Apache Configuration

From ScottWiki
Jump to navigation Jump to search

Apache Tweaks

First we are going to move the document root of the apache webserver to be something more sensible, do this before we start installing any more web related things.

First Disable the default site...

 a2dissite 000-default.conf

Now copy the default config to a new one which we will make the new default.

 sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/solaris-default.conf

Now edit this new default config

 nano /etc/apache2/sites-available/solaris-default.conf
VirtualHost *:80>
        ServerName scottworld.net
        ServerAlias solaris.scottworld.net
        ServerAdmin mark@scottworld.net
        DocumentRoot /srv/data/www

        <Directory /srv/data/www>
                Options +Indexes
                Require all granted
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Now we enable this as the default apache site.

a2ensite solaris-default.conf

Restart the apache2 service

service apache2 restart

Now check you can see the new document root by pointing a browser at your webserver (Drop a simple html file in there and see if you can read it. Remember to change the permissions on the directory to 775 along with ownership for www-data

chown www-data:www-data /srv/data/www -R

SSL Forwarding

Create CNAMEs in external DNS to point to out location so external requests are directed to home address.

CNAME would be 
domoticz.scottworld.net    CNAME   solaris.scottworld.net

Example to create a new apache website and reverse proxy to internal content.


Create a certificate for SSL using certbot

certbot -d <thedomainname>    e.g:   domoticz.scottworld.net


Create a file for the site in /etc/apache2/sites-available (eg site.conf)

 <IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerName domoticz.scottworld.net

        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/domoticz.scottworld.net/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/domoticz.scottworld.net/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/domoticz.scottworld.net/chain.pem

        ProxyPass / http://127.0.0.1:8080/
        ProxyPassReverse / http://127.0.0.1:8080/

        #ProxyHTMLURLMap http://192.168.3.200:8080 /
    </VirtualHost>
</IfModule>


Then enable apache proxy and the site itself.

 a2enmod proxy
 a2enmod proxy_html

And Enable the site we just made

 a2ensite domoticz.conf

And restart apache

 systemctl restart apache2

Now add an https cert using lets encrypt.

 https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04