Ubuntu Server with Apache. Domains Management - apache

Lets' asume I have 1 domain on a Ubuntu Server in the following directory:
/var/www/domain1.com/httpdocs
and that the ip address is 100.100.100.100
If I go to www.domain1.com, Apache will server the files inside the httpdocs folder.
How can I avoid that if the following file exists:
/var/www/domain1.com/privatefile.html
.. apache shows it by going to:
http://100.100.100.100/domain1.com/privatefile.html
In other words, I want to display the content in the httpdocs only, no by ip address.

In a vhost setup, Apache will use the first vhost defined as the default one to serve when a request comes in by IP. So just make a "dummy" vhost that points nowhere, and make sure it's the first one in the config file:
<VirtualHost *:80>
ServerName nothing.nowhere
ServerAdmin nobody#nothing.nowhere
DocumentRoot /var/empty
<Directory /var/empty>
Order Allow,Deny
</Directory>
</VirtualHost>

Related

How to access Apache website by public-ip with server name?

I've installed vanilla at Ubuntu server with public-ip by the steps at https://www.vultr.com/docs/how-to-install-vanilla-forum-on-ubuntu-16-04
Then config /etc/apache2/sites-available/forum.example.com.conf as below
<VirtualHost *:80>
ServerName forum.example.com
DocumentRoot /var/www/vanilla
<Directory /var/www/vanilla>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Then I can access http://public-ip at browser, but the result is Apache2 Ubuntu Default Page.
How can I access the installed vanilla at the browser? Should I make any change to the forum.example.com.conf?
If the request doesn't match a virtual host, Apache will serve files from the top level (not inside a <VirtualHost> block) DocumentRoot config value.
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot /var/www/html
I don't know Ubuntu well but I'd guess this is in /etc/apache2/apache2.conf. You can change this to /var/www/vanilla to serve your forum instead of the default page.
Alternatively you could rename / delete the existing /var/www/html and make it a symlink to /var/www/vanilla: then Apache would pick up the forum files without any config change.
Or if you just want to set up access for yourself then you can add the DNS name to your hosts file (/etc/hosts on Linux, \Windows\System32\drivers\etc\hosts on Windows)
forum.example.com AAA.BBB.CCC.DDD
and then you can use forum.example.com in your browser as normal, which will send the 'Host' header so Apache will match the virtual host, even though this isn't configured as public DNS.

Prevent access to files through ip address - apache 2.4

I have asked a similar question before
Restrict access to directories through ip address
at that time the problem was solved for apache 2.2. Recently I re-installed the OS (to Debian 8) and it comes with apache 2.4.
I want to restrict access to files - when the request comes "by" IP. Mainly if in the browser I try to open http://192.168.252.178/test/image.jpg it should show error - 403 forbidden. Directory test is in www directory of apache. However I should be able to access that image if I type http://www.example.com/image.jpg - considering that example.com points to that test directory.
With apache version 2.2 I would simply put this lines in my default site config file - and the problem was solved
<Files ~ ".+">
Order allow,deny
Deny from all
</Files>
Now, trying the same thing does not work: I am getting 403 forbidden even if I try to open any site by the domain name.
Considering the changes in 2.4 I also tried this, but again getting the the same 403 forbidden when trying to open some site.
<Files ~ ".+">
Require all denied
</Files>
My goal is to prevent any kind of access to directories and files - if they are being accessed through ip address. I have also this lines in my default site's config to prevent the directory access and this works fine.
<Directory /home/username/www>
Options -Indexes
AllowOverride All
Require all granted
</Directory>
So, the question is - how to prevent file access through IP address. Also I need to achieve this by apache config, by htaccess is not a solution for me. And I need to achieve this for all the directories/files inside www recursively, so specifying the exact file names and/or directories is not a solution either.
Thanks
When you use name based virtual hosts, the main server goes away. Apache will choose which virtual host to use according to IP address (you may have more than one) and port first, and only after this first selection it will search for a corresponding ServerName or ServerAlias in this subset of candidates, in the order in which the virtual hosts appear in the configuration.
If no virtual host is found, then the first VHost in this subset (also in order of configuration) will be choosen. More.
I mention this because it will be important you have only one type of VirtualHost directive:
<VirutalHost *:80>
or
<VirtualHost 123.45.67.89:80>
I'll use the wildcard in the example.
You need a directory like /var/www/catchall with a file index.html or similar, as you prefer.
<VirtualHost *:80>
# This first-listed virtual host is also the default for *:80
# It will be used as the catchall.
ServerName 123.45.67.89
# Giving this DocRoot will avoid any request based on IP or any other
# wrong request to get to the other users directories.
DocumentRoot "/var/www/catchall"
<Directory /var/www/catchall>
...
</Directory>
</VirtualHost>
# Now you can add as usuall the configuration for any other VHost you need.
<VirtualHost *:80>
ServerName site1.com
ServerAlias www.site2.com
DocumentRoot "/home/username1/www"
<Directory /home/username1/www>
...
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName site2.com
ServerAlias www.site2.com
DocumentRoot "/home/username2/www"
<Directory /home/username2/www>
...
</Directory>
</VirtualHost>
Debian specific :
For Debian, you ideally put one VHost configuration per file, and put the file in the /etc/apache2/sites-available directory.
Name the files as you like, only the file containing the catchall vhost should be named something like 000-catchall, because they will be read in alphabetic order from the /etc/apache2/sites-enabled directory.
Then you disable Debian's usual default site :
a2dissite 000-default
and you enable the new catchall site and the other VHosts if needed :
a2ensite 000-catchall
An ls /etc/apache2/sites-enabled command should show the catchall as the first of list, if not change its file name so that it will always be the first. Restart Apache: service apache2 restart
Of course you could do all this changes in the original default VHost config file, but I usually prefer keep an original model.

