Virtual Host And Certbot in Raspbian 10: Difference between revisions
Jump to navigation
Jump to search
| (44 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
| valign="top" | | | valign="top" | | ||
===All Sites=== | ===All Sites=== | ||
<source lang="bash"> | <source lang="bash" style="border:3px dashed blue"> | ||
# chorke.{org,com} | # chorke.{org,com} | ||
mkdir -p /etc/chorke/apache2/conf.sites.all.d | mkdir -p /etc/chorke/apache2/conf.sites.all.d | ||
| Line 20: | Line 20: | ||
nano 02-dev.chorke.com-le-ssl.conf | nano 02-dev.chorke.com-le-ssl.conf | ||
</source> | </source> | ||
---- | |||
<source lang="bash"> | <source lang="bash" style="border:3px dashed blue"> | ||
# shahed.biz | # shahed.biz | ||
mkdir -p /etc/shahed/apache2/conf.sites.all.d | mkdir -p /etc/shahed/apache2/conf.sites.all.d | ||
| Line 28: | Line 28: | ||
nano 03-dev.shahed.biz.conf | nano 03-dev.shahed.biz.conf | ||
nano 03-dev.shahed.biz-le-ssl.conf | nano 03-dev.shahed.biz-le-ssl.conf | ||
nano 03-vpn.shahed.biz.conf | |||
nano 03-vpn.shahed.biz-le-ssl.conf | |||
</source> | |||
---- | |||
<source lang="bash" style="border:3px dashed blue"> | |||
# chorke.org | |||
mkdir -p /etc/chorke/apache2/conf.sites.all.d | |||
cd /etc/chorke/apache2/conf.sites.all.d | |||
nano 01-cid.chorke.org.conf | |||
nano 01-cid.chorke.org-le-ssl.conf | |||
nano 01-hub.chorke.org.conf | |||
nano 01-hub.chorke.org-le-ssl.conf | |||
nano 01-reg.chorke.org.conf | |||
nano 01-reg.chorke.org-le-ssl.conf | |||
</source> | </source> | ||
| valign="top" | | | valign="top" | | ||
===Enabled Sites=== | ===Enabled Sites=== | ||
<source lang="bash"> | <source lang="bash" style="border:3px dashed blue"> | ||
# chorke.{org,com} | # chorke.{org,com} | ||
cd /etc/apache2/sites-enabled | cd /etc/apache2/sites-enabled | ||
| Line 49: | Line 67: | ||
apache2ctl -t | apache2ctl -t | ||
</source> | </source> | ||
---- | |||
<source lang="bash"> | <source lang="bash" style="border:3px dashed blue"> | ||
# shahed.biz | # shahed.biz | ||
cd /etc/apache2/sites-enabled | cd /etc/apache2/sites-enabled | ||
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz.conf\ | ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz.conf\ | ||
/etc/apache2/sites-enabled/03-dev.shahed.biz.conf | /etc/apache2/sites-enabled/03-dev.shahed.biz.conf | ||
ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz.conf\ | |||
/etc/apache2/sites-enabled/03-vpn.shahed.biz.conf | |||
apache2ctl -t | |||
</source> | |||
---- | |||
<source lang="bash" style="border:3px dashed blue"> | |||
# chorke.org | |||
cd /etc/apache2/sites-enabled | |||
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org.conf\ | |||
/etc/apache2/sites-enabled/01-cid.chorke.org.conf | |||
ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org.conf\ | |||
/etc/apache2/sites-enabled/01-hub.chorke.org.conf | |||
ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org.conf\ | |||
/etc/apache2/sites-enabled/01-reg.chorke.org.conf | |||
apache2ctl -t | apache2ctl -t | ||
| Line 61: | Line 97: | ||
===Enabled HTTPS=== | ===Enabled HTTPS=== | ||
<source lang="bash"> | <source lang="bash" style="border:3px dashed blue"> | ||
# chorke.org | # chorke.org | ||
ln -s /etc/chorke/apache2/conf.sites.all.d/00-dev.chorke.org-le-ssl.conf\ | ln -s /etc/chorke/apache2/conf.sites.all.d/00-dev.chorke.org-le-ssl.conf\ | ||
| Line 72: | Line 108: | ||
/etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf | /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf | ||
apache2ctl -t | |||
</source> | |||
---- | |||
<source lang="bash" style="border:3px dashed blue"> | |||
# chorke.com | |||
ln -s /etc/chorke/apache2/conf.sites.all.d/02-dev.chorke.com-le-ssl.conf\ | ln -s /etc/chorke/apache2/conf.sites.all.d/02-dev.chorke.com-le-ssl.conf\ | ||
/etc/apache2/sites-enabled/02-dev.chorke.com-le-ssl.conf | /etc/apache2/sites-enabled/02-dev.chorke.com-le-ssl.conf | ||
apache2ctl -t | apache2ctl -t | ||
</source> | |||
---- | |||
<source lang="bash" style="border:3px dashed blue"> | |||
# shahed.biz | # shahed.biz | ||
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz-le-ssl.conf\ | ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz-le-ssl.conf\ | ||
/etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf | /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf | ||
ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz-le-ssl.conf\ | |||
/etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf | |||
apache2ctl -t | |||
</source> | |||
---- | |||
<source lang="bash" style="border:3px dashed blue"> | |||
# chorke.org | |||
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org-le-ssl.conf\ | |||
/etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf | |||
ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org-le-ssl.conf\ | |||
/etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf | |||
ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org-le-ssl.conf\ | |||
/etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf | |||
apache2ctl -t | apache2ctl -t | ||
| Line 89: | Line 149: | ||
<source lang="bash"> | <source lang="bash"> | ||
mkdir -p /var/chorke/www;\ | mkdir -p /var/chorke/www;\ | ||
cd /var/chorke/www/;p='api dev ihe';\ | cd /var/chorke/www/;p='api cid dev hub ihe reg';\ | ||
for s in $p;do d='html docs soft';\ | for s in $p;do d='html docs soft';\ | ||
for f in $d;do w="$s.chorke.org/$f";\ | for f in $d;do w="$s.chorke.org/$f";\ | ||
| Line 111: | Line 171: | ||
<source lang="bash"> | <source lang="bash"> | ||
mkdir -p /var/shahed/www;\ | mkdir -p /var/shahed/www;\ | ||
cd /var/shahed/www/;p='dev';\ | cd /var/shahed/www/;p='dev vpn';\ | ||
for s in $p;do d='html docs soft';\ | for s in $p;do d='html docs soft';\ | ||
for f in $d;do w="$s.shahed.biz/$f";\ | for f in $d;do w="$s.shahed.biz/$f";\ | ||
| Line 124: | Line 184: | ||
| valign="top" | | | valign="top" | | ||
<source lang="bash" style="border:3px dashed blue"> | <source lang="bash" style="border:3px dashed blue"> | ||
cd /var/chorke/www/;p='api dev ihe';\ | cd /var/chorke/www/;p='api cid dev hub ihe reg';\ | ||
a='.well-known/acme-challenge';\ | a='.well-known/acme-challenge';\ | ||
for s in $p;do w="$s.chorke.org/html";\ | for s in $p;do w="$s.chorke.org/html";\ | ||
| Line 142: | Line 202: | ||
| valign="top" | | | valign="top" | | ||
<source lang="bash" style="border:3px dashed blue"> | <source lang="bash" style="border:3px dashed blue"> | ||
cd /var/shahed/www/;p='dev';\ | cd /var/shahed/www/;p='dev vpn';\ | ||
a='.well-known/acme-challenge';\ | a='.well-known/acme-challenge';\ | ||
for s in $p;do w="$s.shahed.biz/html";\ | for s in $p;do w="$s.shahed.biz/html";\ | ||
| Line 152: | Line 212: | ||
{| | {| | ||
| valign="top" | | | valign="top" | | ||
<source lang=" | <source lang="apache"> | ||
#nano /var/chorke/www/api.chorke.org/html/.htaccess | |||
RewriteEngine on | RewriteEngine on | ||
RewriteCond %{HTTPS} off | RewriteCond %{HTTPS} off | ||
| Line 189: | Line 249: | ||
</source> | </source> | ||
|} | |} | ||
==HTTP== | |||
===dev.chorke.org.conf=== | |||
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-33,48-50,52-54" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org.conf | |||
