Creating several friendica instances as domains and/or subdomains on one VPS with one IP

-- Anzeige/Ad -- [X]

#Explore| ℹ️| 💬| ☕| ☎️| @ |

| ❤️

friendica

TupambAdminOrg [2024.03]

2 Monate her • •

TupambAdminOrg [2024.03]
2 Monate her • •

Creating several friendica instances as domains and/or subdomains on one VPS with one IP

v.01
@Tutorial

Hi there @Friendica Developers and @Friendica Admins.

The plan is to change this single domain ubunu 2022.04lts VPS hosting into a single IP multi domain VPS server. For that purpose some apache VPS server tutorials were checked out and the specific steps were singled out to achieve that goal.

A main question hasn't been solved to define the naming of the folder structure and .conf files themself:

Can the domain name in VPS folder structure be:
/var/www/domaincom/
or does it have to be
/var/www/domain.com/

Are both opt

v.01
@Tutorial

Hi there @Friendica Developers and @Friendica Admins.

A main question hasn't been solved to define the naming of the folder structure and .conf files themself:

Can the domain name in VPS folder structure be:
/var/www/domaincom/
or does it have to be
/var/www/domain.com/

Are both options possible or does the system, for a correct working environment, need the dot in the folder structure?

Are there any general discussions in the #apache #server environment that might lead to some standard in this regard in the future that makes it reasonable to consider one of the two above cited options as more logical to go for from the very beginning?

In the case of very long domain or subdomain names, isn't it more reasonable to choose the option without the real domain name including the dot?
Example:
https: //1dhfsbbdpv4wshuh7nymcfy66t5reqqkfvy9.domain.org/

Depending on the chosen naming syntax this would lead to the following folder structure options:
/var/www/1dhfsbbdpv4wshuh7nymcfy66t5reqqkfvy9.domain.org/
vs
/var/www/1d_domainorg/

Does the naming of the .conf file in /etc/apache2/sites-available/ refer to the actual domain name or to the folder name used in /var/www/?

In the first answer to this topic we'll address the question about:

How to solve best a step by step change to migrate from a single VPS #hosting environment where one domain is served by one IP at:
/var/www/html/
to a multi domain VPS hosting were several domains are served by one IP on one #debian #ubuntu [2022.04lts] #VPS, leaving /html in place if a client request doesn’t match any other sites, like proposed in this digitalOcean tutorial:
/var/www/html/ as fall back option
/var/www/domaincom/index.html
/var/www/subdomaindomaincom/index.html
/var/www/domainorg/index.html
/var/www/subdomaindomainorg/index.html

Any comments hints and observations are really appreciated!
#admin #fediAdmin

utopiArte

2025-02-21 11:00:35

friendica

more tutorials

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-ubuntu-22-04
https://askubuntu.com/questions/463618/setting-up-subdomain-on-ubuntu-server
https://serverfault.com/questions/343449/multiple-sub-domains-with-one-ip-address
nginx
https://farhazalam.medium.com/setup-domains-subdomains-on-vps-in-ubuntu-36495b37da66

Als Antwort auf TupambAdminOrg [2024.03]

friendica

Ⓜ3️⃣3️⃣ 🌌

Als Antwort auf TupambAdminOrg [2024.03] • 2 Monate her • •

TL;DR 😉

Are both options possible or does the system, for a correct working environment, need the dot in the folder structure?

At some point you will eventually write automatization scripts, so you may want to keep that consistent and use FQDN as part of the path, so dots.

Als Antwort auf Ⓜ3️⃣3️⃣ 🌌

friendica

utopiArte

Als Antwort auf Ⓜ3️⃣3️⃣ 🌌 • 2 Monate her • •

FQDN = Fully Qualified Domain Name

> so you may want to keep that consistent

I guess that means means for internal coherence and understanding of eventual scripts (?).

At the same time I guess your answer means that there is no problem by the simplified syntax choosen for the folder name.

WHat about the .conf name, is that nameing related to the URL domain name or does the sistem read the content of the .conf file and the naming is irrelevant for the funcioning?

