HOWTO CentOS 6.x Virtual Web Hosting With Apache MYSQL and ProFTPD

There are many ways to do virtual websites under linux. The technique I am going to use is multiple domains on one ip address. I also didn’t want to use system users for the virtual hosts. So I decided to use a mysql database to store the virtual user information.

Setting Up The Base Server

For a dedicated server start with the base server setup: HOWTO CentOS 6.x Base Server.
NOTE: If you don’t follow the base server setup then you may run into problems with this howto.

Install Softwre

We need to install is proftpd with mysql support. Type:
> yum -y install proftpd-mysql

Now lets download and install proftpd admin.
> wget http://downloads.sourceforge.net/proftpd-adm/proftpd_admin_v1.2.tar.gz
> tar -xzvf proftpd_admin_v1.2.tar.gz
> mv proftpd_admin_v1.2 /usr/share/proftpd_admin

Configuring Apache

First we need to create a user called virtwww. We will also make the directory world writable.
> useradd -r -d /home/virtwww -s /sbin/nologin -c “Virtual websites” virtwww
> mkdir /home/virtwww
> chmod a+rwx /home/virtwww

Create the virtual host config file. We will use the name the brouser passes to us to determin the website to load. We also turns on compression. Create /etc/httpd/conf.d/virutal.conf with the following:

# compress all text & html:
#AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/atom_xml
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/x-httpd-eruby
AddOutputFilterByType DEFLATE text/html

UseCanonicalName Off
RewriteEngine On
RewriteOptions Inherit

VirtualDocumentRoot /home/virtwww/%0

Restart apache
> service httpd restart

Make a directory with your server’s ipaddress as its name. Example
> mkdir /home/virtwww/192.168.1.100

Create a test index.html page in your new directory.

Configuring ProFTPD

Create the following proftpd config file
> mv /etc/proftpd.conf /etc/proftpd.conf.old
> nano -w /etc/proftpd.conf

# This is the ProFTPD configuration file

ServerName			"ProFTPD server"
ServerIdent			on "FTP Server ready."
ServerAdmin			root@localhost
ServerType			standalone
DefaultServer			on
AccessGrantMsg			"User %u logged in."
DeferWelcome			off

DefaultRoot			~ !adm
IdentLookups			off
UseReverseDNS			off
Port				21
Umask				022
ListOptions			"-a"
MaxLoginAttempts		3
MaxInstances                    15
MaxClientsPerHost               3               "Only %m connections per host allowed"
MaxClients                      10              "Only %m total simultanious logins allowed"
MaxHostsPerUser                 1
AllowRetrieveRestart		on
AllowStoreRestart		on
User				nobody
Group				nobody
UseSendfile			no
ScoreboardFile			/var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite		yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

# Define the log formats
LogFormat			default	"%h %l %u %t \"%r\" %s %b"
LogFormat			auth	"%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine			on
#TLSRequired			on
#TLSRSACertificateFile		/etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile	/etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite			ALL:!ADH:!DES
#TLSOptions			NoCertRequest
#TLSVerifyClient		off
##TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300
#TLSLog				/var/log/proftpd/tls.log

# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
<IfModule mod_dso.c>
   LoadModule mod_sql.c
   LoadModule mod_sql_mysql.c
</IfModule>

# Define log-files to use
TransferLog                     /var/log/proftpd/xferlog
ExtendedLog                     /var/log/proftpd/access_log    WRITE,READ write
ExtendedLog                     /var/log/proftpd/auth_log      AUTH auth
ExtendedLog                     /var/log/proftpd/paranoid_log  ALL default
SQLLogFile                      /var/log/proftpd/mysql

# Set up authentication via SQL
# ===========
AuthOrder                       mod_sql.c
SQLAuthTypes                    Backend
SQLConnectInfo                  proftpd_admin@localhost proftpd password
SQLUserInfo                     usertable userid passwd uid gid homedir shell
SQLGroupInfo                    grouptable groupname gid members
SQLUserWhereClause              "disabled=0 and (NOW()<=expiration or expiration=-1 or expiration=0)"
CreateHome on

# Log the user logging in
SQLLog PASS counter
SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='%u'" usertable

# logout log
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='%u'" usertable

# display last login time when PASS command is given
SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='%u'"
SQLShowInfo PASS "230" "Last login was: %{login_time}"

# xfer Log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery  transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'c', NULL" xfer_stat
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery  transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'i', NULL" xfer_stat

AllowStoreRestart               on
AllowRetrieveRestart            on
RequireValidShell               off

Configuring ProFTPD Administrator

First lets create the apache config file and restart apache. The file has been set to only allow access from the local host. Change the access to meet your needs.

/etc/httpd/conf.d/proftpd_admin.conf

alias /ftpadmin /usr/share/proftpd_admin

<Location /ftpadmin>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    Allow from ::1
    Allow from 192.168.
    Allow from 10.
    # Allow from .example.com
</Location>

> service httpd restart

Edit the file /usr/share/proftpd_admin/misc/database_structure_mysql/db_structure.sql
Skip to the last three lines. Enter the desired password in these three lines.

Lets create the database and tables. Type the following.
> mysql -u root -p < /usr/share/proftpd_admin/misc/database_structure_mysql/db_structure.sql

Now type the following to do a little housekeeping for php5.
> chmod o+w /usr/share/proftpd_admin/configuration.xml

Now start proftpd. Be sure to also have it start at boot time.
> service proftpd start

Now go to the web interface configuration screen http://yourserver.tld/ftpadmin/configure.php
You will need to configure database access and some other settings.

Conclusion

That’s the complete setup. Proftpd Admin dose almost everything we need. You will need to create links for multiple host names pointing to the same directory. For example if your directory is ‘/home/virtwww/yourdomain.com’ and you want www.yourdomain.com to work then you’ll have to create a link called ‘/home/virtwww/www.yourdomain.com/’ which points to ‘/home/virtwww/yourdomain.com’.

Leave a Reply

  Subscribe  
Notify of