Disclaimer: This topic may contain information about third-party products. The information is for reference only. Alibaba Cloud does not make a guarantee, explicitly or implicitly, with respect to the performance and reliability of the third-party products, and potential impacts of operations on the products.
Overview
This topic describes how to bind a domain name to a Web service for a Linux instance.
References
Take note of the following items:
- Before you perform high-risk operations, for example, modify the configurations or data of Alibaba Cloud instances, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
- You can modify the configurations and data of Alibaba Cloud instances, such as Elastic Compute Service (ECS) and ApsaraDB RDS instances. We recommend that you create snapshots or enable RDS log backup before you modify instance configurations or data.
- If you granted permissions to users or submitted sensitive information such as logon usernames and passwords in Alibaba Cloud Management Console, we recommend that you modify the information at the earliest opportunity.
This article describes Linux kernel parameters from the following aspects, you can refer to them as needed.
- Bind a domain name to the NGINX service
- Bind a domain name to the Tomcat service
- Bind a domain name to the Apache service
- Apache service configuration for multi-domain jump
- Configure a second-level domain name for Apache
- Apache prohibits unauthorized domain names from accessing websites on ECS instances
Nginx service binding domain name
The following is the procedure for configuring the Nginx service to bind a domain name. The Nginx program here uses Nginx installed through Yum as an example. You need to adjust it according to the actual situation.
- Run the following command to edit the NGINX configuration file:
vi /etc/nginx/nginx.conf
- Change the default "server {...}" configuration segment to the following content.
server {
listen 80 default_server;
server_name www.example.com;
root /home/web1;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50.xhtml;
location = /50x.html {
}
}
server {
server_name www.aliyundoc.com;
root /home/web2;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}Note: This configuration provides the following two main objectives. You need to adjust the corresponding configuration content as needed.
You need to adjust the corresponding configuration content as needed.
- When accessing the www.example.com address, it is equal to accessing the
/home/web1
directory. - When accessing the www.aliyundoc.com address, it is equal to accessing the
/home/web2
directory.
- When accessing the www.example.com address, it is equal to accessing the
- Press the Ecs key to exit the edit mode, enter the :wq to save and exit.
- Run the following command to restart the NGINX service:
nginx -s reload
Tomcat service binding domain name
The following table shows the steps to configure the Tomcat service to bind domain names. Some of the Tomcat-related paths need to be adjusted according to the actual situation.
- Run the following command to edit the Tomcat configuration file:
vi /[$Tomcat_Home]/conf/server.xml
Note :[$Tomcat_Home] refers to the home directory of the Tomcat program.
- Find the following default configuration.
- Change the preceding content to the following configuration.
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Value className="org.apache.catalina.valves.AccessLogValue" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %c "%r" %s %b" />
</Host>
<Host name="www.example.com" appBase="/data/wwwroot/web" unpackWARs="true" autoDeploy="true">
<Content path="" docBase="/data/wwwroot/web" debug="0" reloadable="false" crossContext="true" />
<Value className="org.apache.catalina.valves.AccessLogValue" directory="logs" prefix="www.example.com_access_log." suffix=".txt" pattern="%h %l %u %c "%r" %s %b" />
</Host>
<Host name="www.aliyundoc.com" appBase="/data/wwwroot/default" unpackWARs="true" autoDeploy="true">
<Content path="" docBase="/data/wwwroot/default" debug="0" reloadable="false" crossContext="true" />
<Value className="org.apache.catalina.valves.AccessLogValue" directory="logs" prefix="www.aliyundoc.com_access_log." suffix=".txt" pattern="%h %l %u %c "%r" %s %b" />
</Host>Note: This configuration provides the following two main objectives. You need to adjust the corresponding configuration content as needed.
- When accessing the www.aliyundoc.com address, it is equal to accessing the
/data/wwwroot/default
directory. - When accessing the www.example.com address, it is equal to accessing the
/data/wwwroot/web
directory.
- When accessing the www.aliyundoc.com address, it is equal to accessing the
- Press the Ecs key to exit the edit mode, enter the :wq to save and exit.
- Run the following command to disable the Tomcat service:
/[$Tomcat_Home]/bin/shutdown
- Run the following command to start the Tomcat service:
/[$Tomcat_Home]/bin/startup
Apache service binding domain name
The following are the steps to configure the Apache service to bind a domain name.
- Run the following command to go to the Apache site configuration file directory:
cd /[$Apache_Home]/conf/vhosts/
Note :[$Apache_Home] refers to the home directory of the Apache program.
- Run the
vi test.conf
command to create a new configuration file, press the i key to enter the edit mode, refer to the following configuration, and copy it to the test.conf file.Order allow,deny
Deny from all
DocumentRoot /alidata/www/test
ServerName www.example.com
ServerAlias example.com
ErrorLog "/alidata/log/httpd/test-error.log"
CustomLog "/alidata/log/httpd/test.log"Note: Modify the website domain name, website root directory, log file name, and directory.