> TL;DR 😉
I know, that's in part why it's called v.01. This is completely new for my mind so it has to "write it out loud extensively" to create understanding for itself. The idea is to shred it down later on into simple copy/paste instructions, internalizing the content by doing so.
👍

Als Antwort auf utopiArte

friendica

utopiArte

Als Antwort auf utopiArte • 2 Monate her • •

Actually the following howTo doesn't really clarify the question about the .conf name, as the place holder your_domain is used two times, in the .conf name and inside the file itself. Anyway doesn't look like the .conf name has to be the domain name but that it's more than reasonable to use it anyway.

https://www.digitalocean.com/community/tutorials/how-to-configure-the-apache-web-server-on-an-ubuntu-or-debian-vps
Within your virtual host file, you can add a ServerName directive that specifies the domain name or IP address that this request should handle. This is the option that would add specificity to the virtual host, allowing it to override the default definition if it matches the ServerName value.
Run the following command to open your virtual host file, making sure to replace the your_domain variable with your actual domain name:
sudo nano /etc/apache2/sites-available/your_domain.conf
Append your_domain to the ServerName directive:
/etc/apache2/sites-available/your_domain.conf
…
ServerName your_domain
…

Als Antwort auf utopiArte

friendica

utopiArte

Als Antwort auf utopiArte • 2 Monate her (Empfangen 1 Monat her) • •

v.02

Create a new directory

for the existing working domain in /var/www/:

rootname@VPShosting:~# mkdir /var/www/domainorg/

Create a copy of the working installation

from /var/www/html/ in the new /var/www/domainorg/ directory. Check ownership of /domainorg/ itself and folders in /domainorg/:

rootname@VPShosting:~# cp -R /var/www/html/ /var/www/domainorg/
rootname@VPShosting:~# ls -l /var/www/
rootname@VPShosting:~# ls -l /var/www/domainorg/

Create a domain registry

file on the VPS server in /etc/apache2/sites-available/ for the domain. Create the following content in that domain.org.conf file:

rootname@VPShosting:~# nano /etc/apache2/sites-available/domain.org.conf

<VirtualHost *:80>
ServerAdmin badmin@domain.org
ServerN

v.02

Create a new directory

for the existing working domain in /var/www/:

rootname@VPShosting:~# mkdir /var/www/domainorg/

Create a copy of the working installation

from /var/www/html/ in the new /var/www/domainorg/ directory. Check ownership of /domainorg/ itself and folders in /domainorg/:

rootname@VPShosting:~# cp -R /var/www/html/ /var/www/domainorg/
rootname@VPShosting:~# ls -l /var/www/
rootname@VPShosting:~# ls -l /var/www/domainorg/

Create a domain registry

file on the VPS server in /etc/apache2/sites-available/ for the domain. Create the following content in that domain.org.conf file:

rootname@VPShosting:~# nano /etc/apache2/sites-available/domain.org.conf

<VirtualHost *:80>
ServerAdmin badmin@domain.org
ServerName domain.org
DocumentRoot /var/www/domainorg
DirectoryIndex index.html
ErrorLog ${APACHE_LOG_DIR}/domainorg_error.log
CustomLog ${APACHE_LOG_DIR}/domainorg_access.log combined
</VirtualHost>

Check domain IP redirect settings by the domain registry!

the Apache webserver to apply the configuration changes:

rootname@VPShosting:~# sudo a2ensite domain.org.
rootname@VPShosting:~# systemctl restart apache2

test changes

If the changes created were correct, the domain will start running from within the newly created directory tree. To check that this is true you can create a test index.html for that purpose while renaming the actual index.html to index_old.html in the old folder tree. If your site is still up and running after the following changes and not displaying the newly created test index.html, that means that it is served by the new folder structure. Rename the existing index.html:

rootname@VPShosting:~# mv /var/www/html/index.html /var/www/html/index_old.html
rootname@VPShosting:~# nano /var/www/html/index.html

<html>
<title>name-based virtual hosting setup</title>
<h1>Welcome to the /html/ index.html fall back file.</h1>
<p>This is a test file for a name-based virtual hosting setup</p>
</html>

Create a subdomain

test site. Create a index.html file to test the new subdomain. Create ownership for the user www-datafor files and folders in /castdomainorg/

rootname@VPShosting:~# mkdir /var/www/castdomainorg/
rootname@VPShosting:~# nano /var/www/html/castdomainorg/index.html