<IfModule mod_proxy.c> | |||
<VirtualHost *:80> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias dev.chorke.org | |||
ServerName www.dev.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/dev.chorke.org/html | |||
ErrorLog /var/chorke/www/dev.chorke.org/error.log | |||
CustomLog /var/chorke/www/dev.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/dev.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/dev.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
#proxy for forms | |||
<Location /forms> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://175.144.214.83:9001/forms nocanon | |||
ProxyPassReverse http://175.144.214.83:9001/forms | |||
</Location> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
RewriteEngine on | |||
RewriteCond %{HTTP_HOST} =10.19.83.100 | |||
RewriteRule ^ https://dev.chorke.org%{REQUEST_URI} [END,NE,R=permanent] | |||
# RewriteCond %{SERVER_NAME} =dev.chorke.org [OR] | |||
# RewriteCond %{SERVER_NAME} =www.dev.chorke.org | |||
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===api.chorke.org.conf=== | |||
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-33,40-43" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org.conf | |||
<IfModule mod_proxy.c> | |||
<VirtualHost *:80> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias api.chorke.org | |||
ServerName www.api.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/api.chorke.org/html | |||
ErrorLog /var/chorke/www/api.chorke.org/error.log | |||
CustomLog /var/chorke/www/api.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/api.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/api.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
# RewriteEngine on | |||
# RewriteCond %{SERVER_NAME} =api.chorke.org [OR] | |||
# RewriteCond %{SERVER_NAME} =www.api.chorke.org | |||
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===cid.chorke.org.conf=== | |||
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org.conf | |||
<IfModule mod_proxy.c> | |||
<VirtualHost *:80> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias cid.chorke.org | |||
ServerName www.cid.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/cid.chorke.org/html | |||
ErrorLog /var/chorke/www/cid.chorke.org/error.log | |||
CustomLog /var/chorke/www/cid.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/cid.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/cid.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
# RewriteEngine on | |||
# RewriteCond %{SERVER_NAME} =cid.chorke.org [OR] | |||
# RewriteCond %{SERVER_NAME} =www.cid.chorke.org | |||
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===hub.chorke.org.conf=== | |||
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org.conf | |||
<IfModule mod_proxy.c> | |||
<VirtualHost *:80> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias hub.chorke.org | |||
ServerName www.hub.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/hub.chorke.org/html | |||
ErrorLog /var/chorke/www/hub.chorke.org/error.log | |||
CustomLog /var/chorke/www/hub.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/hub.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/hub.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
# RewriteEngine on | |||
# RewriteCond %{SERVER_NAME} =hub.chorke.org [OR] | |||
# RewriteCond %{SERVER_NAME} =www.hub.chorke.org | |||
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===ihe.chorke.org.conf=== | |||
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-33,40-43" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org.conf | |||
<IfModule mod_proxy.c> | |||
<VirtualHost *:80> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias ihe.chorke.org | |||
ServerName www.ihe.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/ihe.chorke.org/html | |||
ErrorLog /var/chorke/www/ihe.chorke.org/error.log | |||
CustomLog /var/chorke/www/ihe.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/ihe.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/ihe.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
# RewriteEngine on | |||
# RewriteCond %{SERVER_NAME} =ihe.chorke.org [OR] | |||
# RewriteCond %{SERVER_NAME} =www.ihe.chorke.org | |||
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===reg.chorke.org.conf=== | |||
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org.conf | |||
<IfModule mod_proxy.c> | |||
<VirtualHost *:80> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias reg.chorke.org | |||
ServerName www.reg.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/reg.chorke.org/html | |||
ErrorLog /var/chorke/www/reg.chorke.org/error.log | |||
CustomLog /var/chorke/www/reg.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/reg.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/reg.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
# RewriteEngine on | |||
# RewriteCond %{SERVER_NAME} =reg.chorke.org [OR] | |||
# RewriteCond %{SERVER_NAME} =www.reg.chorke.org | |||
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===dev.chorke.com.conf=== | |||
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-33,40-43" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com.conf | |||
<IfModule mod_proxy.c> | |||
<VirtualHost *:80> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias dev.chorke.com | |||
ServerName www.dev.chorke.com | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/dev.chorke.com/html | |||
ErrorLog /var/chorke/www/dev.chorke.com/error.log | |||
CustomLog /var/chorke/www/dev.chorke.com/requests.log combined | |||
<Directory "/var/chorke/www/dev.chorke.com/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/dev.chorke.com/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
# RewriteEngine on | |||
# RewriteCond %{SERVER_NAME} =dev.chorke.com [OR] | |||
# RewriteCond %{SERVER_NAME} =www.dev.chorke.com | |||
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===dev.shahed.biz.conf=== | |||
<source lang="apache" highlight="4-6,8,10,12,16-19,21-27,29-33,48-52" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz.conf | |||
<IfModule mod_proxy.c> | |||
<VirtualHost *:80> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerName www.dev.shahed.biz | |||
ServerAdmin [email protected] | |||
ServerAlias dev.shahed.biz pi00.dev.shahed.biz | |||
DocumentRoot /var/shahed/www/dev.shahed.biz/html | |||
ErrorLog /var/shahed/www/dev.shahed.biz/error.log | |||
CustomLog /var/shahed/www/dev.shahed.biz/requests.log combined | |||
<Directory "/var/shahed/www/dev.shahed.biz/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/shahed/www/dev.shahed.biz/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
#proxy for forms | |||
<Location /forms> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://175.144.214.83:9001/forms nocanon | |||
ProxyPassReverse http://175.144.214.83:9001/forms | |||
</Location> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
# RewriteEngine on | |||
# RewriteCond %{SERVER_NAME} =dev.shahed.biz [OR] | |||
# RewriteCond %{SERVER_NAME} =pi00.dev.shahed.biz [OR] | |||
# RewriteCond %{SERVER_NAME} =www.dev.shahed.biz | |||
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===vpn.shahed.biz.conf=== | |||
