How To Set Up Mass Virtualhosting With Apache2 + mod_rewrite + mod_userdir + mod_suexec On CentOS 5.3

Version: 1.2
Last edited: 7th July 2009

This howto shows one method of doing mass virtualhosting using mod_rewrite to dynamically map a list of directories on your filesystem to virtual hosts. Additionally, by rewriting the incoming URL to the user's home directory we can make use of suEXEC to have Apache execute CGI scripts as the owner of the script.

NOTE: this config has not been tested in a production environment.

Before we start

Using Centos 5.3 as the OS platform.

For illustration purposes, I'm assuming that www.example.com exists and points to the our web server IP 192.168.1.1. The webroot for example.com is located in /home/vhosts/example.com/public_html.

Apache2

Install Apache:

yum install httpd

(Centos httpd package includes mod_rewrite + mod_userdir + mod_suexec.)

Configure mass virtual hosting

vim /etc/httpd/conf/httpd.conf

Add the following towards the top somewhere:

LoadModule rewrite_module modules/mod_rewrite.so

At the bottom of the file add the following:

## get the server name from the Host: header
UseCanonicalName Off


## splittable logs
LogFormat "%{Host}i %h %l %u %t \"%r\" %s %b" vcommon
CustomLog logs/access_log vcommon


RewriteEngine On


## Create a handle to convert upper or mixed-case to lower-case
RewriteMap lowercase int:tolower


##-----------------------------------
## where hostname has www prefix
##-----------------------------------
## Firstly create custom variable that contains the host without the www prefix
RewriteCond %{HTTP_HOST} ^www\.(.*)$ 
RewriteRule .? - [E=noWWWHost:%1]


## Map the virtualhost to the documentroot
RewriteCond %{REQUEST_URI} !^/~
RewriteCond %{HTTP_HOST} ^www\. 
RewriteRule ^/(.*)$ /home/vhosts/${lowercase:%{ENV:noWWWHost}}/public_html/$1


##-----------------------------------
## where hostname *does not* have www prefix
##-----------------------------------
## Map the virtualhost to the documentroot
RewriteCond %{REQUEST_URI} !^/~
RewriteCond %{HTTP_HOST} !^www\. 
RewriteRule ^/(.*)$ /home/vhosts/${lowercase:%{HTTP_HOST}}/public_html/$1

Some things to note about the above config:

• Our websites are located in /home/vhosts - each subfolder is the domain name of the website (without the www prefix) e.g. /home/vhosts/example.com.
• If a request hits the server for www.example.com it will be dynamically re-written to example.com.
• The documentroot directory is 'public_html' - this name is required by suEXEC as we'll see later. If you don't intend to use suEXEC then you make this whatever you like & update the rewriterule accordingly.

Create index.html in the virtual host's public_html:

echo "index.html Hello World" > /home/vhosts/example.com/public_html/index.html

Start Apache:

/etc/init.d/httpd start

Now, browsing to http://www.example.com/ should result in 'index.html Hello World' being displayed. If this doesn't happen, check the Apache error log:

tail /var/log/httpd/error_log

Executing our CGI scripts using suEXEC + mod_userdir

As this is a shared web hosting platform, with many different users & websites we want to execute CGI scripts as the owner of the website rather than as the webserver process. suEXEC allows us to do this a) statically using virtualhost config or b) dynamically using mod_userdir.

Firstly, each website must be owned by a user with the same name as the website's domain name. For example website example.com:

useradd -d /home/vhosts/example.com example.com

This will create a user example.com whose home directory is /home/vhosts/example.com. All the webfiles for www.example.com will go into /home/vhosts/example.com/public_html.

You could either add each user manually to /etc/passwd or set up your host to look up an LDAP directory for account information.

