NSLU2-Linux
view · edit · print · history

HowTo.VirtualHostingWithTHTTPD History

Hide minor edits - Show changes to markup

November 19, 2008, at 09:42 AM by DaveLane --
Changed lines 62-63 from:
to:
Update: I don't know when this was fixed, but I am now running thttpd 2.25b, and it is no longer caching the file permissions. - Dave Lane
October 31, 2008, at 09:18 PM by Gordon Baskin --
Changed lines 267-268 from:
ifconfig add ixp0 192.168.1.25 (This will create ixp0:0)
ifconfig add ixp0 192.168.1.26 (This will create ixp0:1)
to:
ifconfig ixp0 add 192.168.1.25 (This will create ixp0:0)
ifconfig ixp0 add 192.168.1.26 (This will create ixp0:1)
Changed lines 324-325 from:
ifconfig add ixp0 192.168.1.25
ifconfig add ixp0 192.168.1.26
to:
ifconfig ixp0 add 192.168.1.25
ifconfig ixp0 add 192.168.1.26
October 31, 2008, at 09:13 PM by Gordon Baskin --
Changed lines 267-268 from:
ifconfig add 192.168.1.25 ixp0 (This will create ixp0:0)
ifconfig add 192.168.1.26 ixp0 (This will create ixp0:1)
to:
ifconfig add ixp0 192.168.1.25 (This will create ixp0:0)
ifconfig add ixp0 192.168.1.26 (This will create ixp0:1)
Changed lines 324-325 from:
ifconfig add 192.168.1.25 ixp0
ifconfig add 192.168.1.26 ixp0
to:
ifconfig add ixp0 192.168.1.25
ifconfig add ixp0 192.168.1.26
October 30, 2008, at 02:31 AM by Gordon Baskin --
Changed lines 433-436 from:

Using the same steps, you can have multiple servers running on multiple different ip addresses. Why would you do this when you can simply run the server on a non-standard port and then use your firewall/router to map this to a standard external port? Well, some firewalls (for example, Netscreen 5 series running ScreenOS? 5.4.0rXX) do not let you map a given internal/trusted ip port to any external/untrust ip port except for the same port number. Why that is the behavior is a mystery to me. Even a cheap friggin' Netgear can do this. However, the Netgear doesn't have embedded proxy server, antivirus, various packet screens, and deep inspection.

Email for any questions or comments is gordon at baskin dot cc.

to:

Using the same steps, you can have multiple servers running on multiple different ip addresses. Email for any questions or comments is gordon at baskin dot cc.

September 13, 2008, at 10:03 PM by Gordon Baskin --
Added line 253:

Changed lines 437-438 from:
 ***
to:

September 13, 2008, at 10:02 PM by Gordon Baskin --
Changed lines 432-433 from:

Using the same steps, you can have multiple servers running on multiple different ip addresses. Why would you do this when you can simply run the server on a non-standard port and then use your firewall/router to map this to a standard external port? Well, some firewalls (for example, Netscreen 5 series running ScreenOS? 5.4.0rXX) do not let you map internal/trusted ip port (8080, for example) to external/untrust ip port 80 (or whatever). Why that is the behavior is a mystery to me. Even a cheap friggin' Netgear can do this. However, the Netgear doesn't have embedded proxy server, antivirus, various packet screens, and deep inspection.

to:

Using the same steps, you can have multiple servers running on multiple different ip addresses. Why would you do this when you can simply run the server on a non-standard port and then use your firewall/router to map this to a standard external port? Well, some firewalls (for example, Netscreen 5 series running ScreenOS? 5.4.0rXX) do not let you map a given internal/trusted ip port to any external/untrust ip port except for the same port number. Why that is the behavior is a mystery to me. Even a cheap friggin' Netgear can do this. However, the Netgear doesn't have embedded proxy server, antivirus, various packet screens, and deep inspection.

September 13, 2008, at 08:48 PM by Anyone --
Added lines 432-433:

Using the same steps, you can have multiple servers running on multiple different ip addresses. Why would you do this when you can simply run the server on a non-standard port and then use your firewall/router to map this to a standard external port? Well, some firewalls (for example, Netscreen 5 series running ScreenOS? 5.4.0rXX) do not let you map internal/trusted ip port (8080, for example) to external/untrust ip port 80 (or whatever). Why that is the behavior is a mystery to me. Even a cheap friggin' Netgear can do this. However, the Netgear doesn't have embedded proxy server, antivirus, various packet screens, and deep inspection.

September 13, 2008, at 05:58 PM by Gordon Baskin --
Changed lines 415-416 from:

You can check by "netstat -an" to see the process are listening on the appropriate ips and ports.

to:

You can check by "netstat -an" to see the processes are listening on the appropriate ips and ports.

September 13, 2008, at 05:55 PM by Gordon Baskin --
Changed lines 319-320 from:
to:

(All of the ixp interfaces, even the aliases, appear as ixp0. Don't worry about this. You will check it later.)

September 13, 2008, at 05:52 PM by Gordon Baskin --
Added lines 430-434:

Email for any questions or comments is gordon at baskin dot cc.

 ***
September 13, 2008, at 05:50 PM by Gordon Baskin --
Changed lines 414-415 from:

You can check by "netstat -rn" to see the process are listening on the appropriate ips and ports.

to:

You can check by "netstat -an" to see the process are listening on the appropriate ips and ports.

