's not the default virtual host.
<VirtualHost _default_:80>
...
is equivalent to
<VirtualHost *:80>
...
The * is a globing pattern which matches any IP addresses.
Note:
Replacing the 000-default.conf file is okay, but in most cases the installation package is going to view that as a modified file and manage it in some weird way which is why I think it's cleaner to only change the soft link.
Keep it clean, don't delete or edit anything in /etc/apache2/sites-available/.
Create all new site configurations in /etc/apache2/sites-available/. Copy whatever site configuration you want enabled to /etc/apache2/sites-enabled/. Only make sure /etc/apache2/sites-enabled/ has only one configuration file.
Sample format for new apache site configurations in Ubuntu 20.04 LTS is
<VirtualHost *:80>
ServerName http://localhost
ServerAdmin admin#mysite.com
DocumentRoot /var/www/html/mysiteroot/public
<Directory /var/www/html/mysiteroot>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Notice that 000-default.conf is by default in both directories mentioned above and should only be replaced by your new configuration in /etc/apache2/sites-enabled/ so that it can be restored anytime you need it.
Restart Apache2 service after you make any configuration changes.