[modcfgldap-devel] Re: (Re-)design - multiple vhosts / server
Status: Beta
Brought to you by:
abrenk
Menu
▾
▴
[modcfgldap-devel] Re: (Re-)design - multiple vhosts / server
|
From: Andreas B. <ma...@an...> - 2004-04-13 09:39:42
|
I hate to object but you've got something wrong here. mod_cfg_ldap can handle as many virtual hosts as you like. And since 1.1 on as many different servers as you like. I'll explain everything some more. And clarify my vocabulary. A "server" is an instance of Apache. Not necessarily on a physical machine but normally so. A "virtual host" is a website that is distinguished from other websites by the Host-header during the HTTP request. It has its own DocumentRoot, ServerAdmin etc. The only thing mod_cfg_ldap requires is that a virtual host has its own node in the tree and is using apacheServerName and/or apacheServerAlias attributes that contain the Host-header value. An objectClass apacheConfig is contained in the distribution but you are free to adopt these attributes into your own, private objectClass(es). Let's take www.example.com as an example here. What mod_cfg_ldap does is to search the tree for a node that has an attribute apacheServerName=www.example.com or apacheServerAlias=www.example.com (since 1.1 it adds the user-defined search filter). If it doesn't find a node it doesn't handle the request. If if find two or more nodes it complains and doesn't handle the request (you mentioned this line in the code in your last mail) - how should mod_cfg_ldap decide which node to prefer... (okay, one could add a "disabled" attribute). Finding a single node mod_cfg_ldap reads the values for DocumentRoot etc. from that dn. Getting a request for www.test.com it repeats these steps. I've appended an example LDIF. Maybe everything get's clearer if you see what tree I have in mind. Each customer (friend, family) has his own branch like in your LDIF example. Some DNs contain the domain name in its name, some not - that doesn't matter. Talking about my example LDIF: If you have an Apache server that should serve customer-one's vhost but not customer-two's you could set the user-defined filter to "(ARecord=172.16.1.1)". To test your filter YOURFILTER for virtual host HOSTHEADER you can search manually using: (&(|(apacheServerName=HOSTHEADER)(apacheServerAlias=HOSTHEADER))YOURFILTER) (That's in line 168 of mod_cfg_ldap.c) That way we don't need "links" between webserver-node and vhost-nodes. To configure general Apache behaviour one could add a "main webserver config node" (like with qmail-ldap and qmail-ldap-control). Taking up your example you'd only need to add or substitute the following (or I could make the attribute names configurable if you like): > dn: cn=testing.bayour.com,ou=WEB,dc=bayour,dc=com > objectClass: phpQLAdminWebVHost objectClass: apacheConfig > cn: testing.bayour.com > webServerName: testing.bayour.com apacheServerName: testing.bayour.com > webServerIP: 192.168.1.4 > webServerURL: http://testing.bayour.com/ > webServerAdmin: tu...@ba... apacheServerAdmin: tu...@ba... > webDocumentRoot: /var/www/testing/ apacheDocumentRoot: /var/www/testing/ > webLogError: /var/log/apache/testing-error.log > webLogTransfer: /var/log/apache/testing-trans.log (...the same with the second node...) If you want the Apache on 192.168.1.4 just to pick up the nodes where webServerIP has its IP set the user-defined filter to (webServerIP=192.168.1.4). If it has multiple IPs you could also do that: (|(webServerIP=192.168.1.4)(webServerIP=192.168.1.5)). I hope this helps. Maybe I should wrap this up into a howto or manual... Regards, Andreas Am Tue, Apr 13, 2004 at 10:17:55AM +0200, schrieb Turbo Fredriksson: > As described a week or so ago in my 'introduction letter', there's > a problem with multiple vhosts on one server. As it is now, modcfgldap > can only handle ONE vhost on ONE server. This is obviosly wrong, but > easiest to code for... > > > I'm an ISP. Even though I don't SELL - for money - internet access, I > do offer mail-/web-/shellhosting to friends, family, familys family > and friends family etc. This means that my LDAP database is organized > in such a way that each friend/family have it's own branch in the database: > > ----- s n i p ----- > [papadoc.pts/12]$ ldapsearch -LLL -s one dn | grep ^dn: 2> /dev/null > dn: dc=sundqvist,dc=com > dn: dc=winas,dc=com > dn: dc=intelligence-5,dc=com > dn: dc=bayour,dc=com > dn: dc=gamestudio,dc=com > dn: dc=fredriksson,dc=com > dn: dc=agby,dc=com > dn: dc=bortheiry,dc=com > dn: dc=sahlen,dc=com > dn: dc=vger,dc=com > dn: dc=henriksson,dc=com > ----- s n i p ----- > > Some (or all if need be) might have/want their own vhost - some have registered > domains not showned by the DN, some don't. This naturaly mean that I'd like > THEIR vhost somewhere under THEIR branch... > > The idea I'm having (please contribute) is to have ONE object specifying information > about this webserver and 'links' to the actual vhosts. > > Example: > 'dc=papadoc,dc=bayour,dc=com' is the MAIN branch, where I put everything that > have to do with the actual 'site' (my machines etc), so this is where the main > VHOST object would reside. In this, each of the VHOSTs that's availible for > apache on this server is listed as an RDN: > > ----- s n i p ----- > ; below this DN is where I have my DNS > dn: ou=DNS,dc=bayour,dc=com > > ; this is the main object with links to vhosts > dn: cn=apache,ou=WEB,dc=bayour,dc=com > objectClass: phpQLAdminWebSrv > cn: apache > apacheVHostRDN: cn=testing.bayour.com,ou=WEB,dc=bayour,dc=com > apacheVHostRDN: cn=www.data-akut.se,ou=WEB,dc=bortheiry,dc=com > ; ... other stuff that might be of interest about this machine > > dn: cn=testing.bayour.com,ou=WEB,dc=bayour,dc=com > objectClass: phpQLAdminWebVHost > cn: testing.bayour.com > webServerName: testing.bayour.com > webServerIP: 192.168.1.4 > webServerURL: http://testing.bayour.com/ > webServerAdmin: tu...@ba... > webDocumentRoot: /var/www/testing/ > webLogError: /var/log/apache/testing-error.log > webLogTransfer: /var/log/apache/testing-trans.log > > dn: cn=www.data-akut.se,ou=WEB,dc=bortheiry,dc=com > objectClass: phpQLAdminWebVHost > cn: www.data-akut.se > webServerName: www.data-akut.se > webServerIP: 192.168.1.4 > webServerURL: http://www.data-akut.se/ > webServerAdmin: [the admin for this vhost] > webDocumentRoot: /var/www/dataakut/ > webLogError: /var/log/apache/dataakut-error.log > webLogTransfer: /var/log/apache/dataakut-trans.log > ----- s n i p ----- > > > This would be fairly easy to implement in modcfgldap. Any thoughts so far? > -- > tritium attack smuggle NSA Waco, Texas Noriega DES AK-47 Rule Psix > explosion Honduras colonel congress Panama strategic > [See http://www.aclu.org/echelonwatch/index.html for more about this] > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > modcfgldap-devel mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/modcfgldap-devel > -- Andreas Brenk mailto:ma...@an... http://www.andreasbrenk.com |
