Virtual Host And Certbot in Raspbian 10: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(28 intermediate revisions by the same user not shown)
Line 284: Line 284:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 345: Line 345:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 356: Line 356:
#    RewriteCond %{SERVER_NAME} =api.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =api.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.api.chorke.org
#    RewriteCond %{SERVER_NAME} =www.api.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
</source>
===cid.chorke.org.conf===
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    ServerAlias cid.chorke.org
    ServerName www.cid.chorke.org
    ServerAdmin [email protected]
    DocumentRoot /var/chorke/www/cid.chorke.org/html
    ErrorLog /var/chorke/www/cid.chorke.org/error.log
    CustomLog /var/chorke/www/cid.chorke.org/requests.log combined
    <Directory "/var/chorke/www/cid.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/chorke/www/cid.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =cid.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.cid.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
</source>
===hub.chorke.org.conf===
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    ServerAlias hub.chorke.org
    ServerName www.hub.chorke.org
    ServerAdmin [email protected]
    DocumentRoot /var/chorke/www/hub.chorke.org/html
    ErrorLog /var/chorke/www/hub.chorke.org/error.log
    CustomLog /var/chorke/www/hub.chorke.org/requests.log combined
    <Directory "/var/chorke/www/hub.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/chorke/www/hub.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =hub.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.hub.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</VirtualHost>
Line 395: Line 483:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 406: Line 494:
#    RewriteCond %{SERVER_NAME} =ihe.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =ihe.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.ihe.chorke.org
#    RewriteCond %{SERVER_NAME} =www.ihe.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
</source>
===reg.chorke.org.conf===
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    ServerAlias reg.chorke.org
    ServerName www.reg.chorke.org
    ServerAdmin [email protected]
    DocumentRoot /var/chorke/www/reg.chorke.org/html
    ErrorLog /var/chorke/www/reg.chorke.org/error.log
    CustomLog /var/chorke/www/reg.chorke.org/requests.log combined
    <Directory "/var/chorke/www/reg.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/chorke/www/reg.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =reg.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.reg.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</VirtualHost>
Line 445: Line 577:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 473: Line 605:
     ServerName www.dev.shahed.biz
     ServerName www.dev.shahed.biz
     ServerAdmin [email protected]
     ServerAdmin [email protected]
     ServerAlias dev.shahed.biz piw.dev.shahed.biz
     ServerAlias dev.shahed.biz pi00.dev.shahed.biz


     DocumentRoot /var/shahed/www/dev.shahed.biz/html
     DocumentRoot /var/shahed/www/dev.shahed.biz/html
Line 495: Line 627:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 513: Line 645:
#    RewriteEngine on
#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =piw.dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =pi00.dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =www.dev.shahed.biz
#    RewriteCond %{SERVER_NAME} =www.dev.shahed.biz
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
</source>
===vpn.shahed.biz.conf===
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line>
cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    ServerAlias vpn.shahed.biz
    ServerName www.vpn.shahed.biz
    ServerAdmin [email protected]
    DocumentRoot /var/shahed/www/vpn.shahed.biz/html
    ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
    CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined
    <Directory "/var/shahed/www/vpn.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/shahed/www/vpn.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =vpn.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =www.vpn.shahed.biz
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</VirtualHost>
Line 523: Line 699:
==HTTPS==
==HTTPS==
===dev.chorke.org-le-ssl.conf===
===dev.chorke.org-le-ssl.conf===
<code>nano /etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf</code>
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-36,38-53,55-59,62-67,70-75,78-84,91-93" line>
<source lang="apache" highlight="3-5,7,8,11,15-18,20-26,28-35,37-51,53-57,88-90" line>
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf
IfModule mod_ssl.c>
IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 569: Line 745:
         Deny from all
         Deny from all
         Allow from ::1
         Allow from ::1
        Allow from 10.8.0
         Allow from 10.19.83
         Allow from 10.19.83
        Allow from 10.20.13
         Allow from 100.43.0
         Allow from 100.43.0
         Allow from 127.0.0.1
         Allow from 127.0.0.1
        Allow from localhost
         Allow from 202.40.189
         Allow from 202.40.189
         Allow from 175.144.214
         Allow from 175.144.214
Line 580: Line 757:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 587: Line 764:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://pih.dev.shahed.biz/ui.mob nocanon
         ProxyPass http://10.19.83.101/ui.mob nocanon
         ProxyPassReverse http://pih.dev.shahed.biz/ui.mob
         ProxyPassReverse http://10.19.83.101/ui.mob
     </Location>
     </Location>


