Virtual Host And Certbot in Raspbian 10: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(35 intermediate revisions by the same user not shown)
Line 3: Line 3:
| valign="top" |
| valign="top" |
===All Sites===
===All Sites===
<source lang="bash">
<source lang="bash" style="border:3px dashed blue">
# chorke.{org,com}
# chorke.{org,com}
mkdir -p /etc/chorke/apache2/conf.sites.all.d
mkdir -p /etc/chorke/apache2/conf.sites.all.d
Line 20: Line 20:
nano 02-dev.chorke.com-le-ssl.conf
nano 02-dev.chorke.com-le-ssl.conf
</source>
</source>
 
----
<source lang="bash">
<source lang="bash" style="border:3px dashed blue">
# shahed.biz
# shahed.biz
mkdir -p /etc/shahed/apache2/conf.sites.all.d
mkdir -p /etc/shahed/apache2/conf.sites.all.d
Line 28: Line 28:
nano 03-dev.shahed.biz.conf
nano 03-dev.shahed.biz.conf
nano 03-dev.shahed.biz-le-ssl.conf
nano 03-dev.shahed.biz-le-ssl.conf
nano 03-vpn.shahed.biz.conf
nano 03-vpn.shahed.biz-le-ssl.conf
</source>
----
<source lang="bash" style="border:3px dashed blue">
# chorke.org
mkdir -p /etc/chorke/apache2/conf.sites.all.d
cd /etc/chorke/apache2/conf.sites.all.d
nano 01-cid.chorke.org.conf
nano 01-cid.chorke.org-le-ssl.conf
nano 01-hub.chorke.org.conf
nano 01-hub.chorke.org-le-ssl.conf
nano 01-reg.chorke.org.conf
nano 01-reg.chorke.org-le-ssl.conf
</source>
</source>


| valign="top" |
| valign="top" |
===Enabled Sites===
===Enabled Sites===
<source lang="bash">
<source lang="bash" style="border:3px dashed blue">
# chorke.{org,com}
# chorke.{org,com}
cd /etc/apache2/sites-enabled
cd /etc/apache2/sites-enabled
Line 49: Line 67:
apache2ctl -t
apache2ctl -t
</source>
</source>
 
----
<source lang="bash">
<source lang="bash" style="border:3px dashed blue">
# shahed.biz
# shahed.biz
cd /etc/apache2/sites-enabled
cd /etc/apache2/sites-enabled
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz.conf\
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz.conf\
       /etc/apache2/sites-enabled/03-dev.shahed.biz.conf
       /etc/apache2/sites-enabled/03-dev.shahed.biz.conf
ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz.conf\
      /etc/apache2/sites-enabled/03-vpn.shahed.biz.conf
apache2ctl -t
</source>
----
<source lang="bash" style="border:3px dashed blue">
# chorke.org
cd /etc/apache2/sites-enabled
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org.conf\
      /etc/apache2/sites-enabled/01-cid.chorke.org.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org.conf\
      /etc/apache2/sites-enabled/01-hub.chorke.org.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org.conf\
      /etc/apache2/sites-enabled/01-reg.chorke.org.conf


apache2ctl -t
apache2ctl -t
Line 74: Line 110:
apache2ctl -t
apache2ctl -t
</source>
</source>
 
----
 
<source lang="bash" style="border:3px dashed blue">
<source lang="bash" style="border:3px dashed blue">
# chorke.com
# chorke.com
Line 83: Line 118:
apache2ctl -t
apache2ctl -t
</source>
</source>
 
----
 
<source lang="bash" style="border:3px dashed blue">
<source lang="bash" style="border:3px dashed blue">
# shahed.biz
# shahed.biz
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz-le-ssl.conf\
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz-le-ssl.conf\
       /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf
       /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf
ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz-le-ssl.conf\
      /etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf
apache2ctl -t
</source>
----
<source lang="bash" style="border:3px dashed blue">
# chorke.org
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf
ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf


apache2ctl -t
apache2ctl -t
Line 98: Line 149:
<source lang="bash">
<source lang="bash">
mkdir -p /var/chorke/www;\
mkdir -p /var/chorke/www;\
cd /var/chorke/www/;p='api dev ihe';\
cd /var/chorke/www/;p='api cid dev hub ihe reg';\
for s in $p;do d='html docs soft';\
for s in $p;do d='html docs soft';\
     for f in $d;do w="$s.chorke.org/$f";\
     for f in $d;do w="$s.chorke.org/$f";\
Line 120: Line 171:
<source lang="bash">
<source lang="bash">
mkdir -p /var/shahed/www;\
mkdir -p /var/shahed/www;\
cd /var/shahed/www/;p='dev';\
cd /var/shahed/www/;p='dev vpn';\
for s in $p;do d='html docs soft';\
for s in $p;do d='html docs soft';\
     for f in $d;do w="$s.shahed.biz/$f";\
     for f in $d;do w="$s.shahed.biz/$f";\
Line 133: Line 184:
| valign="top" |
| valign="top" |
<source lang="bash" style="border:3px dashed blue">
<source lang="bash" style="border:3px dashed blue">
cd /var/chorke/www/;p='api dev ihe';\
cd /var/chorke/www/;p='api cid dev hub ihe reg';\
a='.well-known/acme-challenge';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.chorke.org/html";\
for s in $p;do w="$s.chorke.org/html";\
Line 151: Line 202:
| valign="top" |
| valign="top" |
<source lang="bash" style="border:3px dashed blue">
<source lang="bash" style="border:3px dashed blue">
cd /var/shahed/www/;p='dev';\
cd /var/shahed/www/;p='dev vpn';\
a='.well-known/acme-challenge';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.shahed.biz/html";\
for s in $p;do w="$s.shahed.biz/html";\
Line 201: Line 252:
==HTTP==
==HTTP==
===dev.chorke.org.conf===
===dev.chorke.org.conf===
<code>nano /etc/apache2/sites-enabled/00-dev.chorke.org.conf</code>
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-33,48-50,52-54" line>
<source lang="apache" highlight="3-5,7,8,11,15-18,20-26,28-32,47-49,51-53" line>
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org.conf
<IfModule mod_proxy.c>
<IfModule mod_proxy.c>
<VirtualHost *:80>
<VirtualHost *:80>
Line 233: Line 284:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 250: Line 301:


