Virtual Host And Certbot in RHEL6: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
(Created page with "<source lang="ini" highlight="4" start="219" line> # Load config files from the config directory "/etc/httpd/conf.d". # Include conf.d/*.conf Include conf.sites.d/*.conf <...")
 
No edit summary
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
<source lang="ini" highlight="4" start="219" line>
==Apache==
===httpd.conf===
<code>vim /etc/httpd/conf/httpd.conf</code>
<source lang="apache" highlight="4" start="219" line>
  # Load config files from the config directory "/etc/httpd/conf.d".
  # Load config files from the config directory "/etc/httpd/conf.d".
  #
  #
Line 6: Line 9:
</source>
</source>


<source lang="ini" highlight="5" start="259" line>
<source lang="apache" highlight="5" start="259" line>
  # ServerAdmin: Your address, where problems with the server should be
  # ServerAdmin: Your address, where problems with the server should be
  # e-mailed.  This address appears on some server-generated pages, such
  # e-mailed.  This address appears on some server-generated pages, such
Line 14: Line 17:
</source>
</source>


<source lang="ini" highlight="6" start="273" line>
<source lang="apache" highlight="6" start="273" line>
  # If your host doesn't have a registered DNS name, enter its IP address here.
  # If your host doesn't have a registered DNS name, enter its IP address here.
  # You will have to access it by its address anyway, and this will make
  # You will have to access it by its address anyway, and this will make
Line 23: Line 26:
</source>
</source>


<source lang="ini" highlight="5,6" start="605" line>
<source lang="apache" highlight="5,6" start="605" line>
  # IndexOptions: Controls the appearance of server-generated directory
  # IndexOptions: Controls the appearance of server-generated directory
  # listings.
  # listings.
Line 32: Line 35:
</source>
</source>


<source lang="ini" highlight="6,7" start="662" line>
<source lang="apache" highlight="6,7" start="662" line>
  # ReadmeName is the name of the README file the server will look for by
  # ReadmeName is the name of the README file the server will look for by
  # default, and append to directory listings.
  # default, and append to directory listings.
Line 42: Line 45:
</source>
</source>