Line 595: Line 772:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://pih.dev.shahed.biz/ui.web nocanon
         ProxyPass http://10.19.83.101/ui.web nocanon
         ProxyPassReverse http://pih.dev.shahed.biz/ui.web
         ProxyPassReverse http://10.19.83.101/ui.web
     </Location>
     </Location>


     #proxy for reports
     #proxy for report
     <Location /reports>
     <Location /report>
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://175.144.214.83:9002/reports nocanon
         ProxyPass http://10.19.83.207/report nocanon
         ProxyPassReverse http://175.144.214.83:9002/reports
         ProxyPassReverse http://10.19.83.207/report
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 617: Line 795:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
</source>


===api.chorke.org-le-ssl.conf===
===api.chorke.org-le-ssl.conf===
<code>nano /etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf</code>
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-42,44-59,61-65,68-74,77-83,86-92,99-101" line>
<source lang="apache" highlight="3-5,7-11,13,14,17,21-24,26-32,34-41,43-57,59-63,65-71,94-96" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 672: Line 851:
         Deny from all
         Deny from all
         Allow from ::1
         Allow from ::1
        Allow from 10.8.0
         Allow from 10.19.83
         Allow from 10.19.83
        Allow from 10.20.13
         Allow from 100.43.0
         Allow from 100.43.0
         Allow from 127.0.0.1
         Allow from 127.0.0.1
        Allow from localhost
         Allow from 202.40.189
         Allow from 202.40.189
         Allow from 175.144.214
         Allow from 175.144.214
Line 683: Line 863:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 690: Line 870:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass https://mac.dev.shahed.biz:9090/auth nocanon
         ProxyPass http://10.19.83.110:9090/auth nocanon
         ProxyPassReverse https://mac.dev.shahed.biz:9090/auth
         ProxyPassReverse http://10.19.83.110:9090/auth
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 698: Line 879:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://mac.dev.shahed.biz:8302/ebis nocanon
         ProxyPass http://10.19.83.110:8302/ebis nocanon
         ProxyPassReverse http://mac.dev.shahed.biz:8302/ebis
         ProxyPassReverse http://10.19.83.110:8302/ebis
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 706: Line 888:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://mac.dev.shahed.biz:8304/init nocanon
         ProxyPass http://10.19.83.110:8304/init nocanon
         ProxyPassReverse http://mac.dev.shahed.biz:8304/init
         ProxyPassReverse http://10.19.83.110:8304/init
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 720: Line 903:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
===cid.chorke.org-le-ssl.conf===
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-42,44-51,53-57,60-68,71-77,80-86,89-95,102-104" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes On
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off
    ServerAlias cid.chorke.org
    ServerName www.cid.chorke.org
    ServerAdmin [email protected]
    DocumentRoot /var/chorke/www/cid.chorke.org/html
    ErrorLog /var/chorke/www/cid.chorke.org/error.log
    CustomLog /var/chorke/www/cid.chorke.org/requests.log combined
    <Directory "/var/chorke/www/cid.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/chorke/www/cid.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    Alias /docs "/var/chorke/www/cid.chorke.org/docs/"
    <Directory "/var/chorke/www/cid.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>
    Alias /soft "/var/chorke/www/cid.chorke.org/soft/"
    <Directory "/var/chorke/www/cid.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>
    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>
    # proxy for gitlab
    <Location /gitlab>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.206/gitlab nocanon
        ProxyPassReverse http://10.19.83.206/gitlab
        RequestHeader set X-Forwarded-Proto "https"
        #ProxyPassReverseCookiePath "/gitlab/" "/gitlab/"
        #ProxyPassReverseCookieDomain "git0.dev.shahed.biz" "cid.chorke.org"
    </Location>
    # proxy for nexus
    <Location /nexus>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8081/nexus nocanon
        ProxyPassReverse http://10.19.83.204:8081/nexus
        RequestHeader set X-Forwarded-Proto "https"
    </Location>
    # proxy for jenkins
    <Location /jenkins>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8080/jenkins nocanon
        ProxyPassReverse http://10.19.83.204:8080/jenkins
        RequestHeader set X-Forwarded-Proto "https"
    </Location>
    # proxy for artifactory
    <Location /artifactory>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8084/artifactory nocanon
        ProxyPassReverse http://10.19.83.204:8084/artifactory
        RequestHeader set X-Forwarded-Proto "https"
    </Location>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/cid.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cid.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
</source>
===hub.chorke.org-le-ssl.conf===
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-39,41-47,54-56" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off
    ServerAlias hub.chorke.org
    ServerName www.hub.chorke.org
    ServerAdmin [email protected]
    DocumentRoot /var/chorke/www/hub.chorke.org/html
    ErrorLog /var/chorke/www/hub.chorke.org/error.log
    CustomLog /var/chorke/www/hub.chorke.org/requests.log combined
    <Directory "/var/chorke/www/hub.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/chorke/www/hub.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>
    <Location />
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8082/ nocanon
        ProxyPassReverse http://10.19.83.204:8082/
        RequestHeader set X-Forwarded-Proto "https"
    </Location>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/hub.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/hub.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
</source>
</source>


