Re: [PATCH] virtual_hosting.txt

[Robert L Sowders]

Well hey there,

It is a nice document, isn't it. 
Alas, I'm not the Author. 
I pulled it off the tomcat-user list last August. 
It was sent originally by Glen Nielsen. [EMAIL PROTECTED]
A brief search through the mailing list archives and presto, 
http://marc.theaimsgroup.com/?l=tomcat-user&m=102838763518720&w=2

All credit should go to Mr. Nielsen

Thank you,

rls





Ian Darwin <[EMAIL PROTECTED]>
10/31/2002 06:28 AM

 
To: "Robert L Sowders" <[EMAIL PROTECTED]>, "Tomcat Developers List" 
<[EMAIL PROTECTED]>
cc: 
Subject:Re: [PATCH]  virtual_hosting.txt


Robert, thank you for sending this document!

I'd just like to clarify the copyright on this document before 
reformatting it into our XML tags:
Do we have permission to include the "virtual hosting with tomcat and 
apache"
document that you submitted to Bill Barker, into the Tomcat distribution, 
and to
place it under the standard Apache Software Foundation License? You will 
be
credited as the original author, of course.

Thanks very much!

Ian Darwin
[EMAIL PROTECTED]

On October 31, 2002 02:06 am, Bill Barker wrote:
> I'm pretty busy just at the moment, so I'm forwarding this to the list. 
I
> does a pretty good job of addressing a lot of the newbie questions that
> come up over and over on tomcat-user.
>
> - Original Message -
> From: "Robert L Sowders" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, October 30, 2002 1:03 AM
> Subject: virtual_hosting.txt
>
> > as promised





--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>

Re: [PATCH] virtual_hosting.txt

[Glenn Nielsen]

Robert,

Thank you for making sure authorship was attributed to me. :-)

I orginally wrote this to answer some questions Craig had about
Tomcat and web hosting.  Then later reposted it to tomcat-user
when a similar question was raised.

Yes it can be added to the Tomcat 4.1 documentation and committed to cvs
with the ASF license.

Regards,

Glenn

Robert L Sowders wrote:

Well hey there,

It is a nice document, isn't it. 
Alas, I'm not the Author. 
I pulled it off the tomcat-user list last August. 
It was sent originally by Glen Nielsen. [EMAIL PROTECTED]
A brief search through the mailing list archives and presto, 
http://marc.theaimsgroup.com/?l=tomcat-user&m=102838763518720&w=2

All credit should go to Mr. Nielsen

Thank you,

rls





Ian Darwin <[EMAIL PROTECTED]>
10/31/2002 06:28 AM

 
To: "Robert L Sowders" <[EMAIL PROTECTED]>, "Tomcat Developers List" 
<[EMAIL PROTECTED]>
cc: 
Subject:Re: [PATCH]  virtual_hosting.txt


Robert, thank you for sending this document!

I'd just like to clarify the copyright on this document before 
reformatting it into our XML tags:
Do we have permission to include the "virtual hosting with tomcat and 
apache"
document that you submitted to Bill Barker, into the Tomcat distribution, 
and to
place it under the standard Apache Software Foundation License? You will 
be
credited as the original author, of course.

Thanks very much!

Ian Darwin
[EMAIL PROTECTED]

On October 31, 2002 02:06 am, Bill Barker wrote:

I'm pretty busy just at the moment, so I'm forwarding this to the list. 

I


does a pretty good job of addressing a lot of the newbie questions that
come up over and over on tomcat-user.

- Original Message -
From: "Robert L Sowders" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 30, 2002 1:03 AM
Subject: virtual_hosting.txt



as promised











--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>

Re: [PATCH] virtual_hosting.txt

[Ian Darwin]

Robert, thank you for sending this document!

I'd just like to clarify the copyright on this document before reformatting it into 
our XML tags:
Do we have permission to include the "virtual hosting with tomcat and apache"
document that you submitted to Bill Barker, into the Tomcat distribution, and to
place it under the standard Apache Software Foundation License? You will be
credited as the original author, of course.

Thanks very much!

