Virtual Host And Certbot in RHEL7: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(18 intermediate revisions by the same user not shown)
Line 1: Line 1:
==httpd.conf==
==Apache==
===httpd.conf===
<code>vim /etc/httpd/conf/httpd.conf</code>
<code>vim /etc/httpd/conf/httpd.conf</code>
<source lang="ini" highlight="5" start="82" line>
<source lang="apache" highlight="5" start="82" line>
# ServerAdmin: Your address, where problems with the server should be
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# e-mailed.  This address appears on some server-generated pages, such
Line 9: Line 10:
</source>  
</source>  


<source lang="ini" highlight="4,5,7" start="352" line>
<source lang="apache" highlight="4,5,7" start="352" line>
# Supplemental configuration
# Supplemental configuration
#
#
Line 19: Line 20:
</source>
</source>


===Directory Tree===
{|
{|
| valign="top" |
| valign="top" |
Line 56: Line 58:
{|
{|
| valign="top" |
| valign="top" |
<source lang="ini">
<source lang="apache">
;vim /ihe/var/www/api.medisys.com.my/html/.htaccess
#vim /ihe/var/www/api.medisys.com.my/html/.htaccess
RewriteEngine on
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTPS} off
Line 97: Line 99:
===api.medisys.com.my.conf===
===api.medisys.com.my.conf===
<code>vim /etc/httpd/conf.sites.d/01-api.medisys.com.my.conf</code>
<code>vim /etc/httpd/conf.sites.d/01-api.medisys.com.my.conf</code>
<source lang="ini" highlight="2-4,6,8,9,13-16,18-24,27-32,34-37" line>
<source lang="apache" highlight="2-4,6,8,9,13-16,18-24,27-32,34-37" line>
<VirtualHost *:80>
<VirtualHost *:80>
     ProxyRequests Off
     ProxyRequests Off
Line 140: Line 142:
===cdn.medisys.com.my.conf===
===cdn.medisys.com.my.conf===
<code>vim /etc/httpd/conf.sites.d/00-cdn.rufaida.com.my.conf</code>
<code>vim /etc/httpd/conf.sites.d/00-cdn.rufaida.com.my.conf</code>
<source lang="ini" highlight="2-4,6,8,9,13-16,18-24,26-29,31-33" line>
<source lang="apache" highlight="2-4,6,8,9,13-16,18-24,34-37,39-41" line>
<VirtualHost *:80>
<VirtualHost *:80>
     ProxyRequests Off
     ProxyRequests Off
Line 165: Line 167:
         Allow from all
         Allow from all
     </Directory>
     </Directory>
    # proxy for gitlab
    <Location /gitlab>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9050/gitlab nocanon
        ProxyPassReverse http://localhost:9050/gitlab
    </Location>


     RewriteEngine on
     RewriteEngine on
Line 179: Line 189:
===dev.medisys.com.my.conf===
===dev.medisys.com.my.conf===
<code>vim /etc/httpd/conf.sites.d/00-dev.rufaida.com.my.conf</code>
<code>vim /etc/httpd/conf.sites.d/00-dev.rufaida.com.my.conf</code>
<source lang="ini" highlight="2-4,6,8,9,13-16,18-24,26-29" line>
<source lang="apache" highlight="2-4,6,8,9,13-16,18-24,26-29" line>
<VirtualHost *:80>
<VirtualHost *:80>
     ProxyRequests Off
     ProxyRequests Off
Line 214: Line 224:
===hl7.medisys.com.my.conf===
===hl7.medisys.com.my.conf===
<code>vim /etc/httpd/conf.sites.d/00-hl7.rufaida.com.my.conf</code>
<code>vim /etc/httpd/conf.sites.d/00-hl7.rufaida.com.my.conf</code>
<source lang="ini" highlight="2-4,6,8,9,13-16,18-24,26-29" line>
<source lang="apache" highlight="2-4,6,8,9,13-16,18-24,26-29" line>
<VirtualHost *:80>
<VirtualHost *:80>
     ProxyRequests Off
     ProxyRequests Off
Line 249: Line 259:
===api.rufaida.com.my.conf===
===api.rufaida.com.my.conf===
<code>vim /etc/httpd/conf.sites.d/01-api.rufaida.com.my.conf</code>
<code>vim /etc/httpd/conf.sites.d/01-api.rufaida.com.my.conf</code>
<source lang="ini" highlight="2-4,6,8,9,13-16,18-24,27-32,34-37" line>
<source lang="apache" highlight="2-4,6,8,9,13-16,18-24,27-32,34-37" line>
<VirtualHost *:80>
<VirtualHost *:80>
     ProxyRequests Off
     ProxyRequests Off
Line 284: Line 294:


