Questions that have been raised

A couple of questions have been raised that I'd appreciate some confirmation on...

Someone reported that the site does not run after rebooting. Is this a similar situation to setting passwords - that is, are there other "shadow" files that need to be overwritten as well?

Goal

Configure the existing thttpd web server to handle virtual hosting. This allows the same thttpd process to run the admin website, as well as additional websites. Notice that I said "websites" (plural) - not "website" (singular). It means that you can have multiple domains pointing to your website!

This method can be used instead of SimpleHomeWebsite, but requires slightly more care as you can mess up your existing admin website. Depending upon the week you visit my site ByteRed, it may be implemented by one or the other method.

Prerequisites

• Installation of Unslung
• Installation of openssh. See Packages
• Access to chgrp command. This comes with an upgrade of BusyBox or a comparable package.

No other software installation is required! (Question for others: will this approach work with OpenSlug, etc...)

Step 1: Configure the outside world

• Register the domain names for your websites (notice the plural).
• Talk to your internet provider about a static IP address for your home, or see DynDNSupdate and SetUpYourOwnStaticLinkToYourSiteAtADynamicIP.

Step 2: Create the virtual host directory and provide access

Using the NSLU2 administrative user page, create a new user called, "vhosts". Fill in the bottom portion of the admin page as shown (choose your own password), and click on the "Save as New User" button.

This will create a new user called "vhosts", and a new directory on your NSLU2 at location...

For each website (e.g. www.domain.com) you will be hosting, do the following:

should this not be ln -s .../vhosts/www.domain.com /home/httpd/www.domain.com?

(Note: thttpd is picky about file permissions. See http://www.acme.com/software/thttpd/thttpd_man.html#PERMISSIONS )

(Note 2: thttpd also seems to 'cache' incorrect file permissions. I.e. if you get the permissions on a file wrong, and try to view it via http, you get 'access denied'. If you then fix the file permissions, you still get 'access denied' via http! Restarting thttpd (as described below) is needed to get it to re-read the file permissions)

Add HTML files to your websites from your PC, by clicking on Start->Run... and keying in \\192.168.1.77\vhosts, and click the "OK" button. You will be prompted for a username and password - provide the same as when you created the user.

You can now drag and drop, or cut and paste your HTML files into the appropriate subdirectory in this window, which represents the top level directory of your virtual hosting directories located on your NSLU2.

Step 3: Configure THTTPD Virtual Hosting

This step configures the existing thttpd web server with virtual hosting, which will serve the existing admin website as well as any new domain names you have directed to your NSLU2.

ssh into your slug. Make sure you have access other than telnet! Otherwise, if you mess up your admin website, you may not be able to enable telnet.

Modify thttpd.conf and remove the last segment "/html" of the dir pathname, set port=80, and add the "vhost" command. The thttpd config file uncommented lines should read as follows:

Then create a link for the admin website:

To test, kill the existing httpd process, and restart:

You should now be able to access your new website[s]!

A fully commented conf file /opt/etc/thttpd.conf to refer to:

  
# Configuration file for thttpd (defined for NSLU2 ipkg thttpdphp)

# Specifies an alternate port number to listen on. The default is 80.
port=80

# Specifies a directory to chdir() to at startup. This is merely a convenience 
# you could just as easily do a cd in the shell script that invokes the program.
dir=/opt/share/www

# Specifies what user to switch to after initialization when started as root. 
# The default is "nobody"
user=nobody

# Do a chroot() at initialization time, restricting file access to the program's 
# current directory.
nochroot
#chroot=

# Specifies a directory to chdir() to after chrooting. If you're not chrooting, 
# you might as well do a single chdir(). If you are chrooting, this lets you put 
# the web files in a subdirectory of the chroot tree, instead of in the top level 
# mixed in with the chroot files.
#datadir=

