We Keep Coding

Enable Multiple Hosts

I configured my Debian server with Apache where I listen to my api at http: // localhost or http: // localhost: 3000 and I get my jsons.
Now I would like to enable another server in www / html / uploads, where I will use it for uplodas files. How do you do it?
\
000-default.conf:
<VirtualHost *:80>
# ProxyPreserveHost On
# Servers to proxy the connection, or;
# List of application servers:
# Usage:
# ProxyPass / http://[IP Addr.]:[port]/
# ProxyPassReverse / http://[IP Addr.]:[port]/
# Example:
ProxyPass / http://localhost:3000/
#ServerName localhost
</VirtualHost>

You can either write to the 000-default.conf file or create a new .conf file
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /www/html/uploads
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Using mailcow-dockerized with a dockerized Apache2.4

I cannot make a connection from my dockerized Apache2.4 to the mailcow-dockerized web front-end. The particular Apache error is:
Connection refused: AH00957: HTTPS: attempt to connect to
127.0.0.1:8443 (127.0.0.1) failed
We have: 2 docker-compose files.
1. Mailcow (mailcow-dockerized), 2. apache-letsencrypt (enoniccloud/apache2-letsencrypt image)
We want:
Utilization of the Apache2.4 as reverse-proxy for the mailcow-dockerized web front-end + Apache2.4 usage as web-server for a website.
Additional Info:
Mailcow front-end can be reached when the Apache2.4 is not up and the bindings in its config are set to default.
Docker-Compose apache-letsencrypt container:
version: '2.1'
services:
apache2:
build: apache2
hostname: root.yyy.com
restart: always
volumes_from:
- letsencryptstore
volumes:
- /var/www/html:/var/www/html
ports:
- "80:80"
- "443:443"
expose:
- "8080"
- "8443"
environment:
LETS_ENCRYPT_EMAIL: "xyz#yahoo.de"
LETS_ENCRYPT_DOMAINS: "root.yyy.com,mail2.yyy.com"
labels:
io.enonic.backup.data: "/etc/letsencrypt,/var/lib/letsencrypt"
networks:
- mailcowdockerized_mailcow-network
letsencryptstore:
image: busybox
volumes:
- "/etc/letsencrypt"
- "/var/lib/letsencrypt"
networks:
mailcowdockerized_mailcow-network:
external: true
Apache config:
<VirtualHost *:80>
ServerName root.yyy.com
DocumentRoot /var/www/html/
RewriteEngine on
RewriteRule ^/(.*) https://root.yyy.com/$1 [L,R=301]
</VirtualHost>
<VirtualHost *:80>
ServerName mail2.yyy.com
RewriteEngine on
RewriteRule ^/(.*) https://mail2.yyy.com/$1 [L,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName mail2.yyy.com
ServerAlias autodiscover.mail2.yyy.com
ServerAlias autoconfig.mail2.yyy.com
# You should proxy to a plain HTTP session to offload SSL processing
ProxyPass / https://127.0.0.1:8443/
ProxyPassReverse / https://127.0.0.1:8443/
ProxyPreserveHost On
ProxyAddHeaders On
# This header does not need to be set when using http
RequestHeader set X-Forwarded-Proto "https"
SSLEngine on
SSLCertificateFile /etc/letsencrypt/certs/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/certs/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/certs/chain.pem
RequestHeader set X-Forwarded-Proto "https"
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
<VirtualHost *:443>
ServerName root.yyy.com
DocumentRoot /var/www/html/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/certs/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/certs/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/certs/chain.pem
RequestHeader set X-Forwarded-Proto "https"
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
SSLProtocol all -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
Mailcow-Config:
# ------------------------------
# mailcow web ui configuration
# ------------------------------
# example.org is _not_ a valid hostname, use a fqdn here.
# Default admin user is "admin"
# Default password is "moohoo"
MAILCOW_HOSTNAME=mail2.yyy.com
# ------------------------------
# SQL database configuration
# ------------------------------
DBNAME=mailcow
DBUSER=mailcow
# Please use long, random alphanumeric strings (A-Za-z0-9)
DBPASS=RdnvlN1CXSAHA98CVz4sYUgfrMuF
DBROOT=Ve91gtedyLa8xGJf6sXNmMcNzFUp
# ------------------------------
# HTTP/S Bindings
# ------------------------------
# You should use HTTPS, but in case of SSL offloaded reverse proxies:
HTTP_PORT=8080
HTTP_BIND=127.0.0.1
HTTPS_PORT=8443
HTTPS_BIND=127.0.0.1
Rest of the config is default.
Apache mods proxy, proxy_balancer, proxy_http are enabled.
Help would be much appreciated :)