  Active Internet connections (servers and established)
  Proto Recv-Q Send-Q Local Address           Foreign Address         State      
  tcp        0      0 0.0.0.0:1024            0.0.0.0:*               LISTEN      
  tcp        0      0 0.0.0.0:2049            0.0.0.0:*               LISTEN      
  tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      
  tcp        0      0 192.168.1.77:80         0.0.0.0:*               LISTEN      
  tcp        0      0 192.168.1.25:80         0.0.0.0:*               LISTEN      
  tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      
  tcp        0      0 0.0.0.0:663             0.0.0.0:*               LISTEN      
  tcp        0      0 192.168.1.105:2200      0.0.0.0:*               LISTEN      
  tcp        0      0 0.0.0.0:665             0.0.0.0:*               LISTEN      
  ...
September 13, 2008, at 05:33 PM by Gordon Baskin --
Changed lines 328-329 from:

B. Set up another instance of thhtpd as a webserver, mMore or less like UseTheThttpdWebserver:

to:

B. Set up another instance of thhtpd as a webserver, more or less like UseTheThttpdWebserver:

September 13, 2008, at 05:32 PM by Gordon Baskin --
Changed lines 255-258 from:

An Alternative to Set Up Multiple Servers on Multiple IP Addresses

A. Create ip alaises:

to:

An Alternative to Set Up Multiple Servers on Multiple IP Addresses

A. Create ip alaises:

Changed lines 328-329 from:

B. Set up another instance of thhtpd as a webserver, mMore or less like UseTheThttpdWebserver:

to:

B. Set up another instance of thhtpd as a webserver, mMore or less like UseTheThttpdWebserver:

Changed line 362 from:

C. Set up scripts to launch web server.

to:

C. Set up scripts to launch web server.

September 13, 2008, at 05:31 PM by Gordon Baskin -- Multiple servers on Multiple IP Addresses
Changed lines 251-416 from:

chown vhosts:vhosts www.domain.com

to:

chown vhosts:vhosts www.domain.com

Gordon Baskin adds:

An Alternative to Set Up Multiple Servers on Multiple IP Addresses

A. Create ip alaises:

1. Download and install net-tools

ipkg update
ipkg install net-tools

2. Define aliases for native interface ixp0

ifconfig add 192.168.1.25 ixp0 (This will create ixp0:0)
ifconfig add 192.168.1.26 ixp0 (This will create ixp0:1)
And so on.

3. Modify routing table

route add -host 192.168.1.77 ixp0 (Adds host route for default/native interface; Use ip address you have defined)
route add -host 192.168.1.25 ixp0:0
route add -host 192.168.1.26 ixp0:1
And so on.
 After you run these, the output of ifconfig -a should look like this:

 ixp0     Link encap:Ethernet  HWaddr? 00:04:5A:0F:8D:01  
          inet addr:192.168.1.77   Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:395083 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35921 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:256 
          RX bytes:34666755 (33.0 Mb)  TX bytes:5320373 (5.0 Mb)

 ixp0:0   Link encap:Ethernet  HWaddr? 00:04:5A:0F:8D:01  
          inet addr:192.168.1.25  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

 ixp1     Link encap:Ethernet  HWaddr? 00:04:5A:0F:8D:01  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:256 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

 lo       Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:56 errors:0 dropped:0 overruns:0 frame:0
          TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3920 (3.8 Kb)  TX bytes:3920 (3.8 Kb)

And, the output of route -n should be:

 Kernel IP routing table
 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
 192.168.1.25    0.0.0.0         255.255.255.255 UH    0      0        0 ixp0
 192.168.1.77    0.0.0.0         255.255.255.255 UH    0      0        0 ixp0
 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 ixp0
 127.0.0.0       0.0.0.0         255.255.255.0   U     0      0        0 lo
 239.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 ixp0
 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
 0.0.0.0         192.168.1.106   0.0.0.0         UG    1      0        0 ixp0

5. To recreate these interface aliases after reboot, modify /etc/rc.d/rc.local by inserting the appropriate lines:

ifconfig add 192.168.1.25 ixp0
ifconfig add 192.168.1.26 ixp0
route add -host 192.168.1.77 ixp0
route add -host 192.168.1.25 ixp0:0
route add -host 192.168.1.26 ixp0:1

B. Set up another instance of thhtpd as a webserver, mMore or less like UseTheThttpdWebserver:

1. Copy and rename the thttpd executable

cp /usr/sbin/thttpd /opt/sbin/thttpd2

2. Create a new thttpd config file

nano -w /opt/etc/thttpd2.conf

Here is my example thttpd2.conf file:

  # This section overrides defaults
  dir=/opt/var/www/www.yourwebsite.com
  chroot
  nosymlink
  user=nobody
  logfile=/opt/var/log/thttpd2.log
  pidfile=/opt/var/run/thttpd2.pid
  cgipat=**.cgi
  host=192.168.1.25
  # This section _documents_ defaults in effect
  # port=80
  # nosymlink# default = !chroot
  # novhost
  # nocgipat
  # nothrottles
  # host=0.0.0.0
  # charset=iso-8859-1

3. Create the directory /opt/var/log. The owner:group is root:root and the permissions are 700.

4. Put your web pages in /opt/var/www/www.yourwebsite.com/

C. Set up scripts to launch web server. If you were to simply run "/opt/sbin/thttpd2 -C /opt/etc/thttpd2.conf" the program would fail. That is because the first instance of thttpd running the NSLU web gui has bound, by default, to all interfaces. You need to relaunch the NSLU webserver bound to the default interface then launch other servers bound to their own ip aliases.

