Virtual Hosts

Many groups on campus want web sites with a URL of the form http://groupname.caltech.edu, or http://www.groupname.org/; however, they don't want to administer their own web server. IMSS' virtual host service provides a solution to this problem. With virtual hosting, a group stores their web pages in the group's Unix cluster account. IMSS will then configure the web server to respond to requests for the desired URL with the correct pages from the group's Unix cluster account.

Policies and requirements

Since our virtual host service is closely tied to Unix cluster accounts, groups using it must adhere to the following:

  • First, all other relevant Caltech computer system policies, including security policies, must be adhered to. Click here for links to the policies in question. Please note that IMSS services cannot be used for commercial purposes.
  • An access.caltech account for the associated web site must exist first. If one does not exist, please click for information on how to get an account.
  • Web sites must adhere to the quota restrictions of the account. See here for more information on quotas.
  • For security reasons, we cannot allow web sites on our servers to run arbitrary CGI programs. If you want your site to use a CGI program, please contact usat http://help.caltech.edu (request type IMSS-->Other)and ask about having your program be given a security evaluation. If approved, we will install it in a location where it can be executed.
  • If the access.caltech account is deleted because the owner leaves Caltech, one of two things will happen to your virtual host. If the name ends in caltech.edu, the entry will be deleted. Otherwise, the entry will be retained until the owner contacts their DNS provider and has the name pointed at another site, or a year passes, whichever comes first. It is the owner's responsibility to contact the DNS provider for this purpose as soon as possible.
  • Assignment of virtual host names is subject to the discretion of the Caltech DNS administrators.
    • Generally, names are allocated on a first-come, first-serve basis; however, "more appropriate" Caltech organizations that have claim to a name will generally be allowed to take it. For example, if a student who is interested in nanotechnology were to set up nanotech.caltech.edu, but then an actual nanotechnology laboratory on campus were to set up a web site, they would be allowed to take possession of the name.
    • Campus organizations will be allowed to take possession of a virtual host name which is the same as their own name, or an abbreviation of their own name.
    • Please note that it is not possible to have a virtual host whose name is the same as the name of an already existing computer. In such an instance, you will have to set up a web server of some sort on the existing computer and have it redirect requests to the access.caltech account. (When you get a virtual host, we set up the name as an alternate name for the IMSS web server, and this causes problems when the name is already in use by another computer.)
    • Obscene or derogatory names will not be permitted.
  • The DNS administrators can be contactedat http://help.caltech.edu (request type IMSS-->Network, Wireless & Remote Access-->Host and Address Requests (DNS, DHCP)). This is not the address to which virutal host requests should be sent. Please see below.

Be Aware of SSL Issues

If you will need to restrict access to your webpages using .htaccess, you must be aware of SSL issues which conflict with virtual hosting.

All password restrictions for websites on the www.its.caltech.edu server depend on SSL. Passwords must not be sent in the clear, for security reasons.

Virtual hosting on www.its.caltech.edu does not function via SSL. https://virtualhost.caltech.edu does not work for any of the virtual hosts. This has to do both with the version of Apache we are running as well as other certificate issues.

Therefore, if you need to restrict access to the website, going with a virtual host is probably not the best choice for you. There are, however, some workarounds to get at least some parts of the desired functionality. They're not elegant, but some of the workarounds may give you what you want, by a roundabout way.

One of the easiest workarounds is to put the files you wished to password protect in one directory tree with the appropriate .htacess file, but then have the entry to that page be an unprotected file (in the same tree is possible but harder) that re-directs to the real name of the index file in that directory, e.g. http://www.its.caltech.edu/~username/.... rather than using the virtual host name http://virtualhost.caltech.edu...

This allows your website's viewers to get to the location using the virtual host URL, but still access the protected files within the site, however, once they get into the protected files, the real location of the site becomes visible in their URL lines on their browsers as http://www.its.caltech.edu/~username/... This may or may not be an issue for your site.

For example, if you wanted the entire site to be protected, the file structure would look like this:

/public_html/index.html (redirect to http://www.its.caltech.edu/~username/protected/index.html)
/public_html/protected/index.html (actual homepage)
/public_html/protected/.htaccess

As another example, if you wanted only part of the site to be restricted, the file structure would look like this:

/public_html/index.html (public homepage)
/public_html/protected/index.html (redirect to 
   http://www.its.caltech.edu/~username/protected/protected/index.html)
/public_html/protected/protected/index.html (restricted subsite)
/public_html/protected/protected/.htaccess

How to request a virtual host

Requesting a virtual host involves slightly different procedures depending on the virtual host name you want.

If you want a name of the form name.caltech.edu, submit a request at http://help.caltech.edu (request type IMSS-->Network, Wireless & Remote Access-->Host and Address Requests (DNS, DHCP))and tell us:

  • The virtual host name you want (e.g. groupname.caltech.edu)
  • The directory where your web site is "rooted" on the Unix cluster, e.g. /home/groupname/public_html. Note that you do not have to store the files in a directory "public_html" if you don't want to, but if you don't, they won't be visible if people look for http://www.its.caltech.edu/~groupname.
  • The name and email address of a site administrator or contact person

We will take care of the DNS and web server setup. Please note: if you want www.name.caltech.edu as well as name.caltech.edu, you must explicitly request it. We do not automatically set up the www.name.caltech.edu form of your virtual host.

If you want a name of the form name.subdomain.caltech.edu, do the same as above; however, please note that there will be some additional complications that may lead to the rejection of your request, since IMSS does not administer all DNS subdomains of the caltech.edu domain. We will not approve any requests for names of the form name.its.caltech.edu.

Please read the information contained in the DNS provided at Caltech policies page to understand what domain names will be approved.

After your request is approved as appropriate for Caltech use, you will need to contact a name service provider to register your domain name. (A list of accredited providers can be found at http://www.internic.net/alpha.html.) Tell them that you want the name to be a CNAME for the name www.its.caltech.edu. Afterward, contact usat http://help.caltech.edu (request type IMSS-->Network, Wireless & Remote Access-->Host and Address Requests (DNS, DHCP)).