--- title: "Apache Virtual Hosts" date: 2020-12-20 draft: false tags: ["Apache","Virtual Hosts","LetsEncrypt","Lets Encrypt","Reverse Proxy","DNS"] authors: ["trent", "john", "joe"] post: 16 --- date: 2020-12-20 ## **Use Virtual Hosts** This is a very useful way to keep your server organized. ## **Virtual Hosts On Your Lan** You can practice on your Lan. ### Setting up DNS on your Lan For instance, if your router is running `dnsmasq`, this may be as simple as describing the virtual hosts in `/etc/hosts` on the router. ```console 192.168.1.101 blog.devbox blogstatic.devbox ``` ### Here's An Example Reverse Proxy for A Flask Blog On Your Lan ```apache # /etc/apache2/sites-enabled/blog.devbox.conf ServerName blog.devbox # dont' block LetsEncrypt # ProxyPass "/.well-known" ! ... not needed on your Lan # don't block /var/www/html/favicon.ico ProxyPass "/favicon.ico" ! ProxyPass "/" "http://127.0.0.1:8000/" ProxyPassReverse "/" "http://127.0.0.1:8000/" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ``` ### Here's An Example for A Static Blog On Your Lan ```apache # /etc/apache2/sites-enabled/blogstatic.devbox.conf ServerName blogstatic.devbox DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ``` ## **Wan Deployment** ### Set up DNS Log into your dns provider and create records * A record for **blog.example.com** pointing to your ipv4 address * AAAA record for **blog.example.com** pointing to your ipv6 address * A record for **blogstatic.example.com** pointing to your ipv4 address * AAAA record for **blogstatic.example.com** pointing to your ipv6 address ### Start With Virtual Hosts for HTTP You don't need to create virtual hosts for SSL configuration, because CertBot will automatically do that for you. #### Reverse Proxy ```apache # /etc/apache2/sites-enabled/blog.example.com.conf ServerName blog.example.com # dont' block LetsEncrypt ProxyPass "/.well-known" ! # don't block /var/www/html/favicon.ico ProxyPass "/favicon.ico" ! ProxyPass "/" "http://127.0.0.1:8000/" ProxyPassReverse "/" "http://127.0.0.1:8000/" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ``` #### Static Site ```apache # /etc/apache2/sites-enabled/blogstatic.example.com.conf ServerName blogstatic.example.com DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ``` ### Get LetsEncrypt Certs ```console certbot --apache -d blog.example.com -d blogstatic.example.com ``` Certbot will create and enable new conf files with SSL encryption configured, and will modify your http conf files with redirections to https.