Virtual Host And Certbot in Raspbian 10

From Chorke Wiki
Jump to navigation Jump to search

Apache2

All Sites

# chorke.{org,com}
mkdir -p /etc/chorke/apache2/conf.sites.all.d
cd /etc/chorke/apache2/conf.sites.all.d

nano 00-dev.chorke.org.conf
nano 00-dev.chorke.org-le-ssl.conf

nano 01-api.chorke.org.conf
nano 01-api.chorke.org-le-ssl.conf

nano 01-ihe.chorke.org.conf
nano 01-ihe.chorke.org-le-ssl.conf

nano 02-dev.chorke.com.conf
nano 02-dev.chorke.com-le-ssl.conf

# shahed.biz
mkdir -p /etc/shahed/apache2/conf.sites.all.d
cd /etc/shahed/apache2/conf.sites.all.d

nano 03-dev.shahed.biz.conf
nano 03-dev.shahed.biz-le-ssl.conf

nano 03-vpn.shahed.biz.conf
nano 03-vpn.shahed.biz-le-ssl.conf

# chorke.org
mkdir -p /etc/chorke/apache2/conf.sites.all.d
cd /etc/chorke/apache2/conf.sites.all.d

nano 01-cid.chorke.org.conf
nano 01-cid.chorke.org-le-ssl.conf

nano 01-hub.chorke.org.conf
nano 01-hub.chorke.org-le-ssl.conf

nano 01-reg.chorke.org.conf
nano 01-reg.chorke.org-le-ssl.conf

Enabled Sites

# chorke.{org,com}
cd /etc/apache2/sites-enabled
ln -s /etc/chorke/apache2/conf.sites.all.d/00-dev.chorke.org.conf\
      /etc/apache2/sites-enabled/00-dev.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-api.chorke.org.conf\
      /etc/apache2/sites-enabled/01-api.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-ihe.chorke.org.conf\
      /etc/apache2/sites-enabled/01-ihe.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/02-dev.chorke.com.conf\
      /etc/apache2/sites-enabled/02-dev.chorke.com.conf

apache2ctl -t

# shahed.biz
cd /etc/apache2/sites-enabled
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz.conf\
      /etc/apache2/sites-enabled/03-dev.shahed.biz.conf

ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz.conf\
      /etc/apache2/sites-enabled/03-vpn.shahed.biz.conf

apache2ctl -t

# chorke.org
cd /etc/apache2/sites-enabled
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org.conf\
      /etc/apache2/sites-enabled/01-cid.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org.conf\
      /etc/apache2/sites-enabled/01-hub.chorke.org.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org.conf\
      /etc/apache2/sites-enabled/01-reg.chorke.org.conf

apache2ctl -t

Enabled HTTPS

# chorke.org
ln -s /etc/chorke/apache2/conf.sites.all.d/00-dev.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-api.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-ihe.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf

apache2ctl -t

# chorke.com
ln -s /etc/chorke/apache2/conf.sites.all.d/02-dev.chorke.com-le-ssl.conf\
      /etc/apache2/sites-enabled/02-dev.chorke.com-le-ssl.conf

apache2ctl -t

# shahed.biz
ln -s /etc/shahed/apache2/conf.sites.all.d/03-dev.shahed.biz-le-ssl.conf\
      /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf

ln -s /etc/shahed/apache2/conf.sites.all.d/03-vpn.shahed.biz-le-ssl.conf\
      /etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf

apache2ctl -t

# chorke.org
ln -s /etc/chorke/apache2/conf.sites.all.d/01-cid.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-hub.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf

ln -s /etc/chorke/apache2/conf.sites.all.d/01-reg.chorke.org-le-ssl.conf\
      /etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf

apache2ctl -t

Directory Tree

mkdir -p /var/chorke/www;\
cd /var/chorke/www/;p='api cid dev hub ihe reg';\
for s in $p;do d='html docs soft';\
    for f in $d;do w="$s.chorke.org/$f";\
        mkdir -p "$w";\
    done;
done
mkdir -p /var/chorke/www;\
cd /var/chorke/www/;p='dev';\
for s in $p;do d='html docs soft';\
    for f in $d;do w="$s.chorke.com/$f";\
        mkdir -p "$w";\
    done;
done
mkdir -p /var/shahed/www;\
cd /var/shahed/www/;p='dev vpn';\
for s in $p;do d='html docs soft';\
    for f in $d;do w="$s.shahed.biz/$f";\
        mkdir -p "$w";\
    done;
done