     RewriteEngine on
     RewriteEngine on
     RewriteCond %{HTTP_HOST} =10.19.83.5
     RewriteCond %{HTTP_HOST} =10.19.83.100
     RewriteRule ^ https://dev.chorke.org%{REQUEST_URI} [END,NE,R=permanent]
     RewriteRule ^ https://dev.chorke.org%{REQUEST_URI} [END,NE,R=permanent]


Line 257: Line 308:
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</VirtualHost>
</IfModule
</IfModule>
EOF
</source>
</source>


===api.chorke.org.conf===
===api.chorke.org.conf===
<code>nano /etc/apache2/sites-enabled/01-api.chorke.org.conf</code>
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-33,40-43" line>
<source lang="apache" highlight="3-5,7,8,11,15-18,20-26,28-32,39-42" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org.conf
<IfModule mod_proxy.c>
<IfModule mod_proxy.c>
<VirtualHost *:80>
<VirtualHost *:80>
Line 293: Line 345:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 307: Line 359:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
===cid.chorke.org.conf===
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    ServerAlias cid.chorke.org
    ServerName www.cid.chorke.org
    ServerAdmin [email protected]
    DocumentRoot /var/chorke/www/cid.chorke.org/html
    ErrorLog /var/chorke/www/cid.chorke.org/error.log
    CustomLog /var/chorke/www/cid.chorke.org/requests.log combined
    <Directory "/var/chorke/www/cid.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/chorke/www/cid.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =cid.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.cid.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
</source>
===hub.chorke.org.conf===
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    ServerAlias hub.chorke.org
    ServerName www.hub.chorke.org
    ServerAdmin [email protected]
    DocumentRoot /var/chorke/www/hub.chorke.org/html
    ErrorLog /var/chorke/www/hub.chorke.org/error.log
    CustomLog /var/chorke/www/hub.chorke.org/requests.log combined
    <Directory "/var/chorke/www/hub.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/chorke/www/hub.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =hub.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.hub.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
</source>
</source>


===ihe.chorke.org.conf===
===ihe.chorke.org.conf===
<code>nano /etc/apache2/sites-enabled/01-ihe.chorke.org.conf</code>
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-33,40-43" line>
<source lang="apache" highlight="3-5,7,8,11,15-18,20-26,28-32,39-42" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org.conf
<IfModule mod_proxy.c>
<IfModule mod_proxy.c>
<VirtualHost *:80>
<VirtualHost *:80>
Line 342: Line 483:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 356: Line 497:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
===reg.chorke.org.conf===
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    ServerAlias reg.chorke.org
    ServerName www.reg.chorke.org
    ServerAdmin [email protected]
    DocumentRoot /var/chorke/www/reg.chorke.org/html
    ErrorLog /var/chorke/www/reg.chorke.org/error.log
    CustomLog /var/chorke/www/reg.chorke.org/requests.log combined
    <Directory "/var/chorke/www/reg.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/chorke/www/reg.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =reg.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.reg.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
</source>
</source>


===dev.chorke.com.conf===
===dev.chorke.com.conf===
<code>nano /etc/apache2/sites-enabled/00-dev.chorke.com.conf</code>
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-33,40-43" line>
<source lang="apache" highlight="3-5,7,8,11,15-18,20-26,28-32,39-42" line>
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com.conf
<IfModule mod_proxy.c>
<IfModule mod_proxy.c>
<VirtualHost *:80>
<VirtualHost *:80>
Line 391: Line 577:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 405: Line 591:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
</source>


===dev.shahed.biz.conf===
===dev.shahed.biz.conf===
<code>nano /etc/apache2/sites-enabled/03-dev.shahed.biz.conf</code>
<source lang="apache" highlight="4-6,8,10,12,16-19,21-27,29-33,48-52" line>
<source lang="apache" highlight="3-5,7,9,11,15-18,20-26,28-32,47-51" line>
cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz.conf
<IfModule mod_proxy.c>
<IfModule mod_proxy.c>
<VirtualHost *:80>
<VirtualHost *:80>
Line 418: Line 605:
     ServerName www.dev.shahed.biz
     ServerName www.dev.shahed.biz
     ServerAdmin [email protected]
     ServerAdmin [email protected]
     ServerAlias dev.shahed.biz piw.dev.shahed.biz
     ServerAlias dev.shahed.biz pi00.dev.shahed.biz