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz.conf | |||
<IfModule mod_proxy.c> | |||
<VirtualHost *:80> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias vpn.shahed.biz | |||
ServerName www.vpn.shahed.biz | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/shahed/www/vpn.shahed.biz/html | |||
ErrorLog /var/shahed/www/vpn.shahed.biz/error.log | |||
CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined | |||
<Directory "/var/shahed/www/vpn.shahed.biz/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/shahed/www/vpn.shahed.biz/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
# RewriteEngine on | |||
# RewriteCond %{SERVER_NAME} =vpn.shahed.biz [OR] | |||
# RewriteCond %{SERVER_NAME} =www.vpn.shahed.biz | |||
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
==HTTPS== | |||
===dev.chorke.org-le-ssl.conf=== | |||
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-36,38-53,55-59,62-67,70-75,78-84,91-93" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf | |||
IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias dev.chorke.org | |||
ServerName www.dev.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/dev.chorke.org/html | |||
ErrorLog /var/chorke/www/dev.chorke.org/error.log | |||
CustomLog /var/chorke/www/dev.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/dev.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/dev.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /docs "/var/chorke/www/dev.chorke.org/docs/" | |||
<Directory "/var/chorke/www/dev.chorke.org/docs"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Allow,Deny | |||
Allow from all | |||
</Directory> | |||
Alias /soft "/var/chorke/www/dev.chorke.org/soft/" | |||
<Directory "/var/chorke/www/dev.chorke.org/soft"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Deny,Allow | |||
Deny from all | |||
Allow from ::1 | |||
Allow from 10.8.0 | |||
Allow from 10.19.83 | |||
Allow from 10.20.13 | |||
Allow from 100.43.0 | |||
Allow from 127.0.0.1 | |||
Allow from 202.40.189 | |||
Allow from 175.144.214 | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
#proxy for ui.mob | |||
<Location /ui.mob> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.101/ui.mob nocanon | |||
ProxyPassReverse http://10.19.83.101/ui.mob | |||
</Location> | |||
#proxy for ui.web | |||
<Location /ui.web> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.101/ui.web nocanon | |||
ProxyPassReverse http://10.19.83.101/ui.web | |||
</Location> | |||
#proxy for report | |||
<Location /report> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.207/report nocanon | |||
ProxyPassReverse http://10.19.83.207/report | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
Include /etc/letsencrypt/options-ssl-apache.conf | |||
SSLCertificateFile /etc/letsencrypt/live/dev.chorke.org/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/dev.chorke.org/privkey.pem | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===api.chorke.org-le-ssl.conf=== | |||
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-42,44-59,61-65,68-74,77-83,86-92,99-101" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
SSLProxyEngine On | |||
SSLProxyVerify None | |||
SSLProxyCheckPeerCN Off | |||
SSLProxyCheckPeerName Off | |||
SSLProxyCheckPeerExpire Off | |||
ServerAlias api.chorke.org | |||
ServerName www.api.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/api.chorke.org/html | |||
ErrorLog /var/chorke/www/api.chorke.org/error.log | |||
CustomLog /var/chorke/www/api.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/api.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/api.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /docs "/var/chorke/www/api.chorke.org/docs/" | |||
<Directory "/var/chorke/www/api.chorke.org/docs"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Allow,Deny | |||
Allow from all | |||
</Directory> | |||
Alias /soft "/var/chorke/www/api.chorke.org/soft/" | |||
<Directory "/var/chorke/www/api.chorke.org/soft"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Deny,Allow | |||
Deny from all | |||
Allow from ::1 | |||
Allow from 10.8.0 | |||
Allow from 10.19.83 | |||
Allow from 10.20.13 | |||
Allow from 100.43.0 | |||
Allow from 127.0.0.1 | |||
Allow from 202.40.189 | |||
Allow from 175.144.214 | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
# proxy for auth | |||
<Location /auth> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.110:9090/auth nocanon | |||
ProxyPassReverse http://10.19.83.110:9090/auth | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# proxy for ebis | |||
<Location /ebis> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.110:8302/ebis nocanon | |||
ProxyPassReverse http://10.19.83.110:8302/ebis | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# proxy for init | |||
<Location /init> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.110:8304/init nocanon | |||
ProxyPassReverse http://10.19.83.110:8304/init | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
Include /etc/letsencrypt/options-ssl-apache.conf | |||
SSLCertificateFile /etc/letsencrypt/live/api.chorke.org/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/api.chorke.org/privkey.pem | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===cid.chorke.org-le-ssl.conf=== | |||
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-42,44-51,53-57,60-68,71-77,80-86,89-95,102-104" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes On | |||
SSLProxyEngine On | |||
SSLProxyVerify None | |||
SSLProxyCheckPeerCN Off | |||
SSLProxyCheckPeerName Off | |||
SSLProxyCheckPeerExpire Off | |||
ServerAlias cid.chorke.org | |||
ServerName www.cid.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/cid.chorke.org/html | |||
ErrorLog /var/chorke/www/cid.chorke.org/error.log | |||
CustomLog /var/chorke/www/cid.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/cid.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/cid.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /docs "/var/chorke/www/cid.chorke.org/docs/" | |||
<Directory "/var/chorke/www/cid.chorke.org/docs"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Allow,Deny | |||
Allow from all | |||
</Directory> | |||
Alias /soft "/var/chorke/www/cid.chorke.org/soft/" | |||
<Directory "/var/chorke/www/cid.chorke.org/soft"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Allow,Deny | |||
Allow from all | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
# proxy for gitlab | |||
<Location /gitlab> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.206/gitlab nocanon | |||
ProxyPassReverse http://10.19.83.206/gitlab | |||
RequestHeader set X-Forwarded-Proto "https" | |||
#ProxyPassReverseCookiePath "/gitlab/" "/gitlab/" | |||
#ProxyPassReverseCookieDomain "git0.dev.shahed.biz" "cid.chorke.org" | |||
</Location> | |||
# proxy for nexus | |||
<Location /nexus> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.204:8081/nexus nocanon | |||
ProxyPassReverse http://10.19.83.204:8081/nexus | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# proxy for jenkins | |||
