Hosting Multiple Websites – Internet Server Version 1.0

[legacyb4]

When using Server 10.2 to host multiple websites, what’s the best way to deal with directories and user access?

For example, I want to host 5 websites run by 5 separate individuals. Each website will have its own domain name and some will need mail, others won’t.

Basic setup:

HTML content is stored on a separate hard drive such as:

/Volumes/Data/www/domain/html

1) If the user is a remote user and will never log in locally to the server, then the user’s home directory should be mapped under Home: to the above path.

Does this directory need to be shared in order to be able to log into his own home directory?

2) In order to limit SSH access, the user’s pirmary group should be set something to other than the general “staff” group; however, how do you limit them from traipsing around inside the system to take a look?

More as I continue to configure.

Cheers.

[legacyb4]

I think I’m answering my own questions as I go along here so I hope someone else gets something out of it…

My goal was to set up this Server purely as a web/FTP server and not really using it for much else (ie. “network” services).

So, I’ve set up the following:

1) FTP access to Home Directory only (Server Settings)
2) Created a share with access set to owner (R/W), group (R/W), and everyone (R). In addition, I named the FTP share as “domainname”.
3) I enabled “Allow Simultaneous Login” as Default (turning this off disabled FTP access)
4) I set up an Advanced Home Directory setting with Home: being set to /Volumes/Data/www/domainname

Seems to work like a charm now with FTP login by the specified user being dropped straight into the domain www root folder, ftpchrooted in this directory without any explicit configuration, and uploads being set to 644 without having to set an ftpd.conf file like you do in 10.2 Client. However, for reason though, I’m unable to chmod a file to a different set of permissions despite being the file owner.

Comments appreciated.

[legacyb4]

It’s convoluted and there are definitely better ways to get the same results, but I think I’ve finally come up with an acceptable (and maintainable) solution to accomplish what I need to use 10.2 Server as an Internet server.

Sorry for the sparse instructions but I’m assuming that those interested will know their way around Server and the various GUI settings plus be somewhat comfortable in Terminal as well.

DIRECTORIES
I am running a server serving only a few users, but each with a handful of their own domain so adapt as needed. I’m keeping all of my user data on a physically separate hard drive from the system which is why I have /Volumes/Data.

/Volumes/Data/www (755)
/jeff/domain01, /domain02, etc. (jeff 755)
/jeff/cgi-bin
/jeff/logs

/bill/domain01, /domain02, etc. (bill 755)
/bill/cgi-bin
/bill/logs
/bill/FTPRoot (jeff 700)

/Volumes/Data/ftp
/ftproot

WORKGROUP MANAGER Settings

User Tab
Jeff (machine admin)
Advanced: Enable simultaneous login
Groups: staff, and other groups that you might create
Home: Advanced | Home: /Users/jeff

Bill (remote user)
Advanced: Enable simultaneous login
Groups: bill
Home: Advanced | Home: /Volumes/Data/www/bill

Sharing Tab
Each user directory (/Volumes/Data/www/user) needs to be shared with FTP sharing enabled.

SERVER SETTINGS (FTP Settings – general)
Access: Anonymous access disabled
Advanced: Authentication (Standard)
Advanced: Real users view (Home + Shares)
Advanced: FTP Root – /Volumes/Data/ftp/ftproot

SERVER SETTINGS (WWW Settings for bill/domain01)
General: as you please
Sites/General: Web folder mapped to /Volumes/Data/www/bill/domain01
Options: as you please
Logging: Access (disabled), Error (enabled)
Access: as you please
Security: as you please

HTTPD CONF Settings

/etc/httpd/httpd_macosxserver.conf

Inside the respective Virtualhost directive, I included:
Include /etc/httpd/users/httpd_bill_domain01.conf
turning off Logging:Access Log will result in the following (leave as is)
CustomLog “/dev/null” “%h %l %u %t \”%r\” %>s %b”

/etc/httpd/users/httpd_bill_domain01.conf

CustomLog “/Volumes/Data/www/bill/domain01/logs/access_log” combined

ScriptAlias /cgi-bin/ “/Volumes/Data/www/bill/cgi-bin/”

<Directory “/Volumes/Data/www/bill/cgi-bin”>
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>

THINGS TO WATCH OUT FOR

Don’t bother logging in as a remote user on the local machine; haven’t tried but I can tell you it will cause more grief than it’s worth.

The first time a remote user FTPs into the server, a link called FTPRoot will be generated by virtue of the FTP Setting of “Real users view Home + Shares”; by having placed a non-user modifiable FTPRoot folder in the domain, that link is never generated. This had to be done to allow Jeff, the administrator to FTP in and access his web directory yet lock out remote users from being able to escape out of their own roots.

I could have put the admin’s own site in his Sites folder but that means that from any domain, /~jeff/ can be called up which might not be desirable.

I’ve allowed individual users to have access to their own private cgi-bin; those hosting services for a larger, commercial environment might want to think about the security issues involved.

This is my first run at trying to get OS X 10.2 up and running as a full-blown web, ftp, and mail server but nothing else.

Hope that helps.

[Cabbage]

You’ll probably have to recompile the wu-ftp since you can’t chmod anything in its present form. I know I need that on my web site in order to allow certain php programs to run correctly.

[legacyb4]

Thanks for the tip.

Assuming not, but any idea if the FTP control panel will function if you use an alternative FTP server such as [url=http://www.pureftpd.org/]PureFTPD[/url]?

Any info on getting a new wu-ftp up and running would be appreciated too!

Cheers.

[quote:8ab8c19c8d=”Cabbage”]You’ll probably have to recompile the wu-ftp since you can’t chmod anything in its present form. I know I need that on my web site in order to allow certain php programs to run correctly.[/quote:8ab8c19c8d]

[Author]

Posts