     DocumentRoot /var/shahed/www/dev.shahed.biz/html
     DocumentRoot /var/shahed/www/dev.shahed.biz/html
Line 440: Line 627:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 458: Line 645:
#    RewriteEngine on
#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =piw.dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =pi00.dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =www.dev.shahed.biz
#    RewriteCond %{SERVER_NAME} =www.dev.shahed.biz
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
===vpn.shahed.biz.conf===
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,34-37" line>
cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    ServerAlias vpn.shahed.biz
    ServerName www.vpn.shahed.biz
    ServerAdmin [email protected]
    DocumentRoot /var/shahed/www/vpn.shahed.biz/html
    ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
    CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined
    <Directory "/var/shahed/www/vpn.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/shahed/www/vpn.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =vpn.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =www.vpn.shahed.biz
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF
</source>
</source>


==HTTPS==
==HTTPS==
===dev.chorke.org.conf===
===dev.chorke.org-le-ssl.conf===
<code>nano /etc/apache2/sites-enabled/00-dev.chorke.org.conf</code>
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-36,38-53,55-59,62-67,70-75,78-84,91-93" line>
<source lang="apache" highlight="3-5,7,8,11,15-18,20-26,28-35,37-51,53-57,88-90" line>
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf
IfModule mod_ssl.c>
IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 513: Line 745:
         Deny from all
         Deny from all
         Allow from ::1
         Allow from ::1
        Allow from 10.8.0
         Allow from 10.19.83
         Allow from 10.19.83
        Allow from 10.20.13
         Allow from 100.43.0
         Allow from 100.43.0
         Allow from 127.0.0.1
         Allow from 127.0.0.1
        Allow from localhost
         Allow from 202.40.189
         Allow from 202.40.189
         Allow from 175.144.214
         Allow from 175.144.214
Line 524: Line 757:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 531: Line 764:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://pih.dev.shahed.biz/ui.mob nocanon
         ProxyPass http://10.19.83.101/ui.mob nocanon
         ProxyPassReverse http://pih.dev.shahed.biz/ui.mob
         ProxyPassReverse http://10.19.83.101/ui.mob
     </Location>
     </Location>


Line 539: Line 772:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://pih.dev.shahed.biz/ui.web nocanon
         ProxyPass http://10.19.83.101/ui.web nocanon
         ProxyPassReverse http://pih.dev.shahed.biz/ui.web
         ProxyPassReverse http://10.19.83.101/ui.web
     </Location>
     </Location>


     #proxy for reports
     #proxy for report
     <Location /reports>
     <Location /report>
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://175.144.214.83:9002/reports nocanon
         ProxyPass http://10.19.83.207/report nocanon
         ProxyPassReverse http://175.144.214.83:9002/reports
         ProxyPassReverse http://10.19.83.207/report
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 561: Line 795:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
</source>


===api.chorke.org.conf===
===api.chorke.org-le-ssl.conf===
<code>nano /etc/apache2/sites-enabled/01-api.chorke.org.conf</code>
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-42,44-59,61-65,68-74,77-83,86-92,99-101" line>
<source lang="apache" highlight="3-5,7,8,11,15-18,20-26,28-35,37-51,53-57,80-82" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 571: Line 806:
     ProxyPreserveHost On
     ProxyPreserveHost On
     AllowEncodedSlashes Off
     AllowEncodedSlashes Off
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off


     ServerAlias api.chorke.org
     ServerAlias api.chorke.org
Line 610: Line 851:
         Deny from all
         Deny from all
         Allow from ::1
         Allow from ::1
        Allow from 10.8.0
         Allow from 10.19.83
         Allow from 10.19.83
        Allow from 10.20.13
         Allow from 100.43.0
         Allow from 100.43.0
         Allow from 127.0.0.1
         Allow from 127.0.0.1
        Allow from localhost
         Allow from 202.40.189
         Allow from 202.40.189
         Allow from 175.144.214
         Allow from 175.144.214
Line 621: Line 863:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>
    # proxy for auth
    <Location /auth>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:9090/auth nocanon
        ProxyPassReverse http://10.19.83.110:9090/auth
        RequestHeader set X-Forwarded-Proto "https"
    </Location>


     # proxy for ebis
     # proxy for ebis
Line 628: Line 879:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://mac.dev.shahed.biz:8302/ebis nocanon
         ProxyPass http://10.19.83.110:8302/ebis nocanon
         ProxyPassReverse http://mac.dev.shahed.biz:8302/ebis
         ProxyPassReverse http://10.19.83.110:8302/ebis
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 636: Line 888:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://mac.dev.shahed.biz:8304/init nocanon
         ProxyPass http://10.19.83.110:8304/init nocanon
         ProxyPassReverse http://mac.dev.shahed.biz:8304/init
         ProxyPassReverse http://10.19.83.110:8304/init
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 650: Line 903:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
===cid.chorke.org-le-ssl.conf===
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-42,44-51,53-57,60-68,71-77,80-86,89-95,102-104" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes On
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off
    ServerAlias cid.chorke.org
    ServerName www.cid.chorke.org
    ServerAdmin [email protected]
    DocumentRoot /var/chorke/www/cid.chorke.org/html
    ErrorLog /var/chorke/www/cid.chorke.org/error.log
    CustomLog /var/chorke/www/cid.chorke.org/requests.log combined
    <Directory "/var/chorke/www/cid.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/chorke/www/cid.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    Alias /docs "/var/chorke/www/cid.chorke.org/docs/"
    <Directory "/var/chorke/www/cid.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>
    Alias /soft "/var/chorke/www/cid.chorke.org/soft/"
    <Directory "/var/chorke/www/cid.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>
    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>
    # proxy for gitlab
    <Location /gitlab>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.206/gitlab nocanon
        ProxyPassReverse http://10.19.83.206/gitlab
        RequestHeader set X-Forwarded-Proto "https"
        #ProxyPassReverseCookiePath "/gitlab/" "/gitlab/"
        #ProxyPassReverseCookieDomain "git0.dev.shahed.biz" "cid.chorke.org"
    </Location>
    # proxy for nexus
    <Location /nexus>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8081/nexus nocanon
        ProxyPassReverse http://10.19.83.204:8081/nexus
        RequestHeader set X-Forwarded-Proto "https"
    </Location>
    # proxy for jenkins
    <Location /jenkins>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8080/jenkins nocanon
        ProxyPassReverse http://10.19.83.204:8080/jenkins
        RequestHeader set X-Forwarded-Proto "https"
    </Location>
    # proxy for artifactory
    <Location /artifactory>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8084/artifactory nocanon
        ProxyPassReverse http://10.19.83.204:8084/artifactory
        RequestHeader set X-Forwarded-Proto "https"
    </Location>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/cid.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cid.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
</source>
===hub.chorke.org-le-ssl.conf===
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-39,41-47,54-56" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off
    ServerAlias hub.chorke.org
    ServerName www.hub.chorke.org
    ServerAdmin [email protected]
    DocumentRoot /var/chorke/www/hub.chorke.org/html
    ErrorLog /var/chorke/www/hub.chorke.org/error.log
    CustomLog /var/chorke/www/hub.chorke.org/requests.log combined
    <Directory "/var/chorke/www/hub.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/chorke/www/hub.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>
    <Location />
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8082/ nocanon
        ProxyPassReverse http://10.19.83.204:8082/
        RequestHeader set X-Forwarded-Proto "https"
    </Location>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/hub.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/hub.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
</source>
</source>


===ihe.chorke.org.conf===
===ihe.chorke.org-le-ssl.conf===
<code>nano /etc/apache2/sites-enabled/01-ihe.chorke.org.conf</code>
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-36,38-53,55-59,62-68,75-77" line>
<source lang="apache" highlight="3-5,7,8,11,15-18,20-26,28-35,37-51,53-57,72-74" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 699: Line 1,127:
         Deny from all
         Deny from all
         Allow from ::1
         Allow from ::1
        Allow from 10.8.0
         Allow from 10.19.83
         Allow from 10.19.83
        Allow from 10.20.13
         Allow from 100.43.0
         Allow from 100.43.0
         Allow from 127.0.0.1
         Allow from 127.0.0.1
        Allow from localhost
         Allow from 202.40.189
         Allow from 202.40.189
         Allow from 175.144.214
         Allow from 175.144.214
Line 710: Line 1,139:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 717: Line 1,146:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://mac.dev.shahed.biz:8303/fhir nocanon
         ProxyPass http://10.19.83.110:8303/fhir nocanon
         ProxyPassReverse http://mac.dev.shahed.biz:8303/fhir
         ProxyPassReverse http://10.19.83.110:8303/fhir
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 731: Line 1,161:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
</source>


===dev.chorke.com.conf===
===reg.chorke.org-le-ssl.conf===
<code>nano /etc/apache2/sites-enabled/00-dev.chorke.com.conf</code>
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-39,41-47,54-56" line>
<source lang="apache" highlight="3-5,7,8,11,15-18,20-26,28-35,37-51,53-57,72-74" line>
cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
 
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off
 
    ServerAlias reg.chorke.org
    ServerName www.reg.chorke.org
    ServerAdmin [email protected]
 
    DocumentRoot /var/chorke/www/reg.chorke.org/html
    ErrorLog /var/chorke/www/reg.chorke.org/error.log
    CustomLog /var/chorke/www/reg.chorke.org/requests.log combined
 
    <Directory "/var/chorke/www/reg.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>
 
    <Directory "/var/chorke/www/reg.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
 
    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>
 
    <Location />
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8083/ nocanon
        ProxyPassReverse http://10.19.83.204:8083/
        RequestHeader set X-Forwarded-Proto "https"
    </Location>
 
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
 
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/reg.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/reg.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF
</source>
 
