Mass Virtual Hosting in Web Server 7

The new variable substitution functionality in Sun Java System Web Server 7 makes mass virtual hosting much simpler.

Both Sun Java System Web Server and Apache HTTP Server allow you to configure multiple websites on a single server instance. In Web Server, you can create a new virtual server using the <virtual-server> element. In Apache, you can create a new virtual host using the <VirtualHost> container. Unfortunately, both constructs are relatively heavy weight. At a minimum, they require the following every time you add or remove a website:

  1. Add/remove multiple configuration directives to/from the main server configuration file
  2. Reconfigure (Web Server) or, worse, restart (Apache) the server process

In ISP environments where there may be thousands — or even hundreds of thousands — of websites served by a single server instance, these can become significant drawbacks.

If you're deploying a large number of simple websites, you may wish to instead configure a single virtual server that can dynamically serve content for different websites. In Apache, you can do this using the mod_rewrite RewriteCond and RewriteRule directives in the httpd.conf configuration file. In Sun Java System Web Server 7, you can do this using the new parameter interpolation functionality that's built into the obj.conf configuration file.

Host-specific document roots using variables

At the most basic level, parameter interpolation means you can include variables in obj.conf parameters. For example, you can embed the $urlhost variable in a parameter to set the document root based on the website the web browser requested:

NameTrans fn="document-root" root="/var/websites/$urlhost"

If you add the above directive to obj.conf, Web Server will return files from /var/websites/www.sun.com when a web browser requests www.sun.com and files from /var/websites/elving.com when a web browser requests elving.com.

Case-insensitivity with the lc expression function

Unfortunately, if a web browser requests wwW.suN.coM, the above directive instructs Web Server to look for /var/websites/wwW.suN.coM. That's probably not what you want. Fortunately, parameter interpolation also allows to embed expressions in parameters, and expressions can call the lc() function to convert values to lowercase. Here's an example:

NameTrans fn="document-root" root="/var/websites/$(lc($urlhost))"

Finishing touches with the <If> tag

For the really heavy lifting, we need to break out the <If> tag. Last week, I wrote about how the new <If> tag is useful for redirects. Well, it's also useful for mapping URLs to file system paths. For example, suppose www.sun.com, w3.sun.com, and sun.com should all map to the same directory. This is easily done with a regular expression and the <If> tag:

<If $urlhost =~ '\^(?i)(www\\.|w3\\.|)([\^/\\\\]\*)$'>
NameTrans fn="document-root" root="/var/websites/$(lc($2))"
</If>

Here, (?i) makes the regular expression case insensitive and (www\\.|w3\\.|) indicates we want to separate out any leading www. or w3.. We use ([\^/\\\\]\*) instead of (.\*) to guard against malicious users who might supply a bogus Host: header field that contains multiple path segments separated by slashes. The result of the regular expression match is stored in the variables $1 and $2. $2 contains the part we're interested in, the domain name minus any www. or w3. prefix.

With this magic in obj.conf, Web Server will return files from /var/websites/sun.com whenever a web browser requests www.sun.com, w3.sun.com, or sun.com.

Next?

There's still lots more that <If> can do. If you've got a web server configuration task you think <If> might be able to solve, by all means ask me about it here or head over to the Web Server forum to talk about it with others.

P.S. Did I mention that the Sun Java System Web Server 7 Technology Preview is free?

Comments:

I assume it handles the case where the request is: GET /passwd HTTP/1.1 Host: ../../etc

Posted by Mikael Gueck on May 21, 2006 at 11:18 PM PDT #

Yeah, the final example will reject such Host: header fields outright because the ([\^/\\\\]\*) capturing subpattern will not match "../../etc".

Even in the earlier examples where no <If> tag or regular expression were used, a Host: header field of the form "../../etc" will end up being rejected by PathCheck fn="unix-uri-clean" (or PathCheck fn="nt-uri-clean"), which is part of every Web Server configuration by default. Because unix-uri-clean takes care of "..", the real danger in allowing a Host: header value is the potential to circumvent URI-based ACLs. For example, an ACL on /private/file.html could be bypassed by requesting /file.html with a Host: header of www.example.com/private. Again, though, the final example addresses this problem by rejecting Host: header fields that contain slashes.

Posted by Chris Elving on May 21, 2006 at 11:35 PM PDT #

Chris, One more question about virtuals: In version 7 obj.conf is it possible to use include files like in apache httpd.conf? i.e. something like "include config/virtualhosts/virtual1" This way it is easier to keep "standard" obj.conf format and let the individual users manage their own "virtuals" independently.

Posted by ttalex on May 31, 2006 at 11:31 PM PDT #

No, it's still not possible to include one obj.conf inside another. However, if you want to give each virtual server user the ability to edit their own obj.conf, simply give each virtual server its own obj.conf file:

<virtual-server>
  <name>foo.com</name>
  <host>foo.com</host>
  <http-listener-name>http-listener-1</http-listener-name>
  <document-root>/home/foo.com/docs</document-root>
  <object-file>/home/foo.com/config/obj.conf</object-file>
</virtual-server>

<virtual-server>
  <name>bar.com</name>
  <host>bar.com</host>
  <http-listener-name>http-listener-1</http-listener-name>
  <document-root>/home/bar.com/docs</document-root>
  <object-file>/home/bar.com/config/obj.conf</object-file>
</virtual-server>

Am I overlooking some reason why that wouldn't work for you?

Posted by Chris Elving on June 01, 2006 at 08:39 AM PDT #

Thanks a lot! That's definitely possible! I think <object-file> was already enabled as of V6.0...

Posted by ttalex on June 05, 2006 at 06:16 PM PDT #

I have configured sun webserver 6.1 sp8

one website is running on default port 80
another website is running on port 6666

In the browser If I type abc.com it going to applicaton running on port 80

I want abc.com to see port 6666 and my requirement is not to have port no at the end of URL
ie www.abc.com:6666

Thanks & Regards
Madhu

Posted by madhu on November 20, 2007 at 09:23 PM PST #

Hi,

How is security handled with this server. The JVM leaves a lot of potential security loopholes open. Does this server provide a good way to allow java code, while still protecting the server.

Also, I know about the security manger. Resin and Tomcat implement the security manger to control malicious code, but that makes the server signicantly slower. If this uses the security manager does it also have the same slowness as the others. Simply put, does the security manager have the same negative slowness regardless of the Java Web Server used?

Posted by Joey on February 12, 2008 at 02:54 AM PST #

Hi, We tried migrating webserver 6 to webserver 7 but we faced lots of performance issues and the server 7 does not start. it complains about lack of java heap size and number of threads .. although we used the same parameters as webserver 6 and we used to migration script provided by SUN.

the problem is that we have 3000+ hosted domains that were running fine on 6 but on 7 they do not start .. the maximum number of virtual servers we were able to start the server with is around 2000

we have 2G machine

Posted by Nabil Boudiab on March 06, 2008 at 05:54 PM PST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

elving

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today