Difference between revisions of "WebServer - Name-based Virtual Host Support"

From The TinkerNet Wiki
Jump to navigation Jump to search
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
This page was created while splitting my original webserver from a single name to 3 names to make access easier.  I moved the wikis to their own subdomains.  At some point, I really should clean this page up to make it clearer...
+
The Apache web server Can easily be configured to serve up different content based on the '''name''' it was called as.
  
(i.e.: moving it from test.tinkernow.net/wiki to wiki.tinkernow.net)<br>
+
This allows fun stuff like giving your machine multiple names via DNS and making it look like a whole server farm.
<code>sudo vim /var/www/LocalSettings.php</code>
 
  
*<code>#$wgServer = "http://test.tinkernow.net";</code>
+
This also makes life easier if you're using it to proxy for other machines internal to your network.
*<code>$wgServer = "http://wiki.tinkernow.net";</code>
 
  
Then add this to <code>/etc/apache2/apache2.conf</code>
+
In these notes, we'll be setting up 4 names for the server.  '''foo.bar''' & '''www.foo.bar''' which will be the default web site.  '''Wiki.foo.bar''' which will be served up by the same install of Apache, but still independant of the default web site.  '''Proxy.foo.bar''' which is on another machine completely & wouldn't otherwise be reachable.
  
<big>'''NOTE:''' It is probably smarter to put the <code>VirtualHost</code> sections in separate files in the <code>/etc/apache2/sites-available/</code> folder, then make symbolic links to them in <code>/etc/apache2/sites-enabled</code> This will simplify maintenance down the road...</big>
+
You will need to set up external DNS for '''Wiki.foo.bar''' & '''Proxy.foo.bar''' (which are NOT the same as your normal webserver name as far as the outside world is concerned)
<VirtualHost *:80 *:443>
+
 
    # This first-listed virtual host is also the default for *:80
+
<big>'''NOTE:''' It is probably smartest to put the <code>VirtualHost</code> sections in separate files in the <code>/etc/apache2/sites-available/</code> folder, then make symbolic links to them in <code>/etc/apache2/sites-enabled</code> This will simplify maintenance down the road...</big>
    ServerName test.tinkernow.net
+
 
#    ServerAlias tinkernow.net
+
(But, if you really want to, they can simply be added to <code>/etc/apache2/apache2.conf)</code>
    DocumentRoot "/var/www/html"
+
 
</VirtualHost>
+
A sample set of files for <code>/etc/apache2/sites-available</code>:  
+
 
<VirtualHost *:80>
+
*'''www.foo.bar.conf'''
    ServerName wiki.tinkernow.net
 
    Redirect permanent / <nowiki>https://wiki.tinkernow.net/</nowiki>
 
    # This line causes http requests to be converted to https...
 
</VirtualHost>
 
 
<VirtualHost _default_:443>
 
    ServerName wiki.tinkernow.net
 
    DocumentRoot "/var/www/wiki"
 
</VirtualHost>
 
 
<VirtualHost *:80>
 
    ServerName labnotes.tinkernow.net
 
    Redirect permanent / <nowiki>https://labnotes.tinkernow.net/</nowiki>
 
    # This line causes http requests to be converted to https...
 
</VirtualHost>
 
 
<VirtualHost _default_:443>
 
    ServerName labnotes.tinkernow.net
 
    DocumentRoot "/var/www/labnotes"
 
</VirtualHost>
 
 
<VirtualHost *:80>
 
    ServerName blog.tinkernow.net
 
    Redirect permanent / <nowiki>https://blog.tinkernow.net/</nowiki>
 
    # This line causes http requests to be converted to https...
 
</VirtualHost>
 
 
<VirtualHost _default_:443>
 
    ServerName blog.tinkernow.net
 
    DocumentRoot "/var/www/WP"
 
</VirtualHost>
 
 
A set of files for /etc/apache2/sites-available:
 
  
* www.foo.bar.conf
+
  ##########################
  #########################
+
  # WWW.foo.bar           #
  # WWW.foo.bar           #
+
# our default web server #
  #########################
+
  ##########################
 