<source lang="ini" highlight="3" start="991" line>
<source lang="apache" highlight="3" start="991" line>
  # Use name-based virtual hosting.
  # Use name-based virtual hosting.
  #
  #
  NameVirtualHost *:80
  NameVirtualHost *:80
</source>
===Directory Tree===
{|
| valign="top" |
<source lang="bash">
cd /var/www/;p='bgd jwt';for s in $p;\
    do d='html docs soft';for f in $d;\
        do mkdir -p "$s.medisys.com.my/$f";\
    done;
done
</source>
| valign="top" |
<source lang="bash">
apachectl -t
service httpd status
service httpd reload
service httpd restart
yum -y install httpd mod_ssl
</source>
| valign="top" |
<source lang="bash">
cd /opt/;git clone https://github.com/certbot/certbot.git
cd /usr/local/bin/;ln -s /opt/certbot/certbot-auto certbot
ln -s /opt/certbot/letsencrypt-auto letsencrypt
letsencrypt renew
certbot renew
</source>
|}
==HTTP==
===bgd.medisys.com.my.conf===
<code>vim /etc/httpd/conf.sites.d/00-bgd.medisys.com.my.conf</code>
<source lang="apache" highlight="2-4,6-11,13-18,20,28,46,54,62,70,78,86,94,102,110,118,126,131-133" line>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    ServerAlias bgd.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.bgd.medisys.com.my
    DocumentRoot /var/www/bgd.medisys.com.my/html
    ErrorLog /var/www/bgd.medisys.com.my/error.log
    CustomLog /var/www/bgd.medisys.com.my/requests.log combined
    <Directory "/var/www/bgd.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
    Alias /docs "/var/www/bgd.medisys.com.my/docs/"
    <Directory "/var/www/bgd.medisys.com.my/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
    Alias /soft "/var/www/bgd.medisys.com.my/soft/"
    <Directory "/var/www/bgd.medisys.com.my/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 202.187
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        Allow from 180.234.6.104
    </Directory>
    # proxy for amqp
    <Location /amqp>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8010/amqp nocanon
        ProxyPassReverse http://localhost:8010/amqp
    </Location>
    # proxy for boot
    <Location /boot>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8080/boot nocanon
        ProxyPassReverse http://localhost:8080/boot
    </Location>
    # proxy for fhir
    <Location /fhir>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8018/fhir nocanon
        ProxyPassReverse http://localhost:8018/fhir
    </Location>
    # proxy for itis
    <Location /itis>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8014/itis nocanon
        ProxyPassReverse http://localhost:8014/itis
    </Location>
    # proxy for labs
    <Location /labs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8013/labs nocanon
        ProxyPassReverse http://localhost:8013/labs
    </Location>
    # proxy for xlab
    <Location /xlab>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8016/xlab nocanon
        ProxyPassReverse http://localhost:8016/xlab
    </Location>
    # proxy for forms
    <Location /forms>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.18:9001/forms nocanon
        ProxyPassReverse http://202.40.189.18:9001/forms
    </Location>
    # proxy for reports
    <Location /reports>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.18:9001/reports nocanon
        ProxyPassReverse http://202.40.189.18:9001/reports
    </Location>
    # proxy for patient/affairs
    <Location /patient/affairs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9090/patient/affairs nocanon
        ProxyPassReverse http://localhost:9090/patient/affairs
    </Location>
    # proxy for dev/patient/affairs
    <Location /dev/patient/affairs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9090/dev/patient/affairs nocanon
        ProxyPassReverse http://localhost:9090/dev/patient/affairs
    </Location>
    RewriteEngine on
    #RewriteCond %{SERVER_NAME} =bgd.medisys.com.my [OR]
    #RewriteCond %{SERVER_NAME} =www.bgd.medisys.com.my
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    RewriteCond %{HTTP_HOST} =202.40.189.20 [OR]
    RewriteCond %{HTTP_HOST} =100.43.0.70
    RewriteRule ^ http://bgd.medisys.com.my%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
</source>
===jwt.medisys.com.my.conf===
<code>vim /etc/httpd/conf.sites.d/00-jwt.medisys.com.my.conf</code>
<source lang="apache" highlight="2-4,6-11,13-18,20,28,46,54-57" line>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off
    ServerAlias jwt.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.jwt.medisys.com.my
    DocumentRoot /var/www/jwt.medisys.com.my/html
    ErrorLog /var/www/jwt.medisys.com.my/error.log
    CustomLog /var/www/jwt.medisys.com.my/requests.log combined
    <Directory "/var/www/jwt.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
    Alias /docs "/var/www/jwt.medisys.com.my/docs/"
    <Directory "/var/www/jwt.medisys.com.my/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
    Alias /soft "/var/www/jwt.medisys.com.my/soft/"
    <Directory "/var/www/jwt.medisys.com.my/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 202.187
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        Allow from 180.234.6.104
    </Directory>
    # proxy for social
    <Location /social>
        Order Allow,Deny
        Allow from all
        ProxyPass http://100.43.0.40:9090/social nocanon
        ProxyPassReverse http://100.43.0.40:9090/social
    </Location>
    #RewriteEngine on
    #RewriteCond %{SERVER_NAME} =jwt.medisys.com.my [OR]
    #RewriteCond %{SERVER_NAME} =www.jwt.medisys.com.my
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
</source>
<source lang="bash">
cd /opt/cli/python; mkdir /opt/cli/python
python3.6 -m venv venv_3.6; cd /opt/certbot
source /opt/cli/python/venv_3.6/bin/activate
certbot-auto
deactivate
</source>
</source>


==References==
==References==
* [https://httpd.apache.org/docs/2.2/vhosts/name-based.html Name-based Virtual Host Support]
* [https://httpd.apache.org/docs/2.2/vhosts/name-based.html Name-based Virtual Host Support]

Latest revision as of 09:48, 16 November 2019

Apache

httpd.conf

vim /etc/httpd/conf/httpd.conf

 # Load config files from the config directory "/etc/httpd/conf.d".
 #
 Include conf.d/*.conf
 Include conf.sites.d/*.conf
 # ServerAdmin: Your address, where problems with the server should be
 # e-mailed.  This address appears on some server-generated pages, such
 # as error documents.  e.g. [email protected]
 #
 ServerAdmin [email protected]
 # If your host doesn't have a registered DNS name, enter its IP address here.
 # You will have to access it by its address anyway, and this will make
 # redirections work in a sensible way.
 #
 #ServerName www.example.com:80
 ServerName bgd.medisys.com.my:80
 # IndexOptions: Controls the appearance of server-generated directory
 # listings.
 #
 #IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
 IndexOptions FancyIndexing VersionSort SuppressDescription FoldersFirst XHTML HTMLTable NameWidth=* IgnoreCase SuppressRules
 IndexStyleSheet "/icons/style.css"
 # ReadmeName is the name of the README file the server will look for by
 # default, and append to directory listings.
 #
 # HeaderName is the name of a file which should be prepended to
 # directory indexes.
 ReadmeName /icons/README.html
 HeaderName HEADER.html
 # Use name-based virtual hosting.
 #
 NameVirtualHost *:80