<html>
<title>castdomainorg</title>
<h1>Welcome to cast.domain.org Website</h1>
<p>This is the first test subdomain site hosted with name-based virtual hosting</p>
</html>

rootname@VPShosting:~# chown -R www-data:www-data /var/www/castdomainorg/

Create a domain registry

file on the VPS server in /etc/apache2/sites-available/ for the subdomain. Create the following content in that cast.domain.org.conf file:

rootname@VPShosting:~# nano /etc/apache2/sites-available/cast.domain.org.conf

<VirtualHost *:80>
ServerAdmin badmin@cast.domain.org
ServerName cast.domain.org
DocumentRoot /var/www/castdomainorg
DirectoryIndex index.html
ErrorLog ${APACHE_LOG_DIR}/castdomainorg_error.log
CustomLog ${APACHE_LOG_DIR}/castdomainorg_access.log combined
</VirtualHost>

Restart the Apache webserver

to apply the configuration changes:

rootname@VPShosting:~# sudo a2ensite cast.domain.org.
rootname@VPShosting:~# systemctl restart apache2

Set the subdomain IP redirect settings at the domain registry to the single VPS IP.
Depending on specific settings of the IP update routine, these changes can take up to a day to take effect and your subdomain index.html file should show up.

clean the server form backups

Once you are sure that everything worked out as intended you can delete the old /var/www/html/ files and folders and leave only the fall back index file in place. To do so you might first change the folder name, than recreate the folder, move the index.html fall back file to the new empty /html/ folder and than delete the old folder tree and it's content:

rootname@VPShosting:~# mv /var/www/html/ /var/www/html_old/
rootname@VPShosting:~# make /var/www/html/
rootname@VPShosting:~# mv /var/www/html_old/index.html /var/www/html/index.html
rootname@VPShosting:~# rm -r /var/www/html_old/

Als Antwort auf utopiArte

friendica

TupambAdminOrg [2024.03]

Als Antwort auf utopiArte • 2 Monate her (Empfangen 1 Monat her) • •

ok
let's try this description.

Als Antwort auf TupambAdminOrg [2024.03]

friendica

utopiArte

Als Antwort auf TupambAdminOrg [2024.03] • 2 Monate her (Empfangen 1 Monat her) • •

~~cp -R /var/www/html/ /var/www/domainorg/~~

rootname@VPShosting:~# cp -R /var/www/html /var/www/domainorg

All subfolders and files are owned by root, so their ownership has to be changed to www-data:
rootname@VPShosting:~# chown -R www-data:www-data /var/www/domainorg/
rootname@VPShosting:~# chown root:root /var/www/domainorg

Dieser Beitrag wurde bearbeitet. (2 Monate her)

Als Antwort auf utopiArte

friendica

utopiArte

Als Antwort auf utopiArte • 2 Monate her (Empfangen 1 Monat her) • •

Check specific settings changed for the single domain setup and how to define/transport those for the specific domain:
tupambae.org/display/0ac89072-…

Allow overrides so dynamic pages can built correctly
rootname@VPShosting:/var/www/html# sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
search for the line:
ctrl+W -> DocumentRoot /var/www/html
add the code snippet:
    <Directory /var/www/html>
        AllowOverride All
    </Directory>
save the file "000-default-le-ssl.conf"

Where is the php version used for the specific domain defined?
Is it possible to define the use of different PHP versions for different domains and if so how?

editing php.ini
rootname@VPShosting:/var/www/html# sudo nano /etc/php/8.1/apache2/php.ini
search for the following lines [ctrl+w]

Check specific settings changed for the single domain setup and how to define/transport those for the specific domain:
tupambae.org/display/0ac89072-…

Allow overrides so dynamic pages can built correctly
rootname@VPShosting:/var/www/html# sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
search for the line:
ctrl+W -> DocumentRoot /var/www/html
add the code snippet:
    <Directory /var/www/html>
        AllowOverride All
    </Directory>
save the file "000-default-le-ssl.conf"

Where is the php version used for the specific domain defined?
Is it possible to define the use of different PHP versions for different domains and if so how?

editing php.ini
rootname@VPShosting:/var/www/html# sudo nano /etc/php/8.1/apache2/php.ini
search for the following lines [ctrl+w] and modify the values:
..