     #RewriteEngine on
     #RewriteEngine on
     #RewriteCond %{SERVER_NAME} =www.api.rufaia.com.my [OR]
     #RewriteCond %{SERVER_NAME} =www.api.rufaida.com.my [OR]
     #RewriteCond %{SERVER_NAME} =api.rufaida.com.my
     #RewriteCond %{SERVER_NAME} =api.rufaida.com.my
     #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
     #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Line 293: Line 303:
===api.medisys.com.my-le-ssl.conf===
===api.medisys.com.my-le-ssl.conf===
<code>vim /etc/httpd/conf.sites.d/01-api.medisys.com.my-le-ssl.conf</code>
<code>vim /etc/httpd/conf.sites.d/01-api.medisys.com.my-le-ssl.conf</code>
<source lang="ini" highlight="3-5,7,9,10,14-17,19-25,27-34,36-53,87-90" line>
<source lang="apache" highlight="3-5,7,9,10,14-17,19-25,27-34,36-53,87-90" line>
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 390: Line 400:
===cdn.medisys.com.my-le-ssl.conf===
===cdn.medisys.com.my-le-ssl.conf===
<code>vim /etc/httpd/conf.sites.d/00-cdn.medisys.com.my-le-ssl.conf</code>
<code>vim /etc/httpd/conf.sites.d/00-cdn.medisys.com.my-le-ssl.conf</code>
<source lang="ini" highlight="3-5,7,9,10,14-17,19-25,27-34,36-53,145-148" line>
<source lang="apache" highlight="3-6,8,10,11,15-18,20-26,28-35,37-54,172-175" line>
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
    SSLProxyEngine On
     ProxyRequests Off
     ProxyRequests Off
     ProxyPreserveHost On
     ProxyPreserveHost On
     AllowEncodedSlashes Off
     AllowEncodedSlashes On


     ServerAlias cdn.medisys.com.my
     ServerAlias cdn.medisys.com.my
Line 467: Line 478:
         ProxyPass http://localhost:8090/apex nocanon
         ProxyPass http://localhost:8090/apex nocanon
         ProxyPassReverse http://localhost:8090/apex
         ProxyPassReverse http://localhost:8090/apex
    </Location>
    # proxy for nexus
    <Location /nexus>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8081/nexus nocanon
        ProxyPassReverse http://localhost:8081/nexus
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 475: Line 495:
         ProxyPass http://localhost:9990/console nocanon
         ProxyPass http://localhost:9990/console nocanon
         ProxyPassReverse http://localhost:9990/console
         ProxyPassReverse http://localhost:9990/console
    </Location>
    # proxy for gitlab
    <Location /gitlab>
        Order Allow,Deny
        Allow from all
        ProxyPass https://localhost:4430/gitlab nocanon
        ProxyPassReverse https://localhost:4430/gitlab
     </Location>
     </Location>


Line 492: Line 520:
         ProxyPass http://localhost:8088/jenkins nocanon
         ProxyPass http://localhost:8088/jenkins nocanon
         ProxyPassReverse http://localhost:8088/jenkins
         ProxyPassReverse http://localhost:8088/jenkins
        RequestHeader set X-Forwarded-Proto "https"
     </Location>
     </Location>