Directory Tree

cd /var/www/;p='bgd jwt';for s in $p;\
    do d='html docs soft';for f in $d;\
        do mkdir -p "$s.medisys.com.my/$f";\
    done;
done
apachectl -t
service httpd status
service httpd reload
service httpd restart
yum -y install httpd mod_ssl
cd /opt/;git clone https://github.com/certbot/certbot.git
cd /usr/local/bin/;ln -s /opt/certbot/certbot-auto certbot
ln -s /opt/certbot/letsencrypt-auto letsencrypt
letsencrypt renew
certbot renew

HTTP

bgd.medisys.com.my.conf

vim /etc/httpd/conf.sites.d/00-bgd.medisys.com.my.conf

<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias bgd.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.bgd.medisys.com.my
    DocumentRoot /var/www/bgd.medisys.com.my/html
    ErrorLog /var/www/bgd.medisys.com.my/error.log
    CustomLog /var/www/bgd.medisys.com.my/requests.log combined

    <Directory "/var/www/bgd.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/www/bgd.medisys.com.my/docs/"
    <Directory "/var/www/bgd.medisys.com.my/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    Alias /soft "/var/www/bgd.medisys.com.my/soft/"
    <Directory "/var/www/bgd.medisys.com.my/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 202.187
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        Allow from 180.234.6.104
    </Directory>

    # proxy for amqp
    <Location /amqp>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8010/amqp nocanon
        ProxyPassReverse http://localhost:8010/amqp
    </Location>

    # proxy for boot
    <Location /boot>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8080/boot nocanon
        ProxyPassReverse http://localhost:8080/boot
    </Location>

    # proxy for fhir
    <Location /fhir>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8018/fhir nocanon
        ProxyPassReverse http://localhost:8018/fhir
    </Location>

    # proxy for itis
    <Location /itis>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8014/itis nocanon
        ProxyPassReverse http://localhost:8014/itis
    </Location>

    # proxy for labs
    <Location /labs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8013/labs nocanon
        ProxyPassReverse http://localhost:8013/labs
    </Location>

    # proxy for xlab
    <Location /xlab>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8016/xlab nocanon
        ProxyPassReverse http://localhost:8016/xlab
    </Location>

    # proxy for forms
    <Location /forms>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.18:9001/forms nocanon
        ProxyPassReverse http://202.40.189.18:9001/forms
    </Location>

    # proxy for reports
    <Location /reports>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.18:9001/reports nocanon
        ProxyPassReverse http://202.40.189.18:9001/reports
    </Location>

    # proxy for patient/affairs
    <Location /patient/affairs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9090/patient/affairs nocanon
        ProxyPassReverse http://localhost:9090/patient/affairs
    </Location>

    # proxy for dev/patient/affairs
    <Location /dev/patient/affairs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9090/dev/patient/affairs nocanon
        ProxyPassReverse http://localhost:9090/dev/patient/affairs
    </Location>

    RewriteEngine on
    #RewriteCond %{SERVER_NAME} =bgd.medisys.com.my [OR]
    #RewriteCond %{SERVER_NAME} =www.bgd.medisys.com.my
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

    RewriteCond %{HTTP_HOST} =202.40.189.20 [OR]
    RewriteCond %{HTTP_HOST} =100.43.0.70
    RewriteRule ^ http://bgd.medisys.com.my%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>

jwt.medisys.com.my.conf

vim /etc/httpd/conf.sites.d/00-jwt.medisys.com.my.conf

<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias jwt.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.jwt.medisys.com.my
    DocumentRoot /var/www/jwt.medisys.com.my/html
    ErrorLog /var/www/jwt.medisys.com.my/error.log
    CustomLog /var/www/jwt.medisys.com.my/requests.log combined

    <Directory "/var/www/jwt.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/www/jwt.medisys.com.my/docs/"
    <Directory "/var/www/jwt.medisys.com.my/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    Alias /soft "/var/www/jwt.medisys.com.my/soft/"
    <Directory "/var/www/jwt.medisys.com.my/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 202.187
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        Allow from 180.234.6.104
    </Directory>

    # proxy for social
    <Location /social>
        Order Allow,Deny
        Allow from all
        ProxyPass http://100.43.0.40:9090/social nocanon
        ProxyPassReverse http://100.43.0.40:9090/social
    </Location>

    #RewriteEngine on
    #RewriteCond %{SERVER_NAME} =jwt.medisys.com.my [OR]
    #RewriteCond %{SERVER_NAME} =www.jwt.medisys.com.my
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
cd /opt/cli/python; mkdir /opt/cli/python
python3.6 -m venv venv_3.6; cd /opt/certbot
source /opt/cli/python/venv_3.6/bin/activate
certbot-auto
deactivate

References