All Products
Search
Document Center

How to bind a domain name to a Web service for a Linux instance

Last Updated: Jan 14, 2022

Disclaimer: This topic may contain information about third-party products. The information is for reference only. Alibaba Cloud does not make a guarantee, explicitly or implicitly, with respect to the performance and reliability of the third-party products, and potential impacts of operations on the products.

Overview

This topic describes how to bind a domain name to a Web service for a Linux instance.

References

Take note of the following items:

  • Before you perform high-risk operations, for example, modify the configurations or data of Alibaba Cloud instances, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
  • You can modify the configurations and data of Alibaba Cloud instances, such as Elastic Compute Service (ECS) and ApsaraDB RDS instances. We recommend that you create snapshots or enable RDS log backup before you modify instance configurations or data.
  • If you granted permissions to users or submitted sensitive information such as logon usernames and passwords in Alibaba Cloud Management Console, we recommend that you modify the information at the earliest opportunity.

This article describes Linux kernel parameters from the following aspects, you can refer to them as needed.

Nginx service binding domain name

The following is the procedure for configuring the Nginx service to bind a domain name. The Nginx program here uses Nginx installed through Yum as an example. You need to adjust it according to the actual situation.

  1. Run the following command to edit the NGINX configuration file:
     vi /etc/nginx/nginx.conf 
  2. Change the default "server {...}" configuration segment to the following content.
     server {
    listen 80 default_server;
    server_name www.example.com;
    root /home/web1;
    location / {
    }
    error_page 404 /404.html;
    location = /40x.html {
    }
    error_page 500 502 503 504 /50.xhtml;
    location = /50x.html {
    }
    }
    server {
    server_name www.aliyundoc.com;
    root /home/web2;
    location / {
    }
    error_page 404 /404.html;
    location = /40x.html {
    }
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
    }
    Note: This configuration provides the following two main objectives. You need to adjust the corresponding configuration content as needed.
    • When accessing the www.example.com address, it is equal to accessing the /home/web1 directory.
    • When accessing the www.aliyundoc.com address, it is equal to accessing the /home/web2 directory.
    You need to adjust the corresponding configuration content as needed.
  3. Press the Ecs key to exit the edit mode, enter the :wq to save and exit.
  4. Run the following command to restart the NGINX service:
    nginx -s reload

Tomcat service binding domain name

The following table shows the steps to configure the Tomcat service to bind domain names. Some of the Tomcat-related paths need to be adjusted according to the actual situation.

  1. Run the following command to edit the Tomcat configuration file:
    vi /[$Tomcat_Home]/conf/server.xml
    Note :[$Tomcat_Home] refers to the home directory of the Tomcat program.
  2. Find the following default configuration.
    62.png
  3. Change the preceding content to the following configuration.
     <Host name="localhost"    appBase="webapps"    unpackWARs="true"    autoDeploy="true">
    <Value className="org.apache.catalina.valves.AccessLogValue" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %c &quot;%r&quot; %s %b" />
    </Host>
    <Host name="www.example.com" appBase="/data/wwwroot/web" unpackWARs="true" autoDeploy="true">
    <Content path="" docBase="/data/wwwroot/web" debug="0" reloadable="false" crossContext="true" />
    <Value className="org.apache.catalina.valves.AccessLogValue" directory="logs" prefix="www.example.com_access_log." suffix=".txt" pattern="%h %l %u %c &quot;%r&quot; %s %b" />
    </Host>
    <Host name="www.aliyundoc.com" appBase="/data/wwwroot/default" unpackWARs="true" autoDeploy="true">
    <Content path="" docBase="/data/wwwroot/default" debug="0" reloadable="false" crossContext="true" />
    <Value className="org.apache.catalina.valves.AccessLogValue" directory="logs" prefix="www.aliyundoc.com_access_log." suffix=".txt" pattern="%h %l %u %c &quot;%r&quot; %s %b" />
    </Host>
    Note: This configuration provides the following two main objectives. You need to adjust the corresponding configuration content as needed.
    • When accessing the www.aliyundoc.com address, it is equal to accessing the /data/wwwroot/default directory.
    • When accessing the www.example.com address, it is equal to accessing the /data/wwwroot/web directory.
  4. Press the Ecs key to exit the edit mode, enter the :wq to save and exit.
  5. Run the following command to disable the Tomcat service:
     /[$Tomcat_Home]/bin/shutdown 
  6. Run the following command to start the Tomcat service:
     /[$Tomcat_Home]/bin/startup

Apache service binding domain name

The following are the steps to configure the Apache service to bind a domain name.

