How to avoid repeating virtualhost properties in apache? - apache

I want my sites served via SSL to have a bunch of the same properies in my apache2 config. Unfortunately, I can't find anywhere that demos how to do that. Here's my config at the moment for two separate servers accessed by www.mydomain.com and blog.mydomain.com:
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName www.mydomain.com
# Repeated stuff
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/wordpress
ServerName blog.mydomain.com
# Repeated stuff
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>
As you can see, both virtualhosts have a lot of the same properties under #Repeated stuff. How can I specify these properties once and then have ONLY these virtualhosts inherit those properties? E.g. can virtualhosts be nested?

mod_macro gave me just what I wanted. On ubuntu it can simply be enabled with sudo a2enmod macro. My apache2 SSL config now looks something like this:
<IfModule mod_ssl.c>
<Macro SSLStuff>
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mydomain.com/privkey.pem
</Macro>
<VirtualHost *:443>
Use SSLStuff
DocumentRoot /var/www/html
ServerName mydomain.com
ServerAlias www.mydomain.com
</VirtualHost>
<VirtualHost *:443>
Use SSLStuff
DocumentRoot /var/www/wordpress
ServerName blog.mydomain.com
</VirtualHost>
<VirtualHost *:443>
Use SSLStuff
ServerName mynodeapp.mydomain.com
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
</VirtualHost>
</IfModule>

Related

Reverse Proxy works but not Virtual Host in the secondary RPi Web Server

I have two RPi(3+), both use for LAMP web server. And their relation is like this image
So, Rpi1 is the one directly talks to my home router and I set up reverse proxy to retrieve RPi2 Data.
My problem is I was able to access both RPi1 sites with their domains (static1.com and wordpress1.com) but both of RPi2 domains(static2.com and wordpress2.com) lead to the same site(wordpress2.com).
I assume my virtual host setting in RPi2 has some problem but could not find any clue yet... I need help solving this apache setting issue!
Here is my set up in RPi 1 Apache server,
static2.com setting:
pi#cloelee:/etc/apache2/sites-available $ cat static2.com.conf
<VirtualHost *:80>
ServerAdmin webmaster#example.com
ServerName static2.com
ServerAlias www.static2.com
SSLProxyEngine on
ProxyPass / http://192.168.1.18/
ProxyPassReverse / http://192.168.1.18/
ProxyPreserveHost Off
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#example.com
ServerName static2.com
ServerAlias www.static2.com
SSLProxyEngine on
ProxyPass / http://192.168.1.18/
ProxyPassReverse / http://192.168.1.18/
ProxyPreserveHost Off
SSLCertificateFile /etc/letsencrypt/live/static2.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/static2.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
wordpress2.com setting:
pi#cloelee:/etc/apache2/sites-available $ cat wordpress2.com.conf
<VirtualHost *:80>
ServerAdmin webmaster#example.com
ServerName wordpress2.com
ProxyPass / http://192.168.1.18/
ProxyPassReverse / http://192.168.1.18/
ProxyPreserveHost Off
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#example.com
ServerName wordpress2
ProxyPass / http://192.168.1.18/
ProxyPassReverse / http://192.168.1.18/
ProxyPreserveHost Off
</VirtualHost>
And this is my setup in RPi2 Apache Server,
static2.com setting:
pi#kyongoh:/etc/apache2/sites-available $ cat static2.com.conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName static2.com
ServerAlias www.static2.com
DocumentRoot /var/www/static2.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteCond %{HTTP_HOST} ^(www\.)?static2\.com$
RewriteRule (.*) https://static2.com/$1 [L,R,NE]
</VirtualHost>
pi#kyongoh:/etc/apache2/sites-available $ cat static2.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName static2.com
ServerAlias www.static2.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/static2.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/static2.com/privkey.pem
</VirtualHost>
</IfModule>
wordpress2.com setting:
pi#kyongoh:/etc/apache2/sites-available $ cat wordpress2.com.conf
<VirtualHost *:80>
<Directory "/var/www/wordpress2.com">
AllowOverride All
</Directory>
ServerName wordpress2.com
ServerAdmin webmaster#local_wordpress
DocumentRoot /var/www/wordpress2.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#example.com
ServerName wordpress2.com
ServerAdmin webmaster#local_wordpress
DocumentRoot /var/www/wordpress2.com
</VirtualHost>
As you may realize wordpress2.com has not SSL yet but static2.com has. Do you see why both RP2 domains request wordpress2 data? what did I miss?
Thanks for help!
It was simple fix, just missed to turn ProxyPreserveHost on
ProxyPreserveHost Off
to
ProxyPreserveHost On

