13104
Comment: mention domNoDefaultAlias
|
← Revision 77 as of 2022-02-10 16:18:48 ⇥
20374
added example of using external mailserver
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
[[TableOfContents()]] | <<TableOfContents>> |
Line 9: | Line 9: |
If you just want to declare your domain with a `www.yourdomain` virtual host serving out of `~/public_html/` and all mail forwarded to your mailbox, use: {{{dom "yourdomain" with end;}}} Or, if you don't want all mail to be forwarded to your mailbox, use `domNoDefaultAlias` instead of `dom`. See sections below for additional e-mail configuration. |
If you just want to declare your domain with a `www.yourdomain` virtual host serving out of `~/public_html/` and `your-hcoop-username@yourdomain` mail forwarded to your mailbox, use: {{{ dom "yourdomain" with end;}}} Or, if you don't want any mail to be forwarded to your mailbox, use: {{{ dom "yourdomain" where DefaultAlias = false; with end;}}} |
Line 18: | Line 25: |
{{{dom "yourdomain" with | {{{ dom "yourdomain" with |
Line 27: | Line 36: |
{{{dom "yourdomain" where | {{{ dom "yourdomain" where |
Line 40: | Line 51: |
== Model T with redirect from www.yourdomain to yourdomain == To redirect all URLs from http://www.mydomain/some/path/ to http://mydomain/some/path/ you need to disable the automatic creation of the www host, and then create it manually specifying a permanent redirect rule. {{{ dom "mydomain.com" where CreateWWW = false; with vhostDefault with end; web "www" with rewriteRule "^(.*)$" "http://mydomain.com$1" [redirectWith permanent] end; end;}}} |
|
Line 43: | Line 70: |
{{{dom "yourdomain" where | {{{ dom "yourdomain" where |
Line 47: | Line 76: |
Line 49: | Line 79: |
== Subdomain Redirection == This example aliases a subdomain and redirects it to the "www" virtual host. This means that when accessing yourSubdomain.yourdomain.com you will actually be receiving content defined by www.yourdomain.com. {{{ dom "yourdomain.com" where CreateWWW = false with dnsIP "yourSubdomain" web_ip; web "www" with serverAlias "yourSubdomain" end end;}}} |
|
Line 51: | Line 94: |
The lowest-level way of configuring a domain is the `domain` directive, which does nothing but set up basic DNS parameters and provide a space for including further directives: {{{domain "yourdomain" with |
The lowest-level way of configuring a domain is the `domain` directive, which does nothing but set up basic DNS parameters and provide a space for including further directives. '''You shouldn't use the `domain` directive unless you really know what you're doing when it comes to Internet protocols, and you have a good reason not to like the defaults that `dom` includes.''' {{{ domain "yourdomain" with |
Line 58: | Line 103: |
Here's a tour through the available DNS features. {{{domain "yourdomain" with |
Here's a tour through the available DNS features. You probably don't want to use any `nameserver`, `dnsDefault`, or `dnsMail` directives in your configuration, since `dom` will include the proper defaults for you. It's worth reminding that you probably shouldn't use the `domain` directive. We only use it here for illustrative purposes. {{{ domain "yourdomain" with |
Line 64: | Line 110: |
Line 67: | Line 112: |
Line 70: | Line 114: |
Line 73: | Line 116: |
Line 76: | Line 118: |
Line 80: | Line 121: |
(* Add an IP mapping with an abnormally low time-to-live of 100 *) | (* Add an IP mapping with an abnormally low time-to-live of 100, see the section about dynamic DNS below *) (* IPv6 alternatives to some of the above *) dnsIPv6 "host" "1111:2222:3333:4444:5555:6666:7777:8888"; dnsDefaultv6 "1111:2222:3333:4444:5555:6666:7777:8888"; (* Map every remaining hostname to 2.2.2.2. *) dnsWildcardIP "2.2.2.2"; |
Line 85: | Line 131: |
This example shows how to configure mail handling for a domain that is primarily hosted off of HCoop: {{{domain "yourdomain" where |