   
 
   
 
  <VirtualHost *:80>
 
  <VirtualHost *:80>
 
     ServerName foo.bar
 
     ServerName foo.bar
     Redirect permanent / https://www.foo.bar/
+
     Redirect permanent / <nowiki>https://www.foo.bar/</nowiki>
 
  </VirtualHost>
 
  </VirtualHost>
 
   
 
   
 
  <VirtualHost *:80>
 
  <VirtualHost *:80>
 
     ServerName www.foo.bar
 
     ServerName www.foo.bar
     Redirect permanent / https://www.foo.bar/
+
     Redirect permanent / <nowiki>https://www.foo.bar/</nowiki>
 
  </VirtualHost>
 
  </VirtualHost>
 
   
 
   
Line 75: Line 40:
 
  </VirtualHost>
 
  </VirtualHost>
  
* wiki.foo.bar.conf  
+
*'''wiki.foo.bar.conf'''
 +
 
 
  #########################
 
  #########################
 
  # Wiki.foo.bar          #
 
  # Wiki.foo.bar          #
 +
# our Wiki server      #
 
  #########################
 
  #########################
 
   
 
   
 
  <VirtualHost *:80>
 
  <VirtualHost *:80>
 
     ServerName wiki.foo.bar
 
     ServerName wiki.foo.bar
     Redirect permanent / https://wiki.foo.bar/
+
     Redirect permanent / <nowiki>https://wiki.foo.bar/</nowiki>
 
  </VirtualHost>
 
  </VirtualHost>
 
   
 
   
Line 93: Line 60:
 
  </VirtualHost>
 
  </VirtualHost>
  
* proxy.foo.bar.conf  
+
*'''proxy.foo.bar.conf'''
  ##################################
+
 
  # Proxy for T110.foo.CA    #
+
  ################################################
  ##################################
+
  # Proxy for proxy.foo.bar                      #
 +
  # an ESXi-based server on our internal network #
 +
################################################
 
   
 
   
 
  <VirtualHost *:80>
 
  <VirtualHost *:80>
 
     ServerName proxy.foo.bar
 
     ServerName proxy.foo.bar
     Redirect permanent / https://proxy.foo.bar/
+
     Redirect permanent / <nowiki>https://proxy.foo.bar/</nowiki>
 
  </VirtualHost>
 
  </VirtualHost>
 
   
 
   
Line 115: Line 84:
 
   
 
   
 
     # Redirect HTTPS traffic
 
     # Redirect HTTPS traffic
     ProxyPass / https://proxy.foo.bar/
+
     ProxyPass / <nowiki>https://proxy.foo.bar/</nowiki>
     ProxyPassReverse / https://proxy.foo.bar/
+
     ProxyPassReverse / <nowiki>https://proxy.foo.bar/</nowiki>
 
   
 
   
 
     SSLCertificateFile /etc/letsencrypt/live/proxy.foo.bar/fullchain.pem
 
     SSLCertificateFile /etc/letsencrypt/live/proxy.foo.bar/fullchain.pem
Line 128: Line 97:
 
   
 
   
 
  </VirtualHost>
 
  </VirtualHost>
 +
 +
'''<big>NOTE:</big>''' Whichever '''VirtualHost''' gets configured '''FIRST''' becomes the default host.  Any name that successfully resolves to the server but is not among the names explicitly handled will be served this '''VirtualHost'''. (It may help to start the filename with a '0'. eg: '''0-www.foo.bar.conf''')
 +
 +
create the links
 +
 +
*<code>cd  /etc/apache2/sites-enabled</code>
 +
*<code>sudo ln -s ../sites-available/www.foo.bar.conf .</code>
 +
*<code>sudo ln -s ../sites-available/wiki.foo.bar.conf .</code>
 +
*<code>sudo ln -s ../sites-available/proxy.foo.bar.conf .</code>
  
 
and restart Apache:  
 
and restart Apache:  
  
 
*<code>sudo service apache2 restart</code>
 
*<code>sudo service apache2 restart</code>

Latest revision as of 13:40, 3 July 2020

The Apache web server Can easily be configured to serve up different content based on the name it was called as.

