All Products
Search
Document Center

How to bind domain names to Web services in Linux instances

Last Updated: Dec 15, 2020

Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.

 

Introduction

This article describes how to bind a domain name to a Linux instance in Web services.

 

Background

Alibaba Cloud reminds you that:

  • Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
  • If you modify the configurations and data of instances including but not limited to ECS and RDS instances, we recommend that you create snapshots or enable RDS log backup.
  • If you have authorized or submitted security information such as the logon account and password in the Alibaba Cloud Management console, we recommend that you modify such information in a timely manner.

This article describes Linux kernel parameters from the following aspects, you can refer to them as needed.

 

Bind a domain name to the Nginx service

The following example shows how to bind a domain name to the Nginx service. In this example, the Nginx application is installed through Yum. You need to modify the configuration as needed.

  1. Run the following command to edit the Nginx configuration file:
     vi /etc/nginx/nginx.conf 
  2. Set the default "server {...}" Change the configuration section to the following content.
     server {
    listen 80 default_server;
    server_name www.123.com;
    root /home/web1;
    location / {
    }
    error_page 404 /404.html;
    location = /40x.html {
    }
    error_page 500 502 503 504 /50.xhtml;
    location = /50x.html {
    }
    }
    server {
    server_name www.abc.com;
    root /home/web2;
    location / {
    }
    error_page 404 /404.html;
    location = /40x.html {
    }
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
    }
    Note: the configuration here mainly implements the following two purposes. Adjust the configurations as needed.
    • Accessing the www.123.com address is equal to accessing the /home/web1 directory.
    • Accessing the www.abc.com address is equal to accessing the /home/web2 directory.
    Adjust the configurations as needed.
  3. Press the Ecs key to exit the edit mode, and enter : WQ to save and exit.
  4. Run the following command to restart the Nginx service:
    nginx -s reload

 

Bind a domain name to the Tomcat service

The following are the steps to configure the domain name bound to the Tomcat service. Some of the paths related to Tomcat need to be adjusted as needed.

  1. Run the following command to modify the Tomcat configuration file:
    vi /[$Tomcat_Home]/conf/server.xml
    Note:[$Tomcat_Home] indicates the home directory of Tomcat. The actual directory is used on site.
  2. Find the following default configuration.
    62.png
  3. Modify the preceding content as follows:
     <Host name="localhost"    appBase="webapps"    unpackWARs="true"    autoDeploy="true">
    <Value className="org.apache.catalina.valves.AccessLogValue" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %c &quot;%r&quot; %s %b" />
    </Host>
    <Host name="www.123.com" appBase="/data/wwwroot/web" unpackWARs="true" autoDeploy="true">
    <Content path="" docBase="/data/wwwroot/web" debug="0" reloadable="false" crossContext="true" />
    <Value className="org.apache.catalina.valves.AccessLogValue" directory="logs" prefix="www.123.com_access_log." suffix=".txt" pattern="%h %l %u %c &quot;%r&quot; %s %b" />
    </Host>
    <Host name="www.abc.com" appBase="/data/wwwroot/default" unpackWARs="true" autoDeploy="true">
    <Content path="" docBase="/data/wwwroot/default" debug="0" reloadable="false" crossContext="true" />
    <Value className="org.apache.catalina.valves.AccessLogValue" directory="logs" prefix="www.abc.com_access_log." suffix=".txt" pattern="%h %l %u %c &quot;%r&quot; %s %b" />
    </Host>
    Note: the configuration here mainly implements the following two purposes. Adjust the configurations as needed.
    • When accessing the www.abc.com address, it is equal to accessing the /data/wwwroot/default directory.
    • When accessing the www.123.com address, it is equal to accessing the /data/wwwroot/web directory.
  4. Press the Ecs key to exit the edit mode, and enter : WQ to save and exit.
  5. Run the following command to disable the Tomcat service:
     /[$Tomcat_Home]/bin/shutdown 
  6. Run the following command to start the Tomcat service:
     /[$Tomcat_Home]/bin/startup

 

Apache service binding domain name

Follow these steps to configure a domain name for the Apache service.

  1. Run the following command to go to the Apache site configuration file directory.
    cd /[$Apache_Home]/conf/vhosts/
    Note:[$Apache_Home] indicates the home directory of the Apache application. The actual directory is used on site.
  2. Run the vi test.conf command to create a configuration file. Press i to enter the editing mode, and copy the configuration shown in the following figure to the test.conf file.
    Order allow,deny
    Deny from all
    DocumentRoot /alidata/www/test
    ServerName www.test.com
    ServerAlias test.com
    ErrorLog "/alidata/log/httpd/test-error.log"
    CustomLog "/alidata/log/httpd/test.log"
    Note: modify the website configuration, such as the website domain name, website root directory, and log file name and directory, as needed.
  3. Run the following command to restart Apache:
    /[$Apache_Home]/bin/apachectl restart

 

Configure Apache to redirect traffic between multiple domain names

Suppose the Directory of the website is /var/www/html, and the directory structure of the website is as follows.
63.png

Enable the virtual host function of Apache, and configure the virtual host to the corresponding directory. See.
64.png
65.png
After the modification, the following effects can be achieved.

