youser2's picture

Hi, everyone,

I know this is a pretty basic task, but despite having web development/design experience, I am struggling to configure a local web server using Turnkey LAMP.

I want to create a single VM with three locally hosted websites for students to be able to quickly access on their own host machine. I am trying to mimic the simple process used for the Web for Pentester VM in that the students simply open the VM and can access the sites in as few steps as possible.

I have tried setting up three test sites in their own directories with a simple index.html file in each, but I have not been able to access any of them. I tried to create a virtual host, but doubt I am using the correct settings. The Webmin console is extremely barebones with limited tooltips or examples and I've had a hard time finding clear instructions through Webmin's documentation.

If anyone would be willing to provide or point me to the necessary steps to accomplish this, I would greatly appreciate it. Thanks in advance.

Forum: 
Peter C. (Benchwork)'s picture

So based on the description you give, it sounds like you just need to point them to different directories . the virtual host is probably going to be the easiest way to do it, if you could send me your current virtual host file I can take a look at it and see if there is an error.

I would suggest that you take a look at these examples as well.

https://httpd.apache.org/docs/2.4/vhosts/examples.html

Peter.

youser2's picture

Yeah, that's what I'm trying to do.

Creating my virtual hosts using the "Create virtual host" method results in the following config file in sites-available for each site (test1, test2, test3):

<VirtualHost *>
DocumentRoot "/var/www/test1/public_html"
ServerName test1
<Directory "/var/www/test1/public_html">
allow from all
Options None
Require all granted
</Directory>
</VirtualHost>

I have added the following to my hosts file:

192.168.1.12 test1
192.168.1.12 test2
192.168.1.12 test3

But I'm not able to access any of them.

Jeremy Davis's picture

So you are using a domain then!? In your example, you aren't using DNS name resolution, but you are using a domain (hard coded into your hosts file)! As I noted below, that's a fundamental component of name-based virtual hosts and it wouldn't work without a domain. But moving along...

I happen to have a LAMP server handy with default TurnKey Apache config. I just really quickly set it up similar to how you have:

# make a new directory
mkdir /var/www/tester

# create a simple simple test html file
echo "hello world" > /var/www/tester/index.html

# copy the default site config to a new site config file
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/tester.conf

# update the doc root path (from '/var/www/' to '/var/www/tester/')
sed -i "s|/var/www/|/var/www/tester/|" /etc/apache2/sites-available/tester.conf

# disable the default site, otherwise the new site will never match
a2dissite 000-default.conf 

# enable the new site
a2ensite tester

# restart apache to activate the updated config
service apache2 restart

I then added a local hosts entry for 'tester" and when I browse to http://tester it "just works"...?!

FWIW if you aren't already aware, the /etc directory is version controlled via git. So even if you have edited the default Apache site file, it's pretty easy to recover the original if you wish.

[update - added some comments to the code block to explain what each step does]

youser2's picture

Yes, I fully intended to use the hosts file. I responded to Peter before your comment so I guess I just assumed you were following along.

Again, this is meant to serve a local VM for students to use offline, but I want to make this as easy for them to access as possible. As I said, I didn't need a FQDN since I am not hosting this on the web, but I now see that you took that to mean I wasn't using domain names at all.

For future reference, this method would still resolve multiple sites, provided that the hosts file is modified, correct?

Regardless, I probably won't go back to that approach because I still think your previous suggestion is going to work out better on the students' end since they can simply boot the VM and go directly to the site index at the assigned IP address (skipping the hosts file step), which will then prompt them to open all three sites in new tabs/windows. The only downside is the "ugly" IP url, but that's no big deal.

Jeremy Davis's picture

To be honest, I'm not really clear what you are trying to achieve. Nor is it clear to me what you've tried, or what the result of your current attempts were.

As Peter suggests, sharing your apache config would be a good start. Also please clarify whether you are trying to set up directories (e.g. "example.com/site1", "example.com/site2") or subdomains (e.g. "site1.example.com", "site2.example.com". Actually, for that matter, are you even using a domain? If so, how are you configuring your DNS for the domain name? Will this be internet accessable, or only over the LAN? Do you have a local DNS server the students will default to?

FWIW if you are ok with separate directories, then that's dead simple. You can just create the desired directories within the current default doc root (i.e. /var/www/site1, /var/www/site2, etc). Then sites would be example.com/site1, etc. Obviously you'll still need to set up your domain and have the DNS pointing to your VM.

youser2's picture

I want to publish a VM that will only serve local websites to the user on their host machine. I do not need a FQDN since this is purely for teaching purposes. I simply want the students to be able to quickly access these sites to complete an exercise. I realize that they will have to obtain the local IP address in order to configure their hosts file, but most of the students have handled that fine in the past, so it shouldn't be an issue.

