Configure Apache for the hosted websites

VHFFS stores websites using a hashed web tree to reduce the number of directory entries per directory.

As example, the website “vhffs.org” directory will be stored at “/data/web/1c/39/5d/vhffs.org/” because the md5sum of “vhffs.org” is “1c395d8aa83a39ea1fc09b7a46ad97e4”.

We are using a home made Apache module to handle this special storing case.

mod_vhost_hash_alias Installation

The libapache2-mod-vhost-hash-alias package is no longer included in Debian. You have to download it from the VHFFS repository and install it manually :

# wget https://download.tuxfamily.org/vhffs4/debian/pool/main/libapache2-mod-vhost-hash-alias/libapache2-mod-vhost-hash-alias_1.0-3_amd64.deb
# apt-get install libmhash2
# dpkg -i libapache2-mod-vhost-hash-alias_1.0-3_amd64.deb
# a2enmod vhost_hash_alias

Configuration of websites inside VHFFS

This is an example of a virtualhost for all websites inside VHFFS:

Put this in /etc/apache2/sites-available/vhffs.conf

ServerTokens Prod

HashType md5
HashEncoding hexa
HashSplit 2 2 2
HashLimit 6
HashDocumentRootPrefix /data/web
HashDocumentRootSuffix htdocs
HashAddAliasPrefix www

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerSignature On
        
        DocumentRoot /data/web
        
        HashEnable On
        
        DirectoryIndex index.html index.xhtml index.php index.php5 index.php4 index.php3 index.phtml
        
        <Directory /data/web>
                Options -ExecCGI +Indexes +SymLinksIfOwnerMatch +Includes +MultiViews
                IndexIgnore */.quota */.*passw* */.htaccess
                IndexOptions NameWidth=*
                AllowOverride All
                <IfModule version_module>
                <IfVersion < 2.4>
                order allow,deny
                allow from all
                </IfVersion>
                <IfVersion >= 2.4>
                Require all granted
                </IfVersion>
                </IfModule>
                <IfModule !version_module>
                order allow,deny
                allow from all
                </IfModule>
        </Directory>
        
        ErrorLog /data/logs/web/incoming/${APACHE_HOSTNAME}/error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        
        LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhffs
        CustomLog /data/logs/web/incoming/${APACHE_HOSTNAME}/vhffs.log vhffs
        
        #RewriteLog /data/logs/web/incoming/${APACHE_HOSTNAME}/rewrite.log
        #RewriteLogLevel 9
        
        Alias /icons/ "/usr/share/apache2/icons/"
        <Directory "/usr/share/apache2/icons">
                Options Indexes MultiViews
                AllowOverride None
                <IfModule version_module>
                <IfVersion < 2.4>
                order allow,deny
                allow from all
                </IfVersion>
                <IfVersion >= 2.4>
                Require all granted
                </IfVersion>
                </IfModule>
                <IfModule !version_module>
                order allow,deny
                allow from all
                </IfModule>
        </Directory>
</VirtualHost>

We need to write one logfile per webserver, in order to keep configuration of all Web servers in sync, we are using an environment variable to store the server hostname, so that we can use a different path for logs with the same configuration file on all servers.

# echo "export APACHE_HOSTNAME='$HOSTNAME'" >> /etc/apache2/envvars 
# mkdir /data/web
# mkdir -p /data/logs/web/incoming/$HOSTNAME/

Now, just add the VirtualHost to the enabled ones. But as we don't have a ServerName directive, our VirtualHost needs to be the first VirtualHost loaded, so that it is going to be the default VirtualHost. To do that we remove the default entry and replace it to our own.

# a2ensite vhffs
# a2dissite 000-default
# mv /etc/apache2/sites-enabled/{,000-}vhffs.conf

Then reload apache2

# apache2ctl graceful

Websites outside VHFFS configuration

To prevent the URL to be hashed by the vhost hash alias module, you should insert the following code in the VirtualHost config:

 <VirtualHost *:80>
         [...]
         HashEnable Off
         [...]
 </VirtualHost>

PHP5 and suPHP Installation, in a rather safe way

We first need to install PHP5 CGI handler.

# apt-get install php5-cgi

The libapache2-mod-suphp package is no longer included in Debian. You have to download it from the VHFFS repository and install it manually :

# wget https://download.tuxfamily.org/vhffs4/debian/pool/main/suphp/suphp-common_0.7.2-1_amd64.deb https://download.tuxfamily.org/vhffs4/debian/pool/main/suphp/libapache2-mod-suphp_0.7.2-1_amd64.deb
# dpkg -i suphp-common_0.7.2-1_amd64.deb libapache2-mod-suphp_0.7.2-1_amd64.deb

The suPHP configuration file is /etc/suphp/suphp.conf, main modifications are:

docroot=/data/web
allow_file_group_writeable=true
allow_directory_group_writeable=true
umask=0002
min_uid=10000
min_gid=10000

Reference: http://www.suphp.org/

Finally, reload Apache.

# apache2ctl graceful

TuxFamily is using a modified version of suPHP, to add some features:

  • By default there is a parent directory check to verify if the current user is the same as the parent user in order to prevent symbolic link race condition abuses. Since VHFFS is based on groups, we relax this check to the group instead of the user.
  • setrlimit(2) support
  • Execute support for scripts without shebang

The patchs are available in the ~/vhffs-patches/suphp directory and precompiled packages are available at http://download.tuxfamily.org/vhffs4/debian/pool/main/suphp/

doc/installationguide/web-service.txt · Last modified: 2016/10/02 20:56 by gradator
Recent changes RSS feed Creative Commons License Donate Minima Template by Wikidesign Driven by DokuWiki