  • Accessing the.xxxx.com address is equal to accessing the /var/www/html/a directory.
  • When accessing the b.xxxx.com address, it is equal to accessing the /var/www/html/b directory.
  • When accessing the c.xxxx.com address, it is equal to accessing the /var/www/html/c directory.

 

Configure the second-level domain name of an Apache service

Before you configure a second-level domain name based on the following steps, you must configure a top-level domain for wildcard domain resolution, such as aliyun.com.

  1. Enable the mod_rewrite module in the httpd.conf configuration file of Apache.
  2. Add the following content to the end of the httpd.conf configuration file.
    RewriteEngine on
    RewriteMap lowercase int:tolower
    RewriteMap vhost txt:/usr/local/etc/apache/vhost.map
    RewriteCond ${lowercase:%{SERVER_NAME}} ^(. +)$
    RewriteCond ${vhost:%1} ^(/. *)$
    RewriteRule ^/(. *)$ %1/$1
    Note: /usr/local/etc/apache is the path of the Apache service configuration file. Modify the path as needed.
  3. In the /usr/local/etc/apache path, run the vi vhost.map command to create a file and copy the following content to the file.
    www.aliyun.com /usr/local/www/data-dist/aliyun
    bbs.aliyun.com /usr/local/www/data-dist/aliyunbbs
    anyname.aliyun.com /usr/local/www/data-dist/anyname
    Note: note that you need to maintain the domain name.+Space+The format of the absolute path.
  4. Create corresponding website directories, such as aliyun, bbs, and anyname, in the /usr/local/www/data-dist directory. After the directory is created, the results are as follows.
    • When the www.aliyun.com address is accessed, the path is equal to the destination directory.
    • When the bbs.aliyun.com address is accessed, the path is equal to the destination directory.
    • When the anyname.aliyun.com address is accessed, the path is equal to the destination directory.
  5. You can add or delete your second-level domain name and its specific path by modifying vhost.map without the need to restart Apache.

 

Apache prohibits unauthorized domain names from accessing websites on ECS instances

If a website on an ECS instance is malicious users pointing to, for example, your instance IP address is 123.123.123, your normal service domain name is www.abc.com, or the malicious users use other domain names such as www.fake.com, your website content is displayed when you access www.fake.com website. You can refer to the following content to solve this problem by using the web hosting feature of Apache.

  1. The following is an example of the information involved.
    Apache version Websites hosted on ECS instances
    2.2.15 http://www.abc.com/
    http://www.123.com/
  2. Follow the instructions to open the Apache configuration file and edit the file according to the following information.
    1. Add the following code to enable the hostname-based virtual host function for Apache.
      NameVirtualHost *:80
    2. Add the following code. When the Host name that the client accesses does not fall within the website domain name, a 403 error page appears. DocumentRoot is the directory where the error prompt page is placed. In this directory, a simple HTML page can be placed to prompt users to access invalid domain names.
      <VirtualHost *:80>
      DocumentRoot /var/www/html/error/
      ServerName *
      ErrorLog logs/dummy-host.example.com-error_log
      CustomeLog logs/dummy-host.example.com-access_log common
      </VirtualHost>
    3. Add the following code. Apache's valid website host header. You must modify the code block content as needed, such as "www.abc.com" and "www.123.com" in the example.
      <VirtualHost *:80>
      ServerAdmin admin@abc.com
      DocumentRoot /var/www/html/another/
      ServerName www.abc.com
      ErrorLog logs/www.abc.com-error_loh
      CustomLog logs/www.abc.com-access_log common
      </VirtualHost>
      <VirtualHost *:80>
      ServerAdmin admin@123.com
      DocumentRoot /var/www/html/
      ServerName www.123.com
      ErrorLog logs/www.123.com-error_loh
      CustomLog logs/www.123.com-access_log common
      </VirtualHost>
  3. Run the following command to restart Apache:
    /etc/httpd/bin/apachectl restart
  4. If you want other domain names to return 403 errors directly when accessing your website, you can modify step b in step 2 to change its code to the following content.
    <VirtualHost *:80>
    DucumentRoot /var/www/html/error/
    ServerName *
    <Location>
    Order Allow, Deny
    Deny from all
    </Location>
    ErrorLog logs/dummy-host.example.com-error_log
    CustomLog logs/dummy-host.example.com-access_log commom
    </VirtualHost> 
  5. Restart the Apache service.

 

Application scope

  • ECS