<Location /jenkins> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.204:8080/jenkins nocanon | |||
ProxyPassReverse http://10.19.83.204:8080/jenkins | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# proxy for artifactory | |||
<Location /artifactory> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.204:8084/artifactory nocanon | |||
ProxyPassReverse http://10.19.83.204:8084/artifactory | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
Include /etc/letsencrypt/options-ssl-apache.conf | |||
SSLCertificateFile /etc/letsencrypt/live/cid.chorke.org/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/cid.chorke.org/privkey.pem | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===hub.chorke.org-le-ssl.conf=== | |||
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-39,41-47,54-56" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
SSLProxyEngine On | |||
SSLProxyVerify None | |||
SSLProxyCheckPeerCN Off | |||
SSLProxyCheckPeerName Off | |||
SSLProxyCheckPeerExpire Off | |||
ServerAlias hub.chorke.org | |||
ServerName www.hub.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/hub.chorke.org/html | |||
ErrorLog /var/chorke/www/hub.chorke.org/error.log | |||
CustomLog /var/chorke/www/hub.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/hub.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/hub.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
<Location /> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.204:8082/ nocanon | |||
ProxyPassReverse http://10.19.83.204:8082/ | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
Include /etc/letsencrypt/options-ssl-apache.conf | |||
SSLCertificateFile /etc/letsencrypt/live/hub.chorke.org/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/hub.chorke.org/privkey.pem | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===ihe.chorke.org-le-ssl.conf=== | |||
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-36,38-53,55-59,62-68,75-77" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias ihe.chorke.org | |||
ServerName www.ihe.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/ihe.chorke.org/html | |||
ErrorLog /var/chorke/www/ihe.chorke.org/error.log | |||
CustomLog /var/chorke/www/ihe.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/ihe.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/ihe.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /docs "/var/chorke/www/ihe.chorke.org/docs/" | |||
<Directory "/var/chorke/www/ihe.chorke.org/docs"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Allow,Deny | |||
Allow from all | |||
</Directory> | |||
Alias /soft "/var/chorke/www/ihe.chorke.org/soft/" | |||
<Directory "/var/chorke/www/ihe.chorke.org/soft"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Deny,Allow | |||
Deny from all | |||
Allow from ::1 | |||
Allow from 10.8.0 | |||
Allow from 10.19.83 | |||
Allow from 10.20.13 | |||
Allow from 100.43.0 | |||
Allow from 127.0.0.1 | |||
Allow from 202.40.189 | |||
Allow from 175.144.214 | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
#proxy for fhir | |||
<Location /fhir> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.110:8303/fhir nocanon | |||
ProxyPassReverse http://10.19.83.110:8303/fhir | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
Include /etc/letsencrypt/options-ssl-apache.conf | |||
SSLCertificateFile /etc/letsencrypt/live/ihe.chorke.org/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/ihe.chorke.org/privkey.pem | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===reg.chorke.org-le-ssl.conf=== | |||
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-39,41-47,54-56" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
SSLProxyEngine On | |||
SSLProxyVerify None | |||
SSLProxyCheckPeerCN Off | |||
SSLProxyCheckPeerName Off | |||
SSLProxyCheckPeerExpire Off | |||
ServerAlias reg.chorke.org | |||
ServerName www.reg.chorke.org | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/reg.chorke.org/html | |||
ErrorLog /var/chorke/www/reg.chorke.org/error.log | |||
CustomLog /var/chorke/www/reg.chorke.org/requests.log combined | |||
<Directory "/var/chorke/www/reg.chorke.org/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/reg.chorke.org/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
<Location /> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.204:8083/ nocanon | |||
ProxyPassReverse http://10.19.83.204:8083/ | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
Include /etc/letsencrypt/options-ssl-apache.conf | |||
SSLCertificateFile /etc/letsencrypt/live/reg.chorke.org/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/reg.chorke.org/privkey.pem | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===dev.chorke.com-le-ssl.conf=== | |||
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-36,38-53,55-59,62-68,75-77" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com-le-ssl.conf | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias dev.chorke.com | |||
ServerName www.dev.chorke.com | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/chorke/www/dev.chorke.com/html | |||
ErrorLog /var/chorke/www/dev.chorke.com/error.log | |||
CustomLog /var/chorke/www/dev.chorke.com/requests.log combined | |||
<Directory "/var/chorke/www/dev.chorke.com/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/chorke/www/dev.chorke.com/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /docs "/var/chorke/www/dev.chorke.com/docs/" | |||
<Directory "/var/chorke/www/dev.chorke.com/docs"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Allow,Deny | |||
Allow from all | |||
</Directory> | |||
Alias /soft "/var/chorke/www/dev.chorke.com/soft/" | |||
<Directory "/var/chorke/www/dev.chorke.com/soft"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Deny,Allow | |||
Deny from all | |||
Allow from ::1 | |||
Allow from 10.8.0 | |||
Allow from 10.19.83 | |||
Allow from 10.20.13 | |||
Allow from 100.43.0 | |||
Allow from 127.0.0.1 | |||
Allow from 202.40.189 | |||
Allow from 175.144.214 | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
#proxy for ebis | |||
<Location /ebis> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.110:8302/ebis nocanon | |||
ProxyPassReverse http://10.19.83.110:8302/ebis | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
Include /etc/letsencrypt/options-ssl-apache.conf | |||
SSLCertificateFile /etc/letsencrypt/live/dev.chorke.com/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/dev.chorke.com/privkey.pem | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===dev.shahed.biz-le-ssl.conf=== | |||
<source lang="apache" highlight="4-6,8,10,12,16-19,21-27,29-36,38-53,55-59,62-68,71-76,83-85" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerName www.dev.shahed.biz | |||
ServerAdmin [email protected] | |||
ServerAlias dev.shahed.biz pi00.dev.shahed.biz | |||
DocumentRoot /var/shahed/www/dev.shahed.biz/html | |||
ErrorLog /var/shahed/www/dev.shahed.biz/error.log | |||
CustomLog /var/shahed/www/dev.shahed.biz/requests.log combined | |||
<Directory "/var/shahed/www/dev.shahed.biz/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/shahed/www/dev.shahed.biz/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /docs "/var/shahed/www/dev.shahed.biz/docs/" | |||
