##########################################################
# Searchable Keywords: apache vhost virtual htaccess password

VirtualHosting: allow multipal domains on a single server.

System requirements: each virtual host must have it's own
			IP number. In some cases their own
			interface(or multinet interface)

General info: Most any type of directive can be used within
		the VirtualHost block.

Types virtual hosting:
name-based virtual hosting
Ip-based virtual hosting

name-based hosting requires that you enter the NameVirtualHost
directive(prefered to a IP number rather than a name)

Types of servers:
primary and secondary

The primary will always be the server itself or a CNAME 
for the web server.

The secondary will be any subdomain or virtually hosted
domain.


-------------------------------------------------------------------

My example:
I have two domains. I host them off of one apache server. The primary
server is www.leftlogical.net 192.168.1.5 The virtually hosted domain
is www.designsequence.net 192.168.1.16, a multinet interface on a 
SparcLinux host.

eth0      Link encap:Ethernet  HWaddr 08:00:20:1A:26:30  
          inet addr:192.168.1.5  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:663316 errors:0 dropped:0 overruns:0 frame:0
          TX packets:797819 errors:0 dropped:0 overruns:0 carrier:0
          collisions:21145 txqueuelen:100 
          Interrupt:5 Base address:0x8400 

eth0:1    Link encap:Ethernet  HWaddr 08:00:20:1A:26:30 <--------- VirtualHost 
          inet addr:192.168.1.16  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:5 Base address:0x8400 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:53 errors:0 dropped:0 overruns:0 frame:0
          TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 



www.leftlogical.net is CNAME for abby.leftlogical.net
www.designsequence.net is a CNAME for dizzy.designsequence.net
and resolves  in the local domain to dizzy.leftlogical.net
	See the DNS zone files for all of this mess

I'm using named-based hosting so I have a entry for
NameVirtualHost 192.168.1.16

The Primary server gets all of it's directives from the inital apache
settings.
The VirtualHost gets all of it's directives from the directives within
the virtual hosting blcks.
<VirtualHost 192.168.1.16>
ServerName=www.designsequence.net
DocumentRoot=/home/http/designsequence
..... other diretives
</VirtualHost>


	My actual entries are lengthier and some are not in use but
	are as follows.

# Use name-based virtual hosting.
# This uncomment and a IP entered to enable host-named virtual hosting
# vs IP-based virtual hosting 9/24/03
# NameVirtualHost *
NameVirtualHost 192.168.1.16

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
# Oh yeah one thing that little @!#$^_ doesn't mention is that <-Unix-g bit??
# you HAVE TO HAVE ! separate IP numbers fo each virtual host. #@)*&^%!?
#                                               9/24/04
#
#<VirtualHost *>
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
#
<VirtualHost 192.168.1.16>

# All the double bangs(##) were changes made after the implementation
# They interfered with leftlogical.net  9/24/03 

ServerName www.designsequence.net

ServerAdmin webmaster@designsequence.neta <-- this should be a really address

## ServerAlias www.leftlogical.net  }
## ServerAlias abby.leftlogical.net } <---- These should not be used
## ServerAlias leftlogical.net	    }
##ServerAlias designsequence.net    }

DocumentRoot /home/tkeen/public_html

#---- Directory spec I left to the original server ---#
#<Directory />
#Options FollowSymLinks
#AllowOverride None
#</Directory>
#
#<Directory "/websites/designsequence/webroot"
#Options Indexs FollowSymLinks
#AllowOverride None
#Allow from all
#</Directory>

# -------------------------------------------- #

## DirectoryIndex index.html <-- This was iffy

AccessFileName .htaccess

HostnameLookups off
ErrorLog /var/log/designsequence/htmlog  <-- Note,separate log file
LogLevel warn

## ServerSignature Off

ScriptAlias /cgi-bin/ "/home/tkeen/public_html/data/cgi-bin" <--- cgi locale
<Directory "/home/tkeen/public_html/data/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>

## AddHandler cgi-script .cgi

# ----- No user directories are published ----------- #
#UserDir public_html 


</VirtualHost>


In addition to these changes I also had to.......

Note: I intitally used port 8888 till I could get it to work 
thenm I swapped in port 80

edits to apache httpd.conf:
* Added Listen 80  and  Listen 8888
* Added  port numnber to NameVituralHost line 192.168.16:8888
* Added port number to VitualHost line <VirtualHost 192.168.1.16:8888>
* Added  Port 8888 in Virtual host block

edits to bsd FW:
* edit line in nat.conf to forward packets from 8888 to www.design.. 8888
* Added line in pf.conf to allow packet passing from any to 192.168.1.16 8888


Actual lines that were added or altered.........................

/etc/httpd.conf/httpd.conf

................... outside of VirtualHost block............snip
Listen 192.168.1.5:80
Listen 192.168.1.16:8888
		Note: I later change this to port 80

NameVirtualHost 192.168.1.16:8888
		Note: I later change this to port 80

................Beginning or inside VirtualHost block.......snip

<VirtualHost 192.168.1.16:8888>
		Note: I later change this to port 80

Port 8888
		Note: I later change this to port 80

.......................................................snip

BSD FW /etc/nat.conf

.......................................................snip
#       designsequence acces on port 8888 to port 80
rdr on le0 proto tcp from any to 10.10.10.3/32 port 8888 -> www.designsequence.net p
ort 8888
		Note: I later change this to port 80

........................................................snip


BSD FW /etc/pf.conf

........................................................snip
pass in log on $inrface proto tcp from any to 192.168.1.16 port = 8888 flags S/SA mo
dulate state
		Note: I later change this to port 80
........................................................snip



Dam this got complicated ! firewall really works good though !


--------------------------------------------------------------------------
	A word about password protection and htaccess files

The following line adds a user to the htpasswd file
syntax: htpasswd /path/to/your/.htauth/htpasswd  username

You also need to check the .htaccess file in the directory you want
to protect and make sure the "username" appears in the htgroup file.

$ more /httpd/www/secrets/.htaccess
AuthName secrets
<Limit GET POST>
require group secrets
order allow,deny
allow from all
</Limit>

$ more /path/to/your/.htauth/htgroup
secrets: bobj maryf username
other_grp: sarahp mrnotes




Also see Solarisnotes/html_notes, apache-benchmark, also the reference lib on apache htaccess