1. Create a new configuration file /etc/thttpd1.conf for the NSLU web gui server:

nano -w /etc/thttpd1.conf

Here is my file:

  # This section overrides defaults
  dir=/home/httpd/html
  nochroot
  nosymlink
  user=root# default = nobody
  #logfile=/var/log/thttpd.log
  pidfile=/var/run/thttpd.pid
  cgipat=**.cgi
  host=192.168.1.77 #Set to the ip of the NSLU
  # This section _documents_ defaults in effect
  # port=80
  # user=nobody
  # nosymlink
  # nochroot
  # novhost
  # nocgipat
  # nothrottles
  # host=0.0.0.0
  # charset=iso-8859-1

2. Create a script to kill the default gui, relaunch it bound to a specific ip, and launch the new server.

nano -w /opt/etc/init.d/S90thttpd2

Here is my file:

  #!/bin/sh

  if [ -n "`pidof thttpd`" ] ;then
        /bin/killall thttpd 2>/dev/null
  fi
  sleep 2

  /usr/sbin/thttpd -C /etc/thttpd1.conf

  /opt/sbin/thttpd2 -C /opt/etc/thttpd2.conf

Check the permissions. The owner:group should be root:root and the permissions 755.

4. Now start the server:

/opt/etc/init.d/S90thttpd2

You can check by "netstat -rn" to see the process are listening on the appropriate ips and ports.

5. Adjust your firewall to open up the servers to the public if you wish.

April 19, 2008, at 11:10 AM by Lurch -- Added note about file permissions not being re-read
Deleted line 57:
Added lines 61-63:

(Note 2: thttpd also seems to 'cache' incorrect file permissions. I.e. if you get the permissions on a file wrong, and try to view it via http, you get 'access denied'. If you then fix the file permissions, you still get 'access denied' via http! Restarting thttpd (as described below) is needed to get it to re-read the file permissions)

December 27, 2007, at 12:19 AM by ByronT -- Remove spam
Changed lines 1-249 from:

Cool topic! ;)

to:

Questions that have been raised

A couple of questions have been raised that I'd appreciate some confirmation on...

Someone reported that the site does not run after rebooting. Is this a similar situation to setting passwords - that is, are there other "shadow" files that need to be overwritten as well?

Goal

Configure the existing thttpd web server to handle virtual hosting. This allows the same thttpd process to run the admin website, as well as additional websites. Notice that I said "websites" (plural) - not "website" (singular). It means that you can have multiple domains pointing to your website!

This method can be used instead of SimpleHomeWebsite, but requires slightly more care as you can mess up your existing admin website. Depending upon the week you visit my site ByteRed, it may be implemented by one or the other method.

Prerequisites

  • Installation of Unslung
  • Installation of openssh. See Packages
  • Access to chgrp command. This comes with an upgrade of BusyBox or a comparable package.

No other software installation is required! (Question for others: will this approach work with OpenSlug, etc...)

Step 1: Configure the outside world

Step 2: Create the virtual host directory and provide access

Using the NSLU2 administrative user page, create a new user called, "vhosts". Fill in the bottom portion of the admin page as shown (choose your own password), and click on the "Save as New User" button.

http://www.bytered.com/unslung/add-vhosts-admin.gif%center%

This will create a new user called "vhosts", and a new directory on your NSLU2 at location...

/share/hdd/data/vhosts

For each website (e.g. www.domain.com) you will be hosting, do the following:

cd /share/hdd/data/vhosts
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
ln -s www.domain.com /home/httpd/www.domain.com

should this not be ln -s .../vhosts/www.domain.com /home/httpd/www.domain.com?

ln -s www.domain.com /home/httpd/domain.com #optional

(Note: thttpd is picky about file permissions. See http://www.acme.com/software/thttpd/thttpd_man.html#PERMISSIONS )

Add HTML files to your websites from your PC, by clicking on Start->Run... and keying in \\192.168.1.77\vhosts, and click the "OK" button. You will be prompted for a username and password - provide the same as when you created the user.

http://www.bytered.com/unslung/access-vhosts-files.gif%center%

You can now drag and drop, or cut and paste your HTML files into the appropriate subdirectory in this window, which represents the top level directory of your virtual hosting directories located on your NSLU2.

http://www.bytered.com/unslung/vhosts-window.gif%center%

Step 3: Configure THTTPD Virtual Hosting

This step configures the existing thttpd web server with virtual hosting, which will serve the existing admin website as well as any new domain names you have directed to your NSLU2.

ssh into your slug. Make sure you have access other than telnet! Otherwise, if you mess up your admin website, you may not be able to enable telnet.

Modify thttpd.conf and remove the last segment "/html" of the dir pathname, set port=80, and add the "vhost" command. The thttpd config file uncommented lines should read as follows:

dir=/home/httpd
nochroot
nosymlink
user=root
pidfile=/var/run/thttpd.pid
cgipat=**.cgi
port=80
vhost

Then create a link for the admin website:

cd /home/httpd
ln -s html nslu2 #Link the hostname to the html directory
ln -s html 192.168.1.77 #And, link the appropriate IP address for your NSLU2

To test, kill the existing httpd process, and restart:

kill `pidof thttpd`
/usr/sbin/thttpd -C /etc/thttpd.conf

You should now be able to access your new website[s]!

http://www.yourdomain.com/ will access your website
http://nslu2/ will access the original admin pages
http://196.168.1.77/ and so will this
michaelebrown@bytered.com from NSLU2 website ByteRed.

