Apache Configuration 24.04LTS: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== Apache Tweaks == First we are going to move the document root of the apache webserver to be something more sensible, do this before we start installing any more web related things. First Disable the default site... a2dissite 000-default.conf Now copy the default config to a new one which we will make the new default. sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/solaris-default.conf Now edit this new default config na...") |
|||
| (23 intermediate revisions by 2 users not shown) | |||
| Line 6: | Line 6: | ||
a2dissite 000-default.conf | a2dissite 000-default.conf | ||
Remember to make the new root directory and change the permissions on the directory to 775 along with ownership for www-data | |||
mkdir /srv/data/www | |||
chown www-data:www-data /srv/data/www -R | |||
Now copy the default config to a new one which we will make the new default. | Now copy the default config to a new one which we will make the new default. | ||
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/solaris | sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/solaris.conf | ||
Now edit this new default config | Now edit this new default config | ||
nano /etc/apache2/sites-available/solaris | nano /etc/apache2/sites-available/solaris.conf | ||
<pre> | <pre> | ||
VirtualHost *:80> | <VirtualHost *:80> | ||
ServerName scottworld.net | ServerName solaris.scottworld.net | ||
ServerAlias | ServerAlias scottworld.net | ||
ServerAdmin mark@scottworld.net | |||
Redirect permanent / https://solaris.scottworld.net/ | |||
</VirtualHost> | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ServerName solaris.scottworld.net | |||
ServerAlias scottworld.net | |||
ServerAdmin mark@scottworld.net | ServerAdmin mark@scottworld.net | ||
DocumentRoot /srv/data/www | DocumentRoot /srv/data/www/ | ||
<Directory /srv/data/www> | <Directory /srv/data/www/> | ||
Options +Indexes | |||
Require all granted | |||
</Directory> | </Directory> | ||
ErrorLog ${APACHE_LOG_DIR}/error.log | ErrorLog ${APACHE_LOG_DIR}/error.log | ||
CustomLog ${APACHE_LOG_DIR}/access.log combined | CustomLog ${APACHE_LOG_DIR}/access.log combined | ||
</VirtualHost> | SSLEngine on | ||
Include /etc/letsencrypt/options-ssl-apache.conf | |||
SSLCertificateFile /etc/letsencrypt/live/solaris.scottworld.net/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/solaris.scottworld.net/privkey.pem | |||
SSLCertificateChainFile /etc/letsencrypt/live/solaris.scottworld.net/chain.pem | |||
SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt | |||
</VirtualHost> | |||
</IfModule> | |||
</pre> | </pre> | ||
Now we enable this as the default apache site. | Now we enable this as the default apache site. | ||
a2ensite solaris | a2ensite solaris.conf | ||
Now we enable SSL | |||
a2enmod ssl | |||
Restart the apache2 service | Restart the apache2 service | ||
service | systemctl restart apache2.service | ||
Now check you can see the new document root by pointing a browser at your webserver (Drop a simple html file in there and see if you can read it. | Now check you can see the new document root by pointing a browser at your webserver (Drop a simple html file in there and see if you can read it. | ||
== SSL Forwarding == | == SSL Forwarding == | ||
| Line 58: | Line 72: | ||
CNAME would be | CNAME would be | ||
scotthome.scottworld.net CNAME solaris.scottworld.net | |||
Example to create a new apache website and reverse proxy to internal content. | Example to create a new apache website and reverse proxy to internal content. | ||
| Line 65: | Line 79: | ||
Create a certificate for SSL using certbot | Create a certificate for SSL using certbot | ||
certbot -d <thedomainname> e.g: | certbot certonly -d <thedomainname> e.g: scotthome.scottworld.net | ||
| Line 71: | Line 85: | ||
<pre> | <pre> | ||
<VirtualHost *:80> | |||
<VirtualHost | ServerName scotthome.scottworld.net | ||
ServerName | Redirect permanent / https://scotthome.scottworld.net/ | ||
</VirtualHost> | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ServerAdmin mark@scottworld.net | |||
ServerName scotthome.scottworld.net | |||
ErrorLog ${APACHE_LOG_DIR}/scotthome.log | |||
CustomLog ${APACHE_LOG_DIR}/scotthome.log combined | |||
SSLEngine on | SSLEngine on | ||
SSLCertificateFile /etc/letsencrypt/live/ | Include /etc/letsencrypt/options-ssl-apache.conf | ||
SSLCertificateKeyFile /etc/letsencrypt/live/ | SSLCertificateFile /etc/letsencrypt/live/scotthome.scottworld.net/cert.pem | ||
SSLCertificateChainFile /etc/letsencrypt/live/ | SSLCertificateKeyFile /etc/letsencrypt/live/scotthome.scottworld.net/privkey.pem | ||
SSLCertificateChainFile /etc/letsencrypt/live/scotthome.scottworld.net/chain.pem | |||
SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt | |||
ProxyPass / http:// | ProxyPreserveHost On | ||
ProxyPassReverse / http:// | ProxyRequests off | ||
ProxyPass /api/websocket http://mars.scottworld.net:8123/api/websocket upgrade=websocket | |||
ProxyPassReverse /api/websocket http://mars.scottworld.net:8123/api/websocket upgrade=websocket | |||
ProxyPass / http://mars.scottworld.net:8123/ | |||
ProxyPassReverse / http://mars.scottworld.net:8123/ | |||
RewriteEngine on | |||
RewriteCond %{HTTP:Upgrade} =websocket [NC] | |||
RewriteRule /(.*) ws://mars.scottworld.net:8123/$1 [P,L] | |||
RewriteCond %{HTTP:Upgrade} !=websocket [NC] | |||
RewriteRule /(.*) http://mars.scottworld.net:8123/$1 [P,L] | |||
</VirtualHost> | </VirtualHost> | ||
</IfModule> | </IfModule> | ||
<pre> | </pre> | ||
Enable the rewrite engine | |||
a2enmod rewrite | |||
Then enable apache proxy and the site itself. | Then enable apache proxy and the site itself. | ||
a2enmod proxy | a2enmod proxy | ||
a2enmod | a2enmod proxy_http | ||
And Enable the site we just made | And Enable the site we just made | ||
a2ensite | a2ensite scotthome.conf | ||
And restart Apache | |||
systemctl restart apache2.service | |||
Latest revision as of 02:07, 19 March 2024
Apache Tweaks
First we are going to move the document root of the apache webserver to be something more sensible, do this before we start installing any more web related things.
First Disable the default site...
a2dissite 000-default.conf
Remember to make the new root directory and change the permissions on the directory to 775 along with ownership for www-data
mkdir /srv/data/www chown www-data:www-data /srv/data/www -R
Now copy the default config to a new one which we will make the new default.
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/solaris.conf
Now edit this new default config
nano /etc/apache2/sites-available/solaris.conf
<VirtualHost *:80>
ServerName solaris.scottworld.net
ServerAlias scottworld.net
ServerAdmin mark@scottworld.net
Redirect permanent / https://solaris.scottworld.net/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName solaris.scottworld.net
ServerAlias scottworld.net
ServerAdmin mark@scottworld.net
DocumentRoot /srv/data/www/
<Directory /srv/data/www/>
Options +Indexes
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/solaris.scottworld.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/solaris.scottworld.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/solaris.scottworld.net/chain.pem
SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt
</VirtualHost>
</IfModule>
Now we enable this as the default apache site.
a2ensite solaris.conf
Now we enable SSL
a2enmod ssl
Restart the apache2 service
systemctl restart apache2.service
Now check you can see the new document root by pointing a browser at your webserver (Drop a simple html file in there and see if you can read it.
SSL Forwarding
Create CNAMEs in external DNS to point to out location so external requests are directed to home address.
CNAME would be scotthome.scottworld.net CNAME solaris.scottworld.net
Example to create a new apache website and reverse proxy to internal content.
Create a certificate for SSL using certbot
certbot certonly -d <thedomainname> e.g: scotthome.scottworld.net
Create a file for the site in /etc/apache2/sites-available (eg site.conf)
<VirtualHost *:80>
ServerName scotthome.scottworld.net
Redirect permanent / https://scotthome.scottworld.net/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin mark@scottworld.net
ServerName scotthome.scottworld.net
ErrorLog ${APACHE_LOG_DIR}/scotthome.log
CustomLog ${APACHE_LOG_DIR}/scotthome.log combined
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/scotthome.scottworld.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/scotthome.scottworld.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/scotthome.scottworld.net/chain.pem
SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt
ProxyPreserveHost On
ProxyRequests off
ProxyPass /api/websocket http://mars.scottworld.net:8123/api/websocket upgrade=websocket
ProxyPassReverse /api/websocket http://mars.scottworld.net:8123/api/websocket upgrade=websocket
ProxyPass / http://mars.scottworld.net:8123/
ProxyPassReverse / http://mars.scottworld.net:8123/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://mars.scottworld.net:8123/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://mars.scottworld.net:8123/$1 [P,L]
</VirtualHost>
</IfModule>
Enable the rewrite engine
a2enmod rewrite
Then enable apache proxy and the site itself.
a2enmod proxy a2enmod proxy_http
And Enable the site we just made
a2ensite scotthome.conf
And restart Apache
systemctl restart apache2.service