Virtual Host And Certbot in RHEL6: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(10 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==httpd.conf== | ==Apache== | ||
===httpd.conf=== | |||
<code>vim /etc/httpd/conf/httpd.conf</code> | <code>vim /etc/httpd/conf/httpd.conf</code> | ||
<source lang=" | <source lang="apache" highlight="4" start="219" line> | ||
# Load config files from the config directory "/etc/httpd/conf.d". | # Load config files from the config directory "/etc/httpd/conf.d". | ||
# | # | ||
Line 8: | Line 9: | ||
</source> | </source> | ||
<source lang=" | <source lang="apache" highlight="5" start="259" line> | ||
# ServerAdmin: Your address, where problems with the server should be | # ServerAdmin: Your address, where problems with the server should be | ||
# e-mailed. This address appears on some server-generated pages, such | # e-mailed. This address appears on some server-generated pages, such | ||
Line 16: | Line 17: | ||
</source> | </source> | ||
<source lang=" | <source lang="apache" highlight="6" start="273" line> | ||
# If your host doesn't have a registered DNS name, enter its IP address here. | # If your host doesn't have a registered DNS name, enter its IP address here. | ||
# You will have to access it by its address anyway, and this will make | # You will have to access it by its address anyway, and this will make | ||
Line 25: | Line 26: | ||
</source> | </source> | ||
<source lang=" | <source lang="apache" highlight="5,6" start="605" line> | ||
# IndexOptions: Controls the appearance of server-generated directory | # IndexOptions: Controls the appearance of server-generated directory | ||
# listings. | # listings. | ||
Line 34: | Line 35: | ||
</source> | </source> | ||
<source lang=" | <source lang="apache" highlight="6,7" start="662" line> | ||
# ReadmeName is the name of the README file the server will look for by | # ReadmeName is the name of the README file the server will look for by | ||
# default, and append to directory listings. | # default, and append to directory listings. | ||
Line 44: | Line 45: | ||
</source> | </source> | ||
<source lang=" | <source lang="apache" highlight="3" start="991" line> | ||
# Use name-based virtual hosting. | # Use name-based virtual hosting. | ||
# | # | ||
NameVirtualHost *:80 | NameVirtualHost *:80 | ||
</source> | |||
===Directory Tree=== | |||
{| | |||
| valign="top" | | |||
<source lang="bash"> | |||
cd /var/www/;p='bgd jwt';for s in $p;\ | |||
do d='html docs soft';for f in $d;\ | |||
do mkdir -p "$s.medisys.com.my/$f";\ | |||
done; | |||
done | |||
</source> | |||
| valign="top" | | |||
<source lang="bash"> | |||
apachectl -t | |||
service httpd status | |||
service httpd reload | |||
service httpd restart | |||
yum -y install httpd mod_ssl | |||
</source> | |||
| valign="top" | | |||
<source lang="bash"> | |||
cd /opt/;git clone https://github.com/certbot/certbot.git | |||
cd /usr/local/bin/;ln -s /opt/certbot/certbot-auto certbot | |||
ln -s /opt/certbot/letsencrypt-auto letsencrypt | |||
letsencrypt renew | |||
certbot renew | |||
</source> | |||
|} | |||
==HTTP== | |||
===bgd.medisys.com.my.conf=== | |||
<code>vim /etc/httpd/conf.sites.d/00-bgd.medisys.com.my.conf</code> | |||
<source lang="apache" highlight="2-4,6-11,13-18,20,28,46,54,62,70,78,86,94,102,110,118,126,131-133" line> | |||
<VirtualHost *:80> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias bgd.medisys.com.my | |||
ServerAdmin [email protected] | |||
ServerName www.bgd.medisys.com.my | |||
DocumentRoot /var/www/bgd.medisys.com.my/html | |||
ErrorLog /var/www/bgd.medisys.com.my/error.log | |||
CustomLog /var/www/bgd.medisys.com.my/requests.log combined | |||
<Directory "/var/www/bgd.medisys.com.my/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride None | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /docs "/var/www/bgd.medisys.com.my/docs/" | |||
