Virtual Host And Certbot in RHEL6

From Chorke Wiki
Jump to navigation Jump to search

Apache

httpd.conf

vim /etc/httpd/conf/httpd.conf

 # Load config files from the config directory "/etc/httpd/conf.d".
 #
 Include conf.d/*.conf
 Include conf.sites.d/*.conf
 # ServerAdmin: Your address, where problems with the server should be
 # e-mailed.  This address appears on some server-generated pages, such
 # as error documents.  e.g. [email protected]
 #
 ServerAdmin [email protected]
 # If your host doesn't have a registered DNS name, enter its IP address here.
 # You will have to access it by its address anyway, and this will make
 # redirections work in a sensible way.
 #
 #ServerName www.example.com:80
 ServerName bgd.medisys.com.my:80
 # IndexOptions: Controls the appearance of server-generated directory
 # listings.
 #
 #IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
 IndexOptions FancyIndexing VersionSort SuppressDescription FoldersFirst XHTML HTMLTable NameWidth=* IgnoreCase SuppressRules
 IndexStyleSheet "/icons/style.css"
 # ReadmeName is the name of the README file the server will look for by
 # default, and append to directory listings.
 #
 # HeaderName is the name of a file which should be prepended to
 # directory indexes.
 ReadmeName /icons/README.html
 HeaderName HEADER.html
 # Use name-based virtual hosting.
 #
 NameVirtualHost *:80

Directory Tree

cd /var/www/;p='bgd jwt';for s in $p;\
    do d='html docs soft';for f in $d;\
        do mkdir -p "$s.medisys.com.my/$f";\
    done;
done
apachectl -t
service httpd status
service httpd reload
service httpd restart
yum -y install httpd mod_ssl
cd /opt/;git clone https://github.com/certbot/certbot.git
cd /usr/local/bin/;ln -s /opt/certbot/certbot-auto certbot
ln -s /opt/certbot/letsencrypt-auto letsencrypt
letsencrypt renew
certbot renew

HTTP

bgd.medisys.com.my.conf

vim /etc/httpd/conf.sites.d/00-bgd.medisys.com.my.conf

<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias bgd.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.bgd.medisys.com.my
    DocumentRoot /var/www/bgd.medisys.com.my/html
    ErrorLog /var/www/bgd.medisys.com.my/error.log
    CustomLog /var/www/bgd.medisys.com.my/requests.log combined

    <Directory "/var/www/bgd.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/www/bgd.medisys.com.my/docs/"
    <Directory "/var/www/bgd.medisys.com.my/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    Alias /soft "/var/www/bgd.medisys.com.my/soft/"
    <Directory "/var/www/bgd.medisys.com.my/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 202.187
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        Allow from 180.234.6.104
    </Directory>

    # proxy for amqp
    <Location /amqp>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8010/amqp nocanon
        ProxyPassReverse http://localhost:8010/amqp
    </Location>

    # proxy for boot
    <Location /boot>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8080/boot nocanon
        ProxyPassReverse http://localhost:8080/boot
    </Location>

    # proxy for fhir
    <Location /fhir>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8018/fhir nocanon
        ProxyPassReverse http://localhost:8018/fhir
    </Location>

    # proxy for itis
    <Location /itis>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8014/itis nocanon
        ProxyPassReverse http://localhost:8014/itis
    </Location>

    # proxy for labs
    <Location /labs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8013/labs nocanon
        ProxyPassReverse http://localhost:8013/labs
    </Location>

    # proxy for xlab
    <Location /xlab>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:8016/xlab nocanon
        ProxyPassReverse http://localhost:8016/xlab
    </Location>

    # proxy for forms
    <Location /forms>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.18:9001/forms nocanon
        ProxyPassReverse http://202.40.189.18:9001/forms
    </Location>

    # proxy for reports
    <Location /reports>
        Order Allow,Deny
        Allow from all
        ProxyPass http://202.40.189.18:9001/reports nocanon
        ProxyPassReverse http://202.40.189.18:9001/reports
    </Location>

    # proxy for patient/affairs
    <Location /patient/affairs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9090/patient/affairs nocanon
        ProxyPassReverse http://localhost:9090/patient/affairs
    </Location>

    # proxy for dev/patient/affairs
    <Location /dev/patient/affairs>
        Order Allow,Deny
        Allow from all
        ProxyPass http://localhost:9090/dev/patient/affairs nocanon
        ProxyPassReverse http://localhost:9090/dev/patient/affairs
    </Location>

    RewriteEngine on
    #RewriteCond %{SERVER_NAME} =bgd.medisys.com.my [OR]
    #RewriteCond %{SERVER_NAME} =www.bgd.medisys.com.my
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

    RewriteCond %{HTTP_HOST} =202.40.189.20 [OR]
    RewriteCond %{HTTP_HOST} =100.43.0.70
    RewriteRule ^ http://bgd.medisys.com.my%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>

jwt.medisys.com.my.conf

vim /etc/httpd/conf.sites.d/00-jwt.medisys.com.my.conf

<VirtualHost *:80>
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes Off

    ServerAlias jwt.medisys.com.my
    ServerAdmin [email protected]
    ServerName www.jwt.medisys.com.my
    DocumentRoot /var/www/jwt.medisys.com.my/html
    ErrorLog /var/www/jwt.medisys.com.my/error.log
    CustomLog /var/www/jwt.medisys.com.my/requests.log combined

    <Directory "/var/www/jwt.medisys.com.my/html">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    Alias /docs "/var/www/jwt.medisys.com.my/docs/"
    <Directory "/var/www/jwt.medisys.com.my/docs">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    Alias /soft "/var/www/jwt.medisys.com.my/soft/"
    <Directory "/var/www/jwt.medisys.com.my/soft">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 202.187
        Allow from 127.0.0.1
        Allow from localhost
        Allow from 100.43.0
        Allow from 192.168.1
        Allow from 100.43.10
        Allow from 202.40.189
        Allow from 175.144.214
        Allow from 180.234.6.104
    </Directory>

    # proxy for social
    <Location /social>
        Order Allow,Deny
        Allow from all
        ProxyPass http://100.43.0.40:9090/social nocanon
        ProxyPassReverse http://100.43.0.40:9090/social
    </Location>

    #RewriteEngine on
    #RewriteCond %{SERVER_NAME} =jwt.medisys.com.my [OR]
    #RewriteCond %{SERVER_NAME} =www.jwt.medisys.com.my
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
cd /opt/cli/python; mkdir /opt/cli/python
python3.6 -m venv venv_3.6; cd /opt/certbot
source /opt/cli/python/venv_3.6/bin/activate
certbot-auto
deactivate

References