This example shows how to configure mail handling for a domain that is primarily hosted off of HCoop. We only use `domain` instead of `dom` because `dom` already includes the `handleMail` directive that we want to demonstrate. {{{ domain "yourdomain" where |
Line 93: | Line 140: |
Line 95: | Line 143: |
{{{domain "yourdomain" with | We only use `domain` instead of `dom` because `dom` already includes the `handleMail` directive that we want to demonstrate. {{{ domain "yourdomain" with |
Line 98: | Line 149: |
Line 101: | Line 151: |
Line 104: | Line 153: |
Line 107: | Line 155: |
Line 110: | Line 157: |
Line 112: | Line 158: |
(* Send all yourdomain mail that doesn't match some local user or other special rule to user me *) catchAllAlias "me"; |
|
Line 116: | Line 159: |
addDefaultSPF; (* Only allow mail to be sent through your MX, typically mail.hcoop.net. *) end;}}} == External Mailserver == Using an external mailserver is possible by adding manual DNS records. {{{ dom "yourdomain" where AddMX = false; (* Removes default mail.hcoop.net DNS record. *) with dnsMail 10 "mail.externalmailserver.com"; dnsMail 50 "mail2.externalmailserver.com"; dnsDefaultText "v=spf1 include:_mailcust.externalmailserver.com ?all"; (* Sets TXT record for verification. *) |
|
Line 120: | Line 177: |
`.htaccess` files are not processed on our servers for security reasons, as explained on [[DomTool/WhyNoHtaccess]]. See the examples below to learn how to use Apache features that are often controlled with `.htaccess` files. == The Default == The standard `dom` directive gives you a web site at `www.yourdomain` and `yourdomain`, pulling content from your `~/public_html` directory. {{{ dom "yourdomain" with end; }}} == Extending the Default == You can tweak the configuration for your domain's `www` virtual host like this: {{{ dom "yourdomain" where DocumentRoot = home "somewhere/else"; (* Serve static content from ~/somewhere/else. *) WWW = begin (* Here you can put any of the web configuration directives found in the sections below. *) end with (* ...and you can still put other domain configuration here. *) end }}} == Simple Additional Web Sites == It's easy to add extra web sites to your domain when they just serve static content from subdirectories of your home directory: {{{ dom "yourdomain" with simpleWeb "site1" "sites/site1"; (* This creates a web virtual host site1.yourdomain, serving content from ~/sites/site1. *) simpleWeb "site2" "sites/site2"; end }}} |
|
Line 122: | Line 218: |
{{{domain "yourdomain" with web "www" with (* This is a web host found at www.yourdomain. *) end; end;}}} Note that the `web` directive also adds the right DNS mapping for your virtual host. |
Now we come to the `web` directive, which should be your main tool for creating additional virtual vhosts with custom configuration. {{{ dom "yourdomain" with web "mywebhost" with (* This is a web host found at mywebhost.yourdomain. *) end; end;}}} Note that the `web` directive also adds the right DNS mapping for your virtual host. '''Never use `web "www"` within a `dom` directive.''' Instead, see the examples at the beginning of the Apache section. All of the directives demonstrated in the rest of the Apache section can be used between the `begin` and `end` demonstrated in that example. |
Line 132: | Line 231: |
{{{domain "yourdomain" with vhost "www" with end; end;}}} This one doesn't add any DNS mappings. |
{{{ dom "yourdomain" with vhost "mywebhost" with end; end;}}} This one doesn't add any DNS mappings. '''You probably never want to use `vhost` instead of `web`.''' == The Top-Level Do-It-Yourself == The same can also be done to create a vhost accessible via `http://yourdomain/`. {{{ dom "yourdomain" with vhostDefault with end; end;}}} |
Line 141: | Line 251: |
{{{domain "yourdomain" with web "www" where |
{{{ dom "yourdomain" with web "mywebhost" where |
Line 148: | Line 259: |
== Using SSL == For this example, we assume that you've applied for and been granted permissions on the SSL certificate `/etc/apache2/ssl/user/yourdomain.pem` and the IP address `1.2.3.4` on mire. {{{domNoWww "yourdomain" with webAtIp "1.2.3.4" "www" where |