A fully commented conf file /opt/etc/thttpd.conf to refer to:

(:table border=0 width=100% bgcolor=#eeeeff:) (:cell:)

  
# Configuration file for thttpd (defined for NSLU2 ipkg thttpdphp)

# Specifies an alternate port number to listen on. The default is 80.
port=80

# Specifies a directory to chdir() to at startup. This is merely a convenience 
# you could just as easily do a cd in the shell script that invokes the program.
dir=/opt/share/www

# Specifies what user to switch to after initialization when started as root. 
# The default is "nobody"
user=nobody

# Do a chroot() at initialization time, restricting file access to the program's 
# current directory.
nochroot
#chroot=

# Specifies a directory to chdir() to after chrooting. If you're not chrooting, 
# you might as well do a single chdir(). If you are chrooting, this lets you put 
# the web files in a subdirectory of the chroot tree, instead of in the top level 
# mixed in with the chroot files.
#datadir=

# Don't do explicit symbolic link checking. Normally, thttpd explicitly expands 
# any symbolic links in filenames, to check that the resulting path stays within 
# the original document tree. If you want to turn off this check and save some 
# CPU time, you can use this option, however this is not recommended. 
# Note, though, that if you are using the chroot option, the symlink checking is 
# unnecessary and is turned off, so the safe way to save those CPU cycles is to 
# use chroot. 
#symlinkcheck   <-- docs say this should be used from v 2.24 onwards,
# but they seem to be wrong
#nosymlinkcheck <-- docs say this should be used from v 2.24 onwards,
# but they seem to be wrong
#symlink
nosymlink

# Do el-cheapo virtual hosting. This sends each incoming request to a subdirectory 
# based on the hostname it's intended for. All you have to do in order to set things
# up is to create those subdirectories in the directory where thttpd will run.
#novhost
vhost

# Use a global passwd file. This means that every file in the entire document tree 
# is protected by the single .htpasswd file at the top of the tree. Otherwise the 
# semantics of the .htpasswd file are the same. If this option is set but there is 
# no .htpasswd file in the top-level directory, then thttpd proceeds as if the option 
# was not set - first looking for a local .htpasswd file, and if that doesn't exist 
# either then serving the file without any password. 
#globalpasswd
#noglobalpasswd

# Specifies what user to switch to after initialization when started as root. 
# The default is "nobody".
#user=

# Specifies a wildcard pattern for CGI programs, for instance "**.cgi" or "/cgi-bin/*". 
#cgipat=

# Specifies a file of throttle settings.
#throttles=

# Specifies a hostname to bind to, for multihoming. The default is to bind to all 
# hostnames supported on the local machine. 
#host=

# Specifies a file for logging. If no -l argument is specified, thttpd logs via 
# syslog(). If "-l /dev/null" is specified, thttpd doesn't log at all.
logfile=/var/log/thttpd.log

# Specifies a file to write the process-id to. If no file is specified, 
# no process-id is written. You can use this file to send signals to thttpd.
pidfile=/var/run/thttpd.pid

# Specifies the character set to use with text MIME types. The default is iso-8859-1. 
#charset=

# Specifies a P3P server privacy header to be returned with all responses. 
# See http://www.w3.org/P3P/ for details. Thttpd doesn't do anything at all with the 
# string except put it in the P3P: response header. 
#p3p=

# Specifies the number of seconds to be used in a "Cache-Control: max-age" header to 
# be returned with all responses. An equivalent "Expires" header is also generated. 
# The default is no Cache-Control or Expires headers, which is just fine for most sites. 
#max_age=

(:tableend:)

David R. Sullivan note: You may wish to try it this way for thttpd to work:

For each website (e.g. www.domain.com) you will be hosting, do the following:

cd /home/httpd # was /share/hdd/data/vhosts
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
cd /share/hdd/data/vhosts
ln -s /home/httpd/www.domain.com www.domain.com
ln -s /home/httpd/www.domain.com /home/httpd/domain.com # couldn't get this to work.

Artur Sornat note:

I created www.domain.com first and it worked.

cd/share/hdd/data/vhosts
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
cd /home/httpd # was /share/hdd/data/vhosts
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
cd /share/hdd/data/vhosts
ln -s /home/httpd/www.domain.com www.domain.com
ln -s /home/httpd/www.domain.com /home/httpd/domain.com

Would the following work and eliminate the need for chgrp? chown vhosts:vhosts www.domain.com

December 26, 2007, at 05:28 AM by Kilkoi --
December 26, 2007, at 05:21 AM by Kilkoi --
Changed lines 1-249 from:

Questions that have been raised

A couple of questions have been raised that I'd appreciate some confirmation on...

Someone reported that the site does not run after rebooting. Is this a similar situation to setting passwords - that is, are there other "shadow" files that need to be overwritten as well?

Goal

Configure the existing thttpd web server to handle virtual hosting. This allows the same thttpd process to run the admin website, as well as additional websites. Notice that I said "websites" (plural) - not "website" (singular). It means that you can have multiple domains pointing to your website!

This method can be used instead of SimpleHomeWebsite, but requires slightly more care as you can mess up your existing admin website. Depending upon the week you visit my site ByteRed, it may be implemented by one or the other method.

Prerequisites

  • Installation of Unslung
  • Installation of openssh. See Packages
  • Access to chgrp command. This comes with an upgrade of BusyBox or a comparable package.

No other software installation is required! (Question for others: will this approach work with OpenSlug, etc...)

Step 1: Configure the outside world

Step 2: Create the virtual host directory and provide access

Using the NSLU2 administrative user page, create a new user called, "vhosts". Fill in the bottom portion of the admin page as shown (choose your own password), and click on the "Save as New User" button.

http://www.bytered.com/unslung/add-vhosts-admin.gif%center%

This will create a new user called "vhosts", and a new directory on your NSLU2 at location...