<Directory "/var/shahed/www/dev.shahed.biz/docs"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Allow,Deny | |||
Allow from all | |||
</Directory> | |||
Alias /soft "/var/shahed/www/dev.shahed.biz/soft/" | |||
<Directory "/var/shahed/www/dev.shahed.biz/soft"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Deny,Allow | |||
Deny from all | |||
Allow from ::1 | |||
Allow from 10.8.0 | |||
Allow from 10.19.83 | |||
Allow from 10.20.13 | |||
Allow from 100.43.0 | |||
Allow from 127.0.0.1 | |||
Allow from 202.40.189 | |||
Allow from 175.144.214 | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
#proxy for crawler | |||
<Location /crawler> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://10.19.83.204:1983/crawler nocanon | |||
ProxyPassReverse http://10.19.83.204:1983/crawler | |||
RequestHeader set X-Forwarded-Proto "https" | |||
</Location> | |||
# proxy for reports | |||
<Location /reports> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://175.144.214.83:9002/reports nocanon | |||
ProxyPassReverse http://175.144.214.83:9002/reports | |||
</Location> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
Include /etc/letsencrypt/options-ssl-apache.conf | |||
SSLCertificateFile /etc/letsencrypt/live/dev.shahed.biz/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/dev.shahed.biz/privkey.pem | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
===vpn.shahed.biz-le-ssl.conf=== | |||
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-42,44-51,53-57,64-66" line> | |||
cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
SSLProxyEngine On | |||
SSLProxyVerify None | |||
SSLProxyCheckPeerCN Off | |||
SSLProxyCheckPeerName Off | |||
SSLProxyCheckPeerExpire Off | |||
ServerAlias vpn.shahed.biz | |||
ServerName www.vpn.shahed.biz | |||
ServerAdmin [email protected] | |||
DocumentRoot /var/shahed/www/vpn.shahed.biz/html | |||
ErrorLog /var/shahed/www/vpn.shahed.biz/error.log | |||
CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined | |||
<Directory "/var/shahed/www/vpn.shahed.biz/"> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory "/var/shahed/www/vpn.shahed.biz/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /docs "/var/shahed/www/vpn.shahed.biz/docs/" | |||
<Directory "/var/shahed/www/vpn.shahed.biz/docs"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Allow,Deny | |||
Allow from all | |||
</Directory> | |||
Alias /soft "/var/shahed/www/vpn.shahed.biz/soft/" | |||
<Directory "/var/shahed/www/vpn.shahed.biz/soft"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride All | |||
Require all granted | |||
Order Allow,Deny | |||
Allow from all | |||
</Directory> | |||
<Proxy *> | |||
Order Allow,Deny | |||
Allow from all | |||
Deny from 10.9.8 | |||
</Proxy> | |||
# Enable/disable the handling of HTTP/1.1 "Via:" headers. | |||
# ("Full" adds the server version; "Block" removes all outgoing Via: headers) | |||
# Set to one of: Off | On | Full | Block | |||
#ProxyVia Off | |||
Include /etc/letsencrypt/options-ssl-apache.conf | |||
SSLCertificateFile /etc/letsencrypt/live/vpn.shahed.biz/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/vpn.shahed.biz/privkey.pem | |||
</VirtualHost> | |||
</IfModule> | |||
EOF | |||
</source> | |||
==Knowledge== | |||
ls -lah /etc/letsencrypt/archive/ | |||
ls -lah /etc/letsencrypt/live/ | |||
==References== | |||
* [https://serverfault.com/questions/167575 Multiple hostnames redirected to one] | |||
* [https://httpd.apache.org/docs/2.4/vhosts/name-based.html Name-based Virtual Host Support] | |||
* [[Virtual Host And Certbot in RHEL6]] | |||
* [[Virtual Host And Certbot in RHEL7]] | |||
Latest revision as of 02:07, 10 September 2021
Apache2
All Sites# chorke.{org,com}
mkdir -p /etc/chorke/apache2/conf.sites.all.d
cd /etc/chorke/apache2/conf.sites.all.d
nano 00-dev.chorke.org.conf
nano 00-dev.chorke.org-le-ssl.conf
nano 01-api.chorke.org.conf
nano 01-api.chorke.org-le-ssl.conf
nano 01-ihe.chorke.org.conf
nano 01-ihe.chorke.org-le-ssl.conf
nano 02-dev.chorke.com.conf
nano 02-dev.chorke.com-le-ssl.conf
# shahed.biz
mkdir -p /etc/shahed/apache2/conf.sites.all.d
cd /etc/shahed/apache2/conf.sites.all.d
nano 03-dev.shahed.biz.conf
nano 03-dev.shahed.biz-le-ssl.conf
nano 03-vpn.shahed.biz.conf
nano 03-vpn.shahed.biz-le-ssl.conf
# chorke.org
mkdir -p /etc/chorke/apache2/conf.sites.all.d
cd /etc/chorke/apache2/conf.sites.all.d
nano 01-cid.chorke.org.conf
nano 01-cid.chorke.org-le-ssl.conf
nano 01-hub.chorke.org.conf
nano 01-hub.chorke.org-le-ssl.conf
nano 01-reg.chorke.org.conf
nano 01-reg.chorke.org-le-ssl.conf
|
Enabled Sites# chorke.{org,com}
cd /etc/apache2/sites-enabled
ln -s /etc/chorke/apache2/conf.sites.all.d/00-dev.chorke.org.conf\
/etc/apache2/sites-enabled/00-dev.chorke.org.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-api.chorke.org.conf\
/etc/apache2/sites-enabled/01-api.chorke.org.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-ihe.chorke.org.conf\
/etc/apache2/sites-enabled/01-ihe.chorke.org.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/02-dev.chorke.com.conf\
/etc/apache2/sites-enabled/02-dev.chorke.com.conf
apache2ctl -t
# shahed.biz
cd /etc/apache2/sites-enabled
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz.conf\
/etc/apache2/sites-enabled/03-dev.shahed.biz.conf
ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz.conf\
/etc/apache2/sites-enabled/03-vpn.shahed.biz.conf
apache2ctl -t
# chorke.org
cd /etc/apache2/sites-enabled
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org.conf\
/etc/apache2/sites-enabled/01-cid.chorke.org.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org.conf\
/etc/apache2/sites-enabled/01-hub.chorke.org.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org.conf\
/etc/apache2/sites-enabled/01-reg.chorke.org.conf
apache2ctl -t
|
Enabled HTTPS
# chorke.org
ln -s /etc/chorke/apache2/conf.sites.all.d/00-dev.chorke.org-le-ssl.conf\
/etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-api.chorke.org-le-ssl.conf\
/etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-ihe.chorke.org-le-ssl.conf\
/etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf
apache2ctl -t
# chorke.com
ln -s /etc/chorke/apache2/conf.sites.all.d/02-dev.chorke.com-le-ssl.conf\
/etc/apache2/sites-enabled/02-dev.chorke.com-le-ssl.conf
apache2ctl -t
# shahed.biz
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz-le-ssl.conf\
/etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf
ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz-le-ssl.conf\
/etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf
apache2ctl -t
# chorke.org
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org-le-ssl.conf\
/etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org-le-ssl.conf\
/etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org-le-ssl.conf\
/etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf
apache2ctl -t
Directory Tree
mkdir -p /var/chorke/www;\
cd /var/chorke/www/;p='api cid dev hub ihe reg';\
for s in $p;do d='html docs soft';\
for f in $d;do w="$s.chorke.org/$f";\