Multiple web applications with Apache 2.4

I want to have two webapps (webapp1 and webapp2 resident under /var/www/html/webapps/), both using PHP and JSP, running on the same machine:
Apache 2.4
Tomcat 7.0.50 (+APJ connector)
and want to make them accessible through the following URLs (with identical IP and ports):
localhost/webapp1
localhost/webapp2
I am aware of Virtual Hosts facility. The problem is that Apache seems to "see" only the first site available: whenever I look for localhost/webapp2, I get a 'Not Found' error. Note that if I look for "localhost:8080/webapp2" (i.e., bypassing apache2) everything works fine.
Each webapp has its own conf file under sites-available directory. For example, in webapp2.conf I have
JkMountCopy On
JkMount /webapp2/* tomcat_worker
How can I solve?
From the documentation
Note
Creating virtual host configurations on your Apache server does not magically cause DNS entries to be created for those host names. You must have the names in DNS, resolving to your IP address, or nobody else will be able to see your web site. You can put entries in your hosts file for local testing, but that will work only from the machine with those hosts entries.
Listen 80
Listen 8080
<VirtualHost 172.20.30.40:80>
ServerName www.example.com
DocumentRoot "/www/domain-80"
</VirtualHost>
<VirtualHost 172.20.30.40:8080>
ServerName www.example.com
DocumentRoot "/www/domain-8080"
</VirtualHost>
<VirtualHost 172.20.30.40:80>
ServerName www.example.org
DocumentRoot "/www/otherdomain-80"
</VirtualHost>
<VirtualHost 172.20.30.40:8080>
ServerName www.example.org
DocumentRoot "/www/otherdomain-8080"
</VirtualHost>
If you want additional help, show us your configuration files related.

Multiple domain names on a single server

Sorry my English
I have Ubuntu 12.04 openVZ VPS, with Apache and Passenger installed, to run Ruby site. That site have several faces which available (not yet) from different domains. In /etc/apache2/sites-available I created file site1.com which contains this:
<VirtualHost *:80>
ServerName site1.com
DocumentRoot /home/happy_buddha/Sites/rubysite/public
<Directory /home/happy_buddha/Sites/rubysite/public>
AllowOverride all
Options -MultiViews
</Directory>
</VirtualHost>
Previously I created A record on site1.com domain which contains server's ip.
Now if I going to site1.com browser's window contains this:
What I'm doing wrong?
you can not give virtual host name same as other's.
Like you said " I created A record on site1.com domain which contains server's ip." then you have to change your virtual host's name. Try with different name. for eg site2.com or site1.local
Make sure that you have NameVirutalHost *:80 set in your apache config - this will probably be in /etc/apache2/ports.conf on your Ubuntu server.
It sounds like the new site you created is acting as the default virtual host which is why you can't see the site you had before.
That said, if you actually visit site1.com, then I might expect to see the result you get, I don't know where the config is done for interpreting the ruby code but this might need to be part of the VirtualHost too.

How do you set the default website to serve when your IP address is entered as URL?

I have a server with multiple websites hosted and distinguishable using name-based virtual hosting of apache.
How do I set it so that a specific website is hosted when the ip of my server is entered in the address bar?
What you want to use is the _default_ VirtualHost.
<VirtualHost _default_:80>
DocumentRoot /www/default80
# ...
</VirtualHost>
It's described here. Basically if nothing else match the request the _default_ host will be used.
EDIT
This could also be written as:
<VirtualHost *>
DocumentRoot /www/default
# ...
</VirtualHost>
Is is important that this is the first VirtualHost in the configuration since Apache will start matching them from top to bottom, selecting the one that fit the best based on ServerName and ServerAlias.
This post might also be of interest:
Apache default VirtualHost
just find the Include sites-enabled/ line in your apache2.conf file and add the path to the conf file you want to be site default above it. from:
Include sites-enabled/
to
Include sites-enabled/mydefault.conf
Include sites-enabled/
When you first install apache2, there is a site configuration file named 000-default.conf. This is going to be the default because it is very likely to appear first in the list of files under /etc/apache2/sites-enabled.
To have your own file as the default, you can either replace the file under /etc/apache2/sites-available/000-default.conf with your own, or replace the link like so:
sudo rm /etc/apache2/sites-enabled/000-default.conf
sudo ln -s ../sites-available/my-site-setup.conf /etc/apache2/sites-enabled/000-default.conf
Then restart apache2 (or just reload).
The _default_ as mentioned by the other answer is for defining a virtual host which can be found with the default IP address. It's not the default virtual host.
<VirtualHost _default_:80>
...
is equivalent to
<VirtualHost *:80>
...
The * is a globing pattern which matches any IP addresses.
Note:
Replacing the 000-default.conf file is okay, but in most cases the installation package is going to view that as a modified file and manage it in some weird way which is why I think it's cleaner to only change the soft link.
Keep it clean, don't delete or edit anything in /etc/apache2/sites-available/.
Create all new site configurations in /etc/apache2/sites-available/. Copy whatever site configuration you want enabled to /etc/apache2/sites-enabled/. Only make sure /etc/apache2/sites-enabled/ has only one configuration file.
Sample format for new apache site configurations in Ubuntu 20.04 LTS is
<VirtualHost *:80>
ServerName http://localhost
ServerAdmin admin#mysite.com
DocumentRoot /var/www/html/mysiteroot/public
<Directory /var/www/html/mysiteroot>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Notice that 000-default.conf is by default in both directories mentioned above and should only be replaced by your new configuration in /etc/apache2/sites-enabled/ so that it can be restored anytime you need it.
Restart Apache2 service after you make any configuration changes.