Apache HTTP Server: Difference between revisions

← Older edit

@@ Line 1: / Line 1: @@
+==VirtualHost==
+A basic virtualhost looks like this
+<pre>
+<VirtualHost *:80>
+  ServerName my_server.com
+  ServerSignature Off
+  DocumentRoot "/www/example2"
+</VirtualHost>
+</pre>
+{{hidden | Full VirtualHost |
+The following virtual host has an HTTPS redirect and uses an LetsEncrypt ssl certificate
+<pre>
+# contents of /etc/apache2/sites-available/davidl_me.conf
+<VirtualHost *:80>
+  ServerName www.davidl.me
+  ServerAlias davidl.me
+  ServerSignature Off
+  RewriteEngine on
+  RewriteCond %{HTTPS} !=on
+  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
+  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+</VirtualHost>
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+  ServerName www.davidl.me
+  ServerAlias davidl.me
+  ServerSignature Off
+  ServerAdmin webmaster@localhost
+  DocumentRoot /var/www/davidl_me/public
+  ErrorLog ${APACHE_LOG_DIR}/davidlme_error.log
+  CustomLog ${APACHE_LOG_DIR}/davidlme_access.log combined
+  Include /etc/letsencrypt/options-ssl-apache.conf
+  SSLCertificateFile /etc/letsencrypt/live/www.davidl.me/fullchain.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/www.davidl.me/privkey.pem
+</VirtualHost>
+</IfModule>
+<Directory /var/www/davidl_me/public>
+	Options Indexes FollowSymLinks
+	AllowOverride All
+	Require all granted
+</Directory>
+</pre>
+}}
+;Notes
+* You can have multiple server aliases in one line:
+*: E.g. <code>ServerAlias cloud.davidl.me.local cloud.davidl.local</code>
 ==Compression==
-==HTTPS Redirect==
+==Redirects==
+===Universal Redirect===
+<pre>
+RedirectMatch ^(.*)$ https://davidl.me/
+</pre>
+===HTTPS Redirect===
 <pre>
 <VirtualHost *:80>
@@ Line 25: / Line 88: @@
 * <code>mod_proxy_wstunnel</code> for websockets
 <pre>
+  RewriteEngine on
+  RewriteCond %{HTTP:Upgrade} =websocket
+  RewriteRule /(.*)     ws://192.168.1.99/$1  [P,L]
+  RewriteCond %{HTTP:Upgrade} !=websocket
+  RewriteRule /(.*)     http://192.168.1.99/$1 [P,L]
    ProxyPreserveHost On
    ProxyRequests Off
@@ Line 34: / Line 102: @@
    ProxyPass "/wss2/" "wss://echo.websocket.org/"
 </pre>
+;Notes
+* If you're proxying to an https url (e.g. <code>https://192.168.1.40/</code>, you will need to add <code>SSLProxyEngine on</code>
+** Furthermore, your https url will need to have a valid certificate for the domain you're proxying.
+==.htaccess==
+<code>.htaccess</code> allows modifying selected Apache configurations on a per-folder basis.<br>
+To enable this feature, add <code>AllowOverride All</code> to your <code>apache.conf</code> for the directories you want to allow .htaccess files.
+==Headers==
+Enable mod_headers with <code>sudo a2enmod headers</code>.
+Then you can add headers to your virtualhost:
+<pre>
+<VirtualHost *:80>
+  #...
+  # Prevents caching by search engines (Google)
+  Header set X-Robots-Tag: noindex
+</VirtualHost>
+</pre>
+==Access Control==
+See [https://httpd.apache.org/docs/2.4/howto/access.html Access Control].
+See [https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html Require directivies].
+Access restictions can be placed in <code>.htaccess</code> files or config files.
+They should always be placed within a directory or location element.
+To only allow lan access on a specific virtualhost:
+<pre>
+<VirtualHost *:80>
+  #...
+  <Location />
+    Require ip 192.168.1.1/24
+  </Location>
+</VirtualHost
+</pre>
+Common restrictions:
+* <code>Require all granted</code> and <code>Require all denied</code>
+* <code>Require local</code> localhost only
+;Note
+* <code>Allow</code>, <code>Deny</code>, and <code>Order</code> are deprecated. They still work but you shouldn't add them to new code.
+==HTTP2==
+[https://helgeklein.com/blog/2018/11/enabling-http-2-in-apache-on-ubuntu-18-04/ Guide]
+[https://tools.keycdn.com/http2-test Test website]