===dev.chorke.com-le-ssl.conf===
<source lang="apache" highlight="4-6,8,9,12,16-19,21-27,29-36,38-53,55-59,62-68,75-77" line>
cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com-le-ssl.conf
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 780: Line 1,274:
         Deny from all
         Deny from all
         Allow from ::1
         Allow from ::1
        Allow from 10.8.0
         Allow from 10.19.83
         Allow from 10.19.83
        Allow from 10.20.13
         Allow from 100.43.0
         Allow from 100.43.0
         Allow from 127.0.0.1
         Allow from 127.0.0.1
        Allow from localhost
         Allow from 202.40.189
         Allow from 202.40.189
         Allow from 175.144.214
         Allow from 175.144.214
Line 791: Line 1,286:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>


Line 798: Line 1,293:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         ProxyPass http://mac.dev.shahed.biz:8302/ebis nocanon
         ProxyPass http://10.19.83.110:8302/ebis nocanon
         ProxyPassReverse http://mac.dev.shahed.biz:8302/ebis
         ProxyPassReverse http://10.19.83.110:8302/ebis
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 812: Line 1,308:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
</source>


===dev.shahed.biz.conf===
===dev.shahed.biz-le-ssl.conf===
<code>nano /etc/apache2/sites-enabled/03-dev.shahed.biz.conf</code>
<source lang="apache" highlight="4-6,8,10,12,16-19,21-27,29-36,38-53,55-59,62-68,71-76,83-85" line>
<source lang="apache" highlight="3-5,7,9,11,15-18,20-26,28-35,37-51,53-57,72-74" line>
cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 825: Line 1,322:
     ServerName www.dev.shahed.biz
     ServerName www.dev.shahed.biz
     ServerAdmin [email protected]
     ServerAdmin [email protected]
     ServerAlias dev.shahed.biz piw.dev.shahed.biz
     ServerAlias dev.shahed.biz pi00.dev.shahed.biz


     DocumentRoot /var/shahed/www/dev.shahed.biz/html
     DocumentRoot /var/shahed/www/dev.shahed.biz/html
Line 861: Line 1,358:
         Deny from all
         Deny from all
         Allow from ::1
         Allow from ::1
        Allow from 10.8.0
         Allow from 10.19.83
         Allow from 10.19.83
        Allow from 10.20.13
         Allow from 100.43.0
         Allow from 100.43.0
         Allow from 127.0.0.1
         Allow from 127.0.0.1
        Allow from localhost
         Allow from 202.40.189
         Allow from 202.40.189
         Allow from 175.144.214
         Allow from 175.144.214
Line 872: Line 1,370:
         Order Allow,Deny
         Order Allow,Deny
         Allow from all
         Allow from all
         Deny from 10.20.13.10
         Deny from 10.9.8
     </Proxy>
     </Proxy>
    #proxy for crawler
    <Location /crawler>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:1983/crawler nocanon
        ProxyPassReverse http://10.19.83.204:1983/crawler
        RequestHeader set X-Forwarded-Proto "https"
    </Location>


     # proxy for reports
     # proxy for reports
Line 893: Line 1,400:
</VirtualHost>
</VirtualHost>
</IfModule>
</IfModule>
EOF
</source>
===vpn.shahed.biz-le-ssl.conf===
<source lang="apache" highlight="4-6,8-12,14,15,18,22-25,27-33,35-42,44-51,53-57,64-66" line>
cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off
    ServerAlias vpn.shahed.biz
    ServerName www.vpn.shahed.biz
    ServerAdmin [email protected]
    DocumentRoot /var/shahed/www/vpn.shahed.biz/html
    ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
    CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined
    <Directory "/var/shahed/www/vpn.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/shahed/www/vpn.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
    Alias /docs "/var/shahed/www/vpn.shahed.biz/docs/"
    <Directory "/var/shahed/www/vpn.shahed.biz/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>
    Alias /soft "/var/shahed/www/vpn.shahed.biz/soft/"
    <Directory "/var/shahed/www/vpn.shahed.biz/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>
    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/vpn.shahed.biz/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/vpn.shahed.biz/privkey.pem
</VirtualHost>
</IfModule>
EOF
</source>
</source>
==Knowledge==
ls -lah /etc/letsencrypt/archive/
ls -lah /etc/letsencrypt/live/