Line 525: Line 554:
         ProxyPass http://localhost:9040/artifactory nocanon
         ProxyPass http://localhost:9040/artifactory nocanon
         ProxyPassReverse http://localhost:9040/artifactory
         ProxyPassReverse http://localhost:9040/artifactory
    </Location>
    # proxy for artifactory/ui
    <Location /ui>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9041/ui nocanon
        ProxyPassReverse http://localhost:9041/ui
     </Location>
     </Location>


Line 545: Line 582:
===dev.medisys.com.my-le-ssl.conf===
===dev.medisys.com.my-le-ssl.conf===
<code>vim /etc/httpd/conf.sites.d/00-dev.medisys.com.my-le-ssl.conf</code>
<code>vim /etc/httpd/conf.sites.d/00-dev.medisys.com.my-le-ssl.conf</code>
<source lang="ini" highlight="3-5,7,9,10,14-17,19-25,27-34,36-53,55-58" line>
<source lang="apache" highlight="3-5,7,9,10,14-17,19-25,27-34,36-53,55-58" line>
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 610: Line 647:
===hl7.medisys.com.my-le-ssl.conf===
===hl7.medisys.com.my-le-ssl.conf===
<code>vim /etc/httpd/conf.sites.d/00-hl7.medisys.com.my-le-ssl.conf</code>
<code>vim /etc/httpd/conf.sites.d/00-hl7.medisys.com.my-le-ssl.conf</code>
<source lang="ini" highlight="3-5,7,9,10,14-17,19-25,27-34,36-53,103-106" line>
<source lang="apache" highlight="3-5,7,9,10,14-17,19-25,27-34,36-53,103-106" line>
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 723: Line 760:
===api.rufaida.com.my-le-ssl.conf===
===api.rufaida.com.my-le-ssl.conf===
<code>vim /etc/httpd/conf.sites.d/01-api.rufaida.com.my-le-ssl.conf</code>
<code>vim /etc/httpd/conf.sites.d/01-api.rufaida.com.my-le-ssl.conf</code>
<source lang="ini" highlight="3-5,7,9,10,14-17,19-25,27-34,36-53,87-90" line>
<source lang="apache" highlight="3-5,7-9,11,13,14,18-21,23-29,31-38,40-57,91-94" line>
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
<VirtualHost *:443>
<VirtualHost *:443>
Line 729: Line 766:
     ProxyPreserveHost On
     ProxyPreserveHost On
     AllowEncodedSlashes Off
     AllowEncodedSlashes Off
    SSLProxyEngine On
    SSLProxyCheckPeerCN On
    SSLProxyCheckPeerExpire On


     ServerAlias api.rufaida.com.my
     ServerAlias api.rufaida.com.my
Line 817: Line 858:
</IfModule>
</IfModule>
</source>
</source>
==References==
* [https://serverfault.com/questions/167575  Multiple hostnames redirected to one]
* [https://httpd.apache.org/docs/2.4/vhosts/name-based.html Name-based Virtual Host Support]
* [https://serverfault.com/questions/84821 Apache ProxyPass with SSL]

Latest revision as of 20:45, 21 August 2020

Apache

httpd.conf

vim /etc/httpd/conf/httpd.conf

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. [email protected]
#
ServerAdmin [email protected]
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
IncludeOptional /ihe/etc/httpd/conf.sites.d/*.conf