== Using SSL (HTTPS) == For this example, we assume that you've applied for and been granted permissions on the SSL certificate `/etc/apache2/ssl/user/yourdomain.pem`. {{{ dom "yourdomain.com" where CreateWWW = false; with web "www" where |
Line 159: | Line 273: |
Here's how to do it with just a {{{vhost}}}. {{{domain "yourdomain" with vhost "www" where WebPlaces = [web_place web_node "1.2.3.4"]; SSL = use_cert "/etc/apache2/ssl/user/yourdomain.pem" |
== Allowing non-secure & secure connection with same behaviour == If you want to enable ssl and force a redirect from http to https, the `webSsl` directive can handle this for you in most cases. The example below is stripped of all extra settings on the "www" web directive. If you have any special settings, they should be copied as well. {{{ dom "yourdomain.com" where CreateWWW = false; DocumentRoot = home "websites/yourdomain.com" with webSsl "www" (use_cert "/etc/apache2/ssl/user/yourdomain.pem") with end; end; }}} If you want to allow both http and https with the same configuration instead, you can set the `ForceSSL` environment variable to false. {{{ dom "yourdomain.com" where CreateWWW = false; DocumentRoot = home "websites/yourdomain.com" with webSsl "www" (use_cert "/etc/apache2/ssl/user/yourdomain.pem") where ForceSSL = false |
Line 167: | Line 300: |
end;}}} | end; }}} |
Line 171: | Line 305: |
{{{domain "yourdomain" with web "www" where |
{{{ dom "yourdomain" with web "mywebhost" where |
Line 185: | Line 320: |
{{{domain "yourdomain" with web "www" with |
{{{ dom "yourdomain" with web "mywebhost" with |
Line 193: | Line 329: |
Line 198: | Line 333: |
Line 206: | Line 340: |
{{{domain "yourdomain" with web "www" with |
{{{ dom "yourdomain" with web "mywebhost" with |
Line 212: | Line 347: |
Line 217: | Line 351: |
location "/cgi-bin" with options [execCGI]; cgiExtension "cgi" end; (* Any path like /cgi-bin/*.cgi should be executed as a CGI script. *) |
|
Line 222: | Line 361: |
{{{domain "yourdomain" with web "www" with |
{{{ dom "yourdomain" with web "mywebhost" with |
Line 227: | Line 367: |
Line 230: | Line 369: |
Line 236: | Line 374: |
Note that you must have domtool configuration rights to all domains you name with `serverAlias`. | Note that you must have Domtool configuration rights to all domains you name with `serverAlias`. See the example "Attack of the Model T Clones" for a more convenient way of duplicating all of a domain's configuration for one or more other domains. |
Line 240: | Line 378: |
{{{domain "yourdomain" with web "www" with |
{{{ dom "yourdomain" with web "mywebhost" with |
Line 244: | Line 383: |
Line 247: | Line 385: |
unset_options [indexes]; (* Change our mind about including indexes *) |
unset_options [followSymLinks]; (* Ask not to follow symbolic links. *) |
Line 253: | Line 389: |
Line 256: | Line 391: |
Line 259: | Line 393: |
Line 263: | Line 396: |
Line 266: | Line 398: |
Line 274: | Line 405: |
{{{domain "yourdomain" with vhost "www" with |
{{{ dom "yourdomain" with web "mywebhost" with |
Line 279: | Line 411: |
Line 282: | Line 413: |
Line 285: | Line 415: |
Line 288: | Line 417: |
Line 291: | Line 419: |
Line 294: | Line 421: |
Line 298: | Line 424: |
location "/loc2"; |
location "/loc2" with |
Line 303: | Line 428: |
Line 306: | Line 430: |
Line 309: | Line 432: |
Line 318: | Line 440: |
{{{domain "yourdomain" with web "www" with |
{{{ dom "yourdomain" with web "mywebhost" with |
Line 322: | Line 445: |
Line 325: | Line 447: |
Line 328: | Line 449: |
Line 336: | Line 456: |
{{{domain "yourdomain" with web "www" with |
{{{ dom "yourdomain" with web "mywebhost" with |
Line 340: | Line 461: |
Line 343: | Line 463: |
Line 345: | Line 464: |