I have Mailcow Nginx dockerized installed on my ubuntu 16 web server
The only difference I have from your setup are the HTTP_BIND IPs:
Mine looks like:
HTTP_PORT=8080
HTTP_BIND=0.0.0.0
HTTPS_PORT=8443
HTTPS_BIND=0.0.0.0
I have only set the binds to 0.0.0.0 so I can access my mail server trough port 8080 or 8443 from any IP in case my apache web server is down.
mail.domain.com-le-ssl.conf [generated by let's encrypt]
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mail.example.com
ProxyPass / http://example.com:8080/
ProxyPreserveHost On
SSLCertificateFile /etc/letsencrypt/live/mail.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mail.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
My apache2 virtual host config for reverse proxy: mail.example.com.conf
<VirtualHost *:80>
ServerName mail.example.com
ProxyPass / http://example.com:8080/
ProxyPreserveHost On
RewriteEngine on
RewriteCond %{SERVER_NAME} =mail.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Please note that my original apache2 config file is:
<VirtualHost *:80>
ServerName mail.example.com
ProxyPass / http://example.com:8080/
ProxyPreserveHost On
</VirtualHost>
Because I don't really need ssl encryption between apache and nginx, the rewrite rule was added when I installed let's encrypt certificate on apache mail server for mail.example.com.
I like and only use SOGo web client so I don't need mail ssl certificate, if you are going to use an external mail client, then you may want to consider pointing your Mailcow ssl certificate file to the files created by let's encrypt-apache2
In other words:
[me]---ssl:443--->[mail.example.com]--local-->http://example.com:8080/
Maybe I could achieve the same result if I set my BIND address like yours, and it should be more secure.
Maybe http://localhost.com:8080/ will also work.
I'm sure my setup is venerable, this is my 1st try.
Please let me know if you need any info about my setup.
These are the tutorials and documentations I followed to get this running.
https://www.digitalocean.com/community/tutorials/how-to-use-apache-as-a-reverse-proxy-with-mod_proxy-on-ubuntu-16-04
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04
https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04
https://mailcow.github.io/mailcow-dockerized-docs/firststeps-rp/
https://www.youtube.com/watch?v=VsiYowuiT6A&t=389s
https://www.youtube.com/watch?v=A3Prx_2YEm8&t=62s

Apache: Site become unavailable when SSL is added

I'm using Apache2 in ubuntu to rout the request to a tomcat webapp. I am also trying to add SSL into this. Below is the apache 000-default.conf file.
<VirtualHost *:80>
ProxyPreserveHost On
# Servers to proxy the connection, or;
# List of application servers:
# Usage:
# ProxyPass / http://[IP Addr.]:[port]/
# ProxyPassReverse / http://[IP Addr.]:[port]/
# Example:
ProxyPass / http://0.0.0.0:8080/
ProxyPassReverse / http://0.0.0.0:8080/
ServerName localhost
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /opt/apache-tomcat-7.0.79/webapps/myglukose_messaging_portal/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine On
# Set the path to SSL certificate
# Usage: SSLCertificateFile /path/to/cert.pem
SSLCertificateFile /etc/apache2/ssl/STAR_myglukose_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/private_key.key
ProxyPreserveHost On
ProxyPass / http://<my-ip>/:8080/
ProxyPassReverse / http://<my-ip>/:8080/
ServerName localhost
</VirtualHost>
Everything was fine until I made the configuration for port 443. When that is made, the site simply becomes unavailable and the browser says "This site can’t be reached. refused to connect.". My tomcat web app is deployed as "ROOT" so can be accessed with the port 80 configuration. Whats wrong here?