# Don't do explicit symbolic link checking. Normally, thttpd explicitly expands 
# any symbolic links in filenames, to check that the resulting path stays within 
# the original document tree. If you want to turn off this check and save some 
# CPU time, you can use this option, however this is not recommended. 
# Note, though, that if you are using the chroot option, the symlink checking is 
# unnecessary and is turned off, so the safe way to save those CPU cycles is to 
# use chroot. 
#symlinkcheck   <-- docs say this should be used from v 2.24 onwards,
# but they seem to be wrong
#nosymlinkcheck <-- docs say this should be used from v 2.24 onwards,
# but they seem to be wrong
#symlink
nosymlink

# Do el-cheapo virtual hosting. This sends each incoming request to a subdirectory 
# based on the hostname it's intended for. All you have to do in order to set things
# up is to create those subdirectories in the directory where thttpd will run.
#novhost
vhost

# Use a global passwd file. This means that every file in the entire document tree 
# is protected by the single .htpasswd file at the top of the tree. Otherwise the 
# semantics of the .htpasswd file are the same. If this option is set but there is 
# no .htpasswd file in the top-level directory, then thttpd proceeds as if the option 
# was not set - first looking for a local .htpasswd file, and if that doesn't exist 
# either then serving the file without any password. 
#globalpasswd
#noglobalpasswd

# Specifies what user to switch to after initialization when started as root. 
# The default is "nobody".
#user=

# Specifies a wildcard pattern for CGI programs, for instance "**.cgi" or "/cgi-bin/*". 
#cgipat=

# Specifies a file of throttle settings.
#throttles=

# Specifies a hostname to bind to, for multihoming. The default is to bind to all 
# hostnames supported on the local machine. 
#host=

# Specifies a file for logging. If no -l argument is specified, thttpd logs via 
# syslog(). If "-l /dev/null" is specified, thttpd doesn't log at all.
logfile=/var/log/thttpd.log

# Specifies a file to write the process-id to. If no file is specified, 
# no process-id is written. You can use this file to send signals to thttpd.
pidfile=/var/run/thttpd.pid

# Specifies the character set to use with text MIME types. The default is iso-8859-1. 
#charset=

# Specifies a P3P server privacy header to be returned with all responses. 
# See http://www.w3.org/P3P/ for details. Thttpd doesn't do anything at all with the 
# string except put it in the P3P: response header. 
#p3p=

# Specifies the number of seconds to be used in a "Cache-Control: max-age" header to 
# be returned with all responses. An equivalent "Expires" header is also generated. 
# The default is no Cache-Control or Expires headers, which is just fine for most sites. 
#max_age=

David R. Sullivan note: You may wish to try it this way for thttpd to work:

For each website (e.g. www.domain.com) you will be hosting, do the following:

Artur Sornat note:

I created www.domain.com first and it worked.

Would the following work and eliminate the need for chgrp? chown vhosts:vhosts www.domain.com

Gordon Baskin adds:

An Alternative to Set Up Multiple Servers on Multiple IP Addresses

A. Create ip alaises:

1. Download and install net-tools

2. Define aliases for native interface ixp0

3. Modify routing table

 After you run these, the output of ifconfig -a should look like this:

 ixp0     Link encap:Ethernet  HWaddr? 00:04:5A:0F:8D:01  
          inet addr:192.168.1.77   Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:395083 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35921 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:256 
          RX bytes:34666755 (33.0 Mb)  TX bytes:5320373 (5.0 Mb)

 ixp0:0   Link encap:Ethernet  HWaddr? 00:04:5A:0F:8D:01  
          inet addr:192.168.1.25  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

 ixp1     Link encap:Ethernet  HWaddr? 00:04:5A:0F:8D:01  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:256 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

 lo       Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:56 errors:0 dropped:0 overruns:0 frame:0
          TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3920 (3.8 Kb)  TX bytes:3920 (3.8 Kb)

And, the output of route -n should be:

 Kernel IP routing table
 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
 192.168.1.25    0.0.0.0         255.255.255.255 UH    0      0        0 ixp0
 192.168.1.77    0.0.0.0         255.255.255.255 UH    0      0        0 ixp0
 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 ixp0
 127.0.0.0       0.0.0.0         255.255.255.0   U     0      0        0 lo
 239.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 ixp0
 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
 0.0.0.0         192.168.1.106   0.0.0.0         UG    1      0        0 ixp0

(All of the ixp interfaces, even the aliases, appear as ixp0. Don't worry about this. You will check it later.)