/share/hdd/data/vhosts

For each website (e.g. www.domain.com) you will be hosting, do the following:

cd /share/hdd/data/vhosts
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
ln -s www.domain.com /home/httpd/www.domain.com

should this not be ln -s .../vhosts/www.domain.com /home/httpd/www.domain.com?

ln -s www.domain.com /home/httpd/domain.com #optional

(Note: thttpd is picky about file permissions. See http://www.acme.com/software/thttpd/thttpd_man.html#PERMISSIONS )

Add HTML files to your websites from your PC, by clicking on Start->Run... and keying in \\192.168.1.77\vhosts, and click the "OK" button. You will be prompted for a username and password - provide the same as when you created the user.

http://www.bytered.com/unslung/access-vhosts-files.gif%center%

You can now drag and drop, or cut and paste your HTML files into the appropriate subdirectory in this window, which represents the top level directory of your virtual hosting directories located on your NSLU2.

http://www.bytered.com/unslung/vhosts-window.gif%center%

Step 3: Configure THTTPD Virtual Hosting

This step configures the existing thttpd web server with virtual hosting, which will serve the existing admin website as well as any new domain names you have directed to your NSLU2.

ssh into your slug. Make sure you have access other than telnet! Otherwise, if you mess up your admin website, you may not be able to enable telnet.

Modify thttpd.conf and remove the last segment "/html" of the dir pathname, set port=80, and add the "vhost" command. The thttpd config file uncommented lines should read as follows:

dir=/home/httpd
nochroot
nosymlink
user=root
pidfile=/var/run/thttpd.pid
cgipat=**.cgi
port=80
vhost

Then create a link for the admin website:

cd /home/httpd
ln -s html nslu2 #Link the hostname to the html directory
ln -s html 192.168.1.77 #And, link the appropriate IP address for your NSLU2

To test, kill the existing httpd process, and restart:

kill `pidof thttpd`
/usr/sbin/thttpd -C /etc/thttpd.conf

You should now be able to access your new website[s]!

http://www.yourdomain.com/ will access your website
http://nslu2/ will access the original admin pages
http://196.168.1.77/ and so will this
michaelebrown@bytered.com from NSLU2 website ByteRed.

A fully commented conf file /opt/etc/thttpd.conf to refer to:

(:table border=0 width=100% bgcolor=#eeeeff:) (:cell:)

  
# Configuration file for thttpd (defined for NSLU2 ipkg thttpdphp)

# Specifies an alternate port number to listen on. The default is 80.
port=80

# Specifies a directory to chdir() to at startup. This is merely a convenience 
# you could just as easily do a cd in the shell script that invokes the program.
dir=/opt/share/www

# Specifies what user to switch to after initialization when started as root. 
# The default is "nobody"
user=nobody

# Do a chroot() at initialization time, restricting file access to the program's 
# current directory.
nochroot
#chroot=

# Specifies a directory to chdir() to after chrooting. If you're not chrooting, 
# you might as well do a single chdir(). If you are chrooting, this lets you put 
# the web files in a subdirectory of the chroot tree, instead of in the top level 
# mixed in with the chroot files.
#datadir=

# Don't do explicit symbolic link checking. Normally, thttpd explicitly expands 
# any symbolic links in filenames, to check that the resulting path stays within 
# the original document tree. If you want to turn off this check and save some 
# CPU time, you can use this option, however this is not recommended. 
# Note, though, that if you are using the chroot option, the symlink checking is 
# unnecessary and is turned off, so the safe way to save those CPU cycles is to 
# use chroot. 
#symlinkcheck   <-- docs say this should be used from v 2.24 onwards,
# but they seem to be wrong
#nosymlinkcheck <-- docs say this should be used from v 2.24 onwards,
# but they seem to be wrong
#symlink
nosymlink

# Do el-cheapo virtual hosting. This sends each incoming request to a subdirectory 
# based on the hostname it's intended for. All you have to do in order to set things
# up is to create those subdirectories in the directory where thttpd will run.
#novhost
vhost

# Use a global passwd file. This means that every file in the entire document tree 
# is protected by the single .htpasswd file at the top of the tree. Otherwise the 
# semantics of the .htpasswd file are the same. If this option is set but there is 
# no .htpasswd file in the top-level directory, then thttpd proceeds as if the option 
# was not set - first looking for a local .htpasswd file, and if that doesn't exist 
# either then serving the file without any password. 
#globalpasswd
#noglobalpasswd

# Specifies what user to switch to after initialization when started as root. 
# The default is "nobody".
#user=

# Specifies a wildcard pattern for CGI programs, for instance "**.cgi" or "/cgi-bin/*". 
#cgipat=

# Specifies a file of throttle settings.
#throttles=

# Specifies a hostname to bind to, for multihoming. The default is to bind to all 
# hostnames supported on the local machine. 
#host=

# Specifies a file for logging. If no -l argument is specified, thttpd logs via 
# syslog(). If "-l /dev/null" is specified, thttpd doesn't log at all.
logfile=/var/log/thttpd.log

# Specifies a file to write the process-id to. If no file is specified, 
# no process-id is written. You can use this file to send signals to thttpd.
pidfile=/var/run/thttpd.pid

# Specifies the character set to use with text MIME types. The default is iso-8859-1. 
#charset=

# Specifies a P3P server privacy header to be returned with all responses. 
# See http://www.w3.org/P3P/ for details. Thttpd doesn't do anything at all with the 
# string except put it in the P3P: response header. 
#p3p=

# Specifies the number of seconds to be used in a "Cache-Control: max-age" header to 
# be returned with all responses. An equivalent "Expires" header is also generated. 
# The default is no Cache-Control or Expires headers, which is just fine for most sites. 
#max_age=

(:tableend:)

David R. Sullivan note: You may wish to try it this way for thttpd to work:

For each website (e.g. www.domain.com) you will be hosting, do the following:

cd /home/httpd # was /share/hdd/data/vhosts
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
cd /share/hdd/data/vhosts
ln -s /home/httpd/www.domain.com www.domain.com
ln -s /home/httpd/www.domain.com /home/httpd/domain.com # couldn't get this to work.