(* Turn on some more logging for rewrite debugging in /afs/hcoop.net/usr/$USER/apache/log/$NODE/www.yourdomain/rewrite.log *) | (* Turn on some more logging for rewrite debugging in /afs/hcoop.net/usr/$USER/apache/log/$NODE/www.yourdomain/error.log *) rewriteCond "%{REQUEST_FILENAME}" "-f" [cond_nocase, ornext]; (* An example of Apache's RewriteCond directive *) rewriteRule "/a.html" "http://a/b.html" [gone, chain, skip 5]; (* An example of specifying multiple rewrite flags *) |
Line 351: | Line 474: |
{{{domain "yourdomain" with vhost "www" with |
{{{ dom "yourdomain" with web "mywebhost" with |
Line 355: | Line 479: |
Line 358: | Line 481: |
proxyRewrite "/foo/(.*)$" "bar/$1" "http://localhost:5555" [qsappend]; (* Proxy path matching /foo/(.*)$ to http://localhost:5555/bar/$1, using mod_rewrite *) proxyPassReverse "/foo/" "http://localhost:5555/"; (* Adjust Location and other HTTP headers appropriately for the above proxying *) end; end;}}} == SSI == {{{ dom "yourdomain" with web "mywebhost" with set_options [includesNOEXEC]; (* Or you could enable it for just some URIs: *) location "/ssi_world" with set_options [includesNOEXEC]; end; |
|
Line 366: | Line 507: |
* Set up a web interface at {{{http://lists.yourdomain/listinfo}}}, which contains a general overview of the lists that you own, and permits you to administer them. | * Set up a web interface at {{{http://lists.yourdomain/listinfo}}}, which contains a general overview of the lists that you own and permits you to administer them. |
Line 369: | Line 510: |
{{{dom "yourdomain" with | {{{ dom "yourdomain" with |
Line 380: | Line 522: |
{{{dom "yourdomain" with | {{{ dom "yourdomain" with |
Line 383: | Line 526: |
with | |
Line 388: | Line 532: |
{{{dom "yourdomain" with | {{{ dom "yourdomain" with |
Line 391: | Line 536: |
Line 402: | Line 546: |
When installing Wordpress, you most likely want to [[http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion|install using subversion]]. The web based updater is inherently insecure, and your life will be much easier if you use subversion to track changes in Wordpress. |
|
Line 404: | Line 550: |
{{{dom "yourdomain" with wordPress "myblog" |
{{{ dom "yourdomain" with wordPress "myblog" where DocumentRoot = home "path/to/wordpress" end (* Creates a WordPress blog at http://myblog.yourdomain/ *) |
Line 407: | Line 557: |
Line 410: | Line 559: |
=== If the Blog is Your Entire Site === {{{ dom "yourdomain.com" where DocumentRoot = home "path/to/wordpress"; WWW = begin addWordPress "/"; end; (* Creates a WordPress blog at http://www.yourdomain.com/ *) with end;}}} Again, make sure you have the Word``Press distribution installed at the appropriate `DocumentRoot`. |
|
Line 412: | Line 574: |
{{{dom "yourdomain" with | {{{ dom "yourdomain" with |
Line 415: | Line 578: |
Line 420: | Line 582: |
Make sure you have the Word``Press distribution installed at the filesystem location implied by the URL prefix you choose. | Make sure you have the Word``Press distribution installed at the filesystem location implied by the URL prefix you choose. Your blog will be accessible at `http://mysite.yourdomain/url/prefix/...`. |
Line 424: | Line 586: |
This is a listing of files in the HCoop AFS area which contain in-production examples of DomTool configuration. | This is a listing of some of the files in the HCoop AFS area which contain in-production examples of DomTool configuration. |
Line 428: | Line 590: |
To find other files and possibly grep for particular examples in them, you can use the following shell commands: {{{ cd /afs/hcoop.net/user/ find ?/??/*/.domtool/ -type f # or find ?/??/*/.domtool/ -type f \( ! -iname "*~" \) 2> /dev/null | xargs -I {} wc -l {} | sort -n grep KEYWORD ?/??/*/.domtool/* }}} |
|
Line 430: | Line 604: |
In order to help you put all of the pieces together, some full working examples are available in [:/Full:separate subpage]. | In order to help you put all of the pieces together, some full working examples are available in [[DomTool/Examples/Full|separate subpage]]. ---- CategoryMemberManual |
Here are some example configuration files for DomTool, our distributed configuration management system.
