First we are going to move the document root of the apache webserver to be something more sensible, do this before we start installing any more web related things.

First Disable the default site…

a2dissite 000-default.conf

Remember to make the new root directory and change the permissions on the directory to 775 along with ownership for www-data

 
  mkdir /srv/data/www
  chown www-data:www-data /srv/data/www -R

Now copy the default config to a new one which we will make the new default.

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/solaris.conf

Now edit this new default config

nano /etc/apache2/sites-available/solaris.conf

<VirtualHost *:80>
    ServerName solaris.scottworld.net
    ServerAlias scottworld.net
    ServerAdmin mark@scottworld.net
    Redirect permanent / https://solaris.scottworld.net/
</VirtualHost>


<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName solaris.scottworld.net
        ServerAlias scottworld.net
        ServerAdmin mark@scottworld.net
        DocumentRoot /srv/data/www/

        <Directory /srv/data/www/>
            Options +Indexes
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/solaris.scottworld.net/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/solaris.scottworld.net/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/solaris.scottworld.net/chain.pem
        SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt
    </VirtualHost>
</IfModule>

Now we enable this as the default apache site.

a2ensite solaris.conf

Now we enable SSL

a2enmod ssl

We may also want some rewite options switched on

a2enmod proxy
a2enmod proxy_http
a2enmod proxy_html

Restart the apache2 service

systemctl restart apache2.service

Now check you can see the new document root by pointing a browser at your webserver (Drop a simple html file in there and see if you can read it.

Create CNAMEs in external DNS to point to out location so external requests are directed to home address.

CNAME would be

scotthome.scottworld.net    CNAME   solaris.scottworld.net

Example to create a new apache website and reverse proxy to internal content.

Create a certificate for SSL using certbot

certbot certonly -d <thedomainname>    e.g:   scotthome.scottworld.net

Create a file for the site in /etc/apache2/sites-available (eg site.conf)

<VirtualHost *:80>
   ServerName scotthome.scottworld.net
   Redirect permanent / https://scotthome.scottworld.net/
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin mark@scottworld.net
        ServerName scotthome.scottworld.net

        ErrorLog ${APACHE_LOG_DIR}/scotthome.log
        CustomLog ${APACHE_LOG_DIR}/scotthome.log combined

        SSLEngine on
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/scotthome.scottworld.net/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/scotthome.scottworld.net/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/scotthome.scottworld.net/chain.pem
        SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt

        ProxyPreserveHost On
        ProxyRequests off
        ProxyPass /api/websocket http://mars.scottworld.net:8123/api/websocket upgrade=websocket
        ProxyPassReverse /api/websocket http://mars.scottworld.net:8123/api/websocket upgrade=websocket
        ProxyPass / http://mars.scottworld.net:8123/
        ProxyPassReverse / http://mars.scottworld.net:8123/

        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} =websocket [NC]
        RewriteRule /(.*)  ws://mars.scottworld.net:8123/$1 [P,L]
        RewriteCond %{HTTP:Upgrade} !=websocket [NC]
        RewriteRule /(.*)  http://mars.scottworld.net:8123/$1 [P,L]
    </VirtualHost>
</IfModule>

Enable the rewrite engine

a2enmod rewrite

Then enable apache proxy and the site itself.

a2enmod proxy
a2enmod proxy_http

And Enable the site we just made

a2ensite scotthome.conf

And restart Apache

systemctl restart apache2.service

There are some useful certificate provisioning commands

Expands out the main certificate with sub domains.

certbot certonly -d morgoth.scottworld.net -d new.domain.net -d new.domain.net

Show the current certificates

certbot certificates