home.


Tagged: apache


Apache 2: A simple virtual host file

I’m on 2.4.18.

First create a file in /etc/apache2/sites-available/ Call it whatever.conf.

There’s the <VirtualHost> tag that contains the instructions. We listen for all host names, *, on port 80.

We specify the ServerAdmin email address, the ServerName that specifies what hostname to listen for, and an alias if needed.

<VirtualHost *:80>
  ServerAdmin null@localhost.com
  ServerName  something.example.com
  ServerAlias another.example.com
  ...
</VirtualHost>

We then specify the file to server as the default file to load, index.html usually. And the location of the root directory.

  DirectoryIndex index.html
  DocumentRoot /dir/public

Then specify the logging level and the location of the error log and the CustomLog which logs requests to the server, and takes the param combined allowing you to see request headers if specified in the log format.

  LogLevel warn
  ErrorLog  /dir/log/error.log
  CustomLog /dir/log/access.log combined

In full:

<VirtualHost *:80>
  ServerAdmin noone@example.com
  ServerName  something.example.com
  ServerAlias another.example.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html
  DocumentRoot /dir/public

  # Log file locations
  LogLevel warn
  ErrorLog  /dir/log/error.log
  CustomLog /dir/log/access.log combined
</VirtualHost>

Finally, enable this site via a2ensite whatever. Then service apache2 reload.

apache

Let's Encrypt tutorial: create a simple certificate for Apache2

Let’s create a simple certificate for Apache2.

We won’t do automatic renewal, meaning in three months time we’ll have to deal with renewal. But we really should do autorenewal, but we’re just testing things at the moment.

First login to your server. This is the server where your site on the internet, www.blarblaberklaejr.com, or whatever, is based.

Then do this as root:

mkdir -p /opt/letsencrypt
cd /opt/letsencrypt
git clone https://github.com/letsencrypt/letsencrypt
./letsencrypt-auto certonly --manual

This creates the directory where we clone the latest letsencrypt. Then we start the manual process to create certificates.

A terminal application will start asking you for your email for correspondence (although you’ll not need to check your email to do anything of this), and the domains for which you want the certificate.

Then it’ll break out of that and ask you to create a file on your publically available site for it to check.

Once that check is finished, it’ll output the certificates to /etc/letsencrypt/live/yourdomain.com.

Now your existing /etc/apache2/sites-available/your-file-name.conf should look something like

<VirtualHost *:443>
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem

  ...
</VirtualHost>

Restart apache. Rejoice.

https letsencrypt unix apache

Apache: Redirect HTTP traffic to HTTPS

If you want all the HTTP traffic to be rerouted through HTTPS, you need to specify a mod_rewrite rule:

<VirtualHost *:80>
 ServerName  example.com
 RewriteEngine on
 ReWriteCond %{SERVER_PORT} !^443$
 RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
</VirtualHost>

This is saying take all traffic going to port 80 that’s not on port 443 (yeah…) and rewrite it to a https:// url, ignoring case (NC), sending a moved permanently error message (R=301).

Now specify the vhost entry for HTTPS:

<VirtualHost *:443>
  ServerName  example.com

  SSLEngine on

  SSLCertificateFile your_cert.pem
  SSLCertificateKeyFile your_private.key

  ...
</VirtualHost>

The above is a normal SSL vhost entry, specifying the certificate and private key for your HTTPS site.

unix apache ssl https apache-mod_rewrite

Apache 2: Redirecting to another site with mod_rewrite

If you place a file like this in your /etc/apache2/sites-available/somesite.conf

...
ServerName www.example.org
ServerAlias example.org
...
ProxyPass / http://localhost:1234
...

Then when you hit http://www.example.org/ Apache will then rewrite your request to http://localhost:1234 on your server, yet the browser won’t know the difference , it will only know it’s talking to http://www.example.org

Should your server perform any redirects, let’s say http://localhost:1234/initial redirects to http://localhost:1234/redirected, then the following will ensure that http://localhost:1234/redirected is converted into http://www.example.org/redirected

...
ProxyPassReverse / http://localhost:1234/
...

To do the same with your cookie domain path use the following.

...
ProxyPassReverseCookieDomain http://localhost:1234 http://example.org    
ProxyPassReverseCookiePath http://localhost:1234 http://example.org   
...

You should see https://httpd.apache.org/docs/2.2/mod/mod_proxy.html for more details.

apache unix apache-mod_rewrite

Tomcat 7: Apache HTTPd 2.2 integration with virtual-hosts

First install and enable the mod_jk module for Apache

    apt-get install libapache2-mod-jk
    a2enmod jk

Then create a workers file. A worker is a process that will connect you to a tomcat instance. We’re creating the workers.properties file at /etc/apache2/workers.properties.

    worker.list=worker1
    worker.worker1.type=ajp13
    worker.worker1.host=localhost
    worker.worker1.port=8009

We’re giving it a name (will be used later), saying we’re using the ajp13 connector to connect to tomcat 6 and above instances, saying it’s on localhost and saying we’re listening on port 8009 (we’ll set tomcat listening on this port in a little while.)

Now in your apache.conf file, add:

    JkWorkersFile /etc/apache2/workers.properties
    JkShmFile /var/log/apache2/mod_jk.shm
    JkLogFile /var/log/apache2/mod_jk.log
    JkLogLevel info
    JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

Here we point to our workers file, setup some file locations to be next to each other and set some logging information.

Finally edit the /etc/tomcat7/server.xml to accept these ajp13 connections. Uncommend this line:

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

The only thing left is to setup your virual host file. Here’s an example of a virtual host file you should have in /etc/apache2/sites-available/blar

    <VirtualHost *:80>
      ...

      JkMount / worker1
      JkMount /* worker1

      RewriteEngine on
      RewriteRule ^/(.*)$ /YOUR_DEPLOYMENT_NAME/$1 [L,PT]

      ...
    </VirtualHost>

Note we’re pointing all the files that hit the root of our virual host to our worker via the JkMount command.

Generally, our tomcat servlets or jsp pages are prefixes with the name of the deployment file. Hello.war would be prefixed with Hello/. To get around this the RewriteRule gets around this by rewriting anything going to the root by transparently adding the deployment name.

tomcat apache apache-mod_rewrite

Page 1 of 2
Next