Artur Sornat note:

I created www.domain.com first and it worked.

cd/share/hdd/data/vhosts
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
cd /home/httpd # was /share/hdd/data/vhosts
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
cd /share/hdd/data/vhosts
ln -s /home/httpd/www.domain.com www.domain.com
ln -s /home/httpd/www.domain.com /home/httpd/domain.com

Would the following work and eliminate the need for chgrp? chown vhosts:vhosts www.domain.com

to:

Cool topic! ;)

December 06, 2006, at 02:01 PM by DougLourey --
Added lines 248-249:

Would the following work and eliminate the need for chgrp? chown vhosts:vhosts www.domain.com

November 02, 2006, at 05:44 PM by newbieruby --
Added lines 51-53:

should this not be ln -s .../vhosts/www.domain.com /home/httpd/www.domain.com?

Added lines 56-58:
October 12, 2006, at 02:50 AM by Artur M Sornat --
Changed lines 240-241 from:
[@ln -s /home/httpd/www.domain.com /home/httpd/domain.com
to:
ln -s /home/httpd/www.domain.com /home/httpd/domain.com
October 12, 2006, at 02:49 AM by Artur M Sornat --
Changed lines 240-241 from:
ln -s /home/httpd/www.domain.com /home/httpd/domain.com # couldn't get this to work.
to:
[@ln -s /home/httpd/www.domain.com /home/httpd/domain.com
October 12, 2006, at 02:48 AM by Artur M Sornat --
Deleted lines 227-229:
cd /home/httpd # was /share/hdd/data/vhosts
mkdir www.domain.com
Added lines 232-237:
cd /home/httpd # was /share/hdd/data/vhosts
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
October 12, 2006, at 02:47 AM by Artur M Sornat --
Changed lines 226-229 from:
cd/share/hdd/data/vhosts
->[@mkdir www.domain.com

->[@cd /home/httpd # was /share/hdd/data/vhosts 
to:
cd/share/hdd/data/vhosts
Added lines 228-230:
cd /home/httpd # was /share/hdd/data/vhosts
mkdir www.domain.com
October 12, 2006, at 02:45 AM by Artur M Sornat -- Create www.domain.com in vhost first
Added lines 221-238:

Artur Sornat note:

I created www.domain.com first and it worked.

cd/share/hdd/data/vhosts
->[@mkdir www.domain.com

->[@cd /home/httpd # was /share/hdd/data/vhosts 
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
cd /share/hdd/data/vhosts
ln -s /home/httpd/www.domain.com www.domain.com
ln -s /home/httpd/www.domain.com /home/httpd/domain.com # couldn't get this to work.
April 02, 2006, at 09:03 AM by David Sullivan --
Changed line 220 from:
ln -s /home/httpd/www.domain.com www.domain.com #optional
to:
ln -s /home/httpd/www.domain.com /home/httpd/domain.com # couldn't get this to work.
April 02, 2006, at 08:56 AM by David Sullivan --
Changed lines 208-209 from:

You may wish to try it this way for thttpd to work:

to:

David R. Sullivan note: You may wish to try it this way for thttpd to work:

April 02, 2006, at 08:55 AM by David Sullivan -- Proper symlinks...
Changed lines 206-220 from:

(:tableend:)

to:

(:tableend:)

You may wish to try it this way for thttpd to work:

For each website (e.g. www.domain.com) you will be hosting, do the following:

cd /home/httpd # was /share/hdd/data/vhosts
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
cd /share/hdd/data/vhosts
ln -s /home/httpd/www.domain.com www.domain.com
ln -s /home/httpd/www.domain.com www.domain.com #optional
March 11, 2006, at 07:30 PM by Jaq -- very minor change
Changed line 57 from:

keying in \\196.168.1.77\vhosts, and click the "OK" button. You will be prompted for a username and password -

to:

keying in \\192.168.1.77\vhosts, and click the "OK" button. You will be prompted for a username and password -

March 03, 2006, at 07:37 AM by michaelebrown --
Changed lines 21-22 from:
  • Installation of chgrp command. This comes with an upgrade of BusyBox or a comparable package.
to:
  • Access to chgrp command. This comes with an upgrade of BusyBox or a comparable package.
March 03, 2006, at 07:36 AM by michaelebrown --
Changed line 20 from:
  • Installation of openssh.
to:
March 03, 2006, at 07:34 AM by michaelebrown --
Deleted lines 7-10:

Someone reported the lack of the chgrp command on their NSLU2. Is this on the original NSLU2? I can't tell as I've upgraded busybox... thanks.