I have tried following a number of videos and tutorials, but most are at least a few years old and don't translate perfectly to Turnkey LAMP or stop short of setting up virtual hosts. Despite my best efforts, I have not been able to find a step by step tutorial on my exact issue.

Jeremy Davis's picture

If you aren't using a domain then what you are trying to do isn't going to work the way that you've been trying.

Essentially, there are 2 ways you can do virtual hosting, i.e. serve separate sites on the one server. They are name-based; or IP-based virtual hosting.

From what I gather, you have been trying to do name based virtual hosting. However, unless you are using different domains for the different sites, that will never work! So with no domain at all, sorry you're out of luck...

IP based virtual hosts may be an option, but IMO there is no real advantage to that, plus you'd also need to add additional interfaces to your VM (so it can have additional IP addresses configured; only one IP per interface). Your students would then need to remember all 3 IP addresses to access all 3 sites.

So like I said in my initial post, why not just use directories? The separate sites wouldn't be in the web root, but you could add a default webroot landing page with links to the 3 separate directories. Users could then use the links, or browse straight to the directory they wanted (assuming they already knew the url).

To do that, all you need to do is create the directories and it will work. No additional Apache config required...!

youser2's picture

I would have preferred to have named sites, but you're right, this is a much simpler approach. I have my first site set up already. Thanks for the help.

Jeremy Davis's picture

Glad that works for you.

FWIW, I did also post higher up with name-based config that worked for me. Although admittedly, I still only had one site and in retrospect, it probably would break once you add another...

I'm pretty sure that the thing missing from my example above, is the 'ServerName' directive! Within each site, you'd need to add the servername for each virtualhost (within in VirtualHost block). E.g. for mine it would be:

    ServerName tester

It may baulk because 'ServerName' is already declared at the top of the file as 'localhost'. So you may need to remove that first. And obviously, to get name based virtualhosts working, you'll need to set up some sort of name resolution. Obviously editing hosts files works, but it's not really scalable. Most schools would have an internal DNS I imagine, so it may be possible to leverage that?

So if you can get DNS set up and want to revisit this, please feel free to come back and post some more...

youser2's picture

I just responded above, but see that you have answered my question here as I was typing.

Yeah, I wouldn't have any issue hosting this on our vCenter server and making it public. However, the end goal for this VM is to make it available for other instructors to use. Since the exercise I am designing would be useful to a wide range of students/disciplines, Therefore, I want to simplify it as much as possible for both the instructor and student. Instructions that consist of (1) download VMware player/VirtualBox, (2) download the VM, (3) open the VM and (4) go to the IP address that you see at bootup is probably as simple as it could ever get. Since that's really my primary goal, I think I'm going to stick with the directories. They can live without pretty URLs.

That said, if I do revisit this using the other approach, I will be sure to share my results.

Thanks, again.

Jeremy Davis's picture

Now I understand your intention a little better, here are some alternative/additional ideas.

If you plan on "cloning"/"exporting" and distributing the VM that you are working on, I would highly recommend that you reset the inithooks to re-run on firstboot. That will ensure that all secrets are reset and that the end user has to set their own passwords for the default resources.

If you would rather set a default password (or your adding additional software and don't know how or don't want to write scripts to reset their passwords) then that scenario can also be handled.

To reset the firstboot scripts to rerun on next boot, please edit the /etc/default/inithooks file and change 'RUN_FIRSTBOOT' to true. A quick one liner to do that is:

sed -i "/RUN_FIRSTBOOT/ s|false|true|" /etc/default/inithooks

To preseed default passwords (so users don't need to set them) please create a /etc/inithooks.conf file with the relevant values. E.g something like this should do the trick:

cat>/etc/inithooks.conf<<EOF
export ROOT_PASS=supersecretrootpass
export DB_PASS=supersecretmysqlpass
export SEC_ALERTS=SKIP
export SEC_UPDATES=FORCE
export HUB_APIKEY=SKIP
EOF

Obviously I recommend that you change 'supersecretrootpass' and 'supersecretmysqlpass' to your desired passwords. Any values which you wish to remain set by the user at first boot, please remove from the file.

You can find the full inithooks documentation on the website here. FWIW though, we actually manually keep that in sync with the document source so that should generally always be up to date.

If you wish to maintain your server setup over an extended period of time, then it may be worth exploring how to create and build your server from source code. For that, you'll need to learn about our build environment known as TKLDev. The place to start with that is by building Core. Once you have that working as intended, you could clone the LAMP appliance build code and start hacking on that. There should be plenty enough documentation to get you going with that.

If you need any further assistance with this, or have any further questions regarding the ideas I have suggested, please ask. Although if you plan to embark on creating your own customised fork of the LAMP appliance, it may be best to start a new thread.

Either way, good luck with it all! :)

Add new comment