I have two python (3.6) Flask apps running on Ubuntu 18.04 and I am trying to use Apache2 (v2.4.29) to serve these two apps to two different domains – app1domain.com and app2domain.com. I have two .conf files that I have been trying to modify to get this to work. They currently look like this (replace app1 with app2 for the second one):
WSGIDaemonProcess app1 python-home=/var/www/app1/venv user=brett group=sudo home=/ threads=5
WSGIScriptAlias / /var/www/app1/app.wsgi
WSGIProcessGroup app1
WSGIApplicationGroup %{GLOBAL}
<VirtualHost *:80>
ServerAdmin myemail#outlook.com
ServerName app1domain.com
ServerAlias www.app1domain.com
<Directory /var/www/app1>
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =app1domain.com [OR]
RewriteCond %{SERVER_NAME} =www.app1domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName app1domain.com
ServerAlias www.app1domain.com
ServerAdmin myemail#outlook.com
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/app1domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/app1domain.com/privkey.pem
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Here is where I get stuck, and here is what I have tried:
If both conf files are in the format shown above, app1 will be served to both https://app1domain.com and https://app2domain.com, and app2 will not be shown.
If I disable the conf for app1, app2 is served to both https://app1domain.com and https://app2domain.com which suggests that, at a minimum, both conf files 'work' and the apps are working correctly.
From my investigations, I see a lot of conf files have the WSGI instructions inside the <VirtualHost> tags. If I do this for both confs, the default Apache2 page is displayed on both domains.
I have tried just about every combination of the WSGI instructions inside and outside the <VirtualHost> tag and also the nested <Directory> tag. Most of the just resulting in the default apache2 page.
Am I missing some other option that I need to change? What am I doing wrong here?
I have also been looking for some good documentation on how to interpret these conf files, what the options actually do, so would love if someone could point me to something, particularly if it covers WSGI.
Seems so obvious in hind sight. Turns out the issue was a result of me blindly trusting certbot to autogenerate the new VirtualHost and redirect, and me not really thinking about how this was working.
If you look at the example .conf file in the question, the reason it works is because the WSGI instructions are created outside the scope of the <VirtualHost> tags, which allows them to get picked up by both VirtualHosts. But at the same time, because they are created globally, the WSGI instructions in the .conf file that comes first alphabetically override the others, hence app1 shows up on app1domain.com and app2domain.com.
When I moved the WSGI instructions inside the <VirtualHost> tags, I was moving it inside the <VirtualHost *:80> tags, because all the examples I found were doing that (because they weren't using SSL). When I did that, instead of running the app, the RewriteEngine was redirecting the request to the https version of the website. That gets picked up by <VirtualHost *:443> where you will notice I had no instructions on how to run the app, so we get a default page.
In the end I rewrote my .conf files as follows:
<VirtualHost *:80>
ServerAdmin myemail#outlook.com
ServerName app1domain.com
ServerAlias www.app1domain.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =app1domain.com [OR]
RewriteCond %{SERVER_NAME} =www.app1domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName app1domain.com
ServerAlias www.app1domain.com
ServerAdmin myemail#outlook.com
WSGIDaemonProcess app1 python-home=/var/www/app1/venv user=brett group=sudo home=/ threads=5
WSGIScriptAlias / /var/www/app1/app.wsgi
<Directory /var/www/app1>
WSGIProcessGroup app1
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/app1domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/app1domain.com/privkey.pem
</VirtualHost>
Related
here its my problem:
I have 2 applications configured on a server. React (client) and nodejs backend with their respective domains.
1 - example1.com
2 - example2.com
I have configured both SSL certificates for each of it as well. The problem occurs when you want to start the backend on the same port that the client is running.
Is it possible to run 2 processes on it? How should I do it?
these are my virtual host files:
example1-le.ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example1.com
ServerAlias www.example1.com
ServerAdmin info#xample.com
DocumentRoot /var/www/example1
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/example1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example2.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
example1.conf
ServerName example1.com
ServerAlias example1.com
ServerAdmin info#example.com.ar
DocumentRoot /var/www/example/build
<Directory "/var/www/example/build">
RewriteEngine on
# Don't rewrite files or directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# Rewrite everything else to index.html to allow html5 state links
RewriteRule ^ index.html [L]
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteCond %{SERVER_NAME} =example1.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
And the same for the another one.
