105 lines
2.9 KiB
Markdown
105 lines
2.9 KiB
Markdown
---
|
|
title: "Apache Virtual Hosts"
|
|
date: 2020-12-20
|
|
draft: false
|
|
tags: ["Apache","Virtual Hosts","LetsEncrypt","Lets Encrypt","Reverse Proxy","DNS"]
|
|
authors: ["trent", "john", "joe"]
|
|
post: 16
|
|
---
|
|
date: 2020-12-20
|
|
|
|
## **Use Virtual Hosts**
|
|
This is a very useful way to keep your server organized.
|
|
|
|
## **Virtual Hosts On Your Lan**
|
|
You can practice on your Lan.
|
|
### Setting up DNS on your Lan
|
|
For instance, if your router is running `dnsmasq`, this may be as simple
|
|
as describing the virtual hosts in `/etc/hosts` on the router.
|
|
```console
|
|
192.168.1.101 blog.devbox blogstatic.devbox
|
|
```
|
|
### Here's An Example Reverse Proxy for A Flask Blog On Your Lan
|
|
```apache
|
|
# /etc/apache2/sites-enabled/blog.devbox.conf
|
|
<VirtualHost *:80>
|
|
|
|
ServerName blog.devbox
|
|
|
|
# dont' block LetsEncrypt
|
|
# ProxyPass "/.well-known" ! ... not needed on your Lan
|
|
|
|
# don't block /var/www/html/favicon.ico
|
|
ProxyPass "/favicon.ico" !
|
|
|
|
ProxyPass "/" "http://127.0.0.1:8000/"
|
|
ProxyPassReverse "/" "http://127.0.0.1:8000/"
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
|
|
</VirtualHost>
|
|
```
|
|
### Here's An Example for A Static Blog On Your Lan
|
|
```apache
|
|
# /etc/apache2/sites-enabled/blogstatic.devbox.conf
|
|
<VirtualHost *:80>
|
|
ServerName blogstatic.devbox
|
|
DocumentRoot /var/www/html/blogstatic/site
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
```
|
|
## **Wan Deployment**
|
|
### Set up DNS
|
|
Log into your dns provider and create records
|
|
|
|
* A record for **blog.example.com** pointing to your ipv4 address
|
|
* AAAA record for **blog.example.com** pointing to your ipv6 address
|
|
* A record for **blogstatic.example.com** pointing to your ipv4 address
|
|
* AAAA record for **blogstatic.example.com** pointing to your ipv6 address
|
|
|
|
### Start With Virtual Hosts for HTTP
|
|
You don't need to create virtual hosts for SSL configuration, because
|
|
CertBot will automatically do that for you.
|
|
#### Reverse Proxy
|
|
```apache
|
|
# /etc/apache2/sites-enabled/blog.example.com.conf
|
|
<VirtualHost *:80>
|
|
|
|
ServerName blog.example.com
|
|
|
|
# dont' block LetsEncrypt
|
|
ProxyPass "/.well-known" !
|
|
|
|
# don't block /var/www/html/favicon.ico
|
|
ProxyPass "/favicon.ico" !
|
|
|
|
ProxyPass "/" "http://127.0.0.1:8000/"
|
|
ProxyPassReverse "/" "http://127.0.0.1:8000/"
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
|
|
</VirtualHost>
|
|
```
|
|
#### Static Site
|
|
```apache
|
|
# /etc/apache2/sites-enabled/blogstatic.example.com.conf
|
|
<VirtualHost *:80>
|
|
ServerName blogstatic.example.com
|
|
DocumentRoot /var/www/html/blogstatic/site
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
```
|
|
### Get LetsEncrypt Certs
|
|
```console
|
|
certbot --apache -d blog.example.com -d blogstatic.example.com
|
|
```
|
|
Certbot will create and enable new conf files with SSL encryption configured,
|
|
and will modify your http conf files with redirections to https.
|
|
|