Acme Challenges

cd /var/chorke/www/;p='api cid dev hub ihe reg';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.chorke.org/html";\
    mkdir -p "$w/$a";\
done
cd /var/chorke/www/;p='dev';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.chorke.com/html";\
    mkdir -p "$w/$a";\
done
cd /var/shahed/www/;p='dev vpn';\
a='.well-known/acme-challenge';\
for s in $p;do w="$s.shahed.biz/html";\
    mkdir -p "$w/$a";\
done
#nano /var/chorke/www/api.chorke.org/html/.htaccess
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{SERVER_NAME} =api.chorke.org [OR]
RewriteCond %{SERVER_NAME} =www.api.chorke.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
f='html docs soft';\
for s in *.chorke.*;do for d in $f;do \
    h="<html>\n<head><title>$s/$d</title></head>\n";
    h="$h<body><h1>Welcome to, $s/$d</h1></body>\n</html>";
    echo -e "$h" >> "$s/$d/index.html";
done;done
f='html docs soft';\
for s in *.shahed.biz;do for d in $f;do \
    h="<html>\n<head><title>$s/$d</title></head>\n";
    h="$h<body><h1>Welcome to, $s/$d</h1></body>\n</html>";
    echo -e "$h" >> "$s/$d/index.html";
done;done
apt -y install apache2 mod_ssl; a2enmod ssl
cd /opt/;git clone https://github.com/certbot/certbot.git
cd /usr/local/bin/;ln -s /opt/certbot/certbot-auto certbot
ln -s /opt/certbot/letsencrypt-auto letsencrypt
letsencrypt     #letsencrypt renew
certbot         #certbot renew

HTTP

dev.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.org
    ServerName www.dev.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.org/html
    ErrorLog /var/chorke/www/dev.chorke.org/error.log
    CustomLog /var/chorke/www/dev.chorke.org/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for forms
    <Location /forms>
        Order Allow,Deny
        Allow from all
        ProxyPass http://175.144.214.83:9001/forms nocanon
        ProxyPassReverse http://175.144.214.83:9001/forms
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    RewriteEngine on
    RewriteCond %{HTTP_HOST} =10.19.83.100
    RewriteRule ^ https://dev.chorke.org%{REQUEST_URI} [END,NE,R=permanent]

#    RewriteCond %{SERVER_NAME} =dev.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.dev.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

api.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias api.chorke.org
    ServerName www.api.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/api.chorke.org/html
    ErrorLog /var/chorke/www/api.chorke.org/error.log
    CustomLog /var/chorke/www/api.chorke.org/requests.log combined

    <Directory "/var/chorke/www/api.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/api.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =api.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.api.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

cid.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias cid.chorke.org
    ServerName www.cid.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/cid.chorke.org/html
    ErrorLog /var/chorke/www/cid.chorke.org/error.log
    CustomLog /var/chorke/www/cid.chorke.org/requests.log combined

    <Directory "/var/chorke/www/cid.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/cid.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =cid.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.cid.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

hub.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias hub.chorke.org
    ServerName www.hub.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/hub.chorke.org/html
    ErrorLog /var/chorke/www/hub.chorke.org/error.log
    CustomLog /var/chorke/www/hub.chorke.org/requests.log combined

    <Directory "/var/chorke/www/hub.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/hub.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =hub.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.hub.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

ihe.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias ihe.chorke.org
    ServerName www.ihe.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/ihe.chorke.org/html
    ErrorLog /var/chorke/www/ihe.chorke.org/error.log
    CustomLog /var/chorke/www/ihe.chorke.org/requests.log combined

    <Directory "/var/chorke/www/ihe.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/ihe.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =ihe.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.ihe.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

reg.chorke.org.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias reg.chorke.org
    ServerName www.reg.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/reg.chorke.org/html
    ErrorLog /var/chorke/www/reg.chorke.org/error.log
    CustomLog /var/chorke/www/reg.chorke.org/requests.log combined

    <Directory "/var/chorke/www/reg.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/reg.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =reg.chorke.org [OR]
#    RewriteCond %{SERVER_NAME} =www.reg.chorke.org
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

dev.chorke.com.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.com
    ServerName www.dev.chorke.com
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.com/html
    ErrorLog /var/chorke/www/dev.chorke.com/error.log
    CustomLog /var/chorke/www/dev.chorke.com/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.com/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.com/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =dev.chorke.com [OR]
#    RewriteCond %{SERVER_NAME} =www.dev.chorke.com
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

dev.shahed.biz.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerName www.dev.shahed.biz
    ServerAdmin [email protected]
    ServerAlias dev.shahed.biz piw.dev.shahed.biz

    DocumentRoot /var/shahed/www/dev.shahed.biz/html
    ErrorLog /var/shahed/www/dev.shahed.biz/error.log
    CustomLog /var/shahed/www/dev.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/dev.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/dev.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for forms
    <Location /forms>
        Order Allow,Deny
        Allow from all
        ProxyPass http://175.144.214.83:9001/forms nocanon
        ProxyPassReverse http://175.144.214.83:9001/forms
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =pi00.dev.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =www.dev.shahed.biz
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

vpn.shahed.biz.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz.conf
<IfModule mod_proxy.c>
<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerName www.vpn.shahed.biz
    ServerAdmin [email protected]
    ServerAlias vpn.shahed.biz piw.vpn.shahed.biz