Ian Darwin
[EMAIL PROTECTED]

On October 31, 2002 02:06 am, Bill Barker wrote:
> I'm pretty busy just at the moment, so I'm forwarding this to the list.  I
> does a pretty good job of addressing a lot of the newbie questions that
> come up over and over on tomcat-user.
>
> - Original Message -
> From: "Robert L Sowders" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, October 30, 2002 1:03 AM
> Subject: virtual_hosting.txt
>
> > as promised


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

[PATCH] virtual_hosting.txt

[Bill Barker]

I'm pretty busy just at the moment, so I'm forwarding this to the list.  I
does a pretty good job of addressing a lot of the newbie questions that come
up over and over on tomcat-user.

- Original Message -
From: "Robert L Sowders" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 30, 2002 1:03 AM
Subject: virtual_hosting.txt


> as promised
>
>

Web Hosting with Tomcat 4 and Apache

Overview


There are a number of configuration issues and security concerns
which must be addressed when setting up Apache and Tomcat 4 for
virtual hosting of customer sites in a web hosting environment.

The major conerns are:

1.  Delegating to untrusted customers maintenance of their applications
without compromising server security.

2.  Configuring Apache and Tomcat for virtual hosting.

3.  Surviving poorly written web applications installed by
customers.  This includes fault tolerance and identifying
which customer's web application is causing problems.

4.  Mimimize the amount of hand holding or config changes the
apache and tomcat system administrators have to make.

This is written based on my experiences setting up this type
of hosting environment on Sun Solaris hardware.  Some of this
will be specific to Solaris, but in general should work for
almost any flavor of Unix.

Unix accounts and groups


The user "tomcat" was created for running tomcat, it should
be created similar to the "nobody" account used for running
Apache.  The tomcat user is assigned to the group tomcat.
The tomcat user is a member of group "user".

The group "tomcat" was created as the group the user "tomcat"
is assigned to.

The group "user" was created, this is the group customer
ftp accounts are assigned to.  The "tomcat" account is a
member of this group so that both customers and tomcat
can write files in directories assigned to group "user".

Each customer has their own ftp account which is in group
"user".

There is a "webmaster" administrator shell account.  This
account is for your virtual host administrator. The
webmaster account is assigned to group "user" and is also
a member of group "tomcat".

Directory layout


The layout of directories is designed to make it as easy as
possible for customers to maintain their own web space content
and applications.

Here is an example of how I do it:

The customer is assigned an FTP account which has permission
to read their virtual host directory and write to a subset of
that.

For example, a customer may be assigned the following directory:

/export/home/www.customer.com root:other 755


Within that directory are sub directories which the customer
can read and/or write. Listed are the directory names, 
ownership, and mode.

www webmaster:user 2775
--

Apache document root directory.  Customer and tomcat can
both read/write directories and files.

logs root:other 755
---

Directory where apache access_log and error_log are placed.
We also rotate these logs weekly and use bzip2 to compress
any log files older than 5 weeks.  Log files less than 5
weeks old are left uncompressed so that they can be used
by web statistic software like Analog. Customer can read
files in this directory but not write files.

tomcat tomcat:tomcat 755


Directory used for the tomcat work and tomcat virtual host logs.
Only tomcat can write in this directory. Customer can read
files in this directory.

tomcat/work tomcat:tomcat 755
-

Tomcat work directory for virtual host. Only tomcat can write
files.  Customer can read files. This allows customer to review
java source files generated during a JSP page compile.

tomcat/logs tomcat:tomcat 755 
--

Tomcat log directory for virtual host. Only tomcat can write
files.  Customer can read files. This allows the customer
to review their virtual host application logs.

reports webmaster:tomcat 2775
-

Directory I use for placing custom reports generated for customer.
This is aliased into the customers document space and can password
restricted using a .htaccess file.

Apache VirtualHost config
=

We are using Apache 1.3.26.

mod_jk config
-

# Load Tomcat mod_jk 1.2
LoadModule jk_module  libexec/mod_jk.so
JkWorkersFile /usr/local/apache/conf/workers.properties
JkLogFile /usr/local/apache/logs/mod_jk.log
JkLogLevelerror
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

I also use a script to rotate the mod_jk.log weekly.

VirtualHost config
--


ServerAdmin [EMAIL PROTECTED]
DocumentRoot /export/home/www.customer.com/www
ServerName www.customer.com

DirectoryIndex index.html index.htm index.shtml index.shtm index.jsp

# Alias the admin reports directory into webspace
# The files are located outside of webspace so that only files
# w