<Directory "/var/www/bgd.medisys.com.my/docs"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride None | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /soft "/var/www/bgd.medisys.com.my/soft/" | |||
<Directory "/var/www/bgd.medisys.com.my/soft"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride None | |||
Order Deny,Allow | |||
Deny from all | |||
Allow from ::1 | |||
Allow from 202.187 | |||
Allow from 127.0.0.1 | |||
Allow from localhost | |||
Allow from 100.43.0 | |||
Allow from 192.168.1 | |||
Allow from 100.43.10 | |||
Allow from 202.40.189 | |||
Allow from 175.144.214 | |||
Allow from 180.234.6.104 | |||
</Directory> | |||
# proxy for amqp | |||
<Location /amqp> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://localhost:8010/amqp nocanon | |||
ProxyPassReverse http://localhost:8010/amqp | |||
</Location> | |||
# proxy for boot | |||
<Location /boot> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://localhost:8080/boot nocanon | |||
ProxyPassReverse http://localhost:8080/boot | |||
</Location> | |||
# proxy for fhir | |||
<Location /fhir> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://localhost:8018/fhir nocanon | |||
ProxyPassReverse http://localhost:8018/fhir | |||
</Location> | |||
# proxy for itis | |||
<Location /itis> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://localhost:8014/itis nocanon | |||
ProxyPassReverse http://localhost:8014/itis | |||
</Location> | |||
# proxy for labs | |||
<Location /labs> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://localhost:8013/labs nocanon | |||
ProxyPassReverse http://localhost:8013/labs | |||
</Location> | |||
# proxy for xlab | |||
<Location /xlab> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://localhost:8016/xlab nocanon | |||
ProxyPassReverse http://localhost:8016/xlab | |||
</Location> | |||
# proxy for forms | |||
<Location /forms> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://202.40.189.18:9001/forms nocanon | |||
ProxyPassReverse http://202.40.189.18:9001/forms | |||
</Location> | |||
# proxy for reports | |||
<Location /reports> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://202.40.189.18:9001/reports nocanon | |||
ProxyPassReverse http://202.40.189.18:9001/reports | |||
</Location> | |||
# proxy for patient/affairs | |||
<Location /patient/affairs> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://localhost:9090/patient/affairs nocanon | |||
ProxyPassReverse http://localhost:9090/patient/affairs | |||
</Location> | |||
# proxy for dev/patient/affairs | |||
<Location /dev/patient/affairs> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://localhost:9090/dev/patient/affairs nocanon | |||
ProxyPassReverse http://localhost:9090/dev/patient/affairs | |||
</Location> | |||
RewriteEngine on | |||
#RewriteCond %{SERVER_NAME} =bgd.medisys.com.my [OR] | |||
#RewriteCond %{SERVER_NAME} =www.bgd.medisys.com.my | |||
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |||
RewriteCond %{HTTP_HOST} =202.40.189.20 [OR] | |||
RewriteCond %{HTTP_HOST} =100.43.0.70 | |||
RewriteRule ^ http://bgd.medisys.com.my%{REQUEST_URI} [L,NE,R=301] | |||
</VirtualHost> | |||
</source> | |||
===jwt.medisys.com.my.conf=== | |||
<code>vim /etc/httpd/conf.sites.d/00-jwt.medisys.com.my.conf</code> | |||
<source lang="apache" highlight="2-4,6-11,13-18,20,28,46,54-57" line> | |||
<VirtualHost *:80> | |||
ProxyRequests Off | |||
ProxyPreserveHost On | |||
AllowEncodedSlashes Off | |||
ServerAlias jwt.medisys.com.my | |||
ServerAdmin [email protected] | |||
ServerName www.jwt.medisys.com.my | |||
DocumentRoot /var/www/jwt.medisys.com.my/html | |||
ErrorLog /var/www/jwt.medisys.com.my/error.log | |||
CustomLog /var/www/jwt.medisys.com.my/requests.log combined | |||
<Directory "/var/www/jwt.medisys.com.my/html"> | |||
