Rob Brown > Net-DNAT-0.13 > demo/suexec_mod_perl.pl

Download:
Net-DNAT-0.13.tar.gz

Annotate this POD

View/Report Bugs
Source  

EXAMPLE DELIMA ^

  Example configuration of how to combine the
  security and restrictions of SuExec with the
  power and speed of mod_perl.

  For example, here is the delima:

  There are three webmasters on this unix
  machine:

    billy
    henry
    ralph

  We want hits to billy.com to be run as billy.
  We want hits to henry.com to be run as henry.
  We want hits to ralph.com to be run as ralph.

  They all want to take advantage of mod_perl
  features like PerlHandlers or Apache::Registry
  scripts, but all point to the same IP address:

    10.11.12.13

  All users wish to keep their sources private
  among themselves, so they remove all permissions
  for group and other for their home directories.

  [root@localhost /root]# chmod 0700 /home/*
  [root@localhost /root]# ls -ald /home/*
  drwx------  4 billy  billy  4096 Apr 02 12:00 /home/billy
  drwx------  4 henry  henry  4096 Apr 02 12:00 /home/henry
  drwx------  4 ralph  ralph  4096 Apr 02 12:00 /home/ralph
  [root@localhost /root]#

  Each user is responsible to turn on his own server
  and listen on his own designated port as follows:

    billy.com   =>  8001
    henry.com   =>  8002
    ralph.com   =>  8003

USER PROCEDURE ^

  Each user will have his own server and configuration
  files.  In Apache, this is done using the -f option.
  Each configuration file will contain the Listen
  directive with its corresponding port.  Also, mod_perl
  must be enabled to utilize the Apache::DNAT feature.

  [billy@localhost billy]$ tail ~/conf/httpd.conf
  # Don't use the Port directive
  #Port 80

  # Listen: Allows you to bind Apache to specific IP addresses and/or ports
  Listen 8001

  <IfModule mod_perl.c>
    PerlModule Apache::DNAT
    PerlInitHandler Apache::DNAT
  </IfModule>
  [billy@localhost billy]$ httpd -f ~/conf/httpd.conf
  [billy@localhost billy]$

  (The same goes for the other users, too.)

  No <VirtualHost> sections should be used.  No special
  User directive or SuExec configuration is required.

ADMIN PROCEDURE ^

  As super user, turn on this DNAT server:

  [root@localhost /root]# suexec_mod_perl.pl --log_level=4

  And to turn it off:

  [root@localhost /root]# kill `cat /var/log/dnat/dnat.pid`

SEE ALSO ^

  apache, mod_perl, Net::DNAT, Apache::DNAT
syntax highlighting: