24.04 Apache Configuration
First we are going to move the document root of the apache webserver to be something more sensible, do this before we start installing any more web related things.
First Disable the default site…
a2dissite 000-default.conf
Remember to make the new root directory and change the permissions on the directory to 775 along with ownership for www-data
mkdir /srv/data/www chown www-data:www-data /srv/data/www -R
Now copy the default config to a new one which we will make the new default.
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/solaris.conf
Now edit this new default config
nano /etc/apache2/sites-available/solaris.conf
<VirtualHost *:80> ServerName solaris.scottworld.net ServerAlias scottworld.net ServerAdmin mark@scottworld.net Redirect permanent / https://solaris.scottworld.net/ </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> ServerName solaris.scottworld.net ServerAlias scottworld.net ServerAdmin mark@scottworld.net DocumentRoot /srv/data/www/ <Directory /srv/data/www/> Options +Indexes Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/solaris.scottworld.net/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/solaris.scottworld.net/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/solaris.scottworld.net/chain.pem SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt </VirtualHost> </IfModule>
Now we enable this as the default apache site.
a2ensite solaris.conf
Now we enable SSL
a2enmod ssl
Restart the apache2 service
systemctl restart apache2.service
Now check you can see the new document root by pointing a browser at your webserver (Drop a simple html file in there and see if you can read it.
SSL Forwarding
Create CNAMEs in external DNS to point to out location so external requests are directed to home address.
CNAME would be
scotthome.scottworld.net CNAME solaris.scottworld.net
Example to create a new apache website and reverse proxy to internal content.
Create a certificate for SSL using certbot
certbot certonly -d <thedomainname> e.g: scotthome.scottworld.net
Create a file for the site in /etc/apache2/sites-available (eg site.conf)
<VirtualHost *:80> ServerName scotthome.scottworld.net Redirect permanent / https://scotthome.scottworld.net/ </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin mark@scottworld.net ServerName scotthome.scottworld.net ErrorLog ${APACHE_LOG_DIR}/scotthome.log CustomLog ${APACHE_LOG_DIR}/scotthome.log combined SSLEngine on Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/scotthome.scottworld.net/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/scotthome.scottworld.net/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/scotthome.scottworld.net/chain.pem SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt ProxyPreserveHost On ProxyRequests off ProxyPass /api/websocket http://mars.scottworld.net:8123/api/websocket upgrade=websocket ProxyPassReverse /api/websocket http://mars.scottworld.net:8123/api/websocket upgrade=websocket ProxyPass / http://mars.scottworld.net:8123/ ProxyPassReverse / http://mars.scottworld.net:8123/ RewriteEngine on RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /(.*) ws://mars.scottworld.net:8123/$1 [P,L] RewriteCond %{HTTP:Upgrade} !=websocket [NC] RewriteRule /(.*) http://mars.scottworld.net:8123/$1 [P,L] </VirtualHost> </IfModule>
Enable the rewrite engine
a2enmod rewrite
Then enable apache proxy and the site itself.
a2enmod proxy a2enmod proxy_http
And Enable the site we just made
a2ensite scotthome.conf
And restart Apache
systemctl restart apache2.service