Options Indexes FollowSymLinks | |||
AllowOverride None | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /docs "/var/www/jwt.medisys.com.my/docs/" | |||
<Directory "/var/www/jwt.medisys.com.my/docs"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride None | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /soft "/var/www/jwt.medisys.com.my/soft/" | |||
<Directory "/var/www/jwt.medisys.com.my/soft"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride None | |||
Order Deny,Allow | |||
Deny from all | |||
Allow from ::1 | |||
Allow from 202.187 | |||
Allow from 127.0.0.1 | |||
Allow from localhost | |||
Allow from 100.43.0 | |||
Allow from 192.168.1 | |||
Allow from 100.43.10 | |||
Allow from 202.40.189 | |||
Allow from 175.144.214 | |||
Allow from 180.234.6.104 | |||
</Directory> | |||
# proxy for social | |||
<Location /social> | |||
Order Allow,Deny | |||
Allow from all | |||
ProxyPass http://100.43.0.40:9090/social nocanon | |||
ProxyPassReverse http://100.43.0.40:9090/social | |||
</Location> | |||
#RewriteEngine on | |||
#RewriteCond %{SERVER_NAME} =jwt.medisys.com.my [OR] | |||
#RewriteCond %{SERVER_NAME} =www.jwt.medisys.com.my | |||
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=301] | |||
</VirtualHost> | |||
</source> | |||
<source lang="bash"> | |||
cd /opt/cli/python; mkdir /opt/cli/python | |||
python3.6 -m venv venv_3.6; cd /opt/certbot | |||
source /opt/cli/python/venv_3.6/bin/activate | |||
certbot-auto | |||
deactivate | |||
</source> | </source> | ||
==References== | ==References== | ||
* [https://httpd.apache.org/docs/2.2/vhosts/name-based.html Name-based Virtual Host Support] | * [https://httpd.apache.org/docs/2.2/vhosts/name-based.html Name-based Virtual Host Support] |
Latest revision as of 09:48, 16 November 2019
Apache
httpd.conf
vim /etc/httpd/conf/httpd.conf
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf
Include conf.sites.d/*.conf
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. [email protected]
#
ServerAdmin [email protected]
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
#ServerName www.example.com:80
ServerName bgd.medisys.com.my:80
# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
#IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
IndexOptions FancyIndexing VersionSort SuppressDescription FoldersFirst XHTML HTMLTable NameWidth=* IgnoreCase SuppressRules
IndexStyleSheet "/icons/style.css"
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName /icons/README.html
HeaderName HEADER.html
# Use name-based virtual hosting.
#
NameVirtualHost *:80
Directory Tree
cd /var/www/;p='bgd jwt';for s in $p;\
do d='html docs soft';for f in $d;\
do mkdir -p "$s.medisys.com.my/$f";\
done;
done
|
apachectl -t
service httpd status
service httpd reload
service httpd restart
yum -y install httpd mod_ssl
|
cd /opt/;git clone https://github.com/certbot/certbot.git
cd /usr/local/bin/;ln -s /opt/certbot/certbot-auto certbot
ln -s /opt/certbot/letsencrypt-auto letsencrypt
letsencrypt renew
certbot renew
|
HTTP
bgd.medisys.com.my.conf
vim /etc/httpd/conf.sites.d/00-bgd.medisys.com.my.conf
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias bgd.medisys.com.my
ServerAdmin [email protected]
ServerName www.bgd.medisys.com.my
DocumentRoot /var/www/bgd.medisys.com.my/html
ErrorLog /var/www/bgd.medisys.com.my/error.log
CustomLog /var/www/bgd.medisys.com.my/requests.log combined
<Directory "/var/www/bgd.medisys.com.my/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /docs "/var/www/bgd.medisys.com.my/docs/"
<Directory "/var/www/bgd.medisys.com.my/docs">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /soft "/var/www/bgd.medisys.com.my/soft/"
<Directory "/var/www/bgd.medisys.com.my/soft">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from all
Allow from ::1
Allow from 202.187
