The Scenario

Once set in the configuration, the user name in Apache httpd cannot be set for different virtual servers.  To set up a server that hosts virtual servers under one username and others under another, you have two options: multiple apache configurations running as seperate daemons or virtualization.  While virtualization would be more ideal, and may be something to consider in the future, running additional daemons is a bit more accessible for the time being.

Let’s say you have a website, example.com, and a few user web sites that individual users have access to on their own domains or subdomains of a shared domain (for example: user1.websites.com).  Under no circumstances would you want these users to run scripts under the same user name, or have access to the same files as example.com.  suEXEC and suPHP can come into play, but I want a little more separation.

The idea is to have one daemon configured to listen on the usual ports, 80 and 443, serve example.com, and redirect all other requests to an additional daemon listening on ports 8080 and 4443.  The requests can be forwarded using mod_proxy.

The Implimentation

The following steps are for a CentOS 5 and an Apache 2.2.3 setup.

Create a new sysconfig httpd config file, and a new config directory by copying the original httpd files.

$ cp /etc/sysconfig/httpd /etc/sysconfig/httpd-shared
$ cp /etc/httpd /etc/httpd-shared -rf

Now we need an init.d file just like the current httpd file with all instances of /etc/sysconfig/httpd replaced with /etc/sysconfig/httpd-shared. There should only be two instances right next to each other near the head of the script. Below I’ll use sed to replace all instances and export the stream to a new file.

$ sed -e "s/\/etc\/sysconfig\/httpd/\/etc\/sysconfig\/httpd-shared/" /etc/init.d/httpd > /etc/init.d/httpd-shared
$ chown root:root /etc/init.d/httpd-shared; chmod 755 /etc/init.d/httpd-shared

Edit the sysconfig httpd-shared file

$ nano /etc/sysconfig/httpd-shared

Add the following lines:

PIDFILE=/var/run/httpd-shared.pid
LOCKFILE=/var/lock/subsys/httpd-shared
CONFFILE=/etc/httpd-shared/conf/httpd.conf

Edit the httpd-shared httpd.conf file

$ nano /etc/httpd-shared/conf/httpd.conf

Change the listening port and replace the PidFile with the new one. You may also change the username and anything else.

REPLACE:
PidFile run/httpd.pid

WITH:
PidFile run/httpd-shared.pid

REPLACE:
Listen 80

WITH:
Listen 8080

You may want to also add the following for any domains you do not want proxied.

NoProxy .example.com

Now somewhere in the original httpd configuration, you will want to set up example.com like normal. However, you will also have to configure the domains you want served under the “shared” httpd to be properly forwarded with mod_proxy.

In your original httpd configuration file ( I’ll be using /etc/httpd/conf.d/zz02_users.conf ), you’ll want to add the following lines.

<VirtualHost *:80>
  ServerName user1.websites.com
  ProxyPass / http://user1.websites.com:8080/
  ProxyPassReverse / http://user1.websites.com:8080/
</VirtualHost>

ProxyPass forwards all requests for the root URI to the specified domain name (and protocol!). ProxyPassReverse will change the Location, Content-Location and URI headers on HTTP redirect responses.

Now all you have to do is set up the VirtualHosts in the “shared” httpd configuration.