==References==
==References==

Latest revision as of 02:07, 10 September 2021

Apache2

All Sites

# chorke.{org,com}
mkdir -p /etc/chorke/apache2/conf.sites.all.d
cd /etc/chorke/apache2/conf.sites.all.d

nano 00-dev.chorke.org.conf
nano 00-dev.chorke.org-le-ssl.conf

nano 01-api.chorke.org.conf
nano 01-api.chorke.org-le-ssl.conf

nano 01-ihe.chorke.org.conf
nano 01-ihe.chorke.org-le-ssl.conf

nano 02-dev.chorke.com.conf
nano 02-dev.chorke.com-le-ssl.conf

# shahed.biz
mkdir -p /etc/shahed/apache2/conf.sites.all.d
cd /etc/shahed/apache2/conf.sites.all.d

nano 03-dev.shahed.biz.conf
nano 03-dev.shahed.biz-le-ssl.conf

nano 03-vpn.shahed.biz.conf
nano 03-vpn.shahed.biz-le-ssl.conf

# chorke.org
mkdir -p /etc/chorke/apache2/conf.sites.all.d
cd /etc/chorke/apache2/conf.sites.all.d

nano 01-cid.chorke.org.conf
nano 01-cid.chorke.org-le-ssl.conf

nano 01-hub.chorke.org.conf
nano 01-hub.chorke.org-le-ssl.conf

nano 01-reg.chorke.org.conf
nano 01-reg.chorke.org-le-ssl.conf

Enabled Sites

# chorke.{org,com}
cd /etc/apache2/sites-enabled
ln -s /etc/chorke/apache2/conf.sites.all.d/00-dev.chorke.org.conf\
      /etc/apache2/sites-enabled/00-dev.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-api.chorke.org.conf\
      /etc/apache2/sites-enabled/01-api.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-ihe.chorke.org.conf\
      /etc/apache2/sites-enabled/01-ihe.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/02-dev.chorke.com.conf\
      /etc/apache2/sites-enabled/02-dev.chorke.com.conf

apache2ctl -t

# shahed.biz
cd /etc/apache2/sites-enabled
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz.conf\
      /etc/apache2/sites-enabled/03-dev.shahed.biz.conf

ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz.conf\
      /etc/apache2/sites-enabled/03-vpn.shahed.biz.conf

apache2ctl -t

# chorke.org
cd /etc/apache2/sites-enabled
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org.conf\
      /etc/apache2/sites-enabled/01-cid.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org.conf\
      /etc/apache2/sites-enabled/01-hub.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org.conf\
      /etc/apache2/sites-enabled/01-reg.chorke.org.conf

apache2ctl -t

Enabled HTTPS

# chorke.org
ln -s /etc/chorke/apache2/conf.sites.all.d/00-dev.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-api.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-ihe.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf

apache2ctl -t

# chorke.com
ln -s /etc/chorke/apache2/conf.sites.all.d/02-dev.chorke.com-le-ssl.conf\
      /etc/apache2/sites-enabled/02-dev.chorke.com-le-ssl.conf

apache2ctl -t

# shahed.biz
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz-le-ssl.conf\
      /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf

ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz-le-ssl.conf\
      /etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf

apache2ctl -t

# chorke.org
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf

apache2ctl -t

Directory Tree

mkdir -p /var/chorke/www;\
cd /var/chorke/www/;p='api cid dev hub ihe reg';\
for s in $p;do d='html docs soft';\
    for f in $d;do w="$s.chorke.org/$f";\
        mkdir -p "$w";\
    done;
done
mkdir -p /var/chorke/www;\
cd /var/chorke/www/;p='dev';\
for s in $p;do d='html docs soft';\
    for f in $d;do w="$s.chorke.com/$f";\
        mkdir -p "$w";\
    done;
done
mkdir -p /var/shahed/www;\
cd /var/shahed/www/;p='dev vpn';\
for s in $p;do d='html docs soft';\
    for f in $d;do w="$s.shahed.biz/$f";\
        mkdir -p "$w";\
    done;
done

Acme Challenges

cd /var/chorke/www/;p='api cid dev hub ihe reg';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.chorke.org/html";\
    mkdir -p "$w/$a";\
done
cd /var/chorke/www/;p='dev';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.chorke.com/html";\
    mkdir -p "$w/$a";\
done
cd /var/shahed/www/;p='dev vpn';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.shahed.biz/html";\
    mkdir -p "$w/$a";\
done
#nano /var/chorke/www/api.chorke.org/html/.htaccess
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{SERVER_NAME} =api.chorke.org [OR]
RewriteCond %{SERVER_NAME} =www.api.chorke.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
f='html docs soft';\
for s in *.chorke.*;do for d in $f;do \
    h="<html>\n<head><title>$s/$d</title></head>\n";
    h="$h<body><h1>Welcome to, $s/$d</h1></body>\n</html>";
    echo -e "$h" >> "$s/$d/index.html";
done;done
f='html docs soft';\
for s in *.shahed.biz;do for d in $f;do \
    h="<html>\n<head><title>$s/$d</title></head>\n";
    h="$h<body><h1>Welcome to, $s/$d</h1></body>\n</html>";
    echo -e "$h" >> "$s/$d/index.html";
done;done
apt -y install apache2 mod_ssl; a2enmod ssl
cd /opt/;git clone https://github.com/certbot/certbot.git
cd /usr/local/bin/;ln -s /opt/certbot/certbot-auto certbot
ln -s /opt/certbot/letsencrypt-auto letsencrypt
letsencrypt     #letsencrypt renew
certbot         #certbot renew

HTTP

dev.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.org
    ServerName www.dev.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.org/html
    ErrorLog /var/chorke/www/dev.chorke.org/error.log
    CustomLog /var/chorke/www/dev.chorke.org/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for forms
    <Location /forms>
        Order Allow,Deny
        Allow from all
        ProxyPass http://175.144.214.83:9001/forms nocanon
        ProxyPassReverse http://175.144.214.83:9001/forms
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    RewriteEngine on
    RewriteCond %{HTTP_HOST} =10.19.83.100
    RewriteRule ^ https://dev.chorke.org%{REQUEST_URI} [END,NE,R=permanent]

