ip-based.html revision 9cbdc473939b7f86ee4512ab54a8bedbfd7becd2
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Apache IP-based Virtual Host Support</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Apache IP-based Virtual Host Support</H1>
<STRONG>See also:</STRONG>
<A HREF="name-based.html">Name-based Virtual Hosts Support</A>
<HR>
<H2>System requirements</H2>
As the term <CITE>IP-based</CITE> indicates, the server <STRONG>must have a
different IP address for each IP-based virtual host</STRONG>.
This can be achieved by the machine having several physical network connections,
or by use of virtual interfaces which are supported by most modern
operating systems (see system documentation for details, these are
frequently called "ip aliases", and the "ifconfig" command
is most commonly used to set them up).
<H2>How to set up Apache</H2>
There are two ways of configuring apache to support multiple hosts.
Either by running a separate httpd daemon for each hostname, or by running a
single daemon which supports all the virtual hosts.
<P>
Use multiple daemons when:
<UL>
<LI>There are security partitioning issues, such as company1 does not want
anyone at company2 to be able to read their data except via the web.
In this case you would need two daemons, each running with different
<A HREF="/mod/core.html#user">User</A>,
<A HREF="/mod/core.html#group">Group</A>,
<A HREF="/mod/core.html#listen">Listen</A>, and
<A HREF="/mod/core.html#serverroot">ServerRoot</A> settings.
<LI>You can afford the memory and
<A HREF="/misc/descriptors.html">file descriptor requirements</A> of
listening to every IP alias on the machine. It's only possible to
<A HREF="/mod/core.html#listen">Listen</A>
to the "wildcard" address, or to specific addresses. So if you have
a need to listen to a specific address for whatever reason, then you
will need to listen to all specific addresses. (Although one httpd
could listen to N-1 of the addresses, and another could listen to
the remaining address.)
</UL>
Use a single daemon when:
<UL>
<LI>Sharing of the httpd configuration between virtual hosts is acceptable.
<LI>The machine services a large number of requests, and so the performance
loss in running separate daemons may be significant.
</UL>
<H2>Setting up multiple daemons</H2>
Create a separate httpd installation for each virtual host.
For each installation, use the
<A HREF="/mod/core.html#listen">Listen</A> directive in the configuration
file to select which IP address (or virtual host) that daemon services.
e.g.
<PRE>
Listen www.smallco.com:80
</PRE>
It is recommended that you use an IP address instead of a hostname
(see <A HREF="/dns-caveats.html">DNS caveats</A>).
<H2>Setting up a single daemon with virtual hosts</H2>
For this case, a single httpd will service requests for the main server
and all the virtual hosts.
The <A HREF="/mod/core.html#virtualhost">VirtualHost</A> directive in the
configuration file is used to set the values of
<A HREF="/mod/core.html#serveradmin">ServerAdmin</A>,
<A HREF="/mod/core.html#servername">ServerName</A>,
<A HREF="/mod/core.html#documentroot">DocumentRoot</A>,
<A HREF="/mod/core.html#errorlog">ErrorLog</A> and
<A HREF="/mod/mod_log_config.html#transferlog">TransferLog</A> or
<A HREF="/mod/mod_log_config.html#customlog">CustomLog</A>
configuration directives to different values for each virtual host.
e.g.
<PRE>
&lt;VirtualHost www.smallco.com&gt;
ServerAdmin webmaster@mail.smallco.com
DocumentRoot /groups/smallco/www
ServerName www.smallco.com
ErrorLog /groups/smallco/logs/error_log
TransferLog /groups/smallco/logs/access_log
&lt;/VirtualHost&gt;
&lt;VirtualHost www.baygroup.org&gt;
ServerAdmin webmaster@mail.baygroup.org
DocumentRoot /groups/baygroup/www
ServerName www.baygroup.org
ErrorLog /groups/baygroup/logs/error_log
TransferLog /groups/baygroup/logs/access_log
&lt;/VirtualHost&gt;
</PRE>
It is recommended that you use an IP address instead of a hostname
(see <A HREF="/dns-caveats.html">DNS caveats</A>).
<P>
Almost <STRONG>any</STRONG> configuration directive can be put in the
VirtualHost directive, with the exception of directives that control
process creation and a few other directives. To find out if a
directive can be used in the VirtualHost directive, check the
<A HREF="/mod/directive-dict.html#Context">Context</A> using the
<A HREF="/mod/directives.html">directive index</A>.
<P>
<A HREF="/mod/core.html#user">User</A> and
<A HREF="/mod/core.html#group">Group</A> may be used inside a VirtualHost
directive if the <A HREF="/suexec.html">suEXEC wrapper</A> is used.
<P>
<EM>SECURITY:</EM> When specifying where to write log files, be aware
of some security risks which are present if anyone other than the
user that starts Apache has write access to the directory where they
are written. See the <A HREF="/misc/security_tips.html">security
tips</A> document for details.
</P>
<!--#include virtual="footer.html" -->
</BODY>
</HTML>