One frequently requested feature is to run different virtual hosts under different userids. Unfortunately, due to the basic nature of unix permission handling, this is impossible. (Although it is possible to run CGI scripts under different userids using suexec or cgiwrap.) You can, however, get the same effect by running multiple instances of Apache httpd and using a reverse proxy to bring them all into the same name space.
This same technique can also be useful if you want certain virtual hosts to be run under a non-threaded server (prefork) while others run with threading (worker or event).
This instance does not actually serve requests, but rather proxies them to other servers running on other ports.
These hosts do the real work. They must each be started independently. If they share the same httpd binary (and hence the same mpm), you can start them as follows:
Combining into one config file
If the virtual (back-end) hosts share many common config elements, it may be easier if all the hosts share a config file. This can be accomplished by wrapping the parts above in <IfDefine hostx> sections, and then using
to start each host.
Running unprivileged back-end hosts
If you use unprivileged ports for the back-end hosts (for example, replacing 81 and 82 above with 8001 and 8002) then you may choose to start these hosts directly under the less-privileged userids (host1user and host2user) in place of root. This will allow you to give complete control of these back-end servers to host1user and host2user. These users could then edit httpd.conf and manage log files and server restarts without needing root privileges. You may also choose to run the back-end hosts in a chroot environment, in a FreeBSD jail, or under other restricted permissions (using SELinux, for example).
When starting httpd under a less-privileged userid, you'll need to adjust certain directives such as
CustomLog to point to locations writable by the less-privileged user.
Alternative Proxy Configuration
If back-end hosts might be added and removed frequently, it could be helpful to be able to do this without modifying the configuration of the front-end server. Here is an example config that allows back-end hosts to be added and deleted by editing a simple text database:
To add or delete a user server, simply edit the host_to_ip file, which might look like this:
ProxyPreserveHost directive is used in place of
ProxyPassReverse in this configuration, you need to ensure that the back-end hosts use the following config in order to get the correct hostname and port on server-generated redirects: