我们通常所说的虚拟主机技术就是将一台(或者一组)服务器的资源(系统资源、网络带宽、存储空间等)按照一定的比例分割成若干台相对独立的“小主机”的技术。每一台这样的“小主机”在功能上都可以实现WWW、FTP、Mail等基本的Internet服务,就像使用独立的主机一样。
目前网站服务器的虚拟主机平台使用以开放的Apache为最多,其次是微软的Windows IIS。Apache具有跨平台(FreeBSD/Linux/Windows/Solaris/Other UNIX)、易于维护与最佳安全性等优点。
Apache是率先支持基于IP虚拟主机的服务器之一。 Apache 1.1及其更新版本同时支持基于IP和基于主机名的虚拟主机,不同的虚拟主机有时会被称为基于主机(host-based) 或非IP虚拟主机(non-IP virtual hosts)。
用Apache设置虚拟主机服务通常可以采用两种方案:基于IP地址的虚拟主机和基于主机名字的虚拟主机,下面我们分别介绍一下它们的实现方法以及优缺点。以便大家在具体的应用中能够选择最合适的实现方法。
一、Apache实现基于IP地址的虚拟主机(每个站点拥有一个独立IP地址)
使用这种虚拟主机方式,首先要在服务器上为每个虚拟主机单独设置一个IP地址。这些IP地址可以通过增加多个网卡或者在一个网卡上设立多个IP地址来完成。有了多个IP地址后,可以采用以下两种方式之一来设置Apache。
1、为每个虚拟主机运行一份Apache
采用这种方式,每一份Apache程序可以以单独的用户运行,因此各个虚拟主机之间互不影响。设置这种虚拟主机时,只要为每一份Apache设置一套配置文件就可以了,唯一需要注意的是:必须使用“Listen”语句,强制每一份Apache 仅仅在属于“自己”的IP地址上接收服务请求。
优点:各个虚拟主机之间互不干扰,安全性高。
缺点:占用系统资源较多。
2、多个虚拟主机共享同一份Apache
采用这种方式,各个虚拟主机共享同一份Apache,因此各个虚拟主机之间有一定的影响,尤其是执行CGI程序时,可能会带来一些严重的安全问题。设置这种虚拟主机时,只要为每一个虚拟主机设置类似如下的信息即可:
DocumentRoot /www/ghq1
…
优点:占用系统资源比上一种方式少。
缺点:安全性低,每个虚拟主机仍然需要占用一个IP地址。
例如服务器一个网卡上绑定有两个IP地址(172.16.3.40和 172.16.3.50)分别对应域名 www.ghq1.com和www.ghq2.org的服务,配置如下:
服务器配置(apache的配置文件httpd.conf)
Listen 80
DocumentRoot /www/ghq1
ServerName www.ghq1.com
DocumentRoot /www/ghq2
ServerName www.ghq2.org
配置简单说明:“Listen”默认httpd服务会监控第80号通信端口, “Listen”选项让用户自行指定apache 服务器监控的IP地址或通信端口。
“DocumentRoot”:指定apache 服务器存放网页的根目录;“ServerName”:允许用户自行设置主机名,这个名称将被送到远程连接程序,以取代安装apache 服务器主机的真实名称。
如果服务器有两个IP地址(172.16.3.40和 172.16.3.50)分别对应域名 www.ghq1.com和www.ghq2.org。对每个域名,我们都希望在80端口和8080端口发布我们的网站。可以这样配置:
Server configuration (apache configuration file httpd.conf)
Listen 172.16.3.40:80
Listen 172.16.3.40:8080
Listen 172.16.3.50:80
Listen 172.16.3.50: 8080
DocumentRoot /www/ghq1-80
ServerName www.ghq1.com
DocumentRoot /www/ghq1-8080
ServerName www.ghq1.com
DocumentRoot /www/ghq2-80
ServerName www.ghq1.org
DocumentRoot /www/ghq2-8080
ServerName www.ghq2.org
Therefore, to establish a virtual host, we need to do domain name resolution work corresponding to different IPs, establish a corresponding directory (such as /www/ghq1), and store the corresponding homepage content in the corresponding directory.
2. Apache implements a virtual host service based on the host name (one IP address implements multiple websites)
The virtual host service based on the host name is a commonly used solution for virtual hosts at present. Because it does not require more IP addresses and no special software or hardware support. And most of today's browsers support this virtual host implementation method. Domain name-based virtual hosts are determined based on the hostname part of the HTTP header submitted by the client. Using this technology, many virtual hosts can share the same IP address.
Domain name-based virtual hosting is relatively simple, because we only need to configure the DNS server to map each host name (CNAMES) to the correct IP address, and then configure the Apache HTTP server to recognize different host names. . Domain name-based servers can also alleviate the problem of insufficient IP addresses (IPV4). In this way, each virtual host shares the same Apache, so when a CGI program is running, the security is not high.
Advantages: Only one IP address can provide a large number of virtual host services.
Disadvantages: Poor security. Maintaining these virtual hosts requires configuration file changes, and the Apache process needs to be restarted for it to work. Therefore, it is not suitable for large-scale virtual hosting services.
If the server has only one IP address and there are many mapped to this machine in DNS. We want to run two sites www.ghq1.com and www.ghq2.org on this machine. Creating a virtual host in the Apache server configuration does not automatically update the hostname in DNS accordingly. We have to add the domain name in DNS ourselves to point to our IP address. Otherwise others will not be able to see our web site.
Server configuration (apache configuration file httpd.conf)
# Ensure that Apache listens on port 80
Listen 80
# Listen for virtual host requests on all IP addresses
NameVirtualHost *
DocumentRoot /www/ghq1
ServerName www.ghq1.com
# Other directives here
DocumentRoot /www/ghq2
ServerName www.ghq2.org
# Other directives here
Because * (asterisk) matches all addresses, the main server does not accept any requests. Because www.ghq1.com appears first in the configuration file, it has the highest priority and can be considered the default or primary server. This means that if an accepted request does not match a ServerName directive, it will be served by the first VirtualHost.
When our IP address cannot be determined, it is very convenient to use * - for example, the ISP has configured us with a dynamic IP address (such as ADSL dial-up Internet access), and we have used some kind of dynamic domain name resolution system time. Because * matches any IP address, in this case, no matter how the IP address changes, we do not need to configure it separately. The above configuration is that we use domain name-based virtual hosts in most cases
