summaryrefslogtreecommitdiffstats
path: root/docs/manual/vhosts/ip-based.xml
blob: 5a5571a8d41996dfdb2bc8951f7ce3cd1ba734a9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<!-- $LastChangedRevision$ -->

<!--
 Licensed to the Apache Software Foundation (ASF) under one or more
 contributor license agreements.  See the NOTICE file distributed with
 this work for additional information regarding copyright ownership.
 The ASF licenses this file to You under the Apache License, Version 2.0
 (the "License"); you may not use this file except in compliance with
 the License.  You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-->

<manualpage metafile="ip-based.xml.meta">
<parentdocument href="./">Virtual Hosts</parentdocument>
   <title>Apache IP-based Virtual Host Support</title>

<seealso>
<a href="name-based.html">Name-based Virtual Hosts Support</a>
</seealso>

<section id="explanation"><title>What is IP-based virtual hosting</title>
<p>IP-based virtual hosting is a method to apply different directives
based on the IP address and port a request is received on.  Most commonly,
this is used to serve different websites on different ports or interfaces.</p>

<p>In many cases, <a href="name-based.html">name-based
virtual hosts</a> are more convenient, because they allow
many virtual hosts to share a single address/port.
See <a href="name-based.html#namevip">Name-based vs. IP-based
Virtual Hosts</a> to help you decide.  </p>
</section>

<section id="requirements"><title>System requirements</title>

    <p>As the term <cite>IP-based</cite> indicates, the server
    <strong>must have a different IP address/port combination for each IP-based
    virtual host</strong>. This can be achieved by the machine
    having several physical network connections, or by use of
    virtual interfaces which are supported by most modern operating
    systems (see system documentation for details, these are
    frequently called "ip aliases", and the "ifconfig" command is
    most commonly used to set them up), and/or using multiple
    port numbers.</p>

    <p> In the terminology of Apache HTTP Server, using a single IP address
    but multiple TCP ports, is also IP-based virtual hosting.</p>

</section>

<section id="howto"><title>How to set up Apache</title>

    <p>There are two ways of configuring apache to support multiple
    hosts. Either by running a separate <program>httpd</program> daemon for
    each hostname, or by running a single daemon which supports all the
    virtual hosts.</p>

    <p>Use multiple daemons when:</p>

    <ul>
      <li>There are security partitioning issues, such as company1
      does not want anyone at company2 to be able to read their
      data except via the web. In this case you would need two
      daemons, each running with different <directive
      module="mpm_common">User</directive>, <directive
      module="mpm_common">Group</directive>, <directive
      module="mpm_common">Listen</directive>, and <directive
      module="core">ServerRoot</directive> settings.</li>

      <li>You can afford the memory and file descriptor
      requirements of listening to every IP alias on the
      machine. It's only possible to <directive
      module="mpm_common">Listen</directive> to the "wildcard"
      address, or to specific addresses. So if you have a need to
      listen to a specific address for whatever reason, then you
      will need to listen to all specific addresses. (Although one
      <program>httpd</program> could listen to N-1 of the addresses, and another could
      listen to the remaining address.)</li>
    </ul>

    <p>Use a single daemon when:</p>

    <ul>
      <li>Sharing of the httpd configuration between virtual hosts
      is acceptable.</li>

      <li>The machine services a large number of requests, and so
      the performance loss in running separate daemons may be
      significant.</li>
    </ul>

</section>

<section id="multiple"><title>Setting up multiple daemons</title>

    <p>Create a separate <program>httpd</program> installation for each
    virtual host. For each installation, use the <directive
    module="mpm_common">Listen</directive> directive in the
    configuration file to select which IP address (or virtual host)
    that daemon services. e.g.</p>

    <example>
    Listen 192.0.2.100:80
    </example>

    <p>It is recommended that you use an IP address instead of a
    hostname (see <a href="../dns-caveats.html">DNS caveats</a>).</p>

</section>

<section id="single"><title>Setting up a single daemon
  with virtual hosts</title>

    <p>For this case, a single <program>httpd</program> will service
    requests for the main server and all the virtual hosts. The <directive
    module="core">VirtualHost</directive> directive
    in the configuration file is used to set the values of <directive
    module="core">ServerAdmin</directive>, <directive
    module="core">ServerName</directive>, <directive
    module="core">DocumentRoot</directive>, <directive
    module="core">ErrorLog</directive> and <directive
    module="mod_log_config">TransferLog</directive>
    or <directive module="mod_log_config">CustomLog</directive>
    configuration directives to different values for each virtual
    host. e.g.</p>

    <example>
    &lt;VirtualHost 172.20.30.40:80&gt;<br />
    ServerAdmin webmaster@www1.example.com<br />
    DocumentRoot /www/vhosts/www1<br />
    ServerName www1.example.com<br />
    ErrorLog /www/logs/www1/error_log<br />
    CustomLog /www/logs/www1/access_log combined<br />
    &lt;/VirtualHost&gt;<br />
    <br />
    &lt;VirtualHost 172.20.30.50:80&gt;<br />
    ServerAdmin webmaster@www2.example.org<br />
    DocumentRoot /www/vhosts/www2<br />
    ServerName www2.example.org<br />
    ErrorLog /www/logs/www2/error_log<br />
    CustomLog /www/logs/www2/access_log combined<br />
    &lt;/VirtualHost&gt;
    </example>

    <p>It is recommended that you use an IP address instead of a
    hostname in the &lt;VirtualHost&gt; directive
    (see <a href="../dns-caveats.html">DNS caveats</a>).</p>

    <p> Specific IP addresses or ports have precedence over their wildcard
    equivalents, and any virtual host that matches has precedence over
    the servers base configuration.</p>

    <p>Almost <strong>any</strong> configuration directive can be
    put in the VirtualHost directive, with the exception of
    directives that control process creation and a few other
    directives. To find out if a directive can be used in the
    VirtualHost directive, check the <a
    href="../mod/directive-dict.html#Context">Context</a> using the
    <a href="../mod/directives.html">directive index</a>.</p>

    <p><directive module="mod_suexec">SuexecUserGroup</directive>
    may be used inside a
    VirtualHost directive if the <a href="../suexec.html">suEXEC
    wrapper</a> is used.</p>

    <p><em>SECURITY:</em> When specifying where to write log files,
    be aware of some security risks which are present if anyone
    other than the user that starts Apache has write access to the
    directory where they are written. See the <a
    href="../misc/security_tips.html">security tips</a> document
    for details.</p>

</section>
</manualpage>