mkdir -p "$w";\
done;
done
|
mkdir -p /var/chorke/www;\
cd /var/chorke/www/;p='dev';\
for s in $p;do d='html docs soft';\
for f in $d;do w="$s.chorke.com/$f";\
mkdir -p "$w";\
done;
done
|
mkdir -p /var/shahed/www;\
cd /var/shahed/www/;p='dev vpn';\
for s in $p;do d='html docs soft';\
for f in $d;do w="$s.shahed.biz/$f";\
mkdir -p "$w";\
done;
done
|
Acme Challenges
cd /var/chorke/www/;p='api cid dev hub ihe reg';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.chorke.org/html";\
mkdir -p "$w/$a";\
done
|
cd /var/chorke/www/;p='dev';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.chorke.com/html";\
mkdir -p "$w/$a";\
done
|
cd /var/shahed/www/;p='dev vpn';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.shahed.biz/html";\
mkdir -p "$w/$a";\
done
|
#nano /var/chorke/www/api.chorke.org/html/.htaccess
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{SERVER_NAME} =api.chorke.org [OR]
RewriteCond %{SERVER_NAME} =www.api.chorke.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
f='html docs soft';\
for s in *.chorke.*;do for d in $f;do \
h="<html>\n<head><title>$s/$d</title></head>\n";
h="$h<body><h1>Welcome to, $s/$d</h1></body>\n</html>";
echo -e "$h" >> "$s/$d/index.html";
done;done
|
f='html docs soft';\
for s in *.shahed.biz;do for d in $f;do \
h="<html>\n<head><title>$s/$d</title></head>\n";
h="$h<body><h1>Welcome to, $s/$d</h1></body>\n</html>";
echo -e "$h" >> "$s/$d/index.html";
done;done
apt -y install apache2 mod_ssl; a2enmod ssl
cd /opt/;git clone https://github.com/certbot/certbot.git
cd /usr/local/bin/;ln -s /opt/certbot/certbot-auto certbot
ln -s /opt/certbot/letsencrypt-auto letsencrypt
letsencrypt #letsencrypt renew
certbot #certbot renew
|
HTTP
dev.chorke.org.conf
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias dev.chorke.org
ServerName www.dev.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/dev.chorke.org/html
ErrorLog /var/chorke/www/dev.chorke.org/error.log
CustomLog /var/chorke/www/dev.chorke.org/requests.log combined
<Directory "/var/chorke/www/dev.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/dev.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
#proxy for forms
<Location /forms>
Order Allow,Deny
Allow from all
ProxyPass http://175.144.214.83:9001/forms nocanon
ProxyPassReverse http://175.144.214.83:9001/forms
</Location>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
RewriteEngine on
RewriteCond %{HTTP_HOST} =10.19.83.100
RewriteRule ^ https://dev.chorke.org%{REQUEST_URI} [END,NE,R=permanent]
# RewriteCond %{SERVER_NAME} =dev.chorke.org [OR]
# RewriteCond %{SERVER_NAME} =www.dev.chorke.org
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
api.chorke.org.conf
cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias api.chorke.org
ServerName www.api.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/api.chorke.org/html
ErrorLog /var/chorke/www/api.chorke.org/error.log
CustomLog /var/chorke/www/api.chorke.org/requests.log combined
<Directory "/var/chorke/www/api.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/api.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
# RewriteEngine on
# RewriteCond %{SERVER_NAME} =api.chorke.org [OR]
# RewriteCond %{SERVER_NAME} =www.api.chorke.org
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
cid.chorke.org.conf
cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias cid.chorke.org
ServerName www.cid.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/cid.chorke.org/html
ErrorLog /var/chorke/www/cid.chorke.org/error.log
CustomLog /var/chorke/www/cid.chorke.org/requests.log combined
<Directory "/var/chorke/www/cid.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/cid.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
# RewriteEngine on
# RewriteCond %{SERVER_NAME} =cid.chorke.org [OR]
# RewriteCond %{SERVER_NAME} =www.cid.chorke.org
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
hub.chorke.org.conf
cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias hub.chorke.org
ServerName www.hub.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/hub.chorke.org/html
ErrorLog /var/chorke/www/hub.chorke.org/error.log
CustomLog /var/chorke/www/hub.chorke.org/requests.log combined
<Directory "/var/chorke/www/hub.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/hub.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
# RewriteEngine on
# RewriteCond %{SERVER_NAME} =hub.chorke.org [OR]
# RewriteCond %{SERVER_NAME} =www.hub.chorke.org
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
ihe.chorke.org.conf
cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias ihe.chorke.org
ServerName www.ihe.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/ihe.chorke.org/html
ErrorLog /var/chorke/www/ihe.chorke.org/error.log
CustomLog /var/chorke/www/ihe.chorke.org/requests.log combined
<Directory "/var/chorke/www/ihe.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/ihe.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
# RewriteEngine on
# RewriteCond %{SERVER_NAME} =ihe.chorke.org [OR]
# RewriteCond %{SERVER_NAME} =www.ihe.chorke.org
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
reg.chorke.org.conf
cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias reg.chorke.org
ServerName www.reg.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/reg.chorke.org/html
ErrorLog /var/chorke/www/reg.chorke.org/error.log
CustomLog /var/chorke/www/reg.chorke.org/requests.log combined
<Directory "/var/chorke/www/reg.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/reg.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
# RewriteEngine on
# RewriteCond %{SERVER_NAME} =reg.chorke.org [OR]
# RewriteCond %{SERVER_NAME} =www.reg.chorke.org
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
dev.chorke.com.conf
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias dev.chorke.com
ServerName www.dev.chorke.com
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/dev.chorke.com/html
ErrorLog /var/chorke/www/dev.chorke.com/error.log
CustomLog /var/chorke/www/dev.chorke.com/requests.log combined
<Directory "/var/chorke/www/dev.chorke.com/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/dev.chorke.com/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
# RewriteEngine on
# RewriteCond %{SERVER_NAME} =dev.chorke.com [OR]
# RewriteCond %{SERVER_NAME} =www.dev.chorke.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
dev.shahed.biz.conf
cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerName www.dev.shahed.biz
ServerAdmin [email protected]
ServerAlias dev.shahed.biz pi00.dev.shahed.biz
DocumentRoot /var/shahed/www/dev.shahed.biz/html
ErrorLog /var/shahed/www/dev.shahed.biz/error.log
CustomLog /var/shahed/www/dev.shahed.biz/requests.log combined
<Directory "/var/shahed/www/dev.shahed.biz/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/shahed/www/dev.shahed.biz/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
#proxy for forms
<Location /forms>
Order Allow,Deny
Allow from all
ProxyPass http://175.144.214.83:9001/forms nocanon
ProxyPassReverse http://175.144.214.83:9001/forms
</Location>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