- Run the following command to restart Apache:
/[$Apache_Home]/bin/apachectl restart
Apache service configuration to implement multi-domain jump
Assume that the directory of the website is /var/www/html
. The structure of the website directory is as follows.
To enable the virtual host function of Apache, refer to the following figure to configure the virtual host to the corresponding directory. After you modify
, you can achieve the following results.
- When accessing the.example.com address, it is equal to accessing the
/var/www/html/a
directory. - When accessing the b.example.com address, it is equal to accessing the
/var/www/html/b
directory. - When accessing the c.example.com address, it is equal to accessing the
/var/www/html/c
directory.
Configure a second-level domain name for the Apache service
Before configuring a second-level domain name, you need to have a top-level domain name for wildcard domain name resolution, such as "aliyun.com".
- Enable the mod_rewrite module in Apache's httpd.conf configuration file.
- Add the following content to the end of the httpd.conf configuration file:
RewriteEngine on
RewriteMap lowercase int:tolower
RewriteMap vhost txt:/usr/local/etc/apache/vhost.map
RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$
RewriteCond ${vhost:%1} ^(/.*)$
RewriteRule ^/(.*)$ %1/$1Note: The
/usr/local/etc/apache
is the path where the Apache service configuration file is located. You need to modify it based on the actual situation. - Run the
vi vhost.map
command in the/usr/local/etc/apache
path to create a new file and copy the following content to the file.www.aliyun.com /usr/local/www/data-dist/aliyun
bbs.aliyun.com /usr/local/www/data-dist/aliyunbbs
anyname.aliyun.com /usr/local/www/data-dist/anynameNote: Keep the format of Domain Name + Space + Absolute Path.
- Create a website directory in the
/usr/local/www/data-dist
directory, such as example, demo, and learn. The effect of creating a directory is as follows.- When accessing the example.aliyundoc.com address, it is equal to accessing the
/usr/local/www/data-dist/aliyun
directory. - When accessing the demo.aliyundoc.com address, it is equal to accessing the
/usr/local/www/data-dist/aliyunbbs
directory. - When accessing the learn.aliyundoc.com address, it is equal to accessing the
/usr/local/www/data-dist/anyname
directory.
- When accessing the example.aliyundoc.com address, it is equal to accessing the
- You can modify the vhost.map to add, delete, or modify your second-level domain name and the actual path it points to. You do not need to restart the Apache service.
Apache prohibits unauthorized domain names from accessing websites on ECS instances
If the website on the ECS instance is maliciously pointed to, for example, the IP address of your instance is "192.168.0.1", the domain name of the normal service is "www.aliyundoc.com", and the malicious user uses another domain name, such as "www.example.net", points to "10.10.10.10". In this case, your website content will appear when you access the www.aliyundoc.com website. You can refer to the following content to solve this problem by using the virtual host function of Apache.
- The sample information involved here is as follows.
Apache version number Websites on ECS instances 2.2.15 http://www.aliyundoc.com/
http://www.example.com/ - Refer to this command
vi /etc/httpd/conf/httpd.conf
to open the Apache configuration file and edit the following content:
- Add the following code to enable the host name-based virtual host feature for Apache.
NameVirtualHost *:80
- Add the following code. If the host name accessed by the client is not in the domain name of the website set later, it will point to a 403 error page. The
DocumentRoot
is the directory where the error prompt page is placed. In this directory, a simple HTML page can be placed to indicate that the user is accessing an illegal domain name.<VirtualHost *:80>
DocumentRoot /var/www/html/error/
ServerName *
ErrorLog logs/dummy-host.example.com-error_log
CustomeLog logs/dummy-host.example.com-access_log common
</VirtualHost> - Add the following code. Inform Apache of a legal website host header that you need to modify the content of this code block according to the actual situation, such as "www.aliyundoc.com" and "www.example.com" in the example.
<VirtualHost *:80>
ServerAdmin admin@aliyundoc.com
DocumentRoot /var/www/html/another/
ServerName www.aliyundoc.com
ErrorLog logs/www.aliyundoc.com-error_loh
CustomLog logs/www.aliyundoc.com-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/html/
ServerName www.example.com
ErrorLog logs/www.example.com-error_loh
CustomLog logs/www.example.com-access_log common
</VirtualHost>
- Add the following code to enable the host name-based virtual host feature for Apache.
- Run the following command to restart Apache:
/etc/httpd/bin/apachectl restart
- If you want other domain names to directly return 403 errors when visiting your website, you can modify step b in step 2 and change its code to the following.
<VirtualHost *:80>
DucumentRoot /var/www/html/error/
ServerName *
<Location>
Order Allow, Deny
Deny from all
</Location>
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log commom
</VirtualHost> - Restart the Apache service.
Applicable scope
- Elastic Compute Service (ECS)