#    RewriteCond %{SERVER_NAME} =dev.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.dev.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

api.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias api.chorke.org
    ServerName www.api.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/api.chorke.org/html
    ErrorLog /var/chorke/www/api.chorke.org/error.log
    CustomLog /var/chorke/www/api.chorke.org/requests.log combined

    <Directory "/var/chorke/www/api.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/api.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =api.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.api.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

cid.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias cid.chorke.org
    ServerName www.cid.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/cid.chorke.org/html
    ErrorLog /var/chorke/www/cid.chorke.org/error.log
    CustomLog /var/chorke/www/cid.chorke.org/requests.log combined

    <Directory "/var/chorke/www/cid.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/cid.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =cid.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.cid.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

hub.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias hub.chorke.org
    ServerName www.hub.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/hub.chorke.org/html
    ErrorLog /var/chorke/www/hub.chorke.org/error.log
    CustomLog /var/chorke/www/hub.chorke.org/requests.log combined

    <Directory "/var/chorke/www/hub.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/hub.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =hub.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.hub.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

ihe.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias ihe.chorke.org
    ServerName www.ihe.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/ihe.chorke.org/html
    ErrorLog /var/chorke/www/ihe.chorke.org/error.log
    CustomLog /var/chorke/www/ihe.chorke.org/requests.log combined

    <Directory "/var/chorke/www/ihe.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/ihe.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =ihe.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.ihe.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

reg.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias reg.chorke.org
    ServerName www.reg.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/reg.chorke.org/html
    ErrorLog /var/chorke/www/reg.chorke.org/error.log
    CustomLog /var/chorke/www/reg.chorke.org/requests.log combined

    <Directory "/var/chorke/www/reg.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/reg.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =reg.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.reg.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

dev.chorke.com.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.com
    ServerName www.dev.chorke.com
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.com/html
    ErrorLog /var/chorke/www/dev.chorke.com/error.log
    CustomLog /var/chorke/www/dev.chorke.com/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.com/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.com/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =dev.chorke.com [OR]
#    RewriteCond %{SERVER_NAME} =www.dev.chorke.com
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

dev.shahed.biz.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerName www.dev.shahed.biz
    ServerAdmin [email protected]
    ServerAlias dev.shahed.biz pi00.dev.shahed.biz

    DocumentRoot /var/shahed/www/dev.shahed.biz/html
    ErrorLog /var/shahed/www/dev.shahed.biz/error.log
    CustomLog /var/shahed/www/dev.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/dev.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/dev.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for forms
    <Location /forms>
        Order Allow,Deny
        Allow from all
        ProxyPass http://175.144.214.83:9001/forms nocanon
        ProxyPassReverse http://175.144.214.83:9001/forms
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =pi00.dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =www.dev.shahed.biz
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

vpn.shahed.biz.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias vpn.shahed.biz
    ServerName www.vpn.shahed.biz
    ServerAdmin [email protected]

    DocumentRoot /var/shahed/www/vpn.shahed.biz/html
    ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
    CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/vpn.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/vpn.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =vpn.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =www.vpn.shahed.biz
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

HTTPS

dev.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf
IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.org
    ServerName www.dev.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.org/html
    ErrorLog /var/chorke/www/dev.chorke.org/error.log
    CustomLog /var/chorke/www/dev.chorke.org/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/dev.chorke.org/docs/"
    <Directory "/var/chorke/www/dev.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/dev.chorke.org/soft/"
    <Directory "/var/chorke/www/dev.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for ui.mob
    <Location /ui.mob>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.101/ui.mob nocanon
        ProxyPassReverse http://10.19.83.101/ui.mob
    </Location>

    #proxy for ui.web
    <Location /ui.web>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.101/ui.web nocanon
        ProxyPassReverse http://10.19.83.101/ui.web
    </Location>

    #proxy for report
    <Location /report>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.207/report nocanon
        ProxyPassReverse http://10.19.83.207/report
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/dev.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/dev.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

api.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias api.chorke.org
    ServerName www.api.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/api.chorke.org/html
    ErrorLog /var/chorke/www/api.chorke.org/error.log
    CustomLog /var/chorke/www/api.chorke.org/requests.log combined

    <Directory "/var/chorke/www/api.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/api.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/api.chorke.org/docs/"
    <Directory "/var/chorke/www/api.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/api.chorke.org/soft/"
    <Directory "/var/chorke/www/api.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # proxy for auth
    <Location /auth>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:9090/auth nocanon
        ProxyPassReverse http://10.19.83.110:9090/auth
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for ebis
    <Location /ebis>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8302/ebis nocanon
        ProxyPassReverse http://10.19.83.110:8302/ebis
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for init
    <Location /init>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8304/init nocanon
        ProxyPassReverse http://10.19.83.110:8304/init
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/api.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/api.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

cid.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes On

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias cid.chorke.org
    ServerName www.cid.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/cid.chorke.org/html
    ErrorLog /var/chorke/www/cid.chorke.org/error.log
    CustomLog /var/chorke/www/cid.chorke.org/requests.log combined

