Re: Virtual web hosting best practice?
On Tue, Oct 30, 2001 at 12:56:18PM +1000, Andrew Pollock wrote: > I'm just wondering what methods different people are using to provision > multiple > websites under Apache? > I'm after a method that's scaleable, as neat as possible, and most of all as > secure as possible. > e.g. > Where do people shove their content roots? > How do you securely allow individual sites to have CGI access? > Directory structures, permission structures, account structures etc etc I'm kinda new at commercal vhosting but... Since all the users on my main box are vhosts I'v kept my users in /home/LETTER/NAME and setup public_html for html/non-exec and added a directory inside of that named cgi for exec scripts. Below is my general ~/ layout for each user. I've added each user to the www-data group (but enabled other mesures to hopefully stop scripts from lurking around other dir's and chmoded their home dir's 770. I setup 3 vhosts (standard) for each user, www.domain.com/domain.com, webalizer.domain.com and mail.domain.com, the latter of witch is simply a pointer to my local TWIG install I've modded for vhosting. The webalizer domain points to the webalizer dir and a cronjob runs under each users account that updates their information. The logs for their www domain (both combined and errors) go into ~/logs and have the following format: Error log: /home/f/foo/logs/error.log Access Log (type Combined): /home/f/foo/logs/ The reason for the as the name of the access log is that I have quite a few clients that have multiple vhosts. If the user wants an ftp server I set them up with a ProFTPD virtualhost and that domain and ProFTPD directive points to their ~/ftp directory. I'm working on a PHP script that will add my vhost directives for me but currently I'm adding them by hand. Take a look at the User/Group directives they come in handy. There is also a way to setup "macros" to use w/ vhosts that would cut the hand-workload down a bit I'm just opting for a script-based approach. example username "foo": layout of /home/f/foo -rw---1 foo foo 2888 Oct 28 12:54 README drwxrws---2 foo foo 4096 Oct 28 20:59 ftp drwxrws---2 foo foo 4096 Oct 28 15:55 logs drwxrws--- 13 foo foo 4096 Oct 28 15:12 public_html drwxrws---2 foo foo 4096 Oct 29 12:28 webalizer
Virtual web hosting best practice?
Hi, I'm looking at starting to do some commercial virtual web hosting on a Linux box I have that was previously just used for tinkering. I'm just wondering what methods different people are using to provision multiple websites under Apache? I'm after a method that's scaleable, as neat as possible, and most of all as secure as possible. e.g. Where do people shove their content roots? How do you securely allow individual sites to have CGI access? Directory structures, permission structures, account structures etc etc Andrew
Re: Virtual web hosting best practice?
On Tue, Oct 30, 2001 at 12:56:18PM +1000, Andrew Pollock wrote: > I'm just wondering what methods different people are using to provision multiple > websites under Apache? > I'm after a method that's scaleable, as neat as possible, and most of all as > secure as possible. > e.g. > Where do people shove their content roots? > How do you securely allow individual sites to have CGI access? > Directory structures, permission structures, account structures etc etc I'm kinda new at commercal vhosting but... Since all the users on my main box are vhosts I'v kept my users in /home/LETTER/NAME and setup public_html for html/non-exec and added a directory inside of that named cgi for exec scripts. Below is my general ~/ layout for each user. I've added each user to the www-data group (but enabled other mesures to hopefully stop scripts from lurking around other dir's and chmoded their home dir's 770. I setup 3 vhosts (standard) for each user, www.domain.com/domain.com, webalizer.domain.com and mail.domain.com, the latter of witch is simply a pointer to my local TWIG install I've modded for vhosting. The webalizer domain points to the webalizer dir and a cronjob runs under each users account that updates their information. The logs for their www domain (both combined and errors) go into ~/logs and have the following format: Error log: /home/f/foo/logs/error.log Access Log (type Combined): /home/f/foo/logs/ The reason for the as the name of the access log is that I have quite a few clients that have multiple vhosts. If the user wants an ftp server I set them up with a ProFTPD virtualhost and that domain and ProFTPD directive points to their ~/ftp directory. I'm working on a PHP script that will add my vhost directives for me but currently I'm adding them by hand. Take a look at the User/Group directives they come in handy. There is also a way to setup "macros" to use w/ vhosts that would cut the hand-workload down a bit I'm just opting for a script-based approach. example username "foo": layout of /home/f/foo -rw---1 foo foo 2888 Oct 28 12:54 README drwxrws---2 foo foo 4096 Oct 28 20:59 ftp drwxrws---2 foo foo 4096 Oct 28 15:55 logs drwxrws--- 13 foo foo 4096 Oct 28 15:12 public_html drwxrws---2 foo foo 4096 Oct 29 12:28 webalizer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Virtual web hosting best practice?