EDITion | EN

2023-11-22 06:43:38

friendica

Categories: friendica,apache
tweaking apache configuration for friendica
allow overrides so dynamic pages can built correctly
rootname@VPShosting:/var/www/html# sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
search for the line:
ctrl+W -> DocumentRoot /var/www/html
add the code snippet:
    <Directory /var/www/html>
        AllowOverride All
    </Directory>
save the file "000-default-le-ssl.conf":
ctrl+X -> Y -> hit ENTER
edited 000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory /var/www/html>
AllowOverride All
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
ServerName mydoman.com
SSLCertificateFile /etc/letsencrypt/live/mydoman.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydoman.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Edited 000-default-le-ssl.conf CODE
<IfModule mod_ssl.c>
<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com
        ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
    <Directory /var/www/html>
        AllowOverride All
    </Directory>
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
ServerName mydoman.com
SSLCertificateFile /etc/letsencrypt/live/mydoman.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydoman.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
create php.error.log
rootname@ubuntu:~# touch php.error.log
tweaking basic settings:
editing php.ini
rootname@VPShosting:/var/www/html# sudo nano /etc/php/8.1/apache2/php.ini
search for the following lines [ctrl+w] and modify the values:
search and modify the line :
ctrl+W -> memory_limit =
modify to:
memory_limit = 256M
search and modify the line :
ctrl+W -> upload_max_filesize =
modify to:
upload_max_filesize = 100M
search and modify the line :
ctrl+W -> max_execution_time =
modify to:
max_execution_time = 300
search and modify the line :
ctrl+W -> max_input_vars =
modify to:
max_input_vars = 1500
activate php.error.log
search:
ctrl+W -> log_errors
unquote and and modify so it reads:
log_errors = On
; Default Value: Off
; Development Value: On
; Production Value: On
search:
ctrl+W -> error_log
unquote and and modify so it reads:
; Log errors to specified file. PHP's default behavior is to leave this value
; empty.
; php.net/error-log
; Example:
error_log = /var/www/html/php.error.log
; Log errors to syslog (Event Log on Windows).
; error_log = syslog
save the file "php.ini":
ctrl+X -> Y -> hit ENTER
restart apache and check the status
rootname@VPShosting:/var/www/html# systemctl restart apache2
rootname@VPShosting:/var/www/html# systemctl status apache2
check php.error.log
rootname@ubuntu:~# reboot
user@localPC:~$ log into your VPShosting again
rootname@ubuntu:~# nano /var/www/html/php.error.log
Congrats!
With this you have completed via SSH on the console all the installation steps necessary, now it's time to browse to your friendica web page and actually install and activate your node:
Go to your website and have a look at the short installation routine of friendica itself.
#debian #linux #friendica #fediVerse #fediTutorial

Als Antwort auf utopiArte

friendica

utopiArte

Als Antwort auf utopiArte • 2 Monate her (Empfangen 1 Monat her) • •

Allow overrides so dynamic pages can built correctly
This was the original setting as a single domain server:
rootname@VPShosting:/var/www/html# sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
search for the line:
ctrl+W -> DocumentRoot /var/www/html
add the code snippet:

    <Directory /var/www/html>
        AllowOverride All
    </Directory>

Main question and most likely correct is now if it's possible to add this command to the domain.org.conf file:
rootname@VPShosting:~# nano /etc/apache2/sites-available/domain.org.conf

<VirtualHost *:80>
ServerAdmin badmin@domain.org
ServerName domain.org
DocumentRoot /var/www/domainorg
<Directory /var/www/domainorg>
AllowOverride All
</Directory>
DirectoryIndex index.html
ErrorLog ${APACHE_LOG_DIR}/domainorg_error.log
CustomLog ${APACHE_LOG_DIR}/domainorg_access.log combined
</VirtualHost>

Dieser Beitrag wurde bearbeitet. (2 Monate her)

Als Antwort auf utopiArte

friendica

TupambAdminOrg [2024.03]

Als Antwort auf utopiArte • 1 Monat her • •

@utopiArte

Where is the php version used for the specific domain defined?
Is it possible to define the use of different PHP versions for different domains and if so how?

There can be used different php versions for different sub/domains.
PHP-fpm has to be installed to do so.
In general terms the php version for the sub/domain is defined in domain.conf.

In the case of friendica there is a front end [domain.conf] and a backend setting [crontab e] and those should be using the same php version.
The friendica php setting in /config/local.config.php is optional and most likely the same reference than the domain.conf setting.

