Currently my Apache server is set up like so
<VirtualHost *:80>
 ServerName www.example.com
 ServerAlias example.com
 DocumentRoot /var/www
</VirtualHost>
The problem is that everything below /var/www is accessible from everywhere else. If I have a web page /var/www/john/bio.html, then that web page could borrow scripts/pictures from var/www/jane/
I want to set up my Apache server like so
<VirtualHost *:80>
 ServerName www.example.com
 ServerAlias example.com
 DocumentRoot /var/www
</VirtualHost>
<VirtualHost *:80>
 ServerName www.john.example.com
 ServerAlias john.example.com
 DocumentRoot /var/www/john
</VirtualHost>
<VirtualHost *:80>
 ServerName www.jane.example.com
 ServerAlias jane.example.com
 DocumentRoot /var/www/jane
</VirtualHost>
So all the files for user john go in the /var/www/john/ folder, and likewise for user jane. Then, with symbolic links turned off (by default), and access only provided from /var/www/user/ downwards (again by default), I don't have to worry about john's web page including scripts/images from jane's web page. 
Virtual hosts have their own configurable Nginx rewrite and configuration files, the configuration files used for that top-level domain is shared amongst all of its subdomains. Virtual hosts do not have to be a top-level domain (eg. example.com ), they can also be a sub-level domain of that (eg. dev.example.com ).
Because subdomains are regarded as separate websites by Google, they also need to be hosted on separate hosting plans. This means that you will need to pay a separate hosting fee for each subdomain.
Hosting Only A SubdomainIn your Bluehost cPanel, create the subdomain you need to host with us (i.e., "subdomain.example.com.") Contact the host of your domain name's zone file and have them point the A record for the subdomain to the IP of your Bluehost server.
A Virtual Host is an Apache configuration directive that allows you to run more than one website on a single server. With Virtual Hosts, you can specify the site document root (the directory containing the website files), create a separate security policy for each site, use different SSL certificates, and much more.
Using local measures only (/etc/hosts instead of a DNS) I found that this can indeed work.
First, change your /etc/hosts file to have a mapping of your desired website name(s) (www.example.com), and target IP address (192.168.1.1). I used my local IP address.
 IPAddress               Hostname                   Alias
-----------     --------------------------    ------------------
192.168.1.1     www.example.com               example.com 
192.168.1.1     www.john.example.com          john.example.com
192.168.1.1     www.jane.example.com          jane.example.com
Your web browser will check your /etc/hosts file before looking at the world wide web. 
Next go through all your Apache config files (httpd.conf, apache2.conf, ports.conf, conf.d/*) and make sure in exactly one file the command NameVirtualHost *:80 is issued (it doesn't have to be port :80 but if it is issued more than once, you will get this problem). Mine was issued in /etc/apache2/ports.conf, so put yours there if you have to. Finally, update your Apache configuration file (mine was at /etc/apache2/sites-available/default) like so.
<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot /var/www
</VirtualHost>
<VirtualHost *:80>
    ServerName www.john.example.com
    ServerAlias john.example.com
    DocumentRoot /var/www/john
</VirtualHost>
<VirtualHost *:80>
    ServerName www.jane.example.com
    ServerAlias jane.example.com
    DocumentRoot /var/www/jane
</VirtualHost>
As a final step, you may need to add the websites to Apache by issuing the below commands (this step is not necessary, if you give all websites into sites-available/default and not into separate files for individual websites).
# a2ensite www.example.com
# a2ensite www.john.example.com
# a2ensite www.jane.example.com
After doing this, john.example.com will go to /var/www/john. That directory will then act as the root directory, and john will no longer have access to www, and, therefore, have no access to /var/www/jane.
Likewise, after doing this, jane.example.com will go to /var/www/jane. That directory will then act as the root directory, and jane will no longer have access to www, and, therefore, have no access to /var/www/john.
With symbolic links turned off --by default-- neither directories will be able to access each other
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With