===ihe.chorke.org-le-ssl.conf===
===ihe.chorke.org-le-ssl.conf===
<code>nano /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf</code>
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-36,38-53,55-59,62-68,75-77" line>
<source lang="apache" highlight="3-5,7,8,11,15-18,20-26,28-35,37-51,53-57,72-74" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 769: Line 1,127:
         Deny from all
         Deny from all
         Allow from ::1
         Allow from ::1
        Allow from 10.8.0
         Allow from 10.19.83
         Allow from 10.19.83
        Allow from 10.20.13
         Allow from 100.43.0
         Allow from 100.43.0
         Allow from 127.0.0.1
         Allow from 127.0.0.1
        Allow from localhost
         Allow from 202.40.189
         Allow from 202.40.189
         Allow from 175.144.214
         Allow from 175.144.214
Line 780: Line 1,139:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 787: Line 1,146:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://mac.dev.shahed.biz:8303/fhir nocanon
         ProxyPass http://10.19.83.110:8303/fhir nocanon
         ProxyPassReverse http://mac.dev.shahed.biz:8303/fhir
         ProxyPassReverse http://10.19.83.110:8303/fhir
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 801: Line 1,161:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
===reg.chorke.org-le-ssl.conf===
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-39,41-47,54-56" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off
    ServerAlias reg.chorke.org
    ServerName www.reg.chorke.org
    ServerAdmin [email protected]
    DocumentRoot /var/chorke/www/reg.chorke.org/html
    ErrorLog /var/chorke/www/reg.chorke.org/error.log
    CustomLog /var/chorke/www/reg.chorke.org/requests.log combined
    <Directory "/var/chorke/www/reg.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/chorke/www/reg.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>
    <Location />
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8083/ nocanon
        ProxyPassReverse http://10.19.83.204:8083/
        RequestHeader set X-Forwarded-Proto "https"
    </Location>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/reg.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/reg.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
</source>
</source>