ServerName 100.43.10.200

Directory Tree

# mkdir -p /etc/httpd/conf.sites.d/
# mkdir -p /var/www/


# create folder inside /ihe mount point
mkdir -p /ihe/etc/httpd/conf.sites.d/
mkdir -p /ihe/var/www
cd /ihe/var/www/;\
p='api cdn dev hl7';\
for s in $p;\
    do d='html docs soft';for f in $d;\
        do mkdir -p "$s.medisys.com.my/$f";\
    done;
done
cd /ihe/var/www/;\
p='api cdn dev hl7';\
for s in $p;\
    do d='html docs soft';for f in $d;\
        do mkdir -p "$s.rufaida.com.my/$f";\
    done;
done
#vim /ihe/var/www/api.medisys.com.my/html/.htaccess
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{SERVER_NAME} =api.medisys.com.my [OR]
RewriteCond %{SERVER_NAME} =www.api.medisys.com.my
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
f='html docs soft';\
for s in *.medisys.com.my;do for d in $f;do \
    h="<html>\n<head><title>$s/$d</title></head>\n";
    h="$h<body><h1>Welcome to, $s/$d</h1></body>\n</html>";
    echo -e "$h" >> "$s/$d/index.html";
done;done
f='html docs soft';\
for s in *.rufaida.com.my;do for d in $f;do \
    h="<html>\n<head><title>$s/$d</title></head>\n";
    h="$h<body><h1>Welcome to, $s/$d</h1></body>\n</html>";
    echo -e "$h" >> "$s/$d/index.html";
done;done
yum -y install httpd mod_ssl
cd /opt/;git clone https://github.com/certbot/certbot.git
cd /usr/local/bin/;ln -s /opt/certbot/certbot-auto certbot
ln -s /opt/certbot/letsencrypt-auto letsencrypt
letsencrypt     #letsencrypt renew
certbot         #certbot renew

HTTP

api.medisys.com.my.conf

vim /etc/httpd/conf.sites.d/01-api.medisys.com.my.conf

<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias api.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.api.medisys.com.my
    DocumentRoot /ihe/var/www/api.medisys.com.my/html
    ErrorLog /ihe/var/www/api.medisys.com.my/error.log
    CustomLog /ihe/var/www/api.medisys.com.my/requests.log combined

    <Directory "/ihe/var/www/api.medisys.com.my/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/ihe/var/www/api.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # proxy for forms
    <Location /forms>
        Order Allow,Deny
        Allow from all
        ProxyPass http://175.144.214.83:9001/forms nocanon
        ProxyPassReverse http://175.144.214.83:9001/forms
    </Location>

    #RewriteEngine on
    #RewriteCond %{SERVER_NAME} =api.medisys.com.my [OR]
    #RewriteCond %{SERVER_NAME} =www.api.medisys.com.my
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

cdn.medisys.com.my.conf

vim /etc/httpd/conf.sites.d/00-cdn.rufaida.com.my.conf

<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias cdn.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.cdn.medisys.com.my
    DocumentRoot /ihe/var/www/cdn.medisys.com.my/html
    ErrorLog /ihe/var/www/cdn.medisys.com.my/error.log
    CustomLog /ihe/var/www/cdn.medisys.com.my/requests.log combined

    <Directory "/ihe/var/www/cdn.medisys.com.my/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/ihe/var/www/cdn.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride ALL
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # proxy for gitlab
    <Location /gitlab>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9050/gitlab nocanon
        ProxyPassReverse http://localhost:9050/gitlab
    </Location>

    RewriteEngine on
    RewriteCond %{HTTP_HOST} =175.144.214.82 [OR]
    RewriteCond %{HTTP_HOST} =100.43.10.200
    RewriteRule ^ https://cdn.medisys.com.my%{REQUEST_URI} [END,NE,R=permanent]

    #RewriteCond %{SERVER_NAME} =cdn.medisys.com.my [OR]
    #RewriteCond %{SERVER_NAME} =www.cdn.medisys.com.my
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

dev.medisys.com.my.conf

vim /etc/httpd/conf.sites.d/00-dev.rufaida.com.my.conf

<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.dev.medisys.com.my
    DocumentRoot /ihe/var/www/dev.medisys.com.my/html
    ErrorLog /ihe/var/www/dev.medisys.com.my/error.log
    CustomLog /ihe/var/www/dev.medisys.com.my/requests.log combined