Contents
- Domains
- DNS
-
Apache
- The Default
- Extending the Default
- Simple Additional Web Sites
- The Model T
- The Do-It-Yourself
- The Top-Level Do-It-Yourself
- Using a nonstandard web server
- Using SSL (HTTPS)
- Allowing non-secure & secure connection with same behaviour
- Bucking all the trends
- Basic URL handling
- Location-specific configuration
- Server aliases
- Directory options
- Access control
- Fancy directory index generation
- mod_rewrite
- mod_proxy
- SSI
- Mailman
- Common Web Applications
- Live Examples in HCoop AFS
- Putting It All Together
1. Domains
1.1. The Model T
If you just want to declare your domain with a www.yourdomain virtual host serving out of ~/public_html/ and your-hcoop-username@yourdomain mail forwarded to your mailbox, use:
dom "yourdomain" with end;
Or, if you don't want any mail to be forwarded to your mailbox, use:
dom "yourdomain" where DefaultAlias = false; with end;
1.2. Upgraded Model T
If you like everything dom gives you but want to add additional configuration, include it between with..end. For instance, to add an extra web virtual host other:
dom "yourdomain" with web "other" with (* More configuration could go here *) end; end;
1.3. Model T with customized www.yourdomain
You wouldn't want to copy the last example with "www" instead of "other", because dom already creates a www vhost. Instead, there's a more convenient way to configure this most common of vhosts:
dom "yourdomain" where DocumentRoot = "/my/custom/docroot"; (* See "Bucking all the trends" in the Apache section for other options you can use like DocumentRoot. *) WWW = begin alias "/from" "/to"; alias "/from2" "/to2"; (* These are just examples. Arbitrary vhost config goes here. *) end with (* And other domain configuration can go here, including more vhosts. *) end;
1.4. Model T with redirect from www.yourdomain to yourdomain
To redirect all URLs from http://www.mydomain/some/path/ to http://mydomain/some/path/ you need to disable the automatic creation of the www host, and then create it manually specifying a permanent redirect rule.
dom "mydomain.com" where CreateWWW = false; with vhostDefault with end; web "www" with rewriteRule "^(.*)$" "http://mydomain.com$1" [redirectWith permanent] end; end;
1.5. Attack of the Model T Clones
We can take the Model T and use it with some alternate names for the domain we're configuring.
dom "yourdomain" where Aliases = ["yourotherdomain", "yourotherotherdomain"] with end;
A single Apache virtual host is created, answering to multiple names. Other configuration is duplicated like you had entered it in a separate dom block for each alias.
1.6. Subdomain Redirection
This example aliases a subdomain and redirects it to the "www" virtual host. This means that when accessing yourSubdomain.yourdomain.com you will actually be receiving content defined by www.yourdomain.com.
dom "yourdomain.com" where CreateWWW = false with dnsIP "yourSubdomain" web_ip; web "www" with serverAlias "yourSubdomain" end end;
1.7. The Do-It-Yourself
The lowest-level way of configuring a domain is the domain directive, which does nothing but set up basic DNS parameters and provide a space for including further directives. You shouldn't use the domain directive unless you really know what you're doing when it comes to Internet protocols, and you have a good reason not to like the defaults that dom includes.
domain "yourdomain" with (* Your directives here *) end;
2. DNS
Here's a tour through the available DNS features. You probably don't want to use any nameserver, dnsDefault, or dnsMail directives in your configuration, since dom will include the proper defaults for you. It's worth reminding that you probably shouldn't use the domain directive. We only use it here for illustrative purposes.
domain "yourdomain" with nameserver "ns1.hcoop.net"; nameserver "ns3.hcoop.net"; (* Specify two DNS servers that are authoritative for yourdomain *) dnsDefault "69.90.123.68"; (* Add a mapping from yourdomain to IP address 69.90.123.68 *) dnsIP "host" "1.2.3.4"; (* Add a mapping from host.yourdomain to IP address 1.2.3.4 *) dnsMail 23 "mail.yourdomain"; (* Register mail.yourdomain as an SMTP handler for yourdomain, with priority 23 *) dnsAlias "hcoop" "hcoop.net"; (* Add an alias such that hcoop.yourdomain resolves to the same thing as hcoop.net *) dnsIP "dynamic" "5.6.7.8" where TTL = 100 end; (* Add an IP mapping with an abnormally low time-to-live of 100, see the section about dynamic DNS below *) (* IPv6 alternatives to some of the above *) dnsIPv6 "host" "1111:2222:3333:4444:5555:6666:7777:8888"; dnsDefaultv6 "1111:2222:3333:4444:5555:6666:7777:8888"; (* Map every remaining hostname to 2.2.2.2. *) dnsWildcardIP "2.2.2.2"; end;
2.1. Keeping DNS elsewhere
This example shows how to configure mail handling for a domain that is primarily hosted off of HCoop. We only use domain instead of dom because dom already includes the handleMail directive that we want to demonstrate.
domain "yourdomain" where DNS = noDns with handleMail; end;
3. Mail
We only use domain instead of dom because dom already includes the handleMail directive that we want to demonstrate.