PHP settings Q&A

Tobias hat geschrieben:

@ TupambAdminOrg [2024.03] you need two PHP's - or better

@utopiArte

Als Antwort auf Ⓜ3️⃣3️⃣ 🌌

friendica

TupambAdminOrg [2024.03]

Als Antwort auf Ⓜ3️⃣3️⃣ 🌌 • 1 Monat her • •

@Ⓜ3️⃣3️⃣ 🌌

automatization scripts

#tupambadminbookmark

#tupambadminbookmark @Ⓜ3️⃣3️⃣ 🌌

Als Antwort auf TupambAdminOrg [2024.03]

friendica

utopiArte

Als Antwort auf TupambAdminOrg [2024.03] • 2 Monate her (Empfangen 1 Monat her) • •

Something isn't working out as expected.
The registry of the subdomain example apparently worked out fine.

The change of the orginal main domain VPShosting setup to work from the new folder /var/www/domainorg/ doesn't work as of now.

Ckecked and read all the files in /etc/apache2/sites-available/
For now what looks like differences at first sight is in 000-default-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
</VirtualHost>
</IfModule>

Instead of tupambae.org.conf

<VirtualHost *:80>
</VirtualHost>

Also there are the SSL cert registry lines in 000-default-le-ssl.conf that most likely have to be added to domain.org.conf

ServerName domain.org
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/priv

Something isn't working out as expected.
The registry of the subdomain example apparently worked out fine.

The change of the orginal main domain VPShosting setup to work from the new folder /var/www/domainorg/ doesn't work as of now.

Ckecked and read all the files in /etc/apache2/sites-available/
For now what looks like differences at first sight is in 000-default-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
</VirtualHost>
</IfModule>

Instead of tupambae.org.conf

<VirtualHost *:80>
</VirtualHost>

Also there are the SSL cert registry lines in 000-default-le-ssl.conf that most likely have to be added to domain.org.conf

ServerName domain.org
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/privkey.pem

The command used to deactivate the original setup was:
a2dissite 000-default

The original site setup contained three .conf files in /etc/apache2/sites-available/:

000-default-le-ssl.conf
000-default.conf
default-ssl.conf

Besides general SSL cert indications the .conf file contains the following lines in the beginning that look like they do matter:

000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
<Directory /var/www/html>
    AllowOverride All
</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

ServerName domain.org
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/privkey.pem
</VirtualHost>
</IfModule>

000-default.conf
(already deactivated by a2dissite 000-default)

<VirtualHost *:80>

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

default-ssl.conf

<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
		ServerAdmin webmaster@localhost

		DocumentRoot /var/www/html

		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined

		SSLEngine on

		SSLCertificateFile	/etc/ssl/certs/ssl-cert-snakeoil.pem
		SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>
	</VirtualHost>
</IfModule>

Als Antwort auf utopiArte

friendica

utopiArte

Als Antwort auf utopiArte • 2 Monate her (Empfangen 1 Monat her) • •

However, please note this will only work with plain HTTP connections, not with HTTPS (HTTP over SSL): name-based virtual hosts rely on knowing what name is being requested, but this information can't be known by Apache until the encrypted SSL connection is established.
serverfault.com/questions/4353…
Looks like the conflict as of now is around the SSL settings and port 443.
Apparently it's the one reserved and dedicated for SSL connections and the respective settings and configuration.
root@VPShosting:/etc/apache2/sites-enabled# ls -l
000-default-le-ssl.conf -> /etc/apache2/sites-available/000-default-le-ssl.conf
cast.domain.org.conf -> ../sites-available/cast.tupambae.org.conf
domain.org.conf -> ../sites-available/tupambae.org.conf

The revision of:
na

However, please note this will only work with plain HTTP connections, not with HTTPS (HTTP over SSL): name-based virtual hosts rely on knowing what name is being requested, but this information can't be known by Apache until the encrypted SSL connection is established.
serverfault.com/questions/4353…
Looks like the conflict as of now is around the SSL settings and port 443.
Apparently it's the one reserved and dedicated for SSL connections and the respective settings and configuration.
root@VPShosting:/etc/apache2/sites-enabled# ls -l
000-default-le-ssl.conf -> /etc/apache2/sites-available/000-default-le-ssl.conf
cast.domain.org.conf -> ../sites-available/cast.tupambae.org.conf
domain.org.conf -> ../sites-available/tupambae.org.conf