===dev.chorke.com-le-ssl.conf===
===dev.chorke.com-le-ssl.conf===
<code>nano /etc/apache2/sites-enabled/00-dev.chorke.com-le-ssl.conf</code>
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-36,38-53,55-59,62-68,75-77" line>
<source lang="apache" highlight="3-5,7,8,11,15-18,20-26,28-35,37-51,53-57,72-74" line>
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com-le-ssl.conf
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 850: Line 1,274:
         Deny from all
         Deny from all
         Allow from ::1
         Allow from ::1
        Allow from 10.8.0
         Allow from 10.19.83
         Allow from 10.19.83
        Allow from 10.20.13
         Allow from 100.43.0
         Allow from 100.43.0
         Allow from 127.0.0.1
         Allow from 127.0.0.1
        Allow from localhost
         Allow from 202.40.189
         Allow from 202.40.189
         Allow from 175.144.214
         Allow from 175.144.214
Line 861: Line 1,286:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 868: Line 1,293:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://mac.dev.shahed.biz:8302/ebis nocanon
         ProxyPass http://10.19.83.110:8302/ebis nocanon
         ProxyPassReverse http://mac.dev.shahed.biz:8302/ebis
         ProxyPassReverse http://10.19.83.110:8302/ebis
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 882: Line 1,308:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
</source>


===dev.shahed.biz-le-ssl.conf===
===dev.shahed.biz-le-ssl.conf===
<code>nano /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf</code>
<source lang="apache" highlight="4-6,8,10,12,16-19,21-27,29-36,38-53,55-59,62-68,71-76,83-85" line>
<source lang="apache" highlight="3-5,7,9,11,15-18,20-26,28-35,37-51,53-57,72-74" line>
cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 895: Line 1,322:
     ServerName www.dev.shahed.biz
     ServerName www.dev.shahed.biz
     ServerAdmin [email protected]
     ServerAdmin [email protected]
     ServerAlias dev.shahed.biz piw.dev.shahed.biz
     ServerAlias dev.shahed.biz pi00.dev.shahed.biz


     DocumentRoot /var/shahed/www/dev.shahed.biz/html
     DocumentRoot /var/shahed/www/dev.shahed.biz/html
Line 931: Line 1,358:
         Deny from all
         Deny from all
         Allow from ::1
         Allow from ::1
        Allow from 10.8.0
         Allow from 10.19.83
         Allow from 10.19.83
        Allow from 10.20.13
         Allow from 100.43.0
         Allow from 100.43.0
         Allow from 127.0.0.1
         Allow from 127.0.0.1
        Allow from localhost
         Allow from 202.40.189
         Allow from 202.40.189
         Allow from 175.144.214
         Allow from 175.144.214
Line 942: Line 1,370:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>
    #proxy for crawler
    <Location /crawler>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:1983/crawler nocanon
        ProxyPassReverse http://10.19.83.204:1983/crawler
        RequestHeader set X-Forwarded-Proto "https"
    </Location>


     # proxy for reports
     # proxy for reports
Line 963: Line 1,400:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
===vpn.shahed.biz-le-ssl.conf===
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-42,44-51,53-57,64-66" line>
cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off
    ServerAlias vpn.shahed.biz
    ServerName www.vpn.shahed.biz
    ServerAdmin [email protected]
    DocumentRoot /var/shahed/www/vpn.shahed.biz/html
    ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
    CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined
    <Directory "/var/shahed/www/vpn.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/shahed/www/vpn.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    Alias /docs "/var/shahed/www/vpn.shahed.biz/docs/"
    <Directory "/var/shahed/www/vpn.shahed.biz/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>
    Alias /soft "/var/shahed/www/vpn.shahed.biz/soft/"
    <Directory "/var/shahed/www/vpn.shahed.biz/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>
    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/vpn.shahed.biz/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/vpn.shahed.biz/privkey.pem
</VirtualHost>
</IfModule>
EOF
</source>
</source>
==Knowledge==
ls -lah /etc/letsencrypt/archive/
ls -lah /etc/letsencrypt/live/