domain "yourdomain" with handleMail; (* HCoop should provide relaying for yourdomain *) emailAlias "user1" "user1@gmail.com"; (* Forward mail from user1@yourdomain to user1@gmail.com *) emailAlias "user2" "me"; (* Forward mail from user2@yourdomain to HCoop user me *) aliasMulti "pals" ["pal1@yahoo.com", "pal2@prodigy.com", "pal3"]; (* Forward mail from pals@yorudomain to pal1@yahoo.com, pal2@prodigy.com, and HCoop user pal3 *) aliasDrop "spamtrap"; (* Silently drop all mail to spamtrap@yourdomain *) defaultAlias "me"; (* Send all yourdomain mail, period, to user me *) addDefaultSPF; (* Only allow mail to be sent through your MX, typically mail.hcoop.net. *) end;
3.1. External Mailserver
Using an external mailserver is possible by adding manual DNS records.
dom "yourdomain" where AddMX = false; (* Removes default mail.hcoop.net DNS record. *) with dnsMail 10 "mail.externalmailserver.com"; dnsMail 50 "mail2.externalmailserver.com"; dnsDefaultText "v=spf1 include:_mailcust.externalmailserver.com ?all"; (* Sets TXT record for verification. *) end;
4. Apache
.htaccess files are not processed on our servers for security reasons, as explained on DomTool/WhyNoHtaccess. See the examples below to learn how to use Apache features that are often controlled with .htaccess files.
4.1. The Default
The standard dom directive gives you a web site at www.yourdomain and yourdomain, pulling content from your ~/public_html directory.
dom "yourdomain" with end;
4.2. Extending the Default
You can tweak the configuration for your domain's www virtual host like this:
dom "yourdomain" where DocumentRoot = home "somewhere/else"; (* Serve static content from ~/somewhere/else. *) WWW = begin (* Here you can put any of the web configuration directives found in the sections below. *) end with (* ...and you can still put other domain configuration here. *) end
4.3. Simple Additional Web Sites
It's easy to add extra web sites to your domain when they just serve static content from subdirectories of your home directory:
dom "yourdomain" with simpleWeb "site1" "sites/site1"; (* This creates a web virtual host site1.yourdomain, serving content from ~/sites/site1. *) simpleWeb "site2" "sites/site2"; end
4.4. The Model T
Now we come to the web directive, which should be your main tool for creating additional virtual vhosts with custom configuration.
dom "yourdomain" with web "mywebhost" with (* This is a web host found at mywebhost.yourdomain. *) end; end;
Note that the web directive also adds the right DNS mapping for your virtual host. Never use web "www" within a dom directive. Instead, see the examples at the beginning of the Apache section. All of the directives demonstrated in the rest of the Apache section can be used between the begin and end demonstrated in that example.
4.5. The Do-It-Yourself
dom "yourdomain" with vhost "mywebhost" with end; end;
This one doesn't add any DNS mappings. You probably never want to use vhost instead of web.
4.6. The Top-Level Do-It-Yourself
The same can also be done to create a vhost accessible via http://yourdomain/.
dom "yourdomain" with vhostDefault with end; end;
4.7. Using a nonstandard web server
dom "yourdomain" with web "mywebhost" where WebPlaces = [web_place_default "fyodor"] with end; end;
4.8. Using SSL (HTTPS)
For this example, we assume that you've applied for and been granted permissions on the SSL certificate /etc/apache2/ssl/user/yourdomain.pem.
dom "yourdomain.com" where CreateWWW = false; with web "www" where SSL = use_cert "/etc/apache2/ssl/user/yourdomain.pem" with end; end;
4.9. Allowing non-secure & secure connection with same behaviour
If you want to enable ssl and force a redirect from http to https, the webSsl directive can handle this for you in most cases.
The example below is stripped of all extra settings on the "www" web directive. If you have any special settings, they should be copied as well.
dom "yourdomain.com" where CreateWWW = false; DocumentRoot = home "websites/yourdomain.com" with webSsl "www" (use_cert "/etc/apache2/ssl/user/yourdomain.pem") with end; end;
If you want to allow both http and https with the same configuration instead, you can set the ForceSSL environment variable to false.
dom "yourdomain.com" where CreateWWW = false; DocumentRoot = home "websites/yourdomain.com" with webSsl "www" (use_cert "/etc/apache2/ssl/user/yourdomain.pem") where ForceSSL = false with end; end;
4.10. Bucking all the trends
dom "yourdomain" with web "mywebhost" where DocumentRoot = home "private_html"; User = "me_web"; Group = "me_web"; SSL = use_cert "/home/me/mycert.pem" with end; end;
home "private_html" builds the full path to subdirectory private_html of your home directory.