Enable mod_userdir:

vim /etc/httpd/conf/httpd.conf

Ensure the following lines appear somewhere in your config:

LoadModule userdir_module modules/mod_userdir.so


<IfModule mod_userdir.c>
    UserDir public_html
</IfModule>

Now when we request a page from the webserver using the form http://192.168.1.1/~example.com Apache will look in the home directory for username example.com for the public_html directory. This by itself isn't very useful as we don't want people to have to use the ~/ bit in their URLs. Instead we will silently rewrite the URL from www.example.com to http://192.168.1.1/~example.com behind the scenes.

This particular rewrite doesn't need to be done for every page - only for CGI scripts that we want to run under suEXEC. Other pages will get handled by the earlier re-write rules.

Edit /etc/httpd/conf/httpd.conf. Below the existing rewrite rules, insert the following:

## Rewrite script to userdir so we can use suEXEC
RewriteCond %{REQUEST_URI} !^/~
RewriteCond %{SCRIPT_FILENAME} /home/vhosts/(.*)/public_html/(.*\.(pl|cgi))
RewriteRule .* /~%1/%2 [PT,L]


<Directory /home/vhosts/*/public_html>
	AddHandler cgi-script .pl .cgi
	Options +ExecCGI
</Directory>

Reload Apache config:

/etc/init.d/httpd reload

Create the Perl script test.pl in the virtual host's public_html with the following contents:

#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "<H1>test.pl Hello World</H1>\n";

Give the script executable permissions & change ownership to the correct user:

chmod +x test.pl

chown example.com:example.com test.pl

Now, browsing to http://www.example.com/test.pl should result in 'test.pl Hello World' being displayed. If this doesn't happen, check the following log files:

tail /var/log/httpd/error_log

tail /var/log/httpd/suexec.log

PHP + Python

Extending suEXEC processing to include PHP & Python (or anything else) is simple. First, make sure php-cli and python packages and their dependencies are installed:

yum install php-cli

yum install python

Create a couple of 'hello world' scripts in your public_html folder as follows:

test.py

#!/usr/bin/python

print "Content-type: text/html\n\n"
print "test.py Hello world!"

test.php

#!/usr/bin/php-cgi

<?
echo "test.php Hello world!";
?>

Chown the files to be owned by the correct user, and set the executable bit with chmod +x.

Note: each script needs to have the interpreter specified on the first line e.g. #!/usr/bin/python. To avoid having to do this with each file, you can do the following:

echo ":PHP:E::php::/usr/bin/php-cgi:" > /proc/sys/fs/binfmt_misc/register
echo ":Python:E::py::/usr/bin/python:" > /proc/sys/fs/binfmt_misc/register

Now modify Apache config to rewrite requests for files with .php and .py extensions. We also need to add these extensions to the handler for cgi-script

/etc/httpd/conf/httpd.conf

## Rewrite script to userdir so we can use suEXEC
RewriteCond %{REQUEST_URI} !^/~
RewriteCond %{SCRIPT_FILENAME} /home/vhosts/(.*)/public_html/(.*\.(pl|cgi|php|py))
RewriteRule .* /~%1/%2 [PT,L]


<Directory /home/vhosts/*/public_html>
	AddHandler cgi-script .pl .cgi .php .py
	Options +ExecCGI
</Directory>

PHP NOTE: Set cgi.force_redirect = 0 in /etc/php.ini to avoid CGI REDIRECT_STATUS errors

Reload Apache config:

/etc/init.d/httpd reload

Now, browsing to http://www.example.com/test.py or http://www.example.com/test.php should result in 'Hello World' being displayed. If this doesn't happen, check the following log files:

tail /var/log/httpd/error_log

tail /var/log/httpd/suexec.log

Catchall

If you'd like to direct requests for non-existent virtual hosts to one catchall site, make this your last rewrite rule in /etc/httpd/conf/httpd.conf:

## Redirect non-existent virtualhosts
RewriteCond %{REQUEST_URI} !^/~
RewriteCond %{SCRIPT_FILENAME} (/home/vhosts/.*)/public_html/.*
RewriteCond %1 !-d
RewriteRule .? http://www.google.com [R,NS,L]