==References==
==References==

Latest revision as of 02:07, 10 September 2021

Apache2

All Sites

# chorke.{org,com}
mkdir -p /etc/chorke/apache2/conf.sites.all.d
cd /etc/chorke/apache2/conf.sites.all.d

nano 00-dev.chorke.org.conf
nano 00-dev.chorke.org-le-ssl.conf

nano 01-api.chorke.org.conf
nano 01-api.chorke.org-le-ssl.conf

nano 01-ihe.chorke.org.conf
nano 01-ihe.chorke.org-le-ssl.conf

nano 02-dev.chorke.com.conf
nano 02-dev.chorke.com-le-ssl.conf

# shahed.biz
mkdir -p /etc/shahed/apache2/conf.sites.all.d
cd /etc/shahed/apache2/conf.sites.all.d

nano 03-dev.shahed.biz.conf
nano 03-dev.shahed.biz-le-ssl.conf

nano 03-vpn.shahed.biz.conf
nano 03-vpn.shahed.biz-le-ssl.conf

# chorke.org
mkdir -p /etc/chorke/apache2/conf.sites.all.d
cd /etc/chorke/apache2/conf.sites.all.d

nano 01-cid.chorke.org.conf
nano 01-cid.chorke.org-le-ssl.conf

nano 01-hub.chorke.org.conf
nano 01-hub.chorke.org-le-ssl.conf

nano 01-reg.chorke.org.conf
nano 01-reg.chorke.org-le-ssl.conf

Enabled Sites

# chorke.{org,com}
cd /etc/apache2/sites-enabled
ln -s /etc/chorke/apache2/conf.sites.all.d/00-dev.chorke.org.conf\
      /etc/apache2/sites-enabled/00-dev.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-api.chorke.org.conf\
      /etc/apache2/sites-enabled/01-api.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-ihe.chorke.org.conf\
      /etc/apache2/sites-enabled/01-ihe.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/02-dev.chorke.com.conf\
      /etc/apache2/sites-enabled/02-dev.chorke.com.conf

apache2ctl -t

# shahed.biz
cd /etc/apache2/sites-enabled
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz.conf\
      /etc/apache2/sites-enabled/03-dev.shahed.biz.conf

ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz.conf\
      /etc/apache2/sites-enabled/03-vpn.shahed.biz.conf

apache2ctl -t

# chorke.org
cd /etc/apache2/sites-enabled
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org.conf\
      /etc/apache2/sites-enabled/01-cid.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org.conf\
      /etc/apache2/sites-enabled/01-hub.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org.conf\
      /etc/apache2/sites-enabled/01-reg.chorke.org.conf

apache2ctl -t

Enabled HTTPS

# chorke.org
ln -s /etc/chorke/apache2/conf.sites.all.d/00-dev.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-api.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-ihe.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf

apache2ctl -t

# chorke.com
ln -s /etc/chorke/apache2/conf.sites.all.d/02-dev.chorke.com-le-ssl.conf\
      /etc/apache2/sites-enabled/02-dev.chorke.com-le-ssl.conf

apache2ctl -t

# shahed.biz
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz-le-ssl.conf\
      /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf

ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz-le-ssl.conf\
      /etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf

apache2ctl -t

# chorke.org
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf

apache2ctl -t

Directory Tree

mkdir -p /var/chorke/www;\
cd /var/chorke/www/;p='api cid dev hub ihe reg';\
for s in $p;do d='html docs soft';\
    for f in $d;do w="$s.chorke.org/$f";\
        mkdir -p "$w";\
    done;
done
mkdir -p /var/chorke/www;\
cd /var/chorke/www/;p='dev';\
for s in $p;do d='html docs soft';\
    for f in $d;do w="$s.chorke.com/$f";\
        mkdir -p "$w";\
    done;
done
mkdir -p /var/shahed/www;\
cd /var/shahed/www/;p='dev vpn';\
for s in $p;do d='html docs soft';\
    for f in $d;do w="$s.shahed.biz/$f";\
        mkdir -p "$w";\
    done;
done

