Apache HTTP Server: Difference between revisions
Line 92: | Line 92: | ||
RewriteRule /(.*) ws://192.168.1.99/$1 [P,L] | RewriteRule /(.*) ws://192.168.1.99/$1 [P,L] | ||
RewriteCond %{HTTP:Upgrade} !=websocket | RewriteCond %{HTTP:Upgrade} !=websocket | ||
RewriteRule /(.*) http://192.168.1. | RewriteRule /(.*) http://192.168.1.99/$1 [P,L] | ||
ProxyPreserveHost On | ProxyPreserveHost On | ||
ProxyRequests Off | ProxyRequests Off |
Revision as of 15:36, 12 June 2020
VirtualHost
A basic virtualhost looks like this
<VirtualHost *:80> ServerName my_server.com ServerSignature Off DocumentRoot "/www/example2" </VirtualHost>
The following virtual host has an HTTPS redirect and uses an LetsEncrypt ssl certificate
# contents of /etc/apache2/sites-available/davidl.me <VirtualHost *:80> ServerName www.davidl.me ServerAlias davidl.me ServerSignature Off RewriteEngine on RewriteCond %{SERVER_NAME} =www.davidl.me [OR] RewriteCond %{SERVER_NAME} =davidl.me RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> ServerName www.davidl.me ServerAlias davidl.me ServerSignature Off ServerAdmin webmaster@localhost DocumentRoot /var/www/davidl_me/public ErrorLog ${APACHE_LOG_DIR}/davidlme_error.log CustomLog ${APACHE_LOG_DIR}/davidlme_access.log combined Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/www.davidl.me/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.davidl.me/privkey.pem </VirtualHost> </IfModule> <Directory /var/www/davidl_me/public> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory>
- Notes
- You can have multiple server aliases in one line:
- E.g.
ServerAlias cloud.davidl.me.local cloud.davidl.local
- E.g.
Compression
Redirects
Universal Redirect
RedirectMatch ^(.*)$ https://davidl.me/
HTTPS Redirect
<VirtualHost *:80> ServerName my_server.com ServerSignature Off RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost>
Proxying
mod_proxy documentation
mod_proxy_wstunnel documentation
General proxying to another server.
Note that this can be another service on the same machine (localhost), same network, or another network entirely.
This can be useful if you have a some entry point which handles HTTPS for another service on the same PC which does not handle HTTPS.
- Requirements
mod_proxy
mod_proxy_wstunnel
for websockets
RewriteEngine on RewriteCond %{HTTP:Upgrade} =websocket RewriteRule /(.*) ws://192.168.1.99/$1 [P,L] RewriteCond %{HTTP:Upgrade} !=websocket RewriteRule /(.*) http://192.168.1.99/$1 [P,L] ProxyPreserveHost On ProxyRequests Off ProxyPass / http://192.168.1.99:80/ ProxyPassReverse / http://192.168.1.99:80/ # Proxy websockets ProxyPass "/ws2/" "ws://echo.websocket.org/" ProxyPass "/wss2/" "wss://echo.websocket.org/"
- Notes
- If you're proxying to an https url (e.g.
https://192.168.1.40/
, you will need to addSSLProxyEngine on
- Furthermore, your https url will need to have a valid certificate for the domain you're proxying.
.htaccess
.htaccess
allows modifying selected Apache configurations on a per-folder basis.
To enable this feature, add AllowOverride All
to your apache.conf
for the directories you want to allow .htaccess files.
Headers
Enable mod_headers with sudo a2enmod headers
.
Then you can add headers to your virtualhost:
<VirtualHost *:80> #... # Prevents caching by search engines (Google) Header set X-Robots-Tag: noindex </VirtualHost>
Access Control
See Access Control.
See Require directivies.
Access restictions can be placed in .htaccess
files or config files.
They should always be placed within a directory or location element.
To only allow lan access on a specific virtualhost:
<VirtualHost *:80> #... <Location /> Require ip 192.168.1.1/24 </Location> </VirtualHost
Common restrictions:
Require all granted
andRequire all denied
Require local
localhost only
- Note
Allow
,Deny
, andOrder
are deprecated. They still work but you shouldn't add them to new code.