Serve multiple ghost

I am tring to serve multiple ghost in the same server under different domains, but both of them open the first instant
which was installed in:
/var/www/ghost
and its config.js file contain:
production: {
url: 'http://myfirstdomain.com/blog',
......
filename: path.join(__dirname, '/content/data/ghost.db')
.....
server: {
host: '127.0.0.1',
port: '2368'
.....
and its httpd conf file contain:
<Location /blog>
ProxyPreserveHost On
ProxyPass http://localhost:2368/blog
ProxyPassReverse http://localhost:2368/blog
</Location>
The Second instant was installed in:
/var/www/ghosth
and its config.js file:
production: {
url: 'http://myseconddomain.com/blog',
......
filename: path.join(__dirname, '/content/data/ghosth.db')
.....
server: {
host: '127.0.0.1',
port: '2777'
.....
and its httpd conf file contain:
<Location /blog>
ProxyPreserveHost On
ProxyPass http://localhost:2777/blog
ProxyPassReverse http://localhost:2777/blog
</Location>
I run the tow instant in a different ports and domains but when I visit them
http://myfirstdomain.com/blog
http://myseconddomain.com/blog
I found the same instant (NOT only the same database)
so where is the problem?

I don't know the configuration of your server. So have you check if the mod-proxy is enabled?
a2enmod proxy
a2enmod proxy_http
I use Nginx instead of Apache so I can't really advice your for the configuration. If you didn't find it, this tutorial uses a different configuration: Ghostforbeginners multi Ghost Apache
The configuration file of the tutorial:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName your-url.com
ServerAlias www.your-url.com
ProxyRequests off
ProxyPass / http://127.0.0.1:2368/
ProxyPassReverse / http:/127.0.0.1:2368/
</VirtualHost>
<VirtualHost *:80>
ServerName your-second-url.com
ServerAlias www.your-second-url.com
ProxyRequests off
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>

apache reverse proxy hhtps

Setting up apache reverse proxy
Client ==> Proxy ==> Server
This is on a windows machine on my local for testing have set an entry in my host file mapping the proxy dns to 127.0.0.1
httpd.conf
<VirtualHost *:443>
ServerName <proxy Server>
SSLEngine On
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLCertificateFile "<cert for proxy server>"
SSLCertificateKeyFile "<key for proxy server>"
ProxyPass / https://appserver.com/
ProxyPassReverse / https://appserver.com/
</VirtualHost>
I don't see any errors in the error.log while starting. When I make a request https://proxy.com there is no entry in access.log or error.log.
Can anyone see an issue with in the config or give some ideas?
Thanks
Rahul

You only need the following to do an SSL proxy:
<VirtualHost *:443>
ServerName <proxy Server>
SSLEngine On
ProxyPass "/" "http://www.example.com/"
ProxyPassReverse "/" "http://www.example.com/"
SSLCertificateFile "<cert for proxy server>"
SSLCertificateKeyFile "<key for proxy server>"
</VirtualHost>
The other stuff isnt necessary.

ok so it finally worked. Started from scratch
1. Added Listen 443 in httpd.conf it already had for port 80 (Listen 80)
2. Enabled modules one by one
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule ssl_module modules/mod_ssl.so
3. Uncommented httpd-vhosts.conf in httpd.conf
4. Added the following in httpd-vhosts.conf
<VirtualHost *:443>
ServerAdmin xyz#mail.com
DocumentRoot "c:/Apache24/htdocs"
ServerName <proxy Server>
ErrorLog "c:/Apache24/logs/error-ssl.log"
CustomLog "c:/Apache24/logs/access-ssl.log" common
ProxyRequests Off
ProxyPreserveHost Off
SSLProxyEngine On
SSLEngine on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLCertificateFile "<cert for proxy server>"
SSLCertificateKeyFile "<Key for proxy server>"
ProxyPass / https://appserver.com/
ProxyPassReverse / https://appserver.com/
</VirtualHost>
and it started working. Had tried so many things and had so many changes that starting from start made sense. Mostly was missing the Listen 443 in the httpd.conf file