two webservers on two different machines on the same domain - apache

let's say i have a website
example.com
i have 2 servers, both running apache2.
on server1 i have a an apache2 web server configured with port 443 accessible through
https://example.com
i have another web server running on port 3456 with configured with reverse proxy and alias that is accessible through https://site1.example.com
configuration for this next site is as follows
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName site1.example.com
ProxyPass / http://localhost:3456/
ProxyPassReverse / http://localhost:3456/
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias site1.example.com
SSLCertificateFile /etc/letsencrypt/live/site1.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site1.example.com/privkey.pem
</VirtualHost>
site1 works fine.
Finally i have a third web server running on server2 port 80. I want to access it with https://site2.example.com What is the correct way to do this?

Related

Apache VirtualHost Server Domain Not Accessible With SSL On Local Devices?

I am configuring a web server with:
Apache2
DDclient
UFW
Letsencrypt.com certification (SSL)
My issue is that the domain is only partly accessible? Everything works as it should, but when I try to access the domain from my phone (using 4G) and from my laptop (WIFI), the phone connection times out (ERR_CONNECTION_TIMED_OUT), and my laptop gets a blocked GET-request.
I can access the site perfectly through ethernet, though I suspect it is not a true connection that passes the request through my router - and my friends are able to visit the domain through an actual internet connection with my router. But why my phone connection doesn't work fumbles me.
Following are my VirtualHost settings, Router settings and UFW settings:
VirtualHost
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName website.com
ServerAlias www.website.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://website.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName website.com
ServerAlias www.website.com
DocumentRoot /var/www/as
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Router Settings
HTTPS 192.168.0.103 External Port 443 Internal Port
80
HTTP 192.168.0.103 External Port 80 Internal Port
80
UFW
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
Like, everything seems correct but somehow either the firewall is blocking certain entries; the website gets overloaded; or some settings are messed up. Is there anything I'm missing?
Your virtualhost is wrongly configured. You dont need the *:80 configuration for it to work. If you set your external port to 443 apache will skip directly to the HTTPS domain.

Use Apache To Run SSL On Port 8980 Specifically

I have a web service which I access by typing the following URL exactly as is (character for character):
http://10.115.252.127:8980/opennms/login.jsp
The website files are served from /opt/opennms/jetty-webapps/opennms/
My objective is to use Apache (httpd.conf) to force any traffic to this URL to use SSL and no longer HTTP.
I have successfully installed the SSL certificates with no issues.
I have configured a VirtualHost directive to redirect port 80 to 443
Only sites under /var/www/html/* are being successfully redirected.
Example: http://10.115.252.127/numbers successfully redirects to https://10.115.252.127/numbers
http://10.115.252.127/charts successfully redirects to https://10.115.252.127/charts
But, when I type in the URL http://10.115.252.127:8980/opennms/login.jsp it is always served as HTTP...how do I make it served as HTTPS like the others? I have checked the forums and all the posts assume you will always be redirecting port 80 and dont say anything about how to use SSL in the scenario I explained. I have the same issue with another service running on port 3000 http://10.115.252.127:3000/login
===extract from my httpd.conf===
<VirtualHost *:80>
ServerName 10.115.252.127
Redirect permanent / https://10.115.252.127/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
ServerName 10.115.252.127
#Documentroot /var/www/html
</VirtualHost>
Based on your confirmation of my understanding, here is what you can do:
############################################################################
Listen 80
# All connections on port 80 are redirected to port 443
<VirtualHost *:80>
ServerName www.example.com
CustomLog "logs/80_access.log" combined
ErrorLog "logs/80_error.log"
Redirect permanent / https://www.example.com
# No documentRoot, no content
</VirtualHost>
############################################################################
Listen 443
# All URI are answered from the documentRoot directory
# EXCEPT /openms, which is proxied to :8980
<VirtualHost *:443>
ServerName www.example.com
# temporary, remove when tests done
LogLevel debug
CustomLog "logs/443_access.log" combined
Errorlog "logs/443_error.log"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
# For your redirection to 8980
ProxyPass /opennms "https://www.example.com:8980/"
ProxyPassReverse /opennms "https://www.example.com:8980/"
documentRoot "/yourdir/apache/htdocs"
DirectoryIndex index.html
</VirtualHost>
Prerequisites
you must load proxy modules
you must load rewrite module
port 8980 is linked to some other software. Apache does not handle 8980.

Apache: two domains on the same server with different ports

I'm newbie on this stuff so forgive me if i'm doing a stupid question. I have a vue application running on port 80 working just fine over SSL (say www.domain.com and domain.com).
Now I need my springboot application, which is running over port 8443 to be accessible by a secure connection too (say on api.domain.com) but i can't quite figure what i'm doing wrong...
I can access the api if i'm not including the second virtualhost, but only using http... Also, when I just type api.domain.com it goes to domain.com start page too. And when I include the second virtualhost, I can't even acces domain.com.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName www.domain.com
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias domain.com
ProxyPreserveHost On
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName api.domain.com
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias api.domain.com
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</VirtualHost>
</IfModule>
Found it out: there are some apache modules that need to be activated. Just did it with
sudo a2enmod proxy
sudo a2enmod proxy_http
and everything works like a charm.

TURN server behind reverse proxy

I would like to make the TURN server accessible behind a reverse proxy in order to use port 443 to avoid problems with blocked ports on public wifi networks, etc.
coturn is configured this way:
listening-port=8443
listening-ip=127.0.0.1
relay-ip=<public-ip-of-the-turn-server>
lt-cred-mech
use-auth-secret
static-auth-secret="secret"
realm=myturnserver.org
total-quota=0
bps-capacity=0
log-file=/var/log/turn.log
and the apache server config looks like this:
<VirtualHost *:443>
ServerName myturnserver.org
ServerAdmin root#myturnserver.org
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/myturnserver.org.error.log
CustomLog ${APACHE_LOG_DIR}/myturnserver.org.access.log combined
SSLCertificateFile /etc/letsencrypt/live/myturnserver.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myturnserver.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</VirtualHost>
but I can't connect to the turn server. Any ideas what is wrong here?

running website with no http show different content

Im running 3 sites in one server the same IP in Ubuntu/Apache using vhost.
I bought an SSL certificate and installed it in one of my sites successfully. The problem is when I run the site with no https it shows content from my other site.
Ex.
www.aaaaa.com
www.bbbbb.com (SSL)
www.ccccc.com
when I run https://bbbbb.com there is no problem but
when I run http://bbbbb.com it shows the content of www.aaaaa.com
I know the ssl is working correctly coz I have tested it sslchecker.
This is the first time I installed SSL, I hope someone knows something about this problem.
ok just got the Answer from this link
https://www.namecheap.com/support/knowledgebase/article.aspx/9821/38/redirect-to-https-on-apache
You just need to Redirect HTTPS on Apache. Solution is I added vhost port 80 on my conf file in apache to redirect it to https when accessing the site with no https.
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#example.com
ServerName example.com.ca
ServerAlias www.example.com
DocumentRoot /var/www/example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/example.com/example.ca.crt
SSLCertificateKeyFile /etc/ssl/example.com/example.key
SSLCertificateChainFile /etc/ssl/example.com/example.ca.ca-bundle
</VirtualHost>