5. To recreate these interface aliases after reboot, modify /etc/rc.d/rc.local by inserting the appropriate lines:

B. Set up another instance of thhtpd as a webserver, more or less like UseTheThttpdWebserver:

1. Copy and rename the thttpd executable

2. Create a new thttpd config file

Here is my example thttpd2.conf file:

  # This section overrides defaults
  dir=/opt/var/www/www.yourwebsite.com
  chroot
  nosymlink
  user=nobody
  logfile=/opt/var/log/thttpd2.log
  pidfile=/opt/var/run/thttpd2.pid
  cgipat=**.cgi
  host=192.168.1.25
  # This section _documents_ defaults in effect
  # port=80
  # nosymlink# default = !chroot
  # novhost
  # nocgipat
  # nothrottles
  # host=0.0.0.0
  # charset=iso-8859-1

3. Create the directory /opt/var/log. The owner:group is root:root and the permissions are 700.

4. Put your web pages in /opt/var/www/www.yourwebsite.com/

C. Set up scripts to launch web server. If you were to simply run "/opt/sbin/thttpd2 -C /opt/etc/thttpd2.conf" the program would fail. That is because the first instance of thttpd running the NSLU web gui has bound, by default, to all interfaces. You need to relaunch the NSLU webserver bound to the default interface then launch other servers bound to their own ip aliases.

1. Create a new configuration file /etc/thttpd1.conf for the NSLU web gui server:

Here is my file:

  # This section overrides defaults
  dir=/home/httpd/html
  nochroot
  nosymlink
  user=root# default = nobody
  #logfile=/var/log/thttpd.log
  pidfile=/var/run/thttpd.pid
  cgipat=**.cgi
  host=192.168.1.77 #Set to the ip of the NSLU
  # This section _documents_ defaults in effect
  # port=80
  # user=nobody
  # nosymlink
  # nochroot
  # novhost
  # nocgipat
  # nothrottles
  # host=0.0.0.0
  # charset=iso-8859-1

2. Create a script to kill the default gui, relaunch it bound to a specific ip, and launch the new server.

Here is my file:

  #!/bin/sh

  if [ -n "`pidof thttpd`" ] ;then
        /bin/killall thttpd 2>/dev/null
  fi
  sleep 2

  /usr/sbin/thttpd -C /etc/thttpd1.conf

  /opt/sbin/thttpd2 -C /opt/etc/thttpd2.conf

Check the permissions. The owner:group should be root:root and the permissions 755.

4. Now start the server:

You can check by "netstat -an" to see the processes are listening on the appropriate ips and ports.

  Active Internet connections (servers and established)
  Proto Recv-Q Send-Q Local Address           Foreign Address         State      
  tcp        0      0 0.0.0.0:1024            0.0.0.0:*               LISTEN      
  tcp        0      0 0.0.0.0:2049            0.0.0.0:*               LISTEN      
  tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      
  tcp        0      0 192.168.1.77:80         0.0.0.0:*               LISTEN      
  tcp        0      0 192.168.1.25:80         0.0.0.0:*               LISTEN      
  tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      
  tcp        0      0 0.0.0.0:663             0.0.0.0:*               LISTEN      
  tcp        0      0 192.168.1.105:2200      0.0.0.0:*               LISTEN      
  tcp        0      0 0.0.0.0:665             0.0.0.0:*               LISTEN      
  ...

5. Adjust your firewall to open up the servers to the public if you wish.

Using the same steps, you can have multiple servers running on multiple different ip addresses. Why would you do this when you can simply run the server on a non-standard port and then use your firewall/router to map this to a standard external port? Well, some firewalls (for example, Netscreen 5 series running ScreenOS? 5.4.0rXX) do not let you map a given internal/trusted ip port to any external/untrust ip port except for the same port number. Why that is the behavior is a mystery to me. Even a cheap friggin' Netgear can do this. However, the Netgear doesn't have embedded proxy server, antivirus, various packet screens, and deep inspection.

Email for any questions or comments is gordon at baskin dot cc.