# RewriteEngine on
# RewriteCond %{SERVER_NAME} =dev.shahed.biz [OR]
# RewriteCond %{SERVER_NAME} =pi00.dev.shahed.biz [OR]
# RewriteCond %{SERVER_NAME} =www.dev.shahed.biz
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
vpn.shahed.biz.conf
cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias vpn.shahed.biz
ServerName www.vpn.shahed.biz
ServerAdmin [email protected]
DocumentRoot /var/shahed/www/vpn.shahed.biz/html
ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined
<Directory "/var/shahed/www/vpn.shahed.biz/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/shahed/www/vpn.shahed.biz/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
# RewriteEngine on
# RewriteCond %{SERVER_NAME} =vpn.shahed.biz [OR]
# RewriteCond %{SERVER_NAME} =www.vpn.shahed.biz
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
HTTPS
dev.chorke.org-le-ssl.conf
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf
IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias dev.chorke.org
ServerName www.dev.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/dev.chorke.org/html
ErrorLog /var/chorke/www/dev.chorke.org/error.log
CustomLog /var/chorke/www/dev.chorke.org/requests.log combined
<Directory "/var/chorke/www/dev.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/dev.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
Alias /docs "/var/chorke/www/dev.chorke.org/docs/"
<Directory "/var/chorke/www/dev.chorke.org/docs">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Allow,Deny
Allow from all
</Directory>
Alias /soft "/var/chorke/www/dev.chorke.org/soft/"
<Directory "/var/chorke/www/dev.chorke.org/soft">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Deny,Allow
Deny from all
Allow from ::1
Allow from 10.8.0
Allow from 10.19.83
Allow from 10.20.13
Allow from 100.43.0
Allow from 127.0.0.1
Allow from 202.40.189
Allow from 175.144.214
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
#proxy for ui.mob
<Location /ui.mob>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.101/ui.mob nocanon
ProxyPassReverse http://10.19.83.101/ui.mob
</Location>
#proxy for ui.web
<Location /ui.web>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.101/ui.web nocanon
ProxyPassReverse http://10.19.83.101/ui.web
</Location>
#proxy for report
<Location /report>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.207/report nocanon
ProxyPassReverse http://10.19.83.207/report
RequestHeader set X-Forwarded-Proto "https"
</Location>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/dev.chorke.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dev.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
api.chorke.org-le-ssl.conf
cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SSLProxyCheckPeerExpire Off
ServerAlias api.chorke.org
ServerName www.api.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/api.chorke.org/html
ErrorLog /var/chorke/www/api.chorke.org/error.log
CustomLog /var/chorke/www/api.chorke.org/requests.log combined
<Directory "/var/chorke/www/api.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/api.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
Alias /docs "/var/chorke/www/api.chorke.org/docs/"
<Directory "/var/chorke/www/api.chorke.org/docs">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Allow,Deny
Allow from all
</Directory>
Alias /soft "/var/chorke/www/api.chorke.org/soft/"
<Directory "/var/chorke/www/api.chorke.org/soft">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Deny,Allow
Deny from all
Allow from ::1
Allow from 10.8.0
Allow from 10.19.83
Allow from 10.20.13
Allow from 100.43.0
Allow from 127.0.0.1
Allow from 202.40.189
Allow from 175.144.214
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
# proxy for auth
<Location /auth>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.110:9090/auth nocanon
ProxyPassReverse http://10.19.83.110:9090/auth
RequestHeader set X-Forwarded-Proto "https"
</Location>
# proxy for ebis
<Location /ebis>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.110:8302/ebis nocanon
ProxyPassReverse http://10.19.83.110:8302/ebis
RequestHeader set X-Forwarded-Proto "https"
</Location>
# proxy for init
<Location /init>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.110:8304/init nocanon
ProxyPassReverse http://10.19.83.110:8304/init
RequestHeader set X-Forwarded-Proto "https"
</Location>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/api.chorke.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/api.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
cid.chorke.org-le-ssl.conf
cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes On
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SSLProxyCheckPeerExpire Off
ServerAlias cid.chorke.org
ServerName www.cid.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/cid.chorke.org/html
ErrorLog /var/chorke/www/cid.chorke.org/error.log
CustomLog /var/chorke/www/cid.chorke.org/requests.log combined
<Directory "/var/chorke/www/cid.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/cid.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
Alias /docs "/var/chorke/www/cid.chorke.org/docs/"
<Directory "/var/chorke/www/cid.chorke.org/docs">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Allow,Deny
Allow from all
</Directory>
Alias /soft "/var/chorke/www/cid.chorke.org/soft/"
<Directory "/var/chorke/www/cid.chorke.org/soft">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Allow,Deny
Allow from all
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
# proxy for gitlab
<Location /gitlab>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.206/gitlab nocanon
ProxyPassReverse http://10.19.83.206/gitlab
RequestHeader set X-Forwarded-Proto "https"
#ProxyPassReverseCookiePath "/gitlab/" "/gitlab/"
#ProxyPassReverseCookieDomain "git0.dev.shahed.biz" "cid.chorke.org"
</Location>
# proxy for nexus
<Location /nexus>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.204:8081/nexus nocanon
ProxyPassReverse http://10.19.83.204:8081/nexus
RequestHeader set X-Forwarded-Proto "https"
</Location>
# proxy for jenkins
<Location /jenkins>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.204:8080/jenkins nocanon
ProxyPassReverse http://10.19.83.204:8080/jenkins
RequestHeader set X-Forwarded-Proto "https"
</Location>
# proxy for artifactory
<Location /artifactory>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.204:8084/artifactory nocanon
ProxyPassReverse http://10.19.83.204:8084/artifactory
RequestHeader set X-Forwarded-Proto "https"
</Location>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/cid.chorke.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cid.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
hub.chorke.org-le-ssl.conf
cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SSLProxyCheckPeerExpire Off
ServerAlias hub.chorke.org
ServerName www.hub.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/hub.chorke.org/html
ErrorLog /var/chorke/www/hub.chorke.org/error.log
CustomLog /var/chorke/www/hub.chorke.org/requests.log combined
<Directory "/var/chorke/www/hub.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/hub.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
