Back to home

Managing VirtualHosts with nine-manage-vhosts

  1. Introduction
  2. Background
  3. Publishing websites
  4. SSL certificates and encryption
  5. Analyze Access Logfiles (goaccess)
  6. Enhanced configuration


To distribute your website, your webserver needs so-called VirtualHost (or VHost for short) configuration entries to know where to get files, configurations, SSL certificates and so on. To manage these, we created nine-manage-vhosts.

nine-manage-vhosts is a modular application to handle both Apache and Nginx webservers and is compatible with our FTP management tool “FTPAdmin”.

You can display the helptext inclusing all options of this command with nine-manage-vhosts -h

Here is an example on how to list all configured VHosts on your server with nine-manage-vhosts after logging in through SSH:

www-data@server:$ sudo nine-manage-vhosts virtual-host list

DOMAIN      | USER     | WEBROOT                    | ALIASES
------------|----------|----------------------------|--------- | www-data | /home/www-data/ | | www-data | /home/www-data/ |     | www-data | /home/www-data/     |
            |          |                            |
            |          |                            |


When a new Managed Server gets handed over, you will usually receive an email with your login data, including credentials for the systemuser “www-data”, to login through SSH and SFTP, and for our new Cockpit customer interface (

To connect to your server, you will need a suitable program.

With a suitable SSH/SFTP program and the “www-data” user credentials you will be able to publish websites on your server. Here is a brief overview over some of the possible programs to connect through SSH/SFTP (not to be confused with FTP):

Operating system Program Functionality Website
Windows Filezilla SFTP, FTP
Putty SSH
Mac Filezilla SFTP, FTP
Cyberduck SFTP, FTP
Finder SFTP Included in OS
Terminal SSH Included in OS
Linux Filezilla SFTP, FTP
File manager (Nautilus, Dolphin etc.) SFTP, FTP Included in OS
Terminal SSH Included in OS

With an SFTP program, you will be able to access the filesystem on your server. After logging in, your program will usually start its work in the directory “/home/www-data”, where you will find a folder “logs”. There you will find access and error logs. The filenames start with the name of the according website, as shown below:

Uploaded Image

If user management is activated and a website was created by another user than www-data, you will find these logs in “/home/<user>/logs/”.

What is SSH/SFTP?

SSH is the de facto standard to remotely work on a Linux server. SSH (Secure Shell) is a protocol which offers you a safe, encrypted connection to the server’s command line and usually runs on port 22. It is used to run commands, e.g. to create folders or edit files, but is capable of much more.

SFTP stands for SSH File Transfer Protocol. The standard at is to use SFTP rather than other file transfer protocols such as FTP. So you can use the same credentials, your files will be transferred encrypted and you can connect to the same port.

Why not FTP?

As already mentioned, SFTP, as a subsystem inside the SSH server, uses encryption. Starting right at the login process, all data will be transferred encrypted, to protect you against any eavesdropping on the connection. This is important, especially if you are connected through a public or unencrypted WLAN.

If FTP is mandatory to you, we can offer you our “FTPAdmin”-tool for free. FTPAdmin is a webinterface where you can manage FTP users yourself. You can order it with a short mail to

Publishing websites

To access a website from anywhere in the world through the world wide web, the following requirements need to be met:

  • The DNS record needs to point to the server’s IP (you can use our free DNS system, manageable through our Cockpit. You need to set up and as nameservers for your domain name through your registrar for this)
  • The VirtualHost configuration needs to be created through nine-manage-vhosts
  • You need to upload a website to the server

This chapter contains information on how to use nine-manage-vhosts. You can run the shown commands on the command line through SSH.

VirtualHosts – add a website

In order to make a website available on the internet, certain configuration needs to be created so the webserver (e.g. Apache) knows where to look for files. This configuration parts are called VirtualHosts. You can create a VirtualHost for with the following command:

www-data@server:$ sudo nine-manage-vhosts virtual-host create
Virtual Host created:
To see the configuration, use: sudo nine-manage-vhosts virtual-host show

In the example above, you see the command prompt followed by the issued command and the output from nine-manage-vhosts. If you now issue sudo nine-manage-vhosts virtual-host show, you will see that an entry for and got created, pointing to the directory „/home/www-data/“ - which was created if it didn’t already exist -, where the website needs to be uploaded. The often used subdomain “www”. will be created by default.

DocumentRoots - relative path

When not pointed to a specific directory, the webserver will serve the index file (index.php, index.html, …) in the folder “/home/<user>/”. Some web applications might require special folders like “app” or “public” in order to work properly. In this case, you can use the option „–webroot“ when creating the VHost to tell the webserver to look in another folder. Here is an example to set this to the subfolder “app”:

www-data@server:$ sudo nine-manage-vhosts virtual-host create ↵
Virtual Host created:
To see the configuration, use: sudo nine-manage-vhosts virtual-host show

When looking at the configuration, this setting will be visible as “DocumentRoot”:

www-data@server:$ sudo nine-manage-vhosts virtual-host show [...]
DocumentRoot /home/www-data/ [...]

ServerAliases – same content on multiple (sub-)domains

Sometimes you might want to make content available through multiple domains or subdomains. A “ServerAlias” is just what you need in such a situation, because it would be a waste to create all the (sub)domains and copy the content. A ServerAlias is some kind of a pseudonym.