Acme Challenges

cd /var/chorke/www/;p='api cid dev hub ihe reg';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.chorke.org/html";\
    mkdir -p "$w/$a";\
done
cd /var/chorke/www/;p='dev';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.chorke.com/html";\
    mkdir -p "$w/$a";\
done
cd /var/shahed/www/;p='dev vpn';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.shahed.biz/html";\
    mkdir -p "$w/$a";\
done
#nano /var/chorke/www/api.chorke.org/html/.htaccess
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{SERVER_NAME} =api.chorke.org [OR]
RewriteCond %{SERVER_NAME} =www.api.chorke.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
f='html docs soft';\
for s in *.chorke.*;do for d in $f;do \
    h="<html>\n<head><title>$s/$d</title></head>\n";
    h="$h<body><h1>Welcome to, $s/$d</h1></body>\n</html>";
    echo -e "$h" >> "$s/$d/index.html";
done;done
f='html docs soft';\
for s in *.shahed.biz;do for d in $f;do \
    h="<html>\n<head><title>$s/$d</title></head>\n";
    h="$h<body><h1>Welcome to, $s/$d</h1></body>\n</html>";
    echo -e "$h" >> "$s/$d/index.html";
done;done
apt -y install apache2 mod_ssl; a2enmod ssl
cd /opt/;git clone https://github.com/certbot/certbot.git
cd /usr/local/bin/;ln -s /opt/certbot/certbot-auto certbot
ln -s /opt/certbot/letsencrypt-auto letsencrypt
letsencrypt     #letsencrypt renew
certbot         #certbot renew

HTTP

dev.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.org
    ServerName www.dev.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.org/html
    ErrorLog /var/chorke/www/dev.chorke.org/error.log
    CustomLog /var/chorke/www/dev.chorke.org/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for forms
    <Location /forms>
        Order Allow,Deny
        Allow from all
        ProxyPass http://175.144.214.83:9001/forms nocanon
        ProxyPassReverse http://175.144.214.83:9001/forms
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    RewriteEngine on
    RewriteCond %{HTTP_HOST} =10.19.83.100
    RewriteRule ^ https://dev.chorke.org%{REQUEST_URI} [END,NE,R=permanent]

#    RewriteCond %{SERVER_NAME} =dev.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.dev.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

api.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias api.chorke.org
    ServerName www.api.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/api.chorke.org/html
    ErrorLog /var/chorke/www/api.chorke.org/error.log
    CustomLog /var/chorke/www/api.chorke.org/requests.log combined

    <Directory "/var/chorke/www/api.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/api.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =api.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.api.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

cid.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias cid.chorke.org
    ServerName www.cid.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/cid.chorke.org/html
    ErrorLog /var/chorke/www/cid.chorke.org/error.log
    CustomLog /var/chorke/www/cid.chorke.org/requests.log combined

    <Directory "/var/chorke/www/cid.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/cid.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =cid.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.cid.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

hub.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias hub.chorke.org
    ServerName www.hub.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/hub.chorke.org/html
    ErrorLog /var/chorke/www/hub.chorke.org/error.log
    CustomLog /var/chorke/www/hub.chorke.org/requests.log combined

    <Directory "/var/chorke/www/hub.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/hub.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =hub.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.hub.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

ihe.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias ihe.chorke.org
    ServerName www.ihe.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/ihe.chorke.org/html
    ErrorLog /var/chorke/www/ihe.chorke.org/error.log
    CustomLog /var/chorke/www/ihe.chorke.org/requests.log combined

    <Directory "/var/chorke/www/ihe.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/ihe.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =ihe.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.ihe.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

reg.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias reg.chorke.org
    ServerName www.reg.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/reg.chorke.org/html
    ErrorLog /var/chorke/www/reg.chorke.org/error.log
    CustomLog /var/chorke/www/reg.chorke.org/requests.log combined

    <Directory "/var/chorke/www/reg.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/reg.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =reg.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.reg.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

dev.chorke.com.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.com
    ServerName www.dev.chorke.com
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.com/html
    ErrorLog /var/chorke/www/dev.chorke.com/error.log
    CustomLog /var/chorke/www/dev.chorke.com/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.com/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.com/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =dev.chorke.com [OR]
#    RewriteCond %{SERVER_NAME} =www.dev.chorke.com
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

dev.shahed.biz.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerName www.dev.shahed.biz
    ServerAdmin [email protected]
    ServerAlias dev.shahed.biz pi00.dev.shahed.biz