    DocumentRoot /var/shahed/www/vpn.shahed.biz/html
    ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
    CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/vpn.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/vpn.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

#    RewriteEngine on
#    RewriteCond %{SERVER_NAME} =vpn.shahed.biz [OR]
#    RewriteCond %{SERVER_NAME} =www.vpn.shahed.biz
#    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
EOF

HTTPS

dev.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.org-le-ssl.conf
IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.org
    ServerName www.dev.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.org/html
    ErrorLog /var/chorke/www/dev.chorke.org/error.log
    CustomLog /var/chorke/www/dev.chorke.org/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/dev.chorke.org/docs/"
    <Directory "/var/chorke/www/dev.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/dev.chorke.org/soft/"
    <Directory "/var/chorke/www/dev.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for ui.mob
    <Location /ui.mob>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.101/ui.mob nocanon
        ProxyPassReverse http://10.19.83.101/ui.mob
    </Location>

    #proxy for ui.web
    <Location /ui.web>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.101/ui.web nocanon
        ProxyPassReverse http://10.19.83.101/ui.web
    </Location>

    #proxy for report
    <Location /report>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.207/report nocanon
        ProxyPassReverse http://10.19.83.207/report
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/dev.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/dev.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

api.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-api.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias api.chorke.org
    ServerName www.api.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/api.chorke.org/html
    ErrorLog /var/chorke/www/api.chorke.org/error.log
    CustomLog /var/chorke/www/api.chorke.org/requests.log combined

    <Directory "/var/chorke/www/api.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/api.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/api.chorke.org/docs/"
    <Directory "/var/chorke/www/api.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/api.chorke.org/soft/"
    <Directory "/var/chorke/www/api.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # proxy for auth
    <Location /auth>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:9090/auth nocanon
        ProxyPassReverse http://10.19.83.110:9090/auth
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for ebis
    <Location /ebis>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8302/ebis nocanon
        ProxyPassReverse http://10.19.83.110:8302/ebis
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for init
    <Location /init>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8304/init nocanon
        ProxyPassReverse http://10.19.83.110:8304/init
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/api.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/api.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

cid.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-cid.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias cid.chorke.org
    ServerName www.cid.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/cid.chorke.org/html
    ErrorLog /var/chorke/www/cid.chorke.org/error.log
    CustomLog /var/chorke/www/cid.chorke.org/requests.log combined

    <Directory "/var/chorke/www/cid.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/cid.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/cid.chorke.org/docs/"
    <Directory "/var/chorke/www/cid.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/cid.chorke.org/soft/"
    <Directory "/var/chorke/www/cid.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # proxy for gitlab
    <Location /gitlab>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.206/gitlab nocanon
        ProxyPassReverse http://10.19.83.206/gitlab
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for nexus
    <Location /nexus>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8081/nexus nocanon
        ProxyPassReverse http://10.19.83.204:8081/nexus
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for jenkins
    <Location /jenkins>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8080/jenkins nocanon
        ProxyPassReverse http://10.19.83.204:8080/jenkins
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for artifactory
    <Location /artifactory>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8084/artifactory nocanon
        ProxyPassReverse http://10.19.83.204:8084/artifactory
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/cid.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cid.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

hub.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-hub.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias hub.chorke.org
    ServerName www.hub.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/hub.chorke.org/html
    ErrorLog /var/chorke/www/hub.chorke.org/error.log
    CustomLog /var/chorke/www/hub.chorke.org/requests.log combined

    <Directory "/var/chorke/www/hub.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/hub.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/hub.chorke.org/docs/"
    <Directory "/var/chorke/www/hub.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/hub.chorke.org/soft/"
    <Directory "/var/chorke/www/hub.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    <Location />
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8082/ nocanon
        ProxyPassReverse http://10.19.83.204:8082/
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/hub.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/hub.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

ihe.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-ihe.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias ihe.chorke.org
    ServerName www.ihe.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/ihe.chorke.org/html
    ErrorLog /var/chorke/www/ihe.chorke.org/error.log
    CustomLog /var/chorke/www/ihe.chorke.org/requests.log combined