The example below creates such an ServerAlias, so incoming requests to will also be served from the VHost

www-data@server:$ sudo nine-manage-vhosts alias create ↵
Added to
List of aliases for

SSL certificates and encryption

Order certificates

You can order a certificate with a mail to, see for plans. If you already your own a certificate, contact our support for detailed instructions on how this works.

nine-manage-vhosts ships with the „default_snakeoil_https“ template for SSL-VHosts. When using it to create a VHost, the webserver will use the so-called “Snakeoil” certificate, which was automatically created and signed by the server itself. This can be used for encryption, however this “Snakeoil” certificate will generate a warning in your browser, because it wasn’t signed by a trusted authority.

If you want to use this “Snakeoil” SSL VHost template, have a look at the following example:

www-data@server:$ sudo nine-manage-vhosts virtual-host create ↵
Virtual Host created:
To see the configuration, use: sudo nine-manage-vhosts virtual-host show

Let’s Encrypt

Plese see nine-manage-vhosts with Let’s Encrypt for details.

Redirections from http to https

A redirection from HTTP to HTTPS can be accomplished through a .htaccess file. Place the file in the folder, where you want the redirection to happen. Watch out if you configured a custom DocumentRoot. The content of this .htaccess file would need to be:

RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L,QSA]

Analyze Access Logfiles (goaccess)

Real Time Access Logs

You can use goaccess on the command line to real-time observe the access logs of a specific vhost:

www-data@server:$ goaccess -f /home/www-data/logs/

Activate daily log analyzer

You can enable the daily log analyzer per vhost to produce monthly reports based on the logfiles of the vhost.

Keep in mind, that the process of generating reports out of access logfiles can be time and CPU resource intensive. So, do not activate this on all vhosts that you have on a server. It will generate a high load on the system if you have a lot vhosts with this job activated.

The cron jobs run per default in the morning, and produce the first result sets of yesterday’s logfiles.

www-data@server:$ sudo nine-manage-vhosts job enable goaccess

The logfiles of the domain will be “parsed” in the next morning through cronjobs, and after that every morning under the WEBROOT directory of the specific vhost.

Old months (in this example July 2019) can be “regenerated” using the following commands:

www-data@server:$ nine-goaccess-parse-data -c 201907 /home/www-data/

To access the generated goaccess monthly reports, several users can be generated:

www-data@server:$ nine-goaccess-set-pw -a user1 /home/www-data/
Enter new Password: 
Adding password for user user1

  Your GoAccess Password has been successfully set in the file:


  You can now login on the Webinterface and inspect the monthly reports using the following credentials:

  GoAccess URL:  http://<yourdomain>/goaccess/
  GoAccess User: user1

If you just activated the goaccess job, you need to wait for the next day initialization procedure when the access logs of yesterday are parsed and the first monthly report will be generated.
We add a timeout command in front of the goaccess parser of 20 minutes. That kills the jobs which are running for more than 20 minutes, to ensure that all statistics get through even if there is a massive logfile with lots of information in it to parse.

If the user1 already exists in the htpasswd file under /home/www-data/, the password can be “changed” using the same command above.

The users can also be deleted:

www-data@server:$ nine-goaccess-set-pw -d user1 /home/www-data/

Deactivate daily log analyzer

If you do not want to analyze the logfiles anymore, then you can easily deactivate the analyzer job and remove the directories (in the userspace) associated with it:

www-data@server:$ sudo nine-manage-vhosts job disable goaccess
www-data@server:$ rm -rvf ~www-data/
www-data@server:$ rm -rvf ~www-data/

Enhanced configuration


Besides the default and Let’s Encrypt templates there are two additional ones preinstalled named proxy and proxy_letsencrypt_https. These templates can be used to transform either the apache2 or nginx web server into a local reverse proxy.

With the template-variable PROXYPORT you can set a custom TCP port on localhost to which the web server will then proxy any traffic to.

An example command to create a simple proxy vhost:

www-data@server:$ sudo nine-manage-vhosts virtual-host create ↵
--template=proxy --template-variable PROXYPORT=8080
Virtual Host created:
To see the configuration, use: sudo nine-manage-vhosts virtual-host show

For making use of Let’s Encrypt you can use the ‘proxy_letsencrypt_’ template.

A common use case for these templates would be a tomcat application server running in user space and having the Apache web server proxy HTTP requests to Tomcat. Further information on this setup can be found in our tomcat documentation.

Some web applications require special configuration options. For example, the Python web framework Django always needs a WSGI configuration.
If you want a special template to be installed, send the configuration to We will check and install it for you.
Work will be charged at 180 CHF per hour.

To create a new virtual host with such a template, have a look at the following example:

www-data@server:$ sudo nine-manage-vhosts virtual-host create ↵
Virtual Host created:
To see the configuration, use: sudo nine-manage-vhosts virtual-host show

If you want to use pre-defined settings on an existing virtual host, you can apply a template to that virtual host:

www-data@server:$ sudo nine-manage-vhosts virtual-host update ↵

With the following command you can get a list of all available templates:

www-data@server:$ sudo nine-manage-vhosts template list

Didn't find what you were looking for?

Contact our support:

+41 44 637 40 40 Support Portal