How I organized a bunch of apache + vmware
A long time on one of the servers to spin about a dozen sites, they are all at risk of hacking. Since Apach + php is under Windows, there is no possibility to differentiate the right to write to this or that folder. An ordinary command can wipe all the files on the server.
The solution was found pretty simple, but what if you spread user sites to virtual servers. And already if one is hacked, then in the aisles of the virtual server, even if they are “digging,” they will not come out any further.
I put Vmvare Server 2 on the server, vmware.com/products/server, the product is free, you just need to register and you will receive a key by mail. Allows you to create dozens of virtual machines, management comes from under the browser, so that you can manage servers from anywhere in the world.
But, the question arises, the servers are virtual and they are not visible on the Internet, only the main server, on which they actually spin everything, knows about them, it is impossible to forward port 80 a lot of servers and he is busy on the main server.
')
And, everything is solved quite simply, Apache has a Proxy server module, the Apache itself can act not only as a web, but also a proxy server, I decided to use this opportunity.
First of all, we register the IP of our main server at the domain name registrar, where all requests will be sent.
On the main server in the Apache configuration file we will write:
ProxyPass / site.com
ProxyPassReverse / site.com
Actually, in these lines we make it clear to the Apache that all requests that come for site.com are sent using the built-in server to the same site .com. But the question arises, it turns out looping. To prevent this from being necessary, in the file c: / Windows / System32 / drivers / etc / hosts, add an internal IP for this site, let's say it looks like this to me:
It turns out that at first the request comes to the main server, on an external IP, then the Apache already looks, where there is site.com and gets IP, according to the rules of the system (ignores external DNS) it looks in the hosts and requests the site from the internal virtual server.
The solution was found pretty simple, but what if you spread user sites to virtual servers. And already if one is hacked, then in the aisles of the virtual server, even if they are “digging,” they will not come out any further.
I put Vmvare Server 2 on the server, vmware.com/products/server, the product is free, you just need to register and you will receive a key by mail. Allows you to create dozens of virtual machines, management comes from under the browser, so that you can manage servers from anywhere in the world.
But, the question arises, the servers are virtual and they are not visible on the Internet, only the main server, on which they actually spin everything, knows about them, it is impossible to forward port 80 a lot of servers and he is busy on the main server.
')
And, everything is solved quite simply, Apache has a Proxy server module, the Apache itself can act not only as a web, but also a proxy server, I decided to use this opportunity.
First of all, we register the IP of our main server at the domain name registrar, where all requests will be sent.
On the main server in the Apache configuration file we will write:
<VirtualHost *:80>
ServerAdmin webmaster@site.com
DocumentRoot D:/www2/site/
ServerName site.com
ServerAlias www.site.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
ProxyPass / site.com
ProxyPassReverse / site.com
Actually, in these lines we make it clear to the Apache that all requests that come for site.com are sent using the built-in server to the same site .com. But the question arises, it turns out looping. To prevent this from being necessary, in the file c: / Windows / System32 / drivers / etc / hosts, add an internal IP for this site, let's say it looks like this to me:
192.168.2.2 site.comIt turns out that at first the request comes to the main server, on an external IP, then the Apache already looks, where there is site.com and gets IP, according to the rules of the system (ignores external DNS) it looks in the hosts and requests the site from the internal virtual server.
Source: https://habr.com/ru/post/63556/
All Articles