Changed lines 21-22 from:
to:
  • Installation of chgrp command. This comes with an upgrade of BusyBox or a comparable package.
January 04, 2006, at 02:32 AM by MattMcNeill -- added sample commented conf file
Added lines 115-209:

A fully commented conf file /opt/etc/thttpd.conf to refer to:

(:table border=0 width=100% bgcolor=#eeeeff:) (:cell:)

  
# Configuration file for thttpd (defined for NSLU2 ipkg thttpdphp)

# Specifies an alternate port number to listen on. The default is 80.
port=80

# Specifies a directory to chdir() to at startup. This is merely a convenience 
# you could just as easily do a cd in the shell script that invokes the program.
dir=/opt/share/www

# Specifies what user to switch to after initialization when started as root. 
# The default is "nobody"
user=nobody

# Do a chroot() at initialization time, restricting file access to the program's 
# current directory.
nochroot
#chroot=

# Specifies a directory to chdir() to after chrooting. If you're not chrooting, 
# you might as well do a single chdir(). If you are chrooting, this lets you put 
# the web files in a subdirectory of the chroot tree, instead of in the top level 
# mixed in with the chroot files.
#datadir=

# Don't do explicit symbolic link checking. Normally, thttpd explicitly expands 
# any symbolic links in filenames, to check that the resulting path stays within 
# the original document tree. If you want to turn off this check and save some 
# CPU time, you can use this option, however this is not recommended. 
# Note, though, that if you are using the chroot option, the symlink checking is 
# unnecessary and is turned off, so the safe way to save those CPU cycles is to 
# use chroot. 
#symlinkcheck   <-- docs say this should be used from v 2.24 onwards,
# but they seem to be wrong
#nosymlinkcheck <-- docs say this should be used from v 2.24 onwards,
# but they seem to be wrong
#symlink
nosymlink

# Do el-cheapo virtual hosting. This sends each incoming request to a subdirectory 
# based on the hostname it's intended for. All you have to do in order to set things
# up is to create those subdirectories in the directory where thttpd will run.
#novhost
vhost

# Use a global passwd file. This means that every file in the entire document tree 
# is protected by the single .htpasswd file at the top of the tree. Otherwise the 
# semantics of the .htpasswd file are the same. If this option is set but there is 
# no .htpasswd file in the top-level directory, then thttpd proceeds as if the option 
# was not set - first looking for a local .htpasswd file, and if that doesn't exist 
# either then serving the file without any password. 
#globalpasswd
#noglobalpasswd

# Specifies what user to switch to after initialization when started as root. 
# The default is "nobody".
#user=

# Specifies a wildcard pattern for CGI programs, for instance "**.cgi" or "/cgi-bin/*". 
#cgipat=

# Specifies a file of throttle settings.
#throttles=

# Specifies a hostname to bind to, for multihoming. The default is to bind to all 
# hostnames supported on the local machine. 
#host=

# Specifies a file for logging. If no -l argument is specified, thttpd logs via 
# syslog(). If "-l /dev/null" is specified, thttpd doesn't log at all.
logfile=/var/log/thttpd.log

# Specifies a file to write the process-id to. If no file is specified, 
# no process-id is written. You can use this file to send signals to thttpd.
pidfile=/var/run/thttpd.pid

# Specifies the character set to use with text MIME types. The default is iso-8859-1. 
#charset=

# Specifies a P3P server privacy header to be returned with all responses. 
# See http://www.w3.org/P3P/ for details. Thttpd doesn't do anything at all with the 
# string except put it in the P3P: response header. 
#p3p=

# Specifies the number of seconds to be used in a "Cache-Control: max-age" header to 
# be returned with all responses. An equivalent "Expires" header is also generated. 
# The default is no Cache-Control or Expires headers, which is just fine for most sites. 
#max_age=

(:tableend:)

January 03, 2006, at 08:40 PM by michaelebrown --
Changed lines 6-7 from:

there are other "shadow" files that need to be overwritten as well?

to:

are there other "shadow" files that need to be overwritten as well?

January 03, 2006, at 08:40 PM by michaelebrown -- Need help with some questions...
Added lines 1-11:

Questions that have been raised

A couple of questions have been raised that I'd appreciate some confirmation on...

Someone reported that the site does not run after rebooting. Is this a similar situation to setting passwords - that is, there are other "shadow" files that need to be overwritten as well?

Someone reported the lack of the chgrp command on their NSLU2. Is this on the original NSLU2? I can't tell as I've upgraded busybox... thanks.

Deleted lines 55-57:

(Question: Someone reported the lack of the chgrp command on their NSLU2. Is this on the original NSLU2? I can't tell as I've upgraded busybox... thanks)

January 03, 2006, at 08:34 PM by michaelebrown -- Missing chgrp on NSLU2?
Changed lines 4-6 from:

admin website, as well as additional websites. This method can be used instead of SimpleHomeWebsite, but requires

to:

admin website, as well as additional websites. Notice that I said "websites" (plural) - not "website" (singular). It means that you can have multiple domains pointing to your website!

This method can be used instead of SimpleHomeWebsite, but requires

Added lines 45-50:

(Question: Someone reported the lack of the chgrp command on their NSLU2. Is this on the original NSLU2? I can't tell as I've upgraded busybox... thanks)

(Note: thttpd is picky about file permissions. See http://www.acme.com/software/thttpd/thttpd_man.html#PERMISSIONS )

December 15, 2005, at 06:34 PM by michaelebrown --
Deleted line 95:
December 15, 2005, at 06:20 PM by michaelebrown --
Deleted line 42:
December 15, 2005, at 02:55 PM by michaelebrown --
Changed lines 5-6 from:

slightly more care as you can mess up your existing admin website.

to:

slightly more care as you can mess up your existing admin website. Depending upon the week you visit my site ByteRed, it may be implemented by one or the other method.