When i tried to start the second project i receive : EADDRINUSE: address already in use :::443
Thanks a lot for you help
You can NOT have to 2 different processes bind on the same port. What Olaf Kock suggested works fine and is easy to implement: you install apache on a dedicated server (or on the same machine: there's no difference) and then you configure a reverse proxy (the module is called mod_proxy). There are also other solutions (like haproxy) which require a bit more complex configuration but provide many more configuration options.
In my apache error logs, I have bunch of ssl warnings saving You configured HTTPS(443) on the standard HTTP(80) port!
Here is my site.ca.conf file
<VirtualHost *:80>
ServerName site.ca:80
DocumentRoot "/var/www/site/public"
<Directory "/var/www/site/public">
AllowOverride all
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =site.ca
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
and here is my site.ca-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName site.ca:80
DocumentRoot "/var/www/site/public"
<Directory "/var/www/site/public">
AllowOverride all
</Directory>
ServerAlias site.ca
SSLCertificateFile /etc/letsencrypt/live/site.ca/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site.ca/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Every thing works fine. I am not sure why this warning shows up every day in my apache log files, and how can I resolve it?
Generally, this is because you do not have any SSL configuration on the virtual host on port 443. You may need to enable "SSLEngine on" and provide certificate information. The warning indicates are serving regular HTTP traffic on what is usually an HTTPS port.
In these config files listed by the requester, there are some tweaks/corrections to be done:
we don't need to have a DocumentRoot in the site.ca.conf because we will redirect HTTP to the HTTPS (site.ca-le-ssl.conf)
the ServerName directive shouldn't have a port number, instead it should be in the VirtualHost level
the ServerName and ServerAlias should be near to each other and there should be www.site.ca as an Alias too in both files to handle the requests containing the www
in site.ca-le-ssl.conf file there is a ServerName site.ca:80 and that's not correct (there should be no port number)
there must be a SSLEngine on in the site.ca-le-ssl.conf
I hope that help someone even this is an old question
I have set up an ubuntu 14 as a server and pointed domain-1 without SSL but when I try accessing domain-1 with https:// in the URL it takes me another website(domain-2) hosted on the same server which is configured with SSL rather than showing Page not found error.
How do I avoid this? Here is a list of things that I have tried.
.htaccess won't work to redirect HTTPS to HTTP as the port 443 is not configured for domain-1 under V-Host file to reach the .htacess file.
Cannot setup <VirtualHost *:443> without an SSL and write a redirect here.
Have I done anything wrong in the code below?
domain-1.conf
<VirtualHost *:80>
ServerAdmin admin#domain-1
ServerName domain-1
ServerAlias www.domain-1
DocumentRoot /var/www/domain-1/
ErrorLog /var/www/domain-1/error.
CustomLog /var/www/domain-1/access.log combined
</VirtualHost>
domain-2.conf
<VirtualHost *:80>
ServerAdmin admin#domain-2
ServerName domain-2
ServerAlias www.domain-2
DocumentRoot /var/www/domain-2/html
ErrorLog /var/www/domain-2/error.
CustomLog /var/www/domain-2/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#domain-2
ServerName domain-2
ServerAlias www.domain-2
DocumentRoot /var/www/domain-2/html
SSLEngine on
SSLCertificateFile "/var/www/domain-2/ssl/domain-2.crt"
SSLCertificateKeyFile "/var/www/domain-2/ssl/domain-2.key"
SSLCACertificateFile "/var/www/domain-2/ssl/domain-2.ca-
ErrorLog /var/www/domain-2/error_ssl.log
CustomLog /var/www/domain-2/access_ssl.log combined
</VirtualHost>
I think this is one way to resolve this error, by the help of .htaccess file (HTTPS to HTTP redirect) but we will need to install a self-signed certificate.