    <Directory "/ihe/var/www/dev.medisys.com.my/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/ihe/var/www/dev.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    #RewriteEngine on
    #RewriteCond %{SERVER_NAME} =dev.medisys.com.my [OR]
    #RewriteCond %{SERVER_NAME} =www.dev.medisys.com.my
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

hl7.medisys.com.my.conf

vim /etc/httpd/conf.sites.d/00-hl7.rufaida.com.my.conf

<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias hl7.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.hl7.medisys.com.my
    DocumentRoot /ihe/var/www/hl7.medisys.com.my/html
    ErrorLog /ihe/var/www/hl7.medisys.com.my/error.log
    CustomLog /ihe/var/www/hl7.medisys.com.my/requests.log combined

    <Directory "/ihe/var/www/hl7.medisys.com.my/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/ihe/var/www/hl7.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    #RewriteEngine on
    #RewriteCond %{SERVER_NAME} =www.hl7.medisys.com.my [OR]
    #RewriteCond %{SERVER_NAME} =hl7.medisys.com.my
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

api.rufaida.com.my.conf

vim /etc/httpd/conf.sites.d/01-api.rufaida.com.my.conf

<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias api.rufaida.com.my
    ServerAdmin [email protected]
    ServerName www.api.rufaia.com.my
    DocumentRoot /ihe/var/www/api.rufaida.com.my/html
    ErrorLog /ihe/var/www/api.rufaida.com.my/error.log
    CustomLog /ihe/var/www/api.rufaida.com.my/requests.log combined

    <Directory "/ihe/var/www/api.rufaida.com.my/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/ihe/var/www/api.rufaida.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # proxy for forms
    <Location /forms>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.18:9001/forms nocanon
        ProxyPassReverse http://202.40.189.18:9001/forms
    </Location>

    #RewriteEngine on
    #RewriteCond %{SERVER_NAME} =www.api.rufaida.com.my [OR]
    #RewriteCond %{SERVER_NAME} =api.rufaida.com.my
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

HTTPS

api.medisys.com.my-le-ssl.conf

vim /etc/httpd/conf.sites.d/01-api.medisys.com.my-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias api.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.api.medisys.com.my
    DocumentRoot /ihe/var/www/api.medisys.com.my/html
    ErrorLog /ihe/var/www/api.medisys.com.my/error.log
    CustomLog /ihe/var/www/api.medisys.com.my/requests.log combined

    <Directory "/ihe/var/www/api.medisys.com.my/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/ihe/var/www/api.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/ihe/var/www/api.medisys.com.my/docs/"
    <Directory "/ihe/var/www/api.medisys.com.my/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /soft "/ihe/var/www/api.medisys.com.my/soft/"
    <Directory "/ihe/var/www/api.medisys.com.my/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 202.187
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        Allow from 180.234.6.104
    </Directory>

    # proxy for social
    <Location /social>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.20/social nocanon
        ProxyPassReverse http://202.40.189.20/social
    </Location>

    # proxy for reports
    <Location /reports>
        Order Allow,Deny
        Allow from all
        ProxyPass http://175.144.214.83:9002/reports nocanon
        ProxyPassReverse http://175.144.214.83:9002/reports
    </Location>

    # proxy for patient/affairs
    <Location /patient/affairs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.20:9090/patient/affairs nocanon
        ProxyPassReverse http://202.40.189.20:9090/patient/affairs
    </Location>

    # proxy for dev/patient/affairs
    <Location /dev/patient/affairs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9090/dev/patient/affairs nocanon
        ProxyPassReverse http://localhost:9090/dev/patient/affairs
    </Location>

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/api.medisys.com.my/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/api.medisys.com.my/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/api.medisys.com.my/chain.pem
</VirtualHost>
</IfModule>

cdn.medisys.com.my-le-ssl.conf

vim /etc/httpd/conf.sites.d/00-cdn.medisys.com.my-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes On