  1. Run the following command to go to the Apache site configuration file directory:
    cd /[$Apache_Home]/conf/vhosts/
    Note :[$Apache_Home] refers to the home directory of the Apache program.
  2. Run the vi test.conf command to create a new configuration file, press the i key to enter the edit mode, refer to the following configuration, and copy it to the test.conf file.
    Order allow,deny
    Deny from all
    DocumentRoot /alidata/www/test
    ServerName www.example.com
    ServerAlias example.com
    ErrorLog "/alidata/log/httpd/test-error.log"
    CustomLog "/alidata/log/httpd/test.log"
    Note: Modify the website domain name, website root directory, log file name, and directory.
  3. Run the following command to restart Apache:
    /[$Apache_Home]/bin/apachectl restart

Apache service configuration to implement multi-domain jump

Assume that the directory of the website is /var/www/html. The structure of the website directory is as follows.
63.png

To enable the virtual host function of Apache, refer to the following figure to configure the virtual host to the corresponding directory. After you modify
, you can achieve the following results.
64.png
65.png

  • When accessing the.example.com address, it is equal to accessing the /var/www/html/a directory.
  • When accessing the b.example.com address, it is equal to accessing the /var/www/html/b directory.
  • When accessing the c.example.com address, it is equal to accessing the /var/www/html/c directory.

Configure a second-level domain name for the Apache service

Before configuring a second-level domain name, you need to have a top-level domain name for wildcard domain name resolution, such as "aliyun.com".

  1. Enable the mod_rewrite module in Apache's httpd.conf configuration file.
  2. Add the following content to the end of the httpd.conf configuration file:
    RewriteEngine on
    RewriteMap lowercase int:tolower
    RewriteMap vhost txt:/usr/local/etc/apache/vhost.map
    RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$
    RewriteCond ${vhost:%1} ^(/.*)$
    RewriteRule ^/(.*)$ %1/$1
    Note: The /usr/local/etc/apache is the path where the Apache service configuration file is located. You need to modify it based on the actual situation.
  3. Run the vi vhost.map command in the /usr/local/etc/apache path to create a new file and copy the following content to the file.
    www.aliyun.com /usr/local/www/data-dist/aliyun
    bbs.aliyun.com /usr/local/www/data-dist/aliyunbbs
    anyname.aliyun.com /usr/local/www/data-dist/anyname
    Note: Keep the format of Domain Name + Space + Absolute Path.
  4. Create a website directory in the /usr/local/www/data-dist directory, such as example, demo, and learn. The effect of creating a directory is as follows.
    • When accessing the example.aliyundoc.com address, it is equal to accessing the /usr/local/www/data-dist/aliyun directory.
    • When accessing the demo.aliyundoc.com address, it is equal to accessing the /usr/local/www/data-dist/aliyunbbs directory.
    • When accessing the learn.aliyundoc.com address, it is equal to accessing the /usr/local/www/data-dist/anyname directory.
  5. You can modify the vhost.map to add, delete, or modify your second-level domain name and the actual path it points to. You do not need to restart the Apache service.

Apache prohibits unauthorized domain names from accessing websites on ECS instances

If the website on the ECS instance is maliciously pointed to, for example, the IP address of your instance is "192.168.0.1", the domain name of the normal service is "www.aliyundoc.com", and the malicious user uses another domain name, such as "www.example.net", points to "10.10.10.10". In this case, your website content will appear when you access the www.aliyundoc.com website. You can refer to the following content to solve this problem by using the virtual host function of Apache.

  1. The sample information involved here is as follows.
    Apache version number Websites on ECS instances
    2.2.15 http://www.aliyundoc.com/
    http://www.example.com/
  2. Refer to this command vi /etc/httpd/conf/httpd.conf to open the Apache configuration file and edit the following content:
    1. Add the following code to enable the host name-based virtual host feature for Apache.
      NameVirtualHost *:80
    2. Add the following code. If the host name accessed by the client is not in the domain name of the website set later, it will point to a 403 error page. The DocumentRoot is the directory where the error prompt page is placed. In this directory, a simple HTML page can be placed to indicate that the user is accessing an illegal domain name.
      <VirtualHost *:80>
      DocumentRoot /var/www/html/error/
      ServerName *
      ErrorLog logs/dummy-host.example.com-error_log
      CustomeLog logs/dummy-host.example.com-access_log common
      </VirtualHost>
    3. Add the following code. Inform Apache of a legal website host header that you need to modify the content of this code block according to the actual situation, such as "www.aliyundoc.com" and "www.example.com" in the example.
      <VirtualHost *:80>
      ServerAdmin admin@aliyundoc.com
      DocumentRoot /var/www/html/another/
      ServerName www.aliyundoc.com
      ErrorLog logs/www.aliyundoc.com-error_loh
      CustomLog logs/www.aliyundoc.com-access_log common
      </VirtualHost>
      <VirtualHost *:80>
      ServerAdmin admin@example.com
      DocumentRoot /var/www/html/
      ServerName www.example.com
      ErrorLog logs/www.example.com-error_loh
      CustomLog logs/www.example.com-access_log common
      </VirtualHost>
  3. Run the following command to restart Apache:
    /etc/httpd/bin/apachectl restart
  4. If you want other domain names to directly return 403 errors when visiting your website, you can modify step b in step 2 and change its code to the following.
    <VirtualHost *:80>
    DucumentRoot /var/www/html/error/
    ServerName *
    <Location>
    Order Allow, Deny
    Deny from all
    </Location>
    ErrorLog logs/dummy-host.example.com-error_log
    CustomLog logs/dummy-host.example.com-access_log commom
    </VirtualHost> 
  5. Restart the Apache service.

Applicable scope

  • Elastic Compute Service (ECS)