I need help configuring Apache to act as a reverse proxy with https and multiple domains, such that www.myfirstdomain.com and www.myseconddomain.com both point to x.x.x.x and than the server will selectively forward to, let's say, x.x.x.x:2400 (myfirstdomain.com, http), x.x.x.x:2401 (myfirstdomain.com, https), x.x.x.x:2600 (myseconddomain.com, http) and x.x.x.x:2601 (mysecondomain.com, https).
I tried many options but in the end I got stuck because I issued more than 5 certs (renews) per week and also I couldn't make it work.
myfirstdomain.com and www.myfirstdomain.com (http and https) were configured as follows:
/etc/apache2/sites-available/000-default.conf :
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2400/
ProxyPassReverse / http://127.0.0.1:2400/
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2401/
ProxyPassReverse / http://127.0.0.1:2401/
</VirtualHost>
<VirtualHost *:2400>
ServerName myfirstdomain.com
ServerAlias www.myfirstdomain.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =myfirstdomain.com
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{SERVER_NAME} =www.myfirstdomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:2401>
ServerName myfirstdomain.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =myfirstdomain.com
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Then I generated the certs with certbot --apache for both www and non-www and I had this file:
/etc/apache2/sites-available/000-default-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2401/
ProxyPassReverse / http://127.0.0.1:2401/
</VirtualHost>
<VirtualHost *:2401>
ServerName myfirstdomain.com
ServerAlias www.myfirstdomain.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =myfirstdomain.com
# RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
# RewriteCond %{SERVER_NAME} =www.myfirstdomain.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/www.myfirstdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.myfirstdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
I also tried to regenerate the HTTPS certificates but it won't work. How do I do it?
First of all, remember that Apache listens on a range of ports, for instance 80 and 443.
Virtualhosts use the same ports (80 and 443) and Apache selects the correct folder using the domain name you use.
For example, myfirstdomain.com could display /var/www/html/myfirstdomain/public, but
if apache listens on port 80, it never match the rule for *:2400.
I haven't tryed this, but you could put ProxyPass and ProxyPassReverse in each virtual hosts and leave the port to :80 or :443.
When you call myfirstdomain.com:80, the rule on apache match and it executing proxing to another server.
See this answer.
LetsEncrypt create an ACME challenge (a file with a random string) that could be reachable from the internet. The Certification Server search this file, if exists the certificate is released; if not, it throw an error.
I don't remember the correct pathof the file, but you must verify:
can you reach "myfistdomain.com" from the internet?
an external server can reach "myfistdomain.com" ? (check dns name and port forwarding of your router
can you open the ACME challenge file?
can the server open the ACME challenge file?
On some Plesk installations acme files cannot be reacheable because Plesk adds some automatic rules.
Related
Ubuntu 18.04
Apache2
Certbot
I'm trying to get cerbot and non-www to www redirects set up on this site and I am copying the conf file from another one of my sites that is working just fine, but for some reason 443 is forbidden to the user on this new site and non-www.domain.url redirects to domain.url/www.domain.urlwww.domain.urlwww.domain.url etc.
main.conf
<VirtualHost *:80>
ServerName domain.url
Redirect permanent / https://www.domain.url/
</VirtualHost>
<VirtualHost *:80>
ServerName www.domain.url
ServerAdmin email#domain.url
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.url
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
main-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.domain.url
ServerAdmin email#domain.url
ServerAlias domain.url
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/user/project/static
<Directory /home/user/project/static>
Require all granted
</Directory>
<Directory /home/user/project/media>
Require all granted
</Directory>
<Directory /home/user/project>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIScriptAlias / /home/user/project/project/wsgi.py
WSGIDaemonProcess theprocess python-path=/home/user/prject python-home=/home/user/project/wow
WSGIProcessGroup theprocess
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.domain.url/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.url/privkey.pem
</VirtualHost>
</IfModule>
ssh, http, https are all enabled with ufw. I might have a permissions issue with users being able to view my site, but it was working fine until certbot was installed. now everything (except non-https non-www which causes the repeating domain issue) redirects to https://www.domain.url and I get a forbidden message.
When I installed certbot I missed the non-www domain. when I went back and renewed to get both www and non-www the redirect setup failed but it said I had my certs. Is this causing the issue? I thought I could just build the redirect myself in the config file...
This post ended up being the answer:
https://serverfault.com/questions/957788/forbidden-after-enabling-ssl
I had a case error in my WSGIScriptAlias file path.
