satnogs-monitor with multiple subdomains

2019-12-28 01:10:04 -07:00 · 2019-12-28 01:10:04 -07:00 · c03a230f6b
parent 036153592a
commit c03a230f6b
1 changed files with 66 additions and 31 deletions
--- a/conf/monitor.spacecruft.org/etc/apache2/sites-enabled/000-default-le-ssl.conf
+++ b/conf/monitor.spacecruft.org/etc/apache2/sites-enabled/000-default-le-ssl.conf
@ -1,44 +1,19 @@
 <IfModule mod_ssl.c>
-<VirtualHost *:443>
-	# The ServerName directive sets the request scheme, hostname and port that
-	# the server uses to identify itself. This is used when creating
-	# redirection URLs. In the context of virtual hosts, the ServerName
-	# specifies what hostname must appear in the request's Host: header to
-	# match this virtual host. For the default virtual host (this file) this
-	# value is not decisive as it is used as a last resort host regardless.
-	# However, you must set it for any further virtual host explicitly.
-	#ServerName www.example.com
-
+<VirtualHost cruftpi1.spacecruft.org:443>
 	ServerAdmin webmaster@localhost
 	DocumentRoot /var/www/html
-
-	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
-	# error, crit, alert, emerg.
-	# It is also possible to configure the loglevel for particular
-	# modules, e.g.
-	#LogLevel info ssl:warn
-
 	ErrorLog ${APACHE_LOG_DIR}/error.log
 	CustomLog ${APACHE_LOG_DIR}/access.log combined
-
-	# For most configuration files from conf-available/, which are
-	# enabled or disabled at a global level, it is possible to
-	# include a line for only one particular virtual host. For example the
-	# following line enables the CGI configuration for this host only
-	# after it has been globally disabled with "a2disconf".
-	#Include conf-available/serve-cgi-bin.conf
-
    RewriteEngine on
+    LoadModule proxy_module modules/mod_proxy.so
+    LoadModule proxy_http_module modules/mod_proxy_http.so
    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
    RewriteRule /(.*) ws://127.0.0.1:9091/$1 [P]
-
-    LoadModule proxy_module modules/mod_proxy.so
-    LoadModule proxy_http_module modules/mod_proxy_http.so
-
    <Location />
        ProxyPass http://127.0.0.1:9091/
    </Location>
+
    ProxyVia On
    ProxyPreserveHost On
    RequestHeader set X-Forwarded-Proto 'https'env=HTTPS
@ -51,10 +26,70 @@
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
    SSLSessionTickets Off

-
-ServerName monitor.spacecruft.org
+ServerName cruftpi1.spacecruft.org
+Include /etc/letsencrypt/options-ssl-apache.conf
 SSLCertificateFile /etc/letsencrypt/live/monitor.spacecruft.org/fullchain.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/monitor.spacecruft.org/privkey.pem
+</VirtualHost>
+<VirtualHost cruftpi3.spacecruft.org:443>
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+    RewriteEngine on
+    LoadModule proxy_module modules/mod_proxy.so
+    LoadModule proxy_http_module modules/mod_proxy_http.so
+    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
+    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
+    RewriteRule /(.*) ws://127.0.0.1:9093/$1 [P]
+    <Location />
+        ProxyPass http://127.0.0.1:9093/
+    </Location>
+
+    ProxyVia On
+    ProxyPreserveHost On
+    RequestHeader set X-Forwarded-Proto 'https'env=HTTPS
+
+    SSLProtocol -All TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+    SSLHonorCipherOrder On
+    SSLCompression off
+    SSLVerifyClient None
+    SSLCipherSuite AES256+EECDH
+    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+    SSLSessionTickets Off
+
+ServerName cruftpi3.spacecruft.org
 Include /etc/letsencrypt/options-ssl-apache.conf
+SSLCertificateFile /etc/letsencrypt/live/monitor.spacecruft.org/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/monitor.spacecruft.org/privkey.pem
+</VirtualHost>
+<VirtualHost monitor.spacecruft.org:443>
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+    RequestHeader set X-Forwarded-Proto 'https'env=HTTPS
+
+    SSLProtocol -All TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+    SSLHonorCipherOrder On
+    SSLCompression off
+    SSLVerifyClient None
+    SSLCipherSuite AES256+EECDH
+    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+    SSLSessionTickets Off
+
+ServerName monitor.spacecruft.org
+Include /etc/letsencrypt/options-ssl-apache.conf
+SSLCertificateFile /etc/letsencrypt/live/monitor.spacecruft.org/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/monitor.spacecruft.org/privkey.pem
+</VirtualHost>
+</IfModule>
+<IfModule mod_ssl.c>
+<VirtualHost *:80>
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+RewriteEngine on
 </VirtualHost>
 </IfModule>