edit-icon download-icon

How to configure websites and bind domainnames for ECS Linux instances

Last Updated: Dec 24, 2017

Bind a domain name to Nginx service

Take a YUM-installed Nginx for example:

  1. Edit the Nginx configuration file, which is located at /etc/nginx/nginx.conf: modify the default server {...} according to the following figure:

    nginx

    The modified configuration means:

    1. Access requests to www.123.com will be directed to the /home/web1 directory.
    2. Access requests to www.abc.com will be directed to the /home/web2 directory.
  2. Restart the Nginx service.

Bind a domain name to Tomcat service

  1. Edit the Tomcat configuration file, which is located at TOMCAT_HOME/conf/server.xml. The TOMCAT_HOME is Tomcat installation directory.

    default_web

    default_web

  2. Modify the content in the two preceding figures according to the following figure:

    web

    The modified configuration means:

    1. Access requests to www.abc.com will be directed to the /data/wwwroot/default directory by default.
    2. Access requests to the server IP address 120.76.210.250 will be automatically directed to the /data/wwwroot/web directory.
  3. Restart the Tomcat server.

Bind a domain name to Apache service

Take an Apache environment configured by the one-click installer for example:

  1. Run cd /alidata/server/httpd/conf/vhosts/ to go to the site configuration file directory.

  2. Run vi aa.conf to create a new configuration file.

  3. Press the i key. Copy and paste the following content:

    1. Order allow,deny
    2. Deny from all
    3. DocumentRoot /alidata/www/test
    4. ServerName www.test.com
    5. ServerAlias test.com
    6. ErrorLog "/alidata/log/httpd/test-error.log"
    7. CustomLog "/alidata/log/httpd/test.log"

    Note: Make sure to change the log name to differentiate log information belonging to the website.

    Note: Edit with your target server name, for example, www.test.com.

  4. Run /alidata/server/httpd/bin/apachectl to restart Apache to test the settings.

Configure Apache service for navigation among multiple domain names

For example, the program directory is /var/www/html. Website directory structure is as follows:

QQscreenshot20150526204051.png

  1. Activate the Apache web hosting feature.
  2. Configure the corresponding web hosting to the directory. The Apache core configuration content is as follows:

    QQscreenshot20150526204100.png QQscreenshot20150526204124.png

The results are:

  • Access to a.example.com directs to the /var/www/html/a directory.
  • Access to b.example.com directs to the /var/www/html/b directory.
  • Access to c.example.com directs to the /var/www/html/c directory.

Configure a second-level domain name for Apache service

  1. Prepare a top-level domain with wildcard domain resolution, for example, alibabacloud.com.

  2. Enable the mod_rewrite module in httpd.conf.

  3. Add the following content at the end of httpd.conf:

    1. RewriteEngine on
    2. RewriteMap lowercase int:tolower
    3. RewriteMap vhost txt:/usr/local/etc/apache/vhost.map # Apache locates at **/usr/local/etc/apache**, you can change it if needed.
    4. RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$
    5. RewriteCond ${vhost:%1} ^(/.*)$
    6. RewriteRule ^/(.*)$ %1/$1
  4. Create a vhost.map file under the directory of the path: vhost.map, comply with the format of “domain name + space + bsolute path”.

    1. www.alibabacloud.com /usr/local/www/data-dist/alibabacloud
    2. bbs.alibabacloud.com /usr/local/www/data-dist/alibabacloudbbs
    3. anyname.alibabacloud.com /usr/local/www/data-dist/anyname

    Note: The preceding values are all in the format of “domain name+space+absolute path”.

  5. Create corresponding directories for alibabacloud, bbs, any name, or others under your website root directory /usr/local/www/data-dist.

    Access to www.alibabacloud.com in a browser will actually be accessing files under the /usr/local/www/data-dist/alibabacloud directory. Access to bbs.alibabacloud.com will actually be accessing files under the /usr/local/www/data-dist/alibabacloudbbs directory. You can create many other directories based on the instructions.

Besides, you can change vhost.map anytime to add, delete, or modify your second-level domain name and the actual path it points to without restarting Apache.

Forbid unauthorized domain name to access websites on ECS by Apache

Symptom: Your ECS websites is maliciously pointed to. For example, your ECS IP address is 123.123.123.123, and the domain name for normal service is www.abc.com. But a malicious user points www.fake.com to your website and points it to 123.123.123.123. As a result, your website content will show up when someone visits the www.fake.com domain name which does not belong to your website.

Scenario: Solve this problem alternatively through Apache web hosting.

Apache version Websites
2.2.15 http://t1.huigher.cn/
http://p1.huigher.cn/

Solution:

Note: The actual Apache configuration file path may vary. Check it before operation.

  1. Open the Apache configuration file at /etc/httpd/conf/httpd.conf by default in a CentOS system.
  2. Edit the configuration file:

    1. Add NameVirtualHost *:80 to notify Apache that the web hosting feature based on host name has been activated:

    2. Add the following codes. This step directs users to a 403 error page when the host header carried by the client is not within the website domain you’re about to configure, notifying users that the domain name is invalid.

      Note: DocumentRoot refers to the directory storing the error prompt page. You can place a simple HTML page in it to prompt users about the invalid domain name.

      1. <ViretualHost *:80>
      2. DocumentRoot /var/www/html/error/
      3. ServerName *
      4. ErrorLog logs/dummy-host.example.com-error_log
      5. CustomeLog logs/dummy-host.example.com-access_log common
      6. </ViretualHost>
  3. Add the following code to notify Apache of the valid website host header. Content of the code block can be modified according to your needs. Two websites are added to this instance: p1.huigher.cn and t1.huigher.cn.

    1. <VirtualHost *:80>
    2. ServerAdmin p1@huigher.cn
    3. DocumentRoot /var/www/html/another/
    4. ServerName p1.huigher.cn
    5. ErrorLog logs/p1.huigher.cn-error_loh
    6. CustomLog logs/p1.huigher.cn-access_log common
    7. </VirtualHost>
    8. <VirtualHost *:80>
    9. ServerAdmin t1@huigher.cn
    10. DocumentRoot /var/www/html/
    11. ServerName t1.huigher.cn
    12. ErrorLog logs/t1.huigher.cn-error_loh
    13. CustomLog logs/t1.huigher.cn-access_log common
    14. </VirtualHost>
  4. Restart Apache.

  5. Change the code in step 2 according to the following codes if you want to return a 403 error for access directed from other domain names:

    1. <VirtualHost *:80>
    2. DucumentRoot /var/www/html/error/
    3. ServerName *
    4. <Location>
    5. Order Allow, Deny
    6. Deny from all
    7. </Location>
    8. ErrorLog logs/dummy-host.example.com-error_log
    9. CustomLog logs/dummy-host.example.com-access_log commom
    10. </VirtualHost>
  6. Restart Apache, and accesses to the website directed from other domain names will receive the 403 error.

If the problem persists, log on to Alibaba Cloud community for free consultation, or contact Alibaba Cloud Marketplace sellers for help.

Thank you! We've received your feedback.