Hi, I'm looking at starting to do some commercial virtual web hosting on a Linux box I have that was previously just used for tinkering. I'm just wondering what methods different people are using to provision multiple websites under Apache? I'm after a method that's scaleable, as neat as possible, and most of all as secure as possible. e.g. Where do people shove their content roots? How do you securely allow individual sites to have CGI access? Directory structures, permission structures, account structures etc etc Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppoe on demand?
Why not use the persist and holdoff options? I assume you want it connected to the isp 24/7? Cya. KOZMAN Balint wrote: > > Hi, > > I have a problem with pppoe and woody. I'd like to use my woody as a small > router/firewall for my lan using an adsl connection. The adsl-provider > terminates the connection every 90 minutes, so I had to set up the > connection using the demand function of pppd with a connect script: > "exit 0". This works fine, but sometimes my pppd fails to reconnect, then > I have to make it "redial" by hand. What might be the problem? > > Thanks, > > Balint > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Regards, Robert Davidson. http://www.mlug.org.au/
pppoe on demand?
Hi, I have a problem with pppoe and woody. I'd like to use my woody as a small router/firewall for my lan using an adsl connection. The adsl-provider terminates the connection every 90 minutes, so I had to set up the connection using the demand function of pppd with a connect script: "exit 0". This works fine, but sometimes my pppd fails to reconnect, then I have to make it "redial" by hand. What might be the problem? Thanks, Balint
Re: pppoe on demand?
Why not use the persist and holdoff options? I assume you want it connected to the isp 24/7? Cya. KOZMAN Balint wrote: > > Hi, > > I have a problem with pppoe and woody. I'd like to use my woody as a small > router/firewall for my lan using an adsl connection. The adsl-provider > terminates the connection every 90 minutes, so I had to set up the > connection using the demand function of pppd with a connect script: > "exit 0". This works fine, but sometimes my pppd fails to reconnect, then > I have to make it "redial" by hand. What might be the problem? > > Thanks, > > Balint > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Regards, Robert Davidson. http://www.mlug.org.au/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
pppoe on demand?
Hi, I have a problem with pppoe and woody. I'd like to use my woody as a small router/firewall for my lan using an adsl connection. The adsl-provider terminates the connection every 90 minutes, so I had to set up the connection using the demand function of pppd with a connect script: "exit 0". This works fine, but sometimes my pppd fails to reconnect, then I have to make it "redial" by hand. What might be the problem? Thanks, Balint -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MASQUERADE problem
At 08:09 PM 10/22/01 +0200, you wrote: The line iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE should be using interface eth1 not ppp0 as you (probably) don't have a ppp interface. Also you should add this echo 1 > /proc/sys/net/ipv4/ip_forward to enable IP forwarding. The redirect line isn't needed to do MASQ, the above 2 lines alone should do it. Dave Hi all, I've installed a router with linux (a pc with an internet connection). I would like share this connection with the others pc on my network, but it doesn't work. COuld anyone help me ? This my config : eth0 (10.0.0.1) connected to internet eth1 (192.168.0.1) connected to the rest of my lan on my second pc (192.168.0.12), i've defined the default gateway as 192.168.0.1. On the router, I have done the following : iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -t nat -A PREROUTING -i eth0 -j REDIRECT When the pc tries to ping an address on the internet, there is a message 'network unreachable' What shall I do to make it work ? Best regards