Back to home

Managing VirtualHosts with nine-manage-vhosts

  1. Introduction
  2. Background
  3. Publishing websites
  4. SSL certificates and encryption
  5. Analyze Access Logfiles (goaccess)
  6. Enhanced configuration

Introduction

To distribute your website, your webserver needs so-called VirtualHost (or VHost for short) configuration entries to know where to get files, configurations, SSL certificates and so on. To manage these, we created nine-manage-vhosts.

nine-manage-vhosts is a modular application to handle both Apache and Nginx webservers and is compatible with our FTP management tool “FTPAdmin”.

Here is an example on how to list all configured VHosts on your server with nine-manage-vhosts after logging in through SSH:

www-data@server:$ sudo nine-manage-vhosts virtual-host list

DOMAIN      | USER     | WEBROOT                    | ALIASES
------------|----------|----------------------------|---------
example.org | www-data | /home/www-data/example.org | example.com
example.net | www-data | /home/www-data/example.net |
nine.ch     | www-data | /home/www-data/nine.ch     | subdomain.nine.ch
            |          |                            | webmail.nine.ch
            |          |                            | example.nine.ch

Background

When a new Managed Server gets handed over, you will usually receive an email with your login data, including credentials for the systemuser “www-data”, to login through SSH and SFTP, and for our new Cockpit customer interface (https://cockpit.nine.ch).

To connect to your server, you will need a suitable program.

With a suitable SSH/SFTP program and the “www-data” user credentials you will be able to publish websites on your server. Here is a brief overview over some of the possible programs to connect through SSH/SFTP (not to be confused with FTP):

Operating system Program Functionality Website
Windows Filezilla SFTP, FTP https://filezilla-project.org
WinSCP SFTP, FTP http://winscp.net/
Putty SSH http://www.putty.org/
Mac Filezilla SFTP, FTP https://filezilla-project.org
Cyberduck SFTP, FTP http://cyberduck.io/
Finder SFTP Included in OS
Terminal SSH Included in OS
Linux Filezilla SFTP, FTP https://filezilla-project.org
File manager (Nautilus, Dolphin etc.) SFTP, FTP Included in OS
Terminal SSH Included in OS

With an SFTP program, you will be able to access the filesystem on your server. After logging in, your program will usually start its work in the directory “/home/www-data”, where you will find a folder “logs”. There you will find access and error logs. The filenames start with the name of the according website, as shown below:

Uploaded Image

If user management is activated and a website was created by another user than www-data, you will find these logs in “/home/<user>/logs/”.

What is SSH/SFTP?

SSH is the de facto standard to remotely work on a Linux server. SSH (Secure Shell) is a protocol which offers you a safe, encrypted connection to the server’s command line and usually runs on port 22. It is used to run commands, e.g. to create folders or edit files, but is capable of much more.

SFTP stands for SSH File Transfer Protocol. The standard at nine.ch is to use SFTP rather than other file transfer protocols such as FTP. So you can use the same credentials, your files will be transferred encrypted and you can connect to the same port.

Why not FTP?

As already mentioned, SFTP, as a subsystem inside the SSH server, uses encryption. Starting right at the login process, all data will be transferred encrypted, to protect you against any eavesdropping on the connection. This is important, especially if you are connected through a public or unencrypted WLAN.

If FTP is mandatory to you, we can offer you our “FTPAdmin”-tool for free. FTPAdmin is a webinterface where you can manage FTP users yourself. You can order it with a short mail to support@nine.ch.

Publishing websites

To access a website from anywhere in the world through the world wide web, the following requirements need to be met:

  • The DNS record needs to point to the server’s IP (you can use our free DNS system, manageable through our Cockpit. You need to set up ns5.nine.ch and ns6.nine.ch as nameservers for your domain name through your registrar for this)
  • The VirtualHost configuration needs to be created through nine-manage-vhosts
  • You need to upload a website to the server

This chapter contains information on how to use nine-manage-vhosts. You can run the shown commands on the command line through SSH.

VirtualHosts – add a website

In order to make a website available on the internet, certain configuration needs to be created so the webserver (e.g. Apache) knows where to look for files. This configuration parts are called VirtualHosts. You can create a VirtualHost for example.org with the following command:

www-data@server:$ sudo nine-manage-vhosts virtual-host create example.org
Virtual Host created: example.org
To see the configuration, use: sudo nine-manage-vhosts virtual-host show example.org

In the example above, you see the command prompt followed by the issued command and the output from nine-manage-vhosts. If you now issue sudo nine-manage-vhosts virtual-host show example.org, you will see that an entry for example.org and www.example.org got created, pointing to the directory „/home/www-data/example.org“ - which was created if it didn’t already exist -, where the website needs to be uploaded. The often used subdomain “www”. will be created by default.

DocumentRoots - relative path

When not pointed to a specific directory, the webserver will serve the index file (index.php, index.html, …) in the folder “/home/<user>/”. Some web applications might require special folders like “app” or “public” in order to work properly. In this case, you can use the option „–webroot“ when creating the VHost to tell the webserver to look in another folder. Here is an example to set this to the subfolder “app”:

www-data@server:$ sudo nine-manage-vhosts virtual-host create example.org ↵
--webroot=/home/www-data/example.org/app
Virtual Host created: example.org
To see the configuration, use: sudo nine-manage-vhosts virtual-host show example.org

When looking at the configuration, this setting will be visible as “DocumentRoot”:

www-data@server:$ sudo nine-manage-vhosts virtual-host show example.org [...]
  ServerName example.org
  ServerAlias www.example.org
  ServerAlias example.org.server.nine.ch
DocumentRoot /home/www-data/example.org/app [...]