    <Directory "/var/chorke/www/cid.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/cid.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/cid.chorke.org/docs/"
    <Directory "/var/chorke/www/cid.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/cid.chorke.org/soft/"
    <Directory "/var/chorke/www/cid.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # proxy for gitlab
    <Location /gitlab>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.206/gitlab nocanon
        ProxyPassReverse http://10.19.83.206/gitlab
        RequestHeader set X-Forwarded-Proto "https"
        #ProxyPassReverseCookiePath "/gitlab/" "/gitlab/"
        #ProxyPassReverseCookieDomain "git0.dev.shahed.biz" "cid.chorke.org"
    </Location>

    # proxy for nexus
    <Location /nexus>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8081/nexus nocanon
        ProxyPassReverse http://10.19.83.204:8081/nexus
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for jenkins
    <Location /jenkins>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8080/jenkins nocanon
        ProxyPassReverse http://10.19.83.204:8080/jenkins
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for artifactory
    <Location /artifactory>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8084/artifactory nocanon
        ProxyPassReverse http://10.19.83.204:8084/artifactory
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/cid.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cid.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

hub.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias hub.chorke.org
    ServerName www.hub.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/hub.chorke.org/html
    ErrorLog /var/chorke/www/hub.chorke.org/error.log
    CustomLog /var/chorke/www/hub.chorke.org/requests.log combined

    <Directory "/var/chorke/www/hub.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/hub.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    <Location />
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8082/ nocanon
        ProxyPassReverse http://10.19.83.204:8082/
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/hub.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/hub.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

ihe.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias ihe.chorke.org
    ServerName www.ihe.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/ihe.chorke.org/html
    ErrorLog /var/chorke/www/ihe.chorke.org/error.log
    CustomLog /var/chorke/www/ihe.chorke.org/requests.log combined

    <Directory "/var/chorke/www/ihe.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/ihe.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/ihe.chorke.org/docs/"
    <Directory "/var/chorke/www/ihe.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/ihe.chorke.org/soft/"
    <Directory "/var/chorke/www/ihe.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for fhir
    <Location /fhir>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8303/fhir nocanon
        ProxyPassReverse http://10.19.83.110:8303/fhir
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/ihe.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/ihe.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

reg.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias reg.chorke.org
    ServerName www.reg.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/reg.chorke.org/html
    ErrorLog /var/chorke/www/reg.chorke.org/error.log
    CustomLog /var/chorke/www/reg.chorke.org/requests.log combined

    <Directory "/var/chorke/www/reg.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/reg.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    <Location />
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8083/ nocanon
        ProxyPassReverse http://10.19.83.204:8083/
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/reg.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/reg.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

dev.chorke.com-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.com
    ServerName www.dev.chorke.com
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.com/html
    ErrorLog /var/chorke/www/dev.chorke.com/error.log
    CustomLog /var/chorke/www/dev.chorke.com/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.com/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.com/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/dev.chorke.com/docs/"
    <Directory "/var/chorke/www/dev.chorke.com/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/dev.chorke.com/soft/"
    <Directory "/var/chorke/www/dev.chorke.com/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for ebis
    <Location /ebis>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8302/ebis nocanon
        ProxyPassReverse http://10.19.83.110:8302/ebis
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/dev.chorke.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/dev.chorke.com/privkey.pem
</VirtualHost>
</IfModule>
EOF

dev.shahed.biz-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerName www.dev.shahed.biz
    ServerAdmin [email protected]
    ServerAlias dev.shahed.biz pi00.dev.shahed.biz

    DocumentRoot /var/shahed/www/dev.shahed.biz/html
    ErrorLog /var/shahed/www/dev.shahed.biz/error.log
    CustomLog /var/shahed/www/dev.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/dev.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/dev.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/shahed/www/dev.shahed.biz/docs/"
    <Directory "/var/shahed/www/dev.shahed.biz/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/shahed/www/dev.shahed.biz/soft/"
    <Directory "/var/shahed/www/dev.shahed.biz/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for crawler
    <Location /crawler>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:1983/crawler nocanon
        ProxyPassReverse http://10.19.83.204:1983/crawler
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for reports
    <Location /reports>
        Order Allow,Deny
        Allow from all
        ProxyPass http://175.144.214.83:9002/reports nocanon
        ProxyPassReverse http://175.144.214.83:9002/reports
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/dev.shahed.biz/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/dev.shahed.biz/privkey.pem
</VirtualHost>
</IfModule>
EOF

vpn.shahed.biz-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias vpn.shahed.biz
    ServerName www.vpn.shahed.biz
    ServerAdmin [email protected]

    DocumentRoot /var/shahed/www/vpn.shahed.biz/html
    ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
    CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/vpn.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/vpn.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/shahed/www/vpn.shahed.biz/docs/"
    <Directory "/var/shahed/www/vpn.shahed.biz/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/shahed/www/vpn.shahed.biz/soft/"
    <Directory "/var/shahed/www/vpn.shahed.biz/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/vpn.shahed.biz/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/vpn.shahed.biz/privkey.pem
</VirtualHost>
</IfModule>
EOF

Knowledge

ls -lah /etc/letsencrypt/archive/
ls -lah /etc/letsencrypt/live/

References