December 15, 2005, at 02:52 PM by michaelebrown --
Changed lines 64-65 from:

ssh into your slug. Make sure you have access other than telnet! Otherwise, if you mess up your admin website, you may not be able to enable telent.

to:

ssh into your slug. Make sure you have access other than telnet! Otherwise, if you mess up your admin website, you may not be able to enable telnet.

December 15, 2005, at 02:44 PM by michaelebrown --
Changed lines 93-95 from:
http://196.168.1.77/ will access the original admin pages
to:
http://nslu2/ will access the original admin pages
http://196.168.1.77/ and so will this
December 15, 2005, at 02:43 PM by michaelebrown --
Changed lines 82-83 from:
ln -s html 192.168.1.77 #Use the appropriate IP address for your NSLU2
to:
ln -s html nslu2 #Link the hostname to the html directory
ln -s html 192.168.1.77 #And, link the appropriate IP address for your NSLU2
December 15, 2005, at 02:21 PM by michaelebrown --
Changed lines 34-41 from:
mkdir /share/hdd/data/vhosts/www.domain.com
chmod 775 /share/hdd/data/vhosts/www.domain.com
chown vhosts /share/hdd/data/vhosts/www.domain.com
chgrp vhosts /share/hdd/data/vhosts/www.domain.com
ln -s /share/hdd/data/vhosts/www.domain.com /home/httpd/www.domain.com
ln -s /share/hdd/data/vhosts/www.domain.com /home/httpd/domain.com #optional
to:
cd /share/hdd/data/vhosts
mkdir www.domain.com
chmod 775 www.domain.com
chown vhosts www.domain.com
chgrp vhosts www.domain.com
ln -s www.domain.com /home/httpd/www.domain.com
ln -s www.domain.com /home/httpd/domain.com #optional
December 15, 2005, at 02:06 PM by michaelebrown --
Added lines 36-37:
chown vhosts /share/hdd/data/vhosts/www.domain.com
chgrp vhosts /share/hdd/data/vhosts/www.domain.com
Added line 41:
December 15, 2005, at 02:01 PM by michaelebrown --
Changed lines 50-54 from:

http://www.bytered.com/unslung/nslu2-window.gif%center%

to:

http://www.bytered.com/unslung/vhosts-window.gif%center%

December 15, 2005, at 01:55 PM by michaelebrown --
Changed line 35 from:
chmod 755 /share/hdd/data/vhosts/www.domain.com
to:
chmod 775 /share/hdd/data/vhosts/www.domain.com
December 15, 2005, at 01:50 PM by michaelebrown -- Running multiple websites from same thttpd process. An alternative to SimpleHomeWebsite
Added lines 1-93:

Goal

Configure the existing thttpd web server to handle virtual hosting. This allows the same thttpd process to run the admin website, as well as additional websites. This method can be used instead of SimpleHomeWebsite, but requires slightly more care as you can mess up your existing admin website.

Prerequisites

  • Installation of Unslung
  • Installation of openssh.

No other software installation is required! (Question for others: will this approach work with OpenSlug, etc...)

Step 1: Configure the outside world

Step 2: Create the virtual host directory and provide access

Using the NSLU2 administrative user page, create a new user called, "vhosts". Fill in the bottom portion of the admin page as shown (choose your own password), and click on the "Save as New User" button.

http://www.bytered.com/unslung/add-vhosts-admin.gif%center%

This will create a new user called "vhosts", and a new directory on your NSLU2 at location...

/share/hdd/data/vhosts

For each website (e.g. www.domain.com) you will be hosting, do the following:

mkdir /share/hdd/data/vhosts/www.domain.com
chmod 755 /share/hdd/data/vhosts/www.domain.com
ln -s /share/hdd/data/vhosts/www.domain.com /home/httpd/www.domain.com
ln -s /share/hdd/data/vhosts/www.domain.com /home/httpd/domain.com #optional

Add HTML files to your websites from your PC, by clicking on Start->Run... and keying in \\196.168.1.77\vhosts, and click the "OK" button. You will be prompted for a username and password - provide the same as when you created the user.

http://www.bytered.com/unslung/access-vhosts-files.gif%center%

You can now drag and drop, or cut and paste your HTML files into the appropriate subdirectory in this window, which represents the top level directory of your virtual hosting directories located on your NSLU2.

http://www.bytered.com/unslung/nslu2-window.gif%center%

Step 3: Configure THTTPD Virtual Hosting

This step configures the existing thttpd web server with virtual hosting, which will serve the existing admin website as well as any new domain names you have directed to your NSLU2.

ssh into your slug. Make sure you have access other than telnet! Otherwise, if you mess up your admin website, you may not be able to enable telent.

Modify thttpd.conf and remove the last segment "/html" of the dir pathname, set port=80, and add the "vhost" command. The thttpd config file uncommented lines should read as follows:

dir=/home/httpd
nochroot
nosymlink
user=root
pidfile=/var/run/thttpd.pid
cgipat=**.cgi
port=80
vhost

Then create a link for the admin website:

cd /home/httpd
ln -s html 192.168.1.77 #Use the appropriate IP address for your NSLU2

To test, kill the existing httpd process, and restart:

kill `pidof thttpd`
/usr/sbin/thttpd -C /etc/thttpd.conf

You should now be able to access your new website[s]!

http://www.yourdomain.com/ will access your website
http://196.168.1.77/ will access the original admin pages
michaelebrown@bytered.com from NSLU2 website ByteRed.
Page last modified on November 19, 2008, at 09:42 AM