The revision of:
nano /etc/apache2/apache2.conf
didn't result in mayor relevant settings or settings that had been modified.
It basically add's /etc/apache2/conf-enabled and /etc/apache2/sites-enabled as sources for the effective active configuration in place.
Looks like averything boils down to 000-default-le-ssl.conf which was (probably) created when installing certbot let's encrypt SSL in the inicial LAMP instalation.
Also in the orginal installation of this server 000-default-le-ssl.conf was mentioned and modified.
It all looks like the content of 000-default-le-ssl.conf should be basically ported entirely to the file domain.org.conf changing the port of that file to 443 and to than decativate 000-default-le-ssl.conf by executing:
a2dissite 000-default-le-ssl.conf
A last question that comes up now is with respect to SSL connections for subdomains of domain.org. If those are already included in the issued let's encrypt SSL certificate or if there have to be made changes to that inicial cert instalation.
Also there will have to be a new SSL cert for eventuell new domain.com sites installed on this VPShosting server.
EDITion | EN

2023-11-22 06:39:12

friendica
LAMP installation

Categories:LAMP, Linux, VPS
LAMP (Linux, Apache, MySQL, PHP)
L -> linux
A -> apache
M -> mysql - phpMyAdmin
P -> PHP, Perl, or Python programming language
https://en.wikipedia.org/wiki/LAMP_(software_bundle)
LAMP is an acronym denoting one of the most common software stacks for many of the web's most popular applications. However, LAMP now refers to a generic software stack model and its components are largely interchangeable.
Install the apache server
https://www.bitcatcha.com/blog/what-is-apache/
"The Apache Server is an open-source, cross-platform web server application. In its essence, it allows users to deploy their websites on the internet for others to be able to access them."
--
The -y in the following command is used to confirm automatically all options/questions that come up in the installation process of the apache server.
rootname@VPShosting:~$ sudo apt update
rootname@VPShosting:~$ sudo apt install apache2 -y
Install Certbot and Setting up HTTPS
The S in HTTPS stands for "secure transmission" meaning that the information that is transmitted between the web site and the user is encrypted. There for the data isn't readable for others while it is transmitted. You can observe that security detail in the web URL of any web site as it starts with https://.
Certbot installs a standard SSL certificate provided by the Let's encrypt foundation with no charge. Nowadays this is a basic need on the internet and for the privacy of everyone. Even tho it is possible to run any web site as HTTP http:// and there for also a friendica node, nobody should do that and you should set all options of your friendica server to "HTTPS mandatory".
rootname@VPShosting:~$
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
rootname@VPShosting:~$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Installing your SSL certificate
https://www.nequalsonelifestyle.com/2022/07/30/creating-friendica-server-ubuntu/#install-certbot-and-setting-up-https
"You will be prompted for several options. The defaults should be fine for most but there are some things that will be specific to your instance. For the sake of explicitness:
* Enter the email address you want notifications from the Certbot team and that you are comfortable sharing with them and others.
* Select Yes once you’ve read the terms of service
* Select Yes if you want to get more general EFF emails (optional)
* Enter the domain name yourFriendicaDomainName.com for your friendica node. It is important to put the full accurate domain name in. This is what will be used for name matching when the certificate is issued and used.
After you do those options you will get a series of prompts with statuses. When it is completed you should be able to navigate to the HTTPS version of your website. In fact if you intentionally try to go to the HTTP version of your website it should redirect to the HTTPS version instead. Try this out to be sure this step has been completed successfully."
rootname@VPShosting:~$ sudo certbot --apache
Important information in the case of server migration -> installing your SSL certificate
rootname@VPShosting:~$ sudo certbot --apache
For this step in the installation process you do need to have your domain name URL already directed to the IP of your server. Other wise this installation step not only wont be able to finish the setup of the SSL certificate, you will run into problems when you try to setup your friendica instance. This is a particular complication when you want to migrate a live system. Your intention might be for the the old IP to remain as long as possible related to the domain name, even maybe try everything out before a definite migration.
The sugestion as of now would be to try execute this step just after the first gitHub pull and before:
Configure PHP dependencies:
www-data@VPShosting:~$ cd html
www-data@VPShosting:~/html$ bin/composer.phar install --no-dev
There is still some testing needed to confirm the best moment of the SSL certificate installation step in the installation process or eventual work arounds for this tutorial.
Configuring the firewall
https://www.nequalsonelifestyle.com/2022/07/30/creating-friendica-server-ubuntu/#configuring-a-firewall
"A firewall is an important security measure for your server to limit available surfaces that hackers can use. Firewalls can be configured either in your cloud provider or on the local server. Ubuntu Server by default ships with the UFW firewall software. For this tutorial we will configure the firewall locally. The main gist is that you should be only opening up the necessary ports for SSH, HTTP, and HTTPS."
rootname@VPShosting:~$ sudo ufw allow ssh
rootname@VPShosting:~$ sudo ufw allow http
rootname@VPShosting:~$ sudo ufw allow https
rootname@VPShosting:~$ sudo ufw enable
rootname@VPShosting:~$ sudo ufw status
install and configure fail2ban
https://www.nequalsonelifestyle.com/2022/07/30/creating-friendica-server-ubuntu/#configure-fail2ban
"Fail2Ban is another important tool for thwarting hackers. It basically detects if some computer is brute force attacking or excessively hitting your server and applies escalating blocks on that IP address."
rootname@VPShosting:~$
sudo apt install fail2ban -y 
rootname@VPShosting:~$ [code]sudo systemctl enable fail2ban
rootname@VPShosting:~$ sudo systemctl start fail2ban
rootname@VPShosting:~$ systemctl status fail2ban
rootname@VPShosting:~$ sudo reboot
Because of the reboot you will be logged out of your VPS server and will have to log on again to proceed with the installation.
"M" like MySQL/mariaDB and "P" like PHP of "LAMP" installation
DataBase and PHP-HypertextPreprocessor installation || See values inside this spoiler
Values for the prompts you get:
Enter current password for root (enter for none): Just hit enter since you are configured to only allow logins with SSH keys for the root user.
Switch to unix_socket authentication: n
Change the root password?: n
Remove anonymous users? Y
Disallow root login remotely? Y
Remove test database and access to it? Y
Reload privilege tables now? Y[/list]