Reason? As we access domain1.com the files that are displayed are from domain2.com so even if we create a .htaccess redirects on doamin1.com it won't take effect in order to avoid this, a self-signed certificate will help us in accessing the file from domain1.com and then the redirects on .htaccess file will take effect.
HTTPS to HTTP redirect
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
This video will help you in creating a self-signed certificate.
https://www.youtube.com/watch?v=JLTWa62D0y0
I'm having issues with this re-direct. I've tried the .htaccess method with RewriteRule and RewriteCond, as well as the VirtualDirectory method. Here's what I've tried for VirtualHost:
<VirtualHost *:80>
ServerName blank.example.com
Redirect permanent / "http://example.com/blank/blank"
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
ServerAdmin webmaster#localhost
DocumentRoot /the/doc/root
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
and this for .htaccess:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^blank.example\.com$ [NC]
RewriteRule ^(.*)$ http://example.com/blank/blank [R=301,L]
I'm not sure if it's needed or not, but blank.example.com is also pointed to localhost in /etc/hosts
Any tips on what I'm missing?
Here are a couple of things.
If you are wanting to just have a subdomain with it's own document root then your vhost needs to look like this. Then there is no need to redirect.
<VirtualHost *:80>
ServerName blank.example.com
DocumentRoot /path/to/blank/blank
<Directory /path/to/blank/blank>
#enable .htaccess for this subdomain
AllowOverride All
</Directory>
</VirtualHost>
If you are truly wanting to redirect your subdomain to the main domain.
Then remove this first vhost. it's not needed at all.
#This virtualhost is not needed
<VirtualHost *:80>
ServerName blank.example.com
Redirect permanent / "http://example.com/blank/blank"
</VirtualHost>
Then on your main VirtualHost add a server alias like so
ServerName example.com
ServerAlias blank.example.com
ServerAdmin webmaster#localhost
DocumentRoot /the/doc/root
<Directory /the/doc/root>
#enable .htaccess for this main domain
AllowOverride All
</Directory>
Then for your .htaccess rules
RewriteEngine on
RewriteCond %{HTTP_HOST} ^blank\.example\.com$ [NC]
RewriteRule ^(.*)$ http://example.com/blank/blank/$1 [R=301,L]
Restart Apache after all config file changes.
I'm a bit of a newbie when it comes to Server related stuffs, but basically I'm having the most frustrating problem right now...
My configuration file before being changed:
<VirtualHost *:80>
ServerAdmin xyz#gmail.com
DocumentRoot /var/www/xyz.net/public_html
ServerName www.xyz.net
ServerAlias xyz.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<Directory "/var/www">
AllowOverride All
Order allow,deny
allow from all
</Directory>
Which is great, and it sort of worked. Although, going to www.xyz.net would load and you can see the content, however, going to xyz.net would show me an Index Of page. So I changed the config file, just switching the name and alias:
<VirtualHost *:80>
ServerAdmin xyz#gmail.com
DocumentRoot /var/www/xyz.net/public_html
ServerName xyz.net
ServerAlias www.xyz.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<Directory "/var/www">
AllowOverride All
Order allow,deny
allow from all
</Directory>
However, this doesn't seem to work, how come I'm still getting an Index Of page? Why is it that www.xyz.net has all the page content, yet xyz.net doesn't?! I'm really confused.
I've been trying to get www to redirect to non-www, at first I presumed it was an error with my .htaccess file, but after trying various methods of redirecting and even doing it in PHP, I presumed it was Apache screwing me over. So here's the code I use for the htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1$1 [L,R=301]
edit:
Thanks for all the help, but everything loads fine on www.xyz.net, however on xyz.net an Index Of page is shown, and there are no indexed items in the list, so presumably it's just an empty web page.
Check if there is somewhere another virtualhost with ServerName: xyz.net. In such case, that other virtualhost can take precedence over yours virtualhost.
Under Linux based systems, there is a default config file which can contain this ServerName. By default, it's location is /etc/apache2/sites-available/default. The file can be also named 000-default.conf