Difference between revisions of "WebServer - Proxy VirtualHost Configuration"

From The TinkerNet Wiki
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
*[[WikiPedia:Fully qualified domain name|FQDN]] being proxied
 
*[[WikiPedia:Fully qualified domain name|FQDN]] being proxied
 
**'''Test.Domain.Net'''
 
**'''Test.Domain.Net'''
*Internal server FQDN
+
*Internal server [[WikiPedia:Fully qualified domain name|FQDN]]
 
**'''Server.LocalDomain.net'''
 
**'''Server.LocalDomain.net'''
  
 
  #########################
 
  #########################
  # Test.Domain.Net     #
+
  # Test.Domain.Net       #
 
  #########################
 
  #########################
 
   
 
   
 +
# Proxy the local machine name for completeness
 
  <VirtualHost *:80>
 
  <VirtualHost *:80>
 
     ServerName Server.LocalDomain.net
 
     ServerName Server.LocalDomain.net
Line 15: Line 16:
 
  </VirtualHost>
 
  </VirtualHost>
 
   
 
   
 +
# Enforce use of SSL
 
  <VirtualHost *:80>
 
  <VirtualHost *:80>
 
     ServerName Test.Domain.Net
 
     ServerName Test.Domain.Net
Line 20: Line 22:
 
  </VirtualHost>
 
  </VirtualHost>
 
   
 
   
 +
# The actual proxy definition
 
  <VirtualHost _default_:443>
 
  <VirtualHost _default_:443>
 
     ServerName Test.Domain.Net
 
     ServerName Test.Domain.Net
Line 37: Line 40:
 
         Allow from all
 
         Allow from all
 
     </Proxy>
 
     </Proxy>
        ErrorLog /var/log/apache2/Proxy/TDN.log
+
    ErrorLog /var/log/apache2/Proxy/TDN.log
        CustomLog /var/log/apache2/Proxy/TDN-access.log combined
+
    CustomLog /var/log/apache2/Proxy/TDN-access.log combined
 
  </VirtualHost>
 
  </VirtualHost>
 +
 +
This can be placed in a file in <code>/etc/apache2/sites-available</code> (And, of course, linked into <code>/etc/apache2/sites-enabled</code>).  It could also be simply added to <code>/etc/apache2/apache2.conf</code> If you want to do it that way...

Latest revision as of 13:07, 15 July 2020

An Example:

  • FQDN being proxied
    • Test.Domain.Net
  • Internal server FQDN
    • Server.LocalDomain.net
#########################
# Test.Domain.Net       #
#########################

# Proxy the local machine name for completeness
<VirtualHost *:80>
    ServerName Server.LocalDomain.net
    Redirect permanent / https://Test.Domain.Net/
</VirtualHost>

# Enforce use of SSL
<VirtualHost *:80>
    ServerName Test.Domain.Net
    Redirect permanent / https://Test.Domain.Net/
</VirtualHost>

# The actual proxy definition
<VirtualHost _default_:443>
    ServerName Test.Domain.Net
    ProxyRequests on
    SSLEngine On
    SSLProxyEngine On
    ProxyPreserveHost Off

    # Redirect HTTPS traffic
    ProxyPass / https://Server.LocalDomain.net/
    ProxyPassReverse / https://Server.LocalDomain.net/

    SSLCertificateFile /etc/letsencrypt/live/Test.Domain.Net/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/Test.Domain.Net/privkey.pem
    <Proxy "*">
        Order allow,deny
        Allow from all
    </Proxy>
    ErrorLog /var/log/apache2/Proxy/TDN.log
    CustomLog /var/log/apache2/Proxy/TDN-access.log combined
</VirtualHost>

This can be placed in a file in /etc/apache2/sites-available (And, of course, linked into /etc/apache2/sites-enabled). It could also be simply added to /etc/apache2/apache2.conf If you want to do it that way...