4.11. Basic URL handling
dom "yourdomain" with web "mywebhost" with alias "/doc" "/usr/local/doc"; (* Serve all URIs beginning in /doc out of directory /usr/local/doc. Note that the second argument can't be just any old path. You need to have been granted permission to read from the path. You should have permission to read from any path within your home directory, as well as a few others, like /usr/share/moin. *) scriptAlias "/my-script" "/var/cgi/a-program"; (* Handle requests for /my-script by calling the CGI program /var/cgi/a-program. The example here uses a file, but scriptAlias directive can also alias CGI directories, as you'd expect: scriptAlias "/location/" "/directory/" *) errorDocument "404" "not_found.html"; (* Handle HTTP error code 404 by sending file not_found.html *) end; end;
4.12. Location-specific configuration
dom "yourdomain" with web "mywebhost" with location "/private" with errorDocument "404" "not_found_private.html"; end; (* When in the /private tree of URI-space, handle 404s with not_found_private.html *) directory "/usr/local/doc" with errorDocument "404" "not_found_doc.html"; end; (* When looking for a file in real directory /usr/local/doc, handle 404s with not_found_doc.html *) location "/cgi-bin" with options [execCGI]; cgiExtension "cgi" end; (* Any path like /cgi-bin/*.cgi should be executed as a CGI script. *) end; end;
4.13. Server aliases
dom "yourdomain" with web "mywebhost" with serverAliasHost "www2.yourdomain"; serverAliasHost "www.otherdomain"; (* www2.yourdomain and www.otherdomain are alternate names for this vhost *) serverAlias "www3"; (* Short form for an alternate name within the current domain *) serverAliasDefault; (* Make this virtual host answer to yourdomain, with no extra hostname needed in front. *) end; end;
Note that you must have Domtool configuration rights to all domains you name with serverAlias. See the example "Attack of the Model T Clones" for a more convenient way of duplicating all of a domain's configuration for one or more other domains.
4.14. Directory options
dom "yourdomain" with web "mywebhost" with options [execCGI, indexes]; (* Use exactly the Apache options execCGI and indexes by default for this vhost *) set_options [includesNOEXEC]; (* Add the option includesNOEXEC, leaving the others alone *) unset_options [followSymLinks]; (* Ask not to follow symbolic links. *) directoryIndex ["index.html", "index.php", "index.txt"]; (* When looking for the default file to serve for a directory, consider these possibilities in order *) action "image/gif" "/cgi-bin/images.cgi"; (* Run /cgi-bin/images.cgi to serve images *) addDefaultCharset "utf-8"; (* Use the UTF-8 character set by default *) location "/prefix" with forceType "text/plain"; (* Serve all files in this location as plain text *) forceTypeOff; (* Change our mind about that! *) (* All the other directives mentioned above can be used in locations, too, but forceType* _must_ be in a location. *) end; end; end;
4.15. Access control
dom "yourdomain" with web "mywebhost" with location "/loc1" with authType basic; (* Use HTTP basic authentication in this location *) authName "my domain"; (* Tell users that they're authenticating for "my domain" *) authUserFile "/etc/webusers"; (* Look up user/password information in /etc/webusers *) orderAllowDeny; (* Access is denied by default *) requireValidUser; (* Anyone providing a valid password is allowed *) denyFrom "badguys.evil.net"; (* However, anyone coming from this domain is banned *) denyFrom "1.2"; (* Also ban anyone with a 1.2.*.* IP address *) end; location "/loc2" with authType basic; authName "my other domain"; authUserFile "/etc/otherone"; denyFromAll; (* Deny everyone by default *) requireUser ["fred", "barney"]; (* Allow fred and barney in *) requireGroup ["prehistoric"]; (* Also require membership in the prehistoric group *) end; end; end
4.16. Fancy directory index generation
dom "yourdomain" with web "mywebhost" with addDescription "The planet Mars" "/web/pics/mars.gif"; (* Describe /web/pics/mars.gif as "The planet Mars" on index pages *) indexOptions [fancyIndexing, htmlTable, iconHeight 10, iconWidth 10]; (* Set some index-generation options *) headerName "header.html"; (* Include header.html at the start of a directory listing *) footerName "footer.html"; (* Include footer.html at the end of a directory listing *) end; end;