    ServerAlias cdn.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.cdn.medisys.com.my
    DocumentRoot /ihe/var/www/cdn.medisys.com.my/html
    ErrorLog /ihe/var/www/cdn.medisys.com.my/error.log
    CustomLog /ihe/var/www/cdn.medisys.com.my/requests.log combined

    <Directory "/ihe/var/www/cdn.medisys.com.my/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/ihe/var/www/cdn.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride ALL
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /docs "/ihe/var/www/cdn.medisys.com.my/docs/"
    <Directory "/ihe/var/www/cdn.medisys.com.my/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/ihe/var/www/cdn.medisys.com.my/soft/"
    <Directory "/ihe/var/www/cdn.medisys.com.my/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 202.187
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        Allow from 180.234.6.104
    </Directory>

    # proxy for i
    <Location /i>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8090/i nocanon
        ProxyPassReverse http://localhost:8090/i
    </Location>

    # proxy for jira
    <Location /jira>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9010/jira nocanon
        ProxyPassReverse http://localhost:9010/jira
    </Location>

    # proxy for
    <Location /apex>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8090/apex nocanon
        ProxyPassReverse http://localhost:8090/apex
    </Location>

    # proxy for nexus
    <Location /nexus>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8081/nexus nocanon
        ProxyPassReverse http://localhost:8081/nexus
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for
    <Location /console>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9990/console nocanon
        ProxyPassReverse http://localhost:9990/console
    </Location>

    # proxy for gitlab
    <Location /gitlab>
        Order Allow,Deny
        Allow from all
        ProxyPass https://localhost:4430/gitlab nocanon
        ProxyPassReverse https://localhost:4430/gitlab
    </Location>

    # proxy for jenkins
    <Location /jenkins>
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 61.6
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        ProxyPass http://localhost:8088/jenkins nocanon
        ProxyPassReverse http://localhost:8088/jenkins
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for bitbucket
    <Location /bitbucket>
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 61.6
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        ProxyPass http://localhost:9020/bitbucket nocanon
        ProxyPassReverse http://localhost:9020/bitbucket
    </Location>

   # proxy for management
    <Location /management>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9990/management nocanon
        ProxyPassReverse http://localhost:9990/management
    </Location>

    # proxy for artifactory
    <Location /artifactory>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9040/artifactory nocanon
        ProxyPassReverse http://localhost:9040/artifactory
    </Location>

    # proxy for artifactory/ui
    <Location /ui>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9041/ui nocanon
        ProxyPassReverse http://localhost:9041/ui
    </Location>

   # proxy for phpldapadmin
    <Location /phpldapadmin>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9030/phpldapadmin nocanon
        ProxyPassReverse http://localhost:9030/phpldapadmin
    </Location>

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/cdn.medisys.com.my/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cdn.medisys.com.my/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/cdn.medisys.com.my/chain.pem
</VirtualHost>
</IfModule>

dev.medisys.com.my-le-ssl.conf

vim /etc/httpd/conf.sites.d/00-dev.medisys.com.my-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.dev.medisys.com.my
    DocumentRoot /ihe/var/www/dev.medisys.com.my/html
    ErrorLog /ihe/var/www/dev.medisys.com.my/error.log
    CustomLog /ihe/var/www/dev.medisys.com.my/requests.log combined

    <Directory "/ihe/var/www/dev.medisys.com.my/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/ihe/var/www/dev.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/ihe/var/www/dev.medisys.com.my/docs/"
    <Directory "/ihe/var/www/dev.medisys.com.my/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /soft "/ihe/var/www/dev.medisys.com.my/soft/"
    <Directory "/ihe/var/www/dev.medisys.com.my/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 202.187
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        Allow from 180.234.6.104
    </Directory>