    DocumentRoot /var/shahed/www/dev.shahed.biz/html
    ErrorLog /var/shahed/www/dev.shahed.biz/error.log
    CustomLog /var/shahed/www/dev.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/dev.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/dev.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for forms
    <Location /forms>
        Order Allow,Deny
        Allow from all
        ProxyPass http://175.144.214.83:9001/forms nocanon
        ProxyPassReverse http://175.144.214.83:9001/forms
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =pi00.dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =www.dev.shahed.biz
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

vpn.shahed.biz.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias vpn.shahed.biz
    ServerName www.vpn.shahed.biz
    ServerAdmin [email protected]

    DocumentRoot /var/shahed/www/vpn.shahed.biz/html
    ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
    CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/vpn.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/vpn.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =vpn.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =www.vpn.shahed.biz
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

HTTPS

dev.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf
IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.org
    ServerName www.dev.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.org/html
    ErrorLog /var/chorke/www/dev.chorke.org/error.log
    CustomLog /var/chorke/www/dev.chorke.org/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/dev.chorke.org/docs/"
    <Directory "/var/chorke/www/dev.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/dev.chorke.org/soft/"
    <Directory "/var/chorke/www/dev.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for ui.mob
    <Location /ui.mob>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.101/ui.mob nocanon
        ProxyPassReverse http://10.19.83.101/ui.mob
    </Location>

    #proxy for ui.web
    <Location /ui.web>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.101/ui.web nocanon
        ProxyPassReverse http://10.19.83.101/ui.web
    </Location>

    #proxy for report
    <Location /report>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.207/report nocanon
        ProxyPassReverse http://10.19.83.207/report
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/dev.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/dev.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

api.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias api.chorke.org
    ServerName www.api.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/api.chorke.org/html
    ErrorLog /var/chorke/www/api.chorke.org/error.log
    CustomLog /var/chorke/www/api.chorke.org/requests.log combined

    <Directory "/var/chorke/www/api.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/api.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/api.chorke.org/docs/"
    <Directory "/var/chorke/www/api.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/api.chorke.org/soft/"
    <Directory "/var/chorke/www/api.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # proxy for auth
    <Location /auth>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:9090/auth nocanon
        ProxyPassReverse http://10.19.83.110:9090/auth
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for ebis
    <Location /ebis>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8302/ebis nocanon
        ProxyPassReverse http://10.19.83.110:8302/ebis
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for init
    <Location /init>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8304/init nocanon
        ProxyPassReverse http://10.19.83.110:8304/init
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/api.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/api.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

cid.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes On

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias cid.chorke.org
    ServerName www.cid.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/cid.chorke.org/html
    ErrorLog /var/chorke/www/cid.chorke.org/error.log
    CustomLog /var/chorke/www/cid.chorke.org/requests.log combined

    <Directory "/var/chorke/www/cid.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/cid.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/cid.chorke.org/docs/"
    <Directory "/var/chorke/www/cid.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/cid.chorke.org/soft/"
    <Directory "/var/chorke/www/cid.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # proxy for gitlab
    <Location /gitlab>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.206/gitlab nocanon
        ProxyPassReverse http://10.19.83.206/gitlab
        RequestHeader set X-Forwarded-Proto "https"
        #ProxyPassReverseCookiePath "/gitlab/" "/gitlab/"
        #ProxyPassReverseCookieDomain "git0.dev.shahed.biz" "cid.chorke.org"
    </Location>

    # proxy for nexus
    <Location /nexus>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8081/nexus nocanon
        ProxyPassReverse http://10.19.83.204:8081/nexus
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for jenkins
    <Location /jenkins>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8080/jenkins nocanon
        ProxyPassReverse http://10.19.83.204:8080/jenkins
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for artifactory
    <Location /artifactory>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8084/artifactory nocanon
        ProxyPassReverse http://10.19.83.204:8084/artifactory
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/cid.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cid.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

hub.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias hub.chorke.org
    ServerName www.hub.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/hub.chorke.org/html
    ErrorLog /var/chorke/www/hub.chorke.org/error.log
    CustomLog /var/chorke/www/hub.chorke.org/requests.log combined