ServerAliases – same content on multiple (sub-)domains

Sometimes you might want to make content available through multiple domains or subdomains. A “ServerAlias” is just what you need in such a situation, because it would be a waste to create all the (sub)domains and copy the content. A ServerAlias is some kind of a pseudonym.

The example below creates such an ServerAlias, so incoming requests to example.net will also be served from the VHost example.org:

www-data@server:$ sudo nine-manage-vhosts alias create example.net ↵
--virtual-host=example.org
Added example.net to example.org.
List of aliases for example.org:
  example.net
  example.net.server.nine.ch
  www.example.net
  www.example.net.server.nine.ch

SSL certificates and encryption

Order certificates

You can order a certificate with a mail to support@nine.ch, see http://nine.ch/options/ssl for plans. If you already your own a certificate, contact our support for detailed instructions on how this works.

nine-manage-vhosts ships with the „default_snakeoil_https“ template for SSL-VHosts. When using it to create a VHost, the webserver will use the so-called “Snakeoil” certificate, which was automatically created and signed by the server itself. This can be used for encryption, however this “Snakeoil” certificate will generate a warning in your browser, because it wasn’t signed by a trusted authority.

If you want to use this “Snakeoil” SSL VHost template, have a look at the following example:

www-data@server:$ sudo nine-manage-vhosts virtual-host create example.org ↵
--template=default_snakeoil_https
Virtual Host created: example.org
To see the configuration, use: sudo nine-manage-vhosts virtual-host show example.org

Let’s Encrypt

Plese see nine-manage-vhosts with Let’s Encrypt for details.

Redirections from http to https

A redirection from HTTP to HTTPS can be accomplished through a .htaccess file. Place the file in the folder, where you want the redirection to happen. Watch out if you configured a custom DocumentRoot. The content of this .htaccess file would need to be:

RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L,QSA]

Analyze Access Logfiles (goaccess)

Real Time Access Logs

You can use goaccess on the command line to real-time observe the access logs of a specific vhost:

www-data@server:$ goaccess -f /home/www-data/logs/example.org.access.log

Activate daily log analyzer

You can enable the daily log analyzer per vhost to produce monthly reports based on the logfiles of the vhost.

Keep in mind, that the process of generating reports out of access logfiles can be time and CPU resource intensive. So, do not activate this on all vhosts that you have on a server. It will generate a high load on the system if you have a lot vhosts with this job activated.

The cron jobs run per default in the morning, and produce the first result sets of yesterday’s logfiles.

www-data@server:$ sudo nine-manage-vhosts job enable goaccess --virtual-host=example.org

The logfiles of the domain will be “parsed” in the next morning through cronjobs, and after that every morning under the WEBROOT directory of the specific vhost.

Old months (in this example July 2019) can be “regenerated” using the following commands:

www-data@server:$ nine-goaccess-parse-data -c 201907 example.org /home/www-data/example.org

To access the generated goaccess monthly reports, several users can be generated:

www-data@server:$ nine-goaccess-set-pw -a user1 /home/www-data/example.org
Enter new Password: 
Adding password for user user1

  Your GoAccess Password has been successfully set in the file:

  /home/www-data/example.org/goaccess/.htpasswd

  You can now login on the Webinterface and inspect the monthly reports using the following credentials:

  GoAccess URL:  http://<yourdomain>/goaccess/
  GoAccess User: user1

INFO: 
If you just activated the goaccess job, you need to wait for the next day initialization procedure when the access logs of yesterday are parsed and the first monthly report will be generated.
We add a timeout command in front of the goaccess parser of 20 minutes. That kills the jobs which are running for more than 20 minutes, to ensure that all statistics get through even if there is a massive logfile with lots of information in it to parse.

If the user1 already exists in the htpasswd file under /home/www-data/example.org/goaccess/.htpasswd, the password can be “changed” using the same command above.

The users can also be deleted:

www-data@server:$ nine-goaccess-set-pw -d user1 /home/www-data/example.org

Deactivate daily log analyzer

If you do not want to analyze the logfiles anymore, then you can easily deactivate the analyzer job and remove the directories (in the userspace) associated with it:

www-data@server:$ sudo nine-manage-vhosts job disable goaccess --virtual-host=example.org
www-data@server:$ rm -rvf ~www-data/example.org/goaccess
www-data@server:$ rm -rvf ~www-data/example.org/.goaccess

Enhanced configuration

Templates

Some web applications require special configuration options. For example, the Python web framework Django always needs a WSGI configuration.
If you want a special template to be installed, send the configuration to support@nine.ch. We will check and install it for you.
Work will be charged at 180 CHF per hour.

To create a new virtual host with such a template, have a look at the following example:

www-data@server:$ sudo nine-manage-vhosts virtual-host create example.org ↵
--template=django
Virtual Host created: example.org
To see the configuration, use: sudo nine-manage-vhosts virtual-host show example.org

If you want to use pre-defined settings on an existing virtual host, you can apply a template to that virtual host:

www-data@server:$ sudo nine-manage-vhosts virtual-host update example.org ↵
--template=default_example

With the following command you can get a list of all available templates:

www-data@server:$ sudo nine-manage-vhosts template list

Didn't find what you were looking for?

Contact our support:

+41 44 637 40 40 support@nine.ch