<Location />
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.204:8082/ nocanon
ProxyPassReverse http://10.19.83.204:8082/
RequestHeader set X-Forwarded-Proto "https"
</Location>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/hub.chorke.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hub.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
ihe.chorke.org-le-ssl.conf
cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias ihe.chorke.org
ServerName www.ihe.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/ihe.chorke.org/html
ErrorLog /var/chorke/www/ihe.chorke.org/error.log
CustomLog /var/chorke/www/ihe.chorke.org/requests.log combined
<Directory "/var/chorke/www/ihe.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/ihe.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
Alias /docs "/var/chorke/www/ihe.chorke.org/docs/"
<Directory "/var/chorke/www/ihe.chorke.org/docs">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Allow,Deny
Allow from all
</Directory>
Alias /soft "/var/chorke/www/ihe.chorke.org/soft/"
<Directory "/var/chorke/www/ihe.chorke.org/soft">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Deny,Allow
Deny from all
Allow from ::1
Allow from 10.8.0
Allow from 10.19.83
Allow from 10.20.13
Allow from 100.43.0
Allow from 127.0.0.1
Allow from 202.40.189
Allow from 175.144.214
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
#proxy for fhir
<Location /fhir>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.110:8303/fhir nocanon
ProxyPassReverse http://10.19.83.110:8303/fhir
RequestHeader set X-Forwarded-Proto "https"
</Location>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/ihe.chorke.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ihe.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
reg.chorke.org-le-ssl.conf
cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SSLProxyCheckPeerExpire Off
ServerAlias reg.chorke.org
ServerName www.reg.chorke.org
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/reg.chorke.org/html
ErrorLog /var/chorke/www/reg.chorke.org/error.log
CustomLog /var/chorke/www/reg.chorke.org/requests.log combined
<Directory "/var/chorke/www/reg.chorke.org/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/reg.chorke.org/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
<Location />
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.204:8083/ nocanon
ProxyPassReverse http://10.19.83.204:8083/
RequestHeader set X-Forwarded-Proto "https"
</Location>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/reg.chorke.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/reg.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
dev.chorke.com-le-ssl.conf
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias dev.chorke.com
ServerName www.dev.chorke.com
ServerAdmin [email protected]
DocumentRoot /var/chorke/www/dev.chorke.com/html
ErrorLog /var/chorke/www/dev.chorke.com/error.log
CustomLog /var/chorke/www/dev.chorke.com/requests.log combined
<Directory "/var/chorke/www/dev.chorke.com/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/chorke/www/dev.chorke.com/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
Alias /docs "/var/chorke/www/dev.chorke.com/docs/"
<Directory "/var/chorke/www/dev.chorke.com/docs">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Allow,Deny
Allow from all
</Directory>
Alias /soft "/var/chorke/www/dev.chorke.com/soft/"
<Directory "/var/chorke/www/dev.chorke.com/soft">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Deny,Allow
Deny from all
Allow from ::1
Allow from 10.8.0
Allow from 10.19.83
Allow from 10.20.13
Allow from 100.43.0
Allow from 127.0.0.1
Allow from 202.40.189
Allow from 175.144.214
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
#proxy for ebis
<Location /ebis>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.110:8302/ebis nocanon
ProxyPassReverse http://10.19.83.110:8302/ebis
RequestHeader set X-Forwarded-Proto "https"
</Location>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/dev.chorke.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dev.chorke.com/privkey.pem
</VirtualHost>
</IfModule>
EOF
dev.shahed.biz-le-ssl.conf
cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerName www.dev.shahed.biz
ServerAdmin [email protected]
ServerAlias dev.shahed.biz pi00.dev.shahed.biz
DocumentRoot /var/shahed/www/dev.shahed.biz/html
ErrorLog /var/shahed/www/dev.shahed.biz/error.log
CustomLog /var/shahed/www/dev.shahed.biz/requests.log combined
<Directory "/var/shahed/www/dev.shahed.biz/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/shahed/www/dev.shahed.biz/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
Alias /docs "/var/shahed/www/dev.shahed.biz/docs/"
<Directory "/var/shahed/www/dev.shahed.biz/docs">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Allow,Deny
Allow from all
</Directory>
Alias /soft "/var/shahed/www/dev.shahed.biz/soft/"
<Directory "/var/shahed/www/dev.shahed.biz/soft">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Deny,Allow
Deny from all
Allow from ::1
Allow from 10.8.0
Allow from 10.19.83
Allow from 10.20.13
Allow from 100.43.0
Allow from 127.0.0.1
Allow from 202.40.189
Allow from 175.144.214
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
#proxy for crawler
<Location /crawler>
Order Allow,Deny
Allow from all
ProxyPass http://10.19.83.204:1983/crawler nocanon
ProxyPassReverse http://10.19.83.204:1983/crawler
RequestHeader set X-Forwarded-Proto "https"
</Location>
# proxy for reports
<Location /reports>
Order Allow,Deny
Allow from all
ProxyPass http://175.144.214.83:9002/reports nocanon
ProxyPassReverse http://175.144.214.83:9002/reports
</Location>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/dev.shahed.biz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dev.shahed.biz/privkey.pem
</VirtualHost>
</IfModule>
EOF
vpn.shahed.biz-le-ssl.conf
cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SSLProxyCheckPeerExpire Off
ServerAlias vpn.shahed.biz
ServerName www.vpn.shahed.biz
ServerAdmin [email protected]
DocumentRoot /var/shahed/www/vpn.shahed.biz/html
ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined
<Directory "/var/shahed/www/vpn.shahed.biz/">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/shahed/www/vpn.shahed.biz/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
Alias /docs "/var/shahed/www/vpn.shahed.biz/docs/"
<Directory "/var/shahed/www/vpn.shahed.biz/docs">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Allow,Deny
Allow from all
</Directory>
Alias /soft "/var/shahed/www/vpn.shahed.biz/soft/"
<Directory "/var/shahed/www/vpn.shahed.biz/soft">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Require all granted
Order Allow,Deny
Allow from all
</Directory>
<Proxy *>
Order Allow,Deny
Allow from all
Deny from 10.9.8
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia Off
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/vpn.shahed.biz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vpn.shahed.biz/privkey.pem
</VirtualHost>
</IfModule>
EOF
Knowledge
ls -lah /etc/letsencrypt/archive/ ls -lah /etc/letsencrypt/live/