Two sites with two different log files - SSL Apache2 Ubuntu

I have two websites in the same web server (Ubuntu 16.04.2 LTS - Apache/2.4.18). Everything works well when I try to access to both websites using HTTP (port 80). This is the vhosts.conf file content:
<VirtualHost *:80>
ServerName site1
DocumentRoot /var/www/html/site1
ErrorLog ${APACHE_LOG_DIR}/site1_error.log
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName site2
DocumentRoot /var/www/html/site2
ErrorLog ${APACHE_LOG_DIR}/site2_error.log
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined
</VirtualHost>
So, both sites are accessible through "mydomain.com/site1" and "mydomain.com/site2". I have installed a Let's Encrypt certificate and, to make it works, I have configured a virtual host like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/site_error.log
CustomLog ${APACHE_LOG_DIR}/site_access.log combined
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I can access both site using SSL (port 443) successfully but I can't use different log files for different sites. I have tried something like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com/site1
DocumentRoot /var/www/html/site1
ErrorLog ${APACHE_LOG_DIR}/site1_error.log
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined
Alias /site1 /var/www/html/site1
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:443>
ServerName mydomain.com/site2
DocumentRoot /var/www/html/site2
ErrorLog ${APACHE_LOG_DIR}/site2_error.log
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined
Alias /site2 /var/www/html/site2
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
But it doesn't work. How can I distinguish between two sites in order to have two different log files?
Following the link proposed by CBroe, I have found the solution by using the SetEnvIf directive. The final working virtual host configuration looks like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
SetEnvIf Request_URI ^/site1(/|$) site1
SetEnvIf Request_URI ^/site2(/|$) site2
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined env=site1
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined env=site2
ErrorLog ${APACHE_LOG_DIR}/site_error.log
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Apache virtual host from GET url

<VirtualHost *:80>
ServerAdmin admin#example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Above is the example of https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts which I've followed to setup some sites. But what I wanna do is basically:
www.example.com?site=mynewsite.com
With htaccess: www.example.com/mynewsite.com
<VirtualHost *:80>
ServerAdmin admin#example.com
ServerName example.com/mynewsite.com
ServerAlias www.example.com/mynewsite.com
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Sadly above doesn't work.
Reason why I wanna do this is because I want to generate a website using database which will be triggered based of URL.
How may I do?
You could try the obscure ServerPath directive, which maps a request to a virtualhost based on the first component of the URL path.

Apache 2.4 Restrict SSL to specific subdomain Vhosts

I have a single digitalocean droplet, with only a single IPV4 address possible. I would like to use SNI to apply TLS (SSL) encryption onto only a specific subdomain, and not any other parts of the domain.
Example being:
domain.com (No TLS)
sub.domain.com (TLS, certificate 1)
sub1.domain.com (TLS, certificate 2)
sub2.domain.com (no TLS)
I'm using LetsEncrypt for the certificates, so wildcard domains are not possible.
domain.com.conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
sub.domain.com
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName sub.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
</IfModule>
sub1.domain.com
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName sub1.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
</IfModule>
sub2.domain.com
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName sub2.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Two things you should be aware of:
You never know which protocols users are going to use. They will default to http if protocol not defined and some browser extensions will try https first and use that if it exists.
Apache will fallback to the first site defined for that port if there's not a better match. In which case you might end up serving the wrong site if, for example, you don't define a sub2.domain.com site on port 443.
So you should define all 4 domains on both port 80 and port 443 and basically have 8 vhosts defined.
This also means will need to buy (or get for free from LetsEncrypt) certificates to cover all domains and not just the two you want to serve over https.
Then you should use redirects appropriately:
domain.com (No TLS): Serve site on port 80. Config for port 443 should just redirect all traffic back to equivalent page on http://domain.com
sub.domain.com (TLS, certificate 1): Serve site on port 443. Config for port 80 should just redirect all traffic back to equivalent page on https://sub.domain.com
sub1.domain.com (TLS, certificate 2): Similar to sub.domain.com setup mentioned in point 2 above.
sub2.domain.com (no TLS): Similar to domain.com set up mentioned in point one above.
Example config:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
sub.domain.com
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName sub.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
</VirtualHost>
</IfModule>
sub1.domain.com
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName sub1.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
</VirtualHost>
</IfModule>
sub2.domain.com
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName sub2.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-domain.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-domain.key
RewriteEngine On
RewriteRule (.*) http://%{SERVER_NAME}/%$1 [R,L]
</VirtualHost>
sub.domain.com
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName sub.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-subdomain.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-subdomain.key
</VirtualHost>
</IfModule>
sub1.domain.com
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName sub1.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-subdomain1.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-subdomain1.key
</VirtualHost>
</IfModule>
sub2.domain.com
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName sub2.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-subdomain2.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-subdomain2.key
RewriteEngine On
RewriteRule (.*) http://%{SERVER_NAME}/%$1 [R,L]
</VirtualHost>
However if going to all this hassle then might want to rethink not serving everything over https.

Host two different sites in apache

I have one Linux server with Apache installed. I configured two sites in it using VirtualHost.
I configured the two VirtualHosts for two different domain names. The configuration looks like this:
<VirtualHost 12.123.123.123>
ServerAdmin info#example-one.com
ServerName example-one.com
ServerAlias www.example-one.com
DocumentRoot /var/www/html/example-one
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost 12.123.123.123>
ServerAdmin info#example-two.com
ServerName example-two.com
ServerAlias www.example-two.com
DocumentRoot /var/www/html/example-two
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
When I visit my site example-one.com, then I see the correct website.
But when I visit example-two.com, then I see the website of example-one.com.
What am I doing wrong? I'm trying to host those two different websites under the same Apache server.
Do you have NameVirtualHost directive somewhere in your httpd config file?
This should work. Be aware that the first VirtualHost block is the default in case the http request does not match any other VirtualHost block.
For reference https://httpd.apache.org/docs/2.2/mod/core.html#namevirtualhost
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin info#example-one.com
ServerName example-one.com
ServerAlias www.example-one.com
DocumentRoot /var/www/html/example-one
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerAdmin info#example-two.com
ServerName example-two.com
ServerAlias www.example-two.com
DocumentRoot /var/www/html/example-two
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>