This allows fun stuff like giving your machine multiple names via DNS and making it look like a whole server farm.

This also makes life easier if you're using it to proxy for other machines internal to your network.

In these notes, we'll be setting up 4 names for the server. foo.bar & www.foo.bar which will be the default web site. Wiki.foo.bar which will be served up by the same install of Apache, but still independant of the default web site. Proxy.foo.bar which is on another machine completely & wouldn't otherwise be reachable.

You will need to set up external DNS for Wiki.foo.bar & Proxy.foo.bar (which are NOT the same as your normal webserver name as far as the outside world is concerned)

NOTE: It is probably smartest to put the VirtualHost sections in separate files in the /etc/apache2/sites-available/ folder, then make symbolic links to them in /etc/apache2/sites-enabled This will simplify maintenance down the road...

(But, if you really want to, they can simply be added to /etc/apache2/apache2.conf)

A sample set of files for /etc/apache2/sites-available:

  • www.foo.bar.conf
##########################
# WWW.foo.bar            #
# our default web server #
##########################

<VirtualHost *:80>
    ServerName foo.bar
    Redirect permanent / https://www.foo.bar/
</VirtualHost>

<VirtualHost *:80>
    ServerName www.foo.bar
    Redirect permanent / https://www.foo.bar/
</VirtualHost>

<VirtualHost _default_:443>
    ServerName www.foo.bar
    DocumentRoot "/var/www/html"
    SSLCertificateFile /etc/letsencrypt/live/www.foo.bar/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/www.foo.bar/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
  • wiki.foo.bar.conf
#########################
# Wiki.foo.bar          #
# our Wiki server       #
#########################

<VirtualHost *:80>
    ServerName wiki.foo.bar
    Redirect permanent / https://wiki.foo.bar/
</VirtualHost>

<VirtualHost _default_:443>
    ServerName wiki.foo.bar
    DocumentRoot "/var/www/wiki"
    SSLCertificateFile /etc/letsencrypt/live/wiki.foo.bar/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/wiki.foo.bar/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
  • proxy.foo.bar.conf
################################################
# Proxy for proxy.foo.bar                      #
# an ESXi-based server on our internal network #
################################################

<VirtualHost *:80>
    ServerName proxy.foo.bar
    Redirect permanent / https://proxy.foo.bar/
</VirtualHost>

<VirtualHost _default_:443>
    ServerName proxy.foo.bar
    ProxyRequests on
    SSLEngine On
    SSLProxyEngine On
    ProxyPreserveHost On

    # Redirect WSS traffic (Needed if this is a proxy for ESXi)
    ProxyPass /ticket/ wss://proxy.foo.bar/ticket/
    ProxyPassReverse /ticket/ wss://proxy.foo.bar/ticket/

    # Redirect HTTPS traffic
    ProxyPass / https://proxy.foo.bar/
    ProxyPassReverse / https://proxy.foo.bar/

    SSLCertificateFile /etc/letsencrypt/live/proxy.foo.bar/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/proxy.foo.bar/privkey.pem
    <Proxy "*">
        Order allow,deny
        Allow from all
    </Proxy>
        ErrorLog /var/log/apache2/Proxy/proxy_log
        CustomLog /var/log/apache2/Proxy/proxy-access_log combined

</VirtualHost>

NOTE: Whichever VirtualHost gets configured FIRST becomes the default host. Any name that successfully resolves to the server but is not among the names explicitly handled will be served this VirtualHost. (It may help to start the filename with a '0'. eg: 0-www.foo.bar.conf)

create the links

  • cd /etc/apache2/sites-enabled
  • sudo ln -s ../sites-available/www.foo.bar.conf .
  • sudo ln -s ../sites-available/wiki.foo.bar.conf .
  • sudo ln -s ../sites-available/proxy.foo.bar.conf .

and restart Apache:

  • sudo service apache2 restart