4.17. mod_rewrite
dom "yourdomain" with web "mywebhost" with rewriteRule "^(.+)\.php$" "$1.sml" []; (* Rewrite all URLs ending in .php to end in .sml *) rewriteRule "/gone.html" "http://somewhere.else/there.html" [redirectWith permanent]; (* Redirect /gone.html to http://somewhere.else/there.html, giving an HTTP code indicating a permanent relocation *) rewriteLogLevel 1; (* Turn on some more logging for rewrite debugging in /afs/hcoop.net/usr/$USER/apache/log/$NODE/www.yourdomain/error.log *) rewriteCond "%{REQUEST_FILENAME}" "-f" [cond_nocase, ornext]; (* An example of Apache's RewriteCond directive *) rewriteRule "/a.html" "http://a/b.html" [gone, chain, skip 5]; (* An example of specifying multiple rewrite flags *) end; end;
4.18. mod_proxy
dom "yourdomain" with web "mywebhost" with proxyPass "/mirror/foo/" "http://localhost:5555/"; (* Proxy path /mirror/foo/ to a local server with URL base http://localhost:5555/ *) proxyPassReverse "/mirror/foo/" "http://localhost:5555/"; (* Adjust Location and other HTTP headers appropriately for the above proxying *) proxyRewrite "/foo/(.*)$" "bar/$1" "http://localhost:5555" [qsappend]; (* Proxy path matching /foo/(.*)$ to http://localhost:5555/bar/$1, using mod_rewrite *) proxyPassReverse "/foo/" "http://localhost:5555/"; (* Adjust Location and other HTTP headers appropriately for the above proxying *) end; end;
4.19. SSI
dom "yourdomain" with web "mywebhost" with set_options [includesNOEXEC]; (* Or you could enable it for just some URIs: *) location "/ssi_world" with set_options [includesNOEXEC]; end; end; end;
5. Mailman
The following example will:
- Permit delivery of email of the form LIST@yourdomain to Mailman, provided that LIST is a valid Mailman list that you own.
Set up a web interface at http://lists.yourdomain/listinfo, which contains a general overview of the lists that you own and permits you to administer them.
- Add a valid DNS mapping for lists.yourdomain.
dom "yourdomain" with mailman "lists"; (* The default server for web interfaces to this domain's mailing lists is lists.yourdomain *) end;
6. Common Web Applications
6.1. MoinMoin
6.1.1. A Standalone Site
dom "yourdomain" with moinMoin "mywiki" where Script = home "mywiki/moin.cgi" with end end
6.1.2. Adding a Wiki to a Bigger Site
dom "yourdomain" with web "mysite" with (* Other normal web config goes here.... *) addMoinMoin where Script = home "mywiki/moin.cgi"; Htdocs = "/where/static/content/is/accessed/in/URLs"; Prefix = "/url/prefix/for/wiki/page/names" end end end
6.2. WordPress
When installing Wordpress, you most likely want to install using subversion. The web based updater is inherently insecure, and your life will be much easier if you use subversion to track changes in Wordpress.
6.2.1. A Standalone Blog
dom "yourdomain" with wordPress "myblog" where DocumentRoot = home "path/to/wordpress" end (* Creates a WordPress blog at http://myblog.yourdomain/ *) end
Make sure you have the WordPress distribution installed at the appropriate DocumentRoot.
6.2.2. If the Blog is Your Entire Site
dom "yourdomain.com" where DocumentRoot = home "path/to/wordpress"; WWW = begin addWordPress "/"; end; (* Creates a WordPress blog at http://www.yourdomain.com/ *) with end;
Again, make sure you have the WordPress distribution installed at the appropriate DocumentRoot.
6.2.3. Adding a Blog to a Bigger Site
dom "yourdomain" with web "mysite" with (* Other normal web config goes here.... *) addWordPress "/url/prefix" end end
Make sure you have the WordPress distribution installed at the filesystem location implied by the URL prefix you choose. Your blog will be accessible at http://mysite.yourdomain/url/prefix/....
7. Live Examples in HCoop AFS
This is a listing of some of the files in the HCoop AFS area which contain in-production examples of DomTool configuration.
- /afs/hcoop.net/user/d/do/docelic/.domtool/spinlocksolutions.com
To find other files and possibly grep for particular examples in them, you can use the following shell commands:
cd /afs/hcoop.net/user/ find ?/??/*/.domtool/ -type f # or find ?/??/*/.domtool/ -type f \( ! -iname "*~" \) 2> /dev/null | xargs -I {} wc -l {} | sort -n grep KEYWORD ?/??/*/.domtool/*
8. Putting It All Together
In order to help you put all of the pieces together, some full working examples are available in separate subpage.