Jump to content

Apache HTTP Server

From David's Wiki
Revision as of 14:51, 26 May 2020 by David (talk | contribs)
\( \newcommand{\P}[]{\unicode{xB6}} \newcommand{\AA}[]{\unicode{x212B}} \newcommand{\empty}[]{\emptyset} \newcommand{\O}[]{\emptyset} \newcommand{\Alpha}[]{Α} \newcommand{\Beta}[]{Β} \newcommand{\Epsilon}[]{Ε} \newcommand{\Iota}[]{Ι} \newcommand{\Kappa}[]{Κ} \newcommand{\Rho}[]{Ρ} \newcommand{\Tau}[]{Τ} \newcommand{\Zeta}[]{Ζ} \newcommand{\Mu}[]{\unicode{x039C}} \newcommand{\Chi}[]{Χ} \newcommand{\Eta}[]{\unicode{x0397}} \newcommand{\Nu}[]{\unicode{x039D}} \newcommand{\Omicron}[]{\unicode{x039F}} \DeclareMathOperator{\sgn}{sgn} \def\oiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x222F}\,}{\unicode{x222F}}{\unicode{x222F}}{\unicode{x222F}}}\,}\nolimits} \def\oiiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x2230}\,}{\unicode{x2230}}{\unicode{x2230}}{\unicode{x2230}}}\,}\nolimits} \)

VirtualHost

A basic virtualhost looks like this 

<VirtualHost *:80>
  ServerName my_server.com
  ServerSignature Off
  DocumentRoot "/www/example2"
</VirtualHost>
Full VirtualHost

The following virtual host has an HTTPS redirect and uses an LetsEncrypt ssl certificate 

# contents of /etc/apache2/sites-available/davidl.me
<VirtualHost *:80>
  ServerName www.davidl.me
  ServerAlias davidl.me
  ServerSignature Off

  RewriteEngine on
  RewriteCond %{SERVER_NAME} =www.davidl.me [OR]
  RewriteCond %{SERVER_NAME} =davidl.me
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName www.davidl.me
  ServerAlias davidl.me
  ServerSignature Off

  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/davidl_me/public

  ErrorLog ${APACHE_LOG_DIR}/davidlme_error.log
  CustomLog ${APACHE_LOG_DIR}/davidlme_access.log combined

  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateFile /etc/letsencrypt/live/www.davidl.me/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/www.davidl.me/privkey.pem
</VirtualHost>
</IfModule>

<Directory /var/www/davidl_me/public>
	Options Indexes FollowSymLinks
	AllowOverride All
	Require all granted
</Directory>

Compression

Redirects

Universal Redirect

RedirectMatch ^(.*)$ https://davidl.me/

HTTPS Redirect

<VirtualHost *:80>
  ServerName my_server.com
  ServerSignature Off

  RewriteEngine on
  RewriteCond %{HTTPS} !=on
  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Proxying

mod_proxy documentation
mod_proxy_wstunnel documentation
General proxying to another server.
Note that this can be another service on the same machine (localhost), same network, or another network entirely.
This can be useful if you have a some entry point which handles HTTPS for another service on the same PC which does not handle HTTPS.

Requirements
  • mod_proxy
  • mod_proxy_wstunnel for websockets
  RewriteEngine on
  RewriteCond %{HTTP:Upgrade} =websocket
  RewriteRule /(.*)     ws://192.168.1.99/$1  [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket
  RewriteRule /(.*)     http://192.168.1.40:99/$1 [P,L]
  ProxyPreserveHost On
  ProxyRequests Off
  ProxyPass / http://192.168.1.99:80/
  ProxyPassReverse / http://192.168.1.99:80/

  # Proxy websockets
  ProxyPass "/ws2/"  "ws://echo.websocket.org/"
  ProxyPass "/wss2/" "wss://echo.websocket.org/"

.htaccess

.htaccess allows modifying selected Apache configurations on a per-folder basis.
To enable this feature, add AllowOverride All to your apache.conf for the directories you want to allow .htaccess files.


Headers

Enable mod_headers with

Retrieved from "https://wiki.davidl.me/index.php?title=Apache_HTTP_Server&oldid=3402"