≡ Menu

virtual domain

Apache Chroot Jail: Virtual Hosting

Now your chrooted Apache jail is ready. It is time to add domains using Apache virtual hosting features.
[click to continue…]

Red Hat / CentOS: Chroot Apache 2 Web Server

A chroot on Red Hat / CentOS / Fedora Linux operating changes the apparent disk root directory for the Apache process and its children. Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache. You should never ever run a web server without jail. There should be privilege separation between web server and rest of the system.

In this exclusive series, you will learn more about:

  • Securing an Apache 2 web server under Red Hat Enterprise Linux / CentOS Linux using mod_chroot
  • Virtual hosting configuration under chrooted jail.
  • Troubleshooting Chrooted Apache jail problem.

[click to continue…]

Lighttpd logo

For various reason you might want to redirect all traffic coming to www.domain.com to domain.com or vise versa.
[click to continue…]

Lighttpd logo

Last time I wrote about setting up virtual hosting for Lighttpd web server. Naturally next step is to setup log rotating with logrotate which rotates, compresses log files.

Our setup

Our sample setup has total 6 log files:
Default domain/IP log files:
/var/log/lighttpd/access.log
/var/log/lighttpd/error.log

nixcraft.com virtual domain log files:
/var/log/lighttpd/nixcraft.com/access.log
/var/log/lighttpd/error.log

theos.in virtual domain log files:
/var/log/lighttpd/theos.in/access.log
/var/log/lighttpd/theos.in/error.log

logrotate Configuration

All you need to do is open/create logrotate configuration file for lighttpd. Open file /etc/logrotate.d/lighttpd:
# vi /etc/logrotate.d/lighttpd

Append following text:
"/var/log/lighttpd/*.log" "/var/log/lighttpd/nixcraft.com/*.log " "/var/log/lighttpd/theos.in/*.log " {
missingok
copytruncate
rotate 7
compress
notifempty
sharedscripts
postrotate
/etc/init.d/lighttpd reload
endscript
}

Where,

  • "/var/log/lighttpd/*.log" "/var/log/lighttpd/nixcraft.com/*.log " "/var/log/lighttpd/theos.in/*.log ": Log files with wild card specification as per our setup.
  • missingok: If the log file is missing, go on to the next log file without issuing an error message.
  • copytruncate: Truncate the original log file to zero size in place after creating a copy, instead of moving the old log file and optionally creating a new one
  • rotate 7: Log files are rotated 7 times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather then rotated.
  • compress: Old versions of log files are compressed with gzip to save disk space.
  • notifempty: Do not rotate the log if it is empty
  • sharedscripts
    postrotate
    /etc/init.d/lighttpd reload
    endscript:
    The lines between postrotate and endscript (both of which must appear on lines by themselves) are executed after the log file is rotated. These directives may only appear inside a log file definition. In our case we are reloading lighttpd. Other opting could be send –HUP single using kill command.

Make sure crond runs automatically after system reboot

Now your logs will rotate with logrotate command which is called from cronjob (/etc/cron.daily/logrotate) everyday. So make sure crond is running all the time:
# /etc/init.d/crond start
# chkconfig --list crond
# chkconfig crond on

Alternatively, run text based GUI tool for same purpose (Redhat/CentOS/Fedora and friends):
# ntsysv

If you are using Debian Linux, type the following command to configure crond using text based GUI tools:
# rcconf

Alternatively you can use update-rc.d command (Debian / Ubuntu Linux) to start crond automatically after system reboot:
# update-rc.d crond defaults