I am sure this must have been asked multiple times already, I researched it for like a day but still couldn't figure it out.
I have a domain - domain.com and now I want to add a subdomain - test.domain.com for it. I have created a virtual host file and DNS A record - test.domain.com pointing to my server IP. But then whenever I try to access my test.domain.com, it keeps redirecting to domain.com. My Apache2 virtual host files are configured as follow
domain.com.conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/domain.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.com [OR]
RewriteCond %{SERVER_NAME} =domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<Directory "/var/www/domain.com">
AllowOverride All
</Directory>
domain.com-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/domain.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName domain.com
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias www.domain.com
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
</VirtualHost>
</IfModule>
test.domain.com.conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/test.domain.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.test.domain.com [OR]
RewriteCond %{SERVER_NAME} =test.domain.com
RewriteRule ^ http://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<Directory "/var/www/test.domain.com">
AllowOverride All
</Directory>
I have enabled the conf files with the command a2ensite and restarted apache (and desperately my server droplet) multiple times already but still couldn't get it to work. I am running on Ubuntu 16.04.6.
Any advise would be much appreciated. Thank you very much in advance!
A minimalistic example would be along these lines:
<VirtualHost *:80>
DocumentRoot /var/www/test.example.com
ServerName test.example.com
ServerAlias www.test.example.com
</VirtualHost>
In this example you declare a virtualhost for test.example.com and also www.test.example.com.
Note that I am using example.com here instead of domain.com because of posting restrictions active on this website.
The RewriteRule directives in your subdomain don't seem to be right, at least syntactically. They may be causing the redirection problem.
So I would remove them and take care of redirects later. Start with a simple configuration, validate it and expand with more rules later.
Hint: you could use curl (from the command line on your server if not available on your PC) to test like this:curl -L --head "http://example.com".
Test the main domain name, then subdomain in both http and https. There is an option in Curl to ignore SSL/TLS errors if you encounter any.
See what happens and pay attention to the redirects if any (status code 301/302).
I prefer to use Curl for testing because the browser cache can play tricks on you.
I'm pretty stuck. Would appreciate some help.
Two websites (wordpress and another php tool) on an AWS EC2 Ubuntu
18.04 instance running LAMP stack.
My intention is to achieve:
http://www.example.com
http://example.com
https://www.example.com
to: https://example.com.
AND
http://app.example.com
to: https://app.example.com.
I had virtualhost configured and working as I intended, I then created the https cert through letsencrypt which setup the HTTP to HTTPS redirects...however...something's gone wrong:
HTTP all redirect to HTTPS.
https://app.example.com resolves to the intended website - website1.
https://example.com doesn't resolve to website2 - it resolves to website1 - note it's not redirecting to app. but showing website1 on https://example.com.
I've two virtualhost conf files, one for each site. Both contain each sites 80 and 443 config, they're below.
The SSL cert has the common name of example.com and lists alternative names for app.example.com, www.example.com and example.com.
DNS has example.com A to server IP, www. and app. are CNAME to example.com.
app.example.com.conf - Website 1
<VirtualHost *:80>
ServerAdmin jimmy#example.com
DocumentRoot /var/www/website1/
ServerName example.com
ServerAlias app.example.com
<Directory /var/www/website1/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =app.example.com [OR]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin jimmy#example.com
DocumentRoot /var/www/website1
ServerName example.com
ServerAlias app.example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/website1/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
</IfModule>
example.com.conf - Website 2
<VirtualHost *:80>
ServerAdmin jim#example.com
ServerName example.com
ServerAlias example.com
DocumentRoot /var/www/website2
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/website2/>
AllowOverride All
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ServerAdmin jim#example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/website2
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/website2/>
AllowOverride All
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin jim#example.com
ServerName example.com
ServerAlias example.com
DocumentRoot /var/www/website2
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/website2/>
AllowOverride All
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin jim#example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/website2
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/website2/>
AllowOverride All
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
</IfModule>
I'd really appreciate any help, suggestions and any other ideas!
https://example.com doesn't resolve to website2 - it resolves to website1 - note it's not redirecting to app. but showing website1 on https://example.com
Yes, because all your vHosts define example.com as the ServerName and I expect website1 appears first in the config.
For app.example.com.conf (Website 1) you should set ServerName app.example.com and remove the ServerAlias directive altogether for both the vhost:80 and vhost:443 containers.
