Table of Contents
Configure Apache for the hosted websites
VHFFS stores websites using a hashed web tree to reduce the number of directory entries per directory.
As example, the website “vhffs.org” directory will be stored at “/data/web/1c/39/5d/vhffs.org/” because the md5sum of “vhffs.org” is “1c395d8aa83a39ea1fc09b7a46ad97e4”.
We are using a home made Apache module to handle this special storing case.
mod_vhost_hash_alias Installation
The libapache2-mod-vhost-hash-alias package is no longer included in Debian. You have to download it from the VHFFS repository and install it manually :
# wget https://download.tuxfamily.org/vhffs4/debian/pool/main/libapache2-mod-vhost-hash-alias/libapache2-mod-vhost-hash-alias_1.0-3_amd64.deb # apt-get install libmhash2 # dpkg -i libapache2-mod-vhost-hash-alias_1.0-3_amd64.deb # a2enmod vhost_hash_alias
Configuration of websites inside VHFFS
This is an example of a virtualhost for all websites inside VHFFS:
Put this in /etc/apache2/sites-available/vhffs.conf
ServerTokens Prod HashType md5 HashEncoding hexa HashSplit 2 2 2 HashLimit 6 HashDocumentRootPrefix /data/web HashDocumentRootSuffix htdocs HashAddAliasPrefix www <VirtualHost *:80> ServerAdmin webmaster@localhost ServerSignature On DocumentRoot /data/web HashEnable On DirectoryIndex index.html index.xhtml index.php index.php5 index.php4 index.php3 index.phtml <Directory /data/web> Options -ExecCGI +Indexes +SymLinksIfOwnerMatch +Includes +MultiViews IndexIgnore */.quota */.*passw* */.htaccess IndexOptions NameWidth=* AllowOverride All <IfModule version_module> <IfVersion < 2.4> order allow,deny allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> </IfModule> <IfModule !version_module> order allow,deny allow from all </IfModule> </Directory> ErrorLog /data/logs/web/incoming/${APACHE_HOSTNAME}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhffs CustomLog /data/logs/web/incoming/${APACHE_HOSTNAME}/vhffs.log vhffs #RewriteLog /data/logs/web/incoming/${APACHE_HOSTNAME}/rewrite.log #RewriteLogLevel 9 Alias /icons/ "/usr/share/apache2/icons/" <Directory "/usr/share/apache2/icons"> Options Indexes MultiViews AllowOverride None <IfModule version_module> <IfVersion < 2.4> order allow,deny allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> </IfModule> <IfModule !version_module> order allow,deny allow from all </IfModule> </Directory> </VirtualHost>
We need to write one logfile per webserver, in order to keep configuration of all Web servers in sync, we are using an environment variable to store the server hostname, so that we can use a different path for logs with the same configuration file on all servers.
# echo "export APACHE_HOSTNAME='$HOSTNAME'" >> /etc/apache2/envvars # mkdir /data/web # mkdir -p /data/logs/web/incoming/$HOSTNAME/
Now, just add the VirtualHost to the enabled ones. But as we don't have a ServerName directive, our VirtualHost needs to be the first VirtualHost loaded, so that it is going to be the default VirtualHost. To do that we remove the default entry and replace it to our own.
# a2ensite vhffs # a2dissite 000-default # mv /etc/apache2/sites-enabled/{,000-}vhffs.conf
Then reload apache2
# apache2ctl graceful
Websites outside VHFFS configuration
To prevent the URL to be hashed by the vhost hash alias module, you should insert the following code in the VirtualHost config:
<VirtualHost *:80> [...] HashEnable Off [...] </VirtualHost>
PHP5 and suPHP Installation, in a rather safe way
We first need to install PHP5 CGI handler.
# apt-get install php5-cgi
The libapache2-mod-suphp package is no longer included in Debian. You have to download it from the VHFFS repository and install it manually :
# wget https://download.tuxfamily.org/vhffs4/debian/pool/main/suphp/suphp-common_0.7.2-1_amd64.deb https://download.tuxfamily.org/vhffs4/debian/pool/main/suphp/libapache2-mod-suphp_0.7.2-1_amd64.deb # dpkg -i suphp-common_0.7.2-1_amd64.deb libapache2-mod-suphp_0.7.2-1_amd64.deb
The suPHP configuration file is /etc/suphp/suphp.conf
, main modifications are:
docroot=/data/web allow_file_group_writeable=true allow_directory_group_writeable=true umask=0002 min_uid=10000 min_gid=10000
Reference: http://www.suphp.org/
Finally, reload Apache.
# apache2ctl graceful
- By default there is a parent directory check to verify if the current user is the same as the parent user in order to prevent symbolic link race condition abuses. Since VHFFS is based on groups, we relax this check to the group instead of the user.
setrlimit(2)
support- Execute support for scripts without shebang
The patchs are available in the ~/vhffs-patches/suphp
directory and precompiled packages are available at http://download.tuxfamily.org/vhffs4/debian/pool/main/suphp/