In my case I have created a couple of CNAME aliases on my DNS server for 10.168.20.225, so that rhel6virtual.dev.com and rhel6morevirtual.dev.com both point to 10.168.20.225, the ip address of the Apache server. You can replicate this by modifying your /etc/hosts file if you don't want to be using a DNS server. Note that this needs to be added to the client too.
I can now edit the Apache config file (/etc/httpd/conf/httpd.conf) like this:
NameVirtualHost *:80I now create the DocumentRoot directories:
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/rhel6virtual/
ServerName rhel6virtual.dev.com
ErrorLog logs/rhel6virtual
CustomLog logs/rhel6virtual common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/rhel6morevirtual
ServerName rhel6morevirtual.dev.com
ErrorLog logs/rhel6mv
CustomLog logs/rhel6mv common
</VirtualHost>
mkdir /var/www/rhel6virtual; mkdir /var/www/rhel6morevirtualand add a file to each directory to allow easy testing:
echo "More Virtual" > /var/www/rhel6morevirtual/index.html;
echo "Virtual" > /var/www/rhel6virtual/index.htmlYou can now restart Apache:
httpd -k restartSo now if you visit http://rhel6virtual.dev.com/index.html you'll see a web page that simply says Virtual and if you visit http://rhel6morevirtual.dev.com/index.html you'll see a web page that simply says More Virtual.
Installing Apache has already been covered here. You can check the rather long list of SELinux settings with:
getsebool -a | grep httpdFor an explanation of what each settings does, check this manual page out:
man httpd_selinuxIn order to prevent access to the websites you can use iptables (don't forget to save the configuration), e.g.
iptables -I INPUT -p tcp --dport 80 -s 10.168.20.0/24 -j DROPor you can edit the configuration file for Apache, add the following to the second virtual host from above:
<Directory "/var/www/rhel6morevirtual/">Only 10.168.20.203 can see rhel6morevirtual now.
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from 10.168.20.203
Deny from all
</Directory>
In order to prohibit users from accessing the web server, you first need to allow users to use it, so add a user and password with the following command (The -c creates the file, so it's only needed the first time):
htpasswd -cm /etc/httpd/conf/apachepass myuserNow, edit the Apache config file and inside the directory directive for "/var/www/rhel6morevirtual/" add:
AuthType BasicRestart Apache and now the only user that can see rhel6morevirtual will be myuser.
AuthName "Restricted Files"
AuthUserFile /etc/httpd/conf/apachepass
Require user myuser
Note that an alternative to this method is to use the .htaccess file. In this method we create an .htaccess file on the target directory /home/myuser/public_html/ in my case.
Edit the .htaccess file and enter the following :
AuthType BasicYou now need to run:
AuthName "Restricted to myuser"
AuthUserFile /home/myuser/public_html/.htauthusers
Require valid-user
htpasswd -c .htauthusers myuserIf you try to visit the page, you'll be prompted for a username and password. The beauty of this method is that it allows users without root access to restrict access to "their" web site.
No comments:
Post a Comment