    <Directory "/var/chorke/www/ihe.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/ihe.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/ihe.chorke.org/docs/"
    <Directory "/var/chorke/www/ihe.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/ihe.chorke.org/soft/"
    <Directory "/var/chorke/www/ihe.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for fhir
    <Location /fhir>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8303/fhir nocanon
        ProxyPassReverse http://10.19.83.110:8303/fhir
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/ihe.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/ihe.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

reg.chorke.org-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/01-reg.chorke.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerAlias reg.chorke.org
    ServerName www.reg.chorke.org
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/reg.chorke.org/html
    ErrorLog /var/chorke/www/reg.chorke.org/error.log
    CustomLog /var/chorke/www/reg.chorke.org/requests.log combined

    <Directory "/var/chorke/www/reg.chorke.org/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/reg.chorke.org/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/reg.chorke.org/docs/"
    <Directory "/var/chorke/www/reg.chorke.org/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/reg.chorke.org/soft/"
    <Directory "/var/chorke/www/reg.chorke.org/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    <Location />
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:8083/ nocanon
        ProxyPassReverse http://10.19.83.204:8083/
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/reg.chorke.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/reg.chorke.org/privkey.pem
</VirtualHost>
</IfModule>
EOF

dev.chorke.com-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/00-dev.chorke.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias dev.chorke.com
    ServerName www.dev.chorke.com
    ServerAdmin [email protected]

    DocumentRoot /var/chorke/www/dev.chorke.com/html
    ErrorLog /var/chorke/www/dev.chorke.com/error.log
    CustomLog /var/chorke/www/dev.chorke.com/requests.log combined

    <Directory "/var/chorke/www/dev.chorke.com/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/chorke/www/dev.chorke.com/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/chorke/www/dev.chorke.com/docs/"
    <Directory "/var/chorke/www/dev.chorke.com/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/chorke/www/dev.chorke.com/soft/"
    <Directory "/var/chorke/www/dev.chorke.com/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for ebis
    <Location /ebis>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.110:8302/ebis nocanon
        ProxyPassReverse http://10.19.83.110:8302/ebis
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/dev.chorke.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/dev.chorke.com/privkey.pem
</VirtualHost>
</IfModule>
EOF

dev.shahed.biz-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-dev.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerName www.dev.shahed.biz
    ServerAdmin [email protected]
    ServerAlias dev.shahed.biz piw.dev.shahed.biz

    DocumentRoot /var/shahed/www/dev.shahed.biz/html
    ErrorLog /var/shahed/www/dev.shahed.biz/error.log
    CustomLog /var/shahed/www/dev.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/dev.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/dev.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/shahed/www/dev.shahed.biz/docs/"
    <Directory "/var/shahed/www/dev.shahed.biz/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/shahed/www/dev.shahed.biz/soft/"
    <Directory "/var/shahed/www/dev.shahed.biz/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 10.8.0
        Allow from 10.19.83
        Allow from 10.20.13
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 202.40.189
        Allow from 175.144.214
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    #proxy for crawler
    <Location /crawler>
        Order Allow,Deny
        Allow from all
        ProxyPass http://10.19.83.204:1983/crawler nocanon
        ProxyPassReverse http://10.19.83.204:1983/crawler
        RequestHeader set X-Forwarded-Proto "https"
    </Location>

    # proxy for reports
    <Location /reports>
        Order Allow,Deny
        Allow from all
        ProxyPass http://175.144.214.83:9002/reports nocanon
        ProxyPassReverse http://175.144.214.83:9002/reports
    </Location>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/dev.shahed.biz/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/dev.shahed.biz/privkey.pem
</VirtualHost>
</IfModule>
EOF

vpn.shahed.biz-le-ssl.conf

cat <<EOF >> /etc/apache2/sites-enabled/03-vpn.shahed.biz-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProxyCheckPeerExpire Off

    ServerName www.vpn.shahed.biz
    ServerAdmin [email protected]
    ServerAlias vpn.shahed.biz piw.vpn.shahed.biz

    DocumentRoot /var/shahed/www/vpn.shahed.biz/html
    ErrorLog /var/shahed/www/vpn.shahed.biz/error.log
    CustomLog /var/shahed/www/vpn.shahed.biz/requests.log combined

    <Directory "/var/shahed/www/vpn.shahed.biz/">
        AllowOverride None
        Require all granted
    </Directory>

    <Directory "/var/shahed/www/vpn.shahed.biz/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/shahed/www/vpn.shahed.biz/docs/"
    <Directory "/var/shahed/www/vpn.shahed.biz/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /soft "/var/shahed/www/vpn.shahed.biz/soft/"
    <Directory "/var/shahed/www/vpn.shahed.biz/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        Order Allow,Deny
        Allow from all
    </Directory>

    <Proxy *>
        Order Allow,Deny
        Allow from all
        Deny from 10.9.8
    </Proxy>

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #ProxyVia Off

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/vpn.shahed.biz/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/vpn.shahed.biz/privkey.pem
</VirtualHost>
</IfModule>
EOF

References