Allow from 127.0.0.1
Allow from localhost
Allow from 100.43.0
Allow from 192.168.1
Allow from 100.43.10
Allow from 202.40.189
Allow from 175.144.214
Allow from 180.234.6.104
</Directory>
# proxy for amqp
<Location /amqp>
Order Allow,Deny
Allow from all
ProxyPass http://localhost:8010/amqp nocanon
ProxyPassReverse http://localhost:8010/amqp
</Location>
# proxy for boot
<Location /boot>
Order Allow,Deny
Allow from all
ProxyPass http://localhost:8080/boot nocanon
ProxyPassReverse http://localhost:8080/boot
</Location>
# proxy for fhir
<Location /fhir>
Order Allow,Deny
Allow from all
ProxyPass http://localhost:8018/fhir nocanon
ProxyPassReverse http://localhost:8018/fhir
</Location>
# proxy for itis
<Location /itis>
Order Allow,Deny
Allow from all
ProxyPass http://localhost:8014/itis nocanon
ProxyPassReverse http://localhost:8014/itis
</Location>
# proxy for labs
<Location /labs>
Order Allow,Deny
Allow from all
ProxyPass http://localhost:8013/labs nocanon
ProxyPassReverse http://localhost:8013/labs
</Location>
# proxy for xlab
<Location /xlab>
Order Allow,Deny
Allow from all
ProxyPass http://localhost:8016/xlab nocanon
ProxyPassReverse http://localhost:8016/xlab
</Location>
# proxy for forms
<Location /forms>
Order Allow,Deny
Allow from all
ProxyPass http://202.40.189.18:9001/forms nocanon
ProxyPassReverse http://202.40.189.18:9001/forms
</Location>
# proxy for reports
<Location /reports>
Order Allow,Deny
Allow from all
ProxyPass http://202.40.189.18:9001/reports nocanon
ProxyPassReverse http://202.40.189.18:9001/reports
</Location>
# proxy for patient/affairs
<Location /patient/affairs>
Order Allow,Deny
Allow from all
ProxyPass http://localhost:9090/patient/affairs nocanon
ProxyPassReverse http://localhost:9090/patient/affairs
</Location>
# proxy for dev/patient/affairs
<Location /dev/patient/affairs>
Order Allow,Deny
Allow from all
ProxyPass http://localhost:9090/dev/patient/affairs nocanon
ProxyPassReverse http://localhost:9090/dev/patient/affairs
</Location>
RewriteEngine on
#RewriteCond %{SERVER_NAME} =bgd.medisys.com.my [OR]
#RewriteCond %{SERVER_NAME} =www.bgd.medisys.com.my
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{HTTP_HOST} =202.40.189.20 [OR]
RewriteCond %{HTTP_HOST} =100.43.0.70
RewriteRule ^ http://bgd.medisys.com.my%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
jwt.medisys.com.my.conf
vim /etc/httpd/conf.sites.d/00-jwt.medisys.com.my.conf
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes Off
ServerAlias jwt.medisys.com.my
ServerAdmin [email protected]
ServerName www.jwt.medisys.com.my
DocumentRoot /var/www/jwt.medisys.com.my/html
ErrorLog /var/www/jwt.medisys.com.my/error.log
CustomLog /var/www/jwt.medisys.com.my/requests.log combined
<Directory "/var/www/jwt.medisys.com.my/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /docs "/var/www/jwt.medisys.com.my/docs/"
<Directory "/var/www/jwt.medisys.com.my/docs">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /soft "/var/www/jwt.medisys.com.my/soft/"
<Directory "/var/www/jwt.medisys.com.my/soft">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from all
Allow from ::1
Allow from 202.187
Allow from 127.0.0.1
Allow from localhost
Allow from 100.43.0
Allow from 192.168.1
Allow from 100.43.10
Allow from 202.40.189
Allow from 175.144.214
Allow from 180.234.6.104
</Directory>
# proxy for social
<Location /social>
Order Allow,Deny
Allow from all
ProxyPass http://100.43.0.40:9090/social nocanon
ProxyPassReverse http://100.43.0.40:9090/social
</Location>
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =jwt.medisys.com.my [OR]
#RewriteCond %{SERVER_NAME} =www.jwt.medisys.com.my
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
cd /opt/cli/python; mkdir /opt/cli/python
python3.6 -m venv venv_3.6; cd /opt/certbot
source /opt/cli/python/venv_3.6/bin/activate
certbot-auto
deactivate