Apache HTTP Server: Difference between revisions

From David's Wiki
Line 98: Line 98:
   ProxyPass "/wss2/" "wss://echo.websocket.org/"
   ProxyPass "/wss2/" "wss://echo.websocket.org/"
</pre>
</pre>
;Notes
* If you're proxying to an https url (e.g. <code>https://192.168.1.40/</code>, you will need to add <code>SSLProxyEngine on</code>
** Furthermore, your https url will need to have a valid certificate for the domain you're proxying.


==.htaccess==
==.htaccess==

Revision as of 15:36, 26 May 2020

VirtualHost

A basic virtualhost looks like this

<VirtualHost *:80>
  ServerName my_server.com
  ServerSignature Off
  DocumentRoot "/www/example2"
</VirtualHost>
Full VirtualHost

The following virtual host has an HTTPS redirect and uses an LetsEncrypt ssl certificate

# contents of /etc/apache2/sites-available/davidl.me
<VirtualHost *:80>
  ServerName www.davidl.me
  ServerAlias davidl.me
  ServerSignature Off

  RewriteEngine on
  RewriteCond %{SERVER_NAME} =www.davidl.me [OR]
  RewriteCond %{SERVER_NAME} =davidl.me
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName www.davidl.me
  ServerAlias davidl.me
  ServerSignature Off

  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/davidl_me/public

  ErrorLog ${APACHE_LOG_DIR}/davidlme_error.log
  CustomLog ${APACHE_LOG_DIR}/davidlme_access.log combined

  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateFile /etc/letsencrypt/live/www.davidl.me/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/www.davidl.me/privkey.pem
</VirtualHost>
</IfModule>

<Directory /var/www/davidl_me/public>
	Options Indexes FollowSymLinks
	AllowOverride All
	Require all granted
</Directory>

Compression

Redirects

Universal Redirect

RedirectMatch ^(.*)$ https://davidl.me/

HTTPS Redirect

<VirtualHost *:80>
  ServerName my_server.com
  ServerSignature Off

  RewriteEngine on
  RewriteCond %{HTTPS} !=on
  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Proxying

mod_proxy documentation
mod_proxy_wstunnel documentation
General proxying to another server.
Note that this can be another service on the same machine (localhost), same network, or another network entirely.
This can be useful if you have a some entry point which handles HTTPS for another service on the same PC which does not handle HTTPS.

Requirements
  • mod_proxy
  • mod_proxy_wstunnel for websockets
  RewriteEngine on
  RewriteCond %{HTTP:Upgrade} =websocket
  RewriteRule /(.*)     ws://192.168.1.99/$1  [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket
  RewriteRule /(.*)     http://192.168.1.40:99/$1 [P,L]
  ProxyPreserveHost On
  ProxyRequests Off
  ProxyPass / http://192.168.1.99:80/
  ProxyPassReverse / http://192.168.1.99:80/

  # Proxy websockets
  ProxyPass "/ws2/"  "ws://echo.websocket.org/"
  ProxyPass "/wss2/" "wss://echo.websocket.org/"
Notes
  • If you're proxying to an https url (e.g. https://192.168.1.40/, you will need to add SSLProxyEngine on
    • Furthermore, your https url will need to have a valid certificate for the domain you're proxying.

.htaccess

.htaccess allows modifying selected Apache configurations on a per-folder basis.
To enable this feature, add AllowOverride All to your apache.conf for the directories you want to allow .htaccess files.

Headers

Enable mod_headers with sudo a2enmod headers.
Then you can add headers to your virtualhost:

<VirtualHost *:80>
  #...

  # Prevents caching by search engines (Google)
  Header set X-Robots-Tag: noindex
</VirtualHost>