date: 2020-12-20

Use Virtual Hosts

This is a very useful way to keep your server organized.

Virtual Hosts On Your Lan

You can practice on your Lan.

Setting up DNS on your Lan

For instance, if your router is running dnsmasq, this may be as simple as describing the virtual hosts in /etc/hosts on the router.

192.168.1.101     blog.devbox blogstatic.devbox

Here's An Example Reverse Proxy for A Flask Blog On Your Lan

# /etc/apache2/sites-enabled/blog.devbox.conf
<VirtualHost *:80>

    ServerName blog.devbox

    # dont' block LetsEncrypt
    # ProxyPass "/.well-known" !  ... not needed on your Lan

    # don't block /var/www/html/favicon.ico
    ProxyPass "/favicon.ico" !

    ProxyPass "/" "http://127.0.0.1:8000/"
    ProxyPassReverse "/" "http://127.0.0.1:8000/"

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

Here's An Example for A Static Blog On Your Lan

# /etc/apache2/sites-enabled/blogstatic.devbox.conf
<VirtualHost *:80>
    ServerName blogstatic.devbox
    DocumentRoot /var/www/html/blogstatic/site

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Wan Deployment

Set up DNS

Log into your dns provider and create records

  • A record for blog.example.com pointing to your ipv4 address
  • AAAA record for blog.example.com pointing to your ipv6 address
  • A record for blogstatic.example.com pointing to your ipv4 address
  • AAAA record for blogstatic.example.com pointing to your ipv6 address

Start With Virtual Hosts for HTTP

You don't need to create virtual hosts for SSL configuration, because CertBot will automatically do that for you.

Reverse Proxy

# /etc/apache2/sites-enabled/blog.example.com.conf
<VirtualHost *:80>

    ServerName blog.example.com

    # dont' block LetsEncrypt
    ProxyPass "/.well-known" !

    # don't block /var/www/html/favicon.ico
    ProxyPass "/favicon.ico" !

    ProxyPass "/" "http://127.0.0.1:8000/"
    ProxyPassReverse "/" "http://127.0.0.1:8000/"

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

Static Site

# /etc/apache2/sites-enabled/blogstatic.example.com.conf
<VirtualHost *:80>
    ServerName blogstatic.example.com
    DocumentRoot /var/www/html/blogstatic/site

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Get LetsEncrypt Certs

certbot --apache -d blog.example.com -d blogstatic.example.com
Certbot will create and enable new conf files with SSL encryption configured, and will modify your http conf files with redirections to https.