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/dev.medisys.com.my/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/dev.medisys.com.my/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/dev.medisys.com.my/chain.pem
</VirtualHost>
</IfModule>

hl7.medisys.com.my-le-ssl.conf

vim /etc/httpd/conf.sites.d/00-hl7.medisys.com.my-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias hl7.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.hl7.medisys.com.my
    DocumentRoot /ihe/var/www/hl7.medisys.com.my/html
    ErrorLog /ihe/var/www/hl7.medisys.com.my/error.log
    CustomLog /ihe/var/www/hl7.medisys.com.my/requests.log combined

    <Directory "/ihe/var/www/hl7.medisys.com.my/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/ihe/var/www/hl7.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/ihe/var/www/hl7.medisys.com.my/docs/"
    <Directory "/ihe/var/www/hl7.medisys.com.my/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /soft "/ihe/var/www/hl7.medisys.com.my/soft/"
    <Directory "/ihe/var/www/hl7.medisys.com.my/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 202.187
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        Allow from 180.234.6.104
    </Directory>

    # proxy for amqp
    <Location /amqp>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8010/amqp nocanon
        ProxyPassReverse http://localhost:8010/amqp
    </Location>

    # proxy for boot
    <Location /boot>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8080/boot nocanon
        ProxyPassReverse http://localhost:8080/boot
    </Location>

    # proxy for fhir
    <Location /fhir>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8018/fhir nocanon
        ProxyPassReverse http://localhost:8018/fhir
    </Location>

    # proxy for itis
    <Location /itis>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8014/itis nocanon
        ProxyPassReverse http://localhost:8014/itis
    </Location>

    # proxy for labs
    <Location /labs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8013/labs nocanon
        ProxyPassReverse http://localhost:8013/labs
    </Location>

    # proxy for xlab
    <Location /xlab>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8016/xlab nocanon
        ProxyPassReverse http://localhost:8016/xlab
    </Location>

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/hl7.medisys.com.my/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/hl7.medisys.com.my/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/hl7.medisys.com.my/chain.pem
</VirtualHost>
</IfModule>

api.rufaida.com.my-le-ssl.conf

vim /etc/httpd/conf.sites.d/01-api.rufaida.com.my-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyCheckPeerCN On
    SSLProxyCheckPeerExpire On

    ServerAlias api.rufaida.com.my
    ServerAdmin [email protected]
    ServerName www.api.rufaia.com.my
    DocumentRoot /ihe/var/www/api.rufaida.com.my/html
    ErrorLog /ihe/var/www/api.rufaida.com.my/error.log
    CustomLog /ihe/var/www/api.rufaida.com.my/requests.log combined

    <Directory "/ihe/var/www/api.rufaida.com.my/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/ihe/var/www/api.rufaida.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/ihe/var/www/api.rufaida.com.my/docs/"
    <Directory "/ihe/var/www/api.rufaida.com.my/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /soft "/ihe/var/www/api.rufaida.com.my/soft/"
    <Directory "/ihe/var/www/api.rufaida.com.my/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 202.187
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        Allow from 180.234.6.104
    </Directory>

    # proxy for social
    <Location /social>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.20/social nocanon
        ProxyPassReverse http://202.40.189.20/social
    </Location>

    # proxy for reports
    <Location /reports>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.18:9001/reports nocanon
        ProxyPassReverse http://202.40.189.18:9001/reports
    </Location>

    # proxy for patient/affairs
    <Location /patient/affairs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.20:9090/patient/affairs nocanon
        ProxyPassReverse http://202.40.189.20:9090/patient/affairs
    </Location>

    # proxy for dev/patient/affairs
    <Location /dev/patient/affairs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9090/dev/patient/affairs nocanon
        ProxyPassReverse http://localhost:9090/dev/patient/affairs
    </Location>

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/api.rufaida.com.my/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/api.rufaida.com.my/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/api.rufaida.com.my/chain.pem
</VirtualHost>
</IfModule>

References