The HTTP to HTTPS redirect in the vhost:80 container:
RewriteEngine on
RewriteCond %{SERVER_NAME} =app.example.com [OR]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Can be simplified to a single mod_alias Redirect directive:
Redirect 301 / https://app.example.com/
For example.com.conf (Website 2) you have duplicated the vhost:80 and vhost:443 containers and defined the same ServerName example.com in each - this is an error. It is perfectly possible to have 4 containers like this (and use mod_alias Redirect directives), but you would need unique ServerName directives for each vHost and cut down the repetition.
The easiest approach from your point of view is probably just to remove the second (duplicate) vhost:80 and vhost:443 containers and set the following in both the vhost:80 and vhost:443 containers that remain.
ServerName example.com
ServerAlias www.example.com
I then created the https cert through letsencrypt which setup the HTTP to HTTPS redirects
Creating the SSL cert using LetsEncrypt should not have "setup the HTTP to HTTPS redirects"?
I have the following 2 sections in my httpd.conf file. I have a wildcard cert installed for *.example.biz installed at the given location. As you can see the 4 SSL directives are identical (copy and pasted) in both sections. However, when I go to example.biz I get an ssh error saying the CA certificate expired in 2015. When I go to the subdomain, I get the right certificate chain that says it expires in 2018. I apologize that I am using an example, but this is for a client that must remain confidential.
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/2017.crt
SSLCertificateKeyFile /etc/pki/tls/private/my_biz_2016.key
SSLCertificateChainFile /etc/pki/tls/certs/2017_ca.crt
<Directory /var/www/MyCompany/example.com/public/>
AllowOverride All
</Directory>
ErrorLog /var/www/logs/example.com/error.log
CustomLog /var/www/logs/example.com/access.log combined
DocumentRoot /var/www/MyCompany/example.com/public/
ServerName example.biz
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/2017.crt
SSLCertificateKeyFile /etc/pki/tls/private/my_biz_2016.key
SSLCertificateChainFile /etc/pki/tls/certs/2017_ca.crt
<Directory /var/www/MyCompany/SubDomain/public/>
AllowOverride All
</Directory>
ErrorLog /var/www/logs/SubDomain/error.log
CustomLog /var/www/logs/SubDomain/access.log combined
DocumentRoot /var/www/MyCompany/SubDomain/public/
ServerName subdomain.example.biz
</VirtualHost>
Lastly, this is my .htaccess file if that is helpful:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Also: I pinged both domains, and they both point to the same server and I am not using cloudflare, or anything of the like.
I also restarted apache to make sure.
I define all of my vhosts in a vhosts file, but in my httpd.conf file I apparently set it up with a set of defaults such as:
ServerAdmin root#localhost
ServerNAme example.biz
DocumentRoot /var/www/html # I wasn't using this folder
Once I deleted those erroneous defaults, it started working.
I have a Ubuntu 16.04 VPS. I use Letsencrypt for my ssl certificates, when creating or creating a certificate, they ask if you want easy or secure access. Secure means it will redirect to https no matter what.
This works on the homepage, but it doesn't work on the subdomains. I am not redirected to https, and I just see my index.html whats just the apache default page.
So how do I fix this?
My Virtualhost:
<VirtualHost *:80>
ServerName school.luukwuijster.eu
Redirect / https://school.luukwuijster.eu
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/school.luukwuijster.eu/public/
<Directory /var/www/html/school.luukwuijster.eu/public/>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =school.luukwuijster.eu
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
le-ssl:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName school.luukwuijster.eu
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/school.luukwuijster.eu/public/
<Directory /var/www/html/school.luukwuijster.eu/public/>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =school.luukwuijster.eu
# Some rewrite rules in this file were were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/luukwuijster.eu-0003/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/luukwuijster.eu-0003/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
For some reason its just not redirecting.
When I go to http://luukwuijster.eu I am redirected to https://luukwuijster.eu
So that works fine, but when I go to http://school.luukwuijster.eu I am not redirected and get to see the same page as on https://luukwuijster.eu
Ofcourse when I go to https://school.luukwuijster.eu i am not redirected, but I do see the right page.
How do I solve this problem?
Try to change line 3 from Redirect / https://school.luukwuijster.eu to RedirectPermanent / https://school.luukwuijster.eu/.
BTW currently your SSL cert is only valid for api.luukwuijster.eu. You should add school.luukwuijster.eu and all other domains you want to secure to your letsencrypt config.