    <Directory "/var/chorke/www/hub.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/hub.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    <Location />
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8082/ nocanon
        ProxyPassReverse http://10.19.83.204:8082/
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/hub.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/hub.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

ihe.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias ihe.chorke.org
    ServerName www.ihe.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/ihe.chorke.org/html
    ErrorLog /var/chorke/www/ihe.chorke.org/error.log
    CustomLog /var/chorke/www/ihe.chorke.org/requests.log combined

    <Directory "/var/chorke/www/ihe.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/ihe.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/ihe.chorke.org/docs/"
    <Directory "/var/chorke/www/ihe.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/ihe.chorke.org/soft/"
    <Directory "/var/chorke/www/ihe.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for fhir
    <Location /fhir>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8303/fhir nocanon
        ProxyPassReverse http://10.19.83.110:8303/fhir
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/ihe.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/ihe.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

reg.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias reg.chorke.org
    ServerName www.reg.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/reg.chorke.org/html
    ErrorLog /var/chorke/www/reg.chorke.org/error.log
    CustomLog /var/chorke/www/reg.chorke.org/requests.log combined

    <Directory "/var/chorke/www/reg.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/reg.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    <Location />
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8083/ nocanon
        ProxyPassReverse http://10.19.83.204:8083/
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/reg.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/reg.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

dev.chorke.com-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.com
    ServerName www.dev.chorke.com
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.com/html
    ErrorLog /var/chorke/www/dev.chorke.com/error.log
    CustomLog /var/chorke/www/dev.chorke.com/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.com/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.com/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/dev.chorke.com/docs/"
    <Directory "/var/chorke/www/dev.chorke.com/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/dev.chorke.com/soft/"
    <Directory "/var/chorke/www/dev.chorke.com/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for ebis
    <Location /ebis>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8302/ebis nocanon
        ProxyPassReverse http://10.19.83.110:8302/ebis
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/dev.chorke.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/dev.chorke.com/privkey.pem
</VirtualHost>
</IfModule>
EOF

dev.shahed.biz-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerName www.dev.shahed.biz
    ServerAdmin [email protected]
    ServerAlias dev.shahed.biz pi00.dev.shahed.biz

    DocumentRoot /var/shahed/www/dev.shahed.biz/html
    ErrorLog /var/shahed/www/dev.shahed.biz/error.log
    CustomLog /var/shahed/www/dev.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/dev.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/dev.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/shahed/www/dev.shahed.biz/docs/"
    <Directory "/var/shahed/www/dev.shahed.biz/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/shahed/www/dev.shahed.biz/soft/"
    <Directory "/var/shahed/www/dev.shahed.biz/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for crawler
    <Location /crawler>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:1983/crawler nocanon
        ProxyPassReverse http://10.19.83.204:1983/crawler
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for reports
    <Location /reports>
        Order Allow,Deny
        Allow from all
        ProxyPass http://175.144.214.83:9002/reports nocanon
        ProxyPassReverse http://175.144.214.83:9002/reports
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/dev.shahed.biz/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/dev.shahed.biz/privkey.pem
</VirtualHost>
</IfModule>
EOF

vpn.shahed.biz-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias vpn.shahed.biz
    ServerName www.vpn.shahed.biz
    ServerAdmin [email protected]

    DocumentRoot /var/shahed/www/vpn.shahed.biz/html
    ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
    CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/vpn.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/vpn.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/shahed/www/vpn.shahed.biz/docs/"
    <Directory "/var/shahed/www/vpn.shahed.biz/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/shahed/www/vpn.shahed.biz/soft/"
    <Directory "/var/shahed/www/vpn.shahed.biz/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/vpn.shahed.biz/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/vpn.shahed.biz/privkey.pem
</VirtualHost>
</IfModule>
EOF

Knowledge

ls -lah /etc/letsencrypt/archive/
ls -lah /etc/letsencrypt/live/

References