You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Lorenzo Milesi <lo...@yetopen.it> on 2010/12/24 09:12:10 UTC
[users@httpd] Restricting config to a single virtualhost
Hi.
I'm using Apache2 on Ubuntu Server.
I've configured three virtual hosts, two on port 80 and one on port 443.
I've also several web apps, some directly placed in /var/www, some others installed system wide, which are configured by files placed in conf.d/.
Here comes my problem, because this makes those apps available to every virtualhost, while I'd like to restrict them to run only on a selected website, that is the SSL one!
This is a part of my sites-available/default-ssl:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin maxxer@yetopen.it
ServerName my.host.com
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
And this is, for example, conf.d/gitweb installed by debian package:
Alias /gitweb /usr/share/gitweb
<Directory /usr/share/gitweb>
Options FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
</Directory>
Debian includes conf.d/* before sites-enabled/*, this means gitweb is loaded before default-ssl. Reverting this behavior is not a big deal, but how do I make gitweb available only to the SSL website?
I know I could place gitweb content into default-ssl, but I'd rather keep them separated, if possible.
Thanks
--
Lorenzo Milesi - lorenzo.milesi@yetopen.it
YetOpen S.r.l. - http://www.yetopen.it/
Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222
GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it
-------- D.Lgs. 196/2003 --------
Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
possibile.
Grazie.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Restricting config to a single virtualhost
Posted by Jeroen Geilman <je...@adaptr.nl>.
On 12/28/10 11:56 AM, Joost de Heer wrote:
> On Mon, December 27, 2010 13:25, Jeroen Geilman wrote:
>
>> That's such nonsense.
>> Package upgrades do not touch files that were modified manually.
> But they do recreate files if they're moved to a different location. And
> that was what OP was referring to (my suggestion to rename/move the
> gitweb.conf file).
>
I see.
I wouldn't do that, if you want to keep using the package manager.
Just leave the file empty and use a different file.
--
J.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Restricting config to a single virtualhost
Posted by Joost de Heer <jo...@sanguis.xs4all.nl>.
On Mon, December 27, 2010 13:25, Jeroen Geilman wrote:
> That's such nonsense.
> Package upgrades do not touch files that were modified manually.
But they do recreate files if they're moved to a different location. And
that was what OP was referring to (my suggestion to rename/move the
gitweb.conf file).
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Restricting config to a single virtualhost
Posted by Jeroen Geilman <je...@adaptr.nl>.
On 12/24/10 5:34 PM, Lorenzo Milesi wrote:
>> And what's wrong with having the config (included) in the SSL-only
>> vhost alone?
> Because I would need to place those config files elsewhere, which means every time I upgrade the package I should take care of remembering where they are and update them.
> This way they're in place, and aptitude will prompt me for diffs, if it needs to.
That's such nonsense.
Package upgrades do not touch files that were modified manually.
--
J.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Restricting config to a single virtualhost
Posted by Lorenzo Milesi <lo...@yetopen.it>.
> And what's wrong with having the config (included) in the SSL-only
> vhost alone?
Because I would need to place those config files elsewhere, which means every time I upgrade the package I should take care of remembering where they are and update them.
This way they're in place, and aptitude will prompt me for diffs, if it needs to.
--
Lorenzo Milesi - lorenzo.milesi@yetopen.it
YetOpen S.r.l. - http://www.yetopen.it/
Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222
GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it
-------- D.Lgs. 196/2003 --------
Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
possibile.
Grazie.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Restricting config to a single virtualhost
Posted by Igor Galić <i....@brainsware.org>.
----- "Lorenzo Milesi" <lo...@yetopen.it> wrote:
> > Another solution: Add SSLRequireSSL to the gitweb.conf file. All
> > vhosts will
> > see the gitweb configuration, but only the SSL host will allow
> access.
>
> I like this solution the most.
> This gives Forbidden to all the hosts, meaning that I cannot use the
> same dir on other vhosts, right?
> Not a big deal, tough...
And what's wrong with having the config (included) in the SSL-only
vhost alone?
> thanks everyone!
> --
> Lorenzo Milesi - lorenzo.milesi@yetopen.it
>
> YetOpen S.r.l. - http://www.yetopen.it/
> Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
> Tel 0341 220 205 - Fax 178 6070 222
>
> GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it
>
> -------- D.Lgs. 196/2003 --------
>
> Si avverte che tutte le informazioni contenute in questo messaggio
> sono
> riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
> messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
> senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
> possibile.
> Grazie.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Restricting config to a single virtualhost
Posted by Lorenzo Milesi <lo...@yetopen.it>.
> Another solution: Add SSLRequireSSL to the gitweb.conf file. All
> vhosts will
> see the gitweb configuration, but only the SSL host will allow access.
I like this solution the most.
This gives Forbidden to all the hosts, meaning that I cannot use the same dir on other vhosts, right?
Not a big deal, tough...
thanks everyone!
--
Lorenzo Milesi - lorenzo.milesi@yetopen.it
YetOpen S.r.l. - http://www.yetopen.it/
Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222
GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it
-------- D.Lgs. 196/2003 --------
Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
possibile.
Grazie.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Restricting config to a single virtualhost
Posted by Joost de Heer <jo...@sanguis.xs4all.nl>.
> Move the file from conf.d to another location, and Include the file in your ssl
> host.
Another solution: Add SSLRequireSSL to the gitweb.conf file. All vhosts will
see the gitweb configuration, but only the SSL host will allow access.
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Restricting config to a single virtualhost
Posted by Joost de Heer <jo...@sanguis.xs4all.nl>.
> Debian includes conf.d/* before sites-enabled/*, this means gitweb is loaded
> before default-ssl. Reverting this behavior is not a big deal, but how do I
> make gitweb available only to the SSL website? I know I could place gitweb
> content into default-ssl, but I'd rather keep them separated, if possible.
Move the file from conf.d to another location, and Include the file in your ssl
host.
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org