rootname@VPShosting:~$ sudo apt update
rootname@VPShosting:~$
sudo apt install mariadb-server php libapache2-mod-php \
     php-common php-gmp php-curl php-intl php-mbstring \
	 php-xmlrpc php-mysql php-gd php-imagick php-xml \
	 php-cli php-zip php-sqlite3 curl git -y
rootname@VPShosting:~$ sudo mysql_secure_installation
Creating the DB - data base
If you come to this point straight from the previous mariaDB setup you are already logged into mySQL. You will note this because instead of the print:
rootname@VPShosting:~#
in the console you will see:
MariaDB [(none)]>
Other wise you will have to log into mariaDB first with the following command:
rootname@VPShosting:~# mysql
[spoiler=mariaDB welcome message:]Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 160000
Server version: 10.6.12-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE friendicadb;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE USER 'friendica'@'localhost' IDENTIFIED BY '<password>';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> GRANT ALL ON friendicadb.* TO 'friendica'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> EXIT;
Bye
rootname@VPShosting:~#
To log from the console into your DB use the following command:
rootname@VPShosting:~# mysql friendicadb
To exit mariaDB:
MariaDB [friendicadb]> Ctrl-C -- exit!
Aborted
rootname@VPShosting:~#
How to change the DB password
rootname@VPShosting:~# mysql
(Welcome to the MariaDB monitor..)
MariaDB [(none)]> USE friendicadb
Database changed
MariaDB [friendicadb]> ALTER USER 'friendica'@'localhost' IDENTIFIED BY 'newpassword';
Query OK, 0 rows affected (0.001 sec)
MariaDB [friendicadb]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [friendicadb]> exit
Bye
rootname@VPShosting:~#
test changes:
rootname@VPShosting:~# mysql -u friendica -p
Enter password:
(Welcome to the MariaDB monitor..)
MariaDB [(none)]>
If you use a wrong password, you might want to check the old one, you'll get the following message:
ERROR 1045 (28000): Access denied for user 'friendica'@'localhost' (using password: YES)
creating a single backup of the MySQL Database with mysqldump
https://www.digitalocean.com/community/tutorials/how-to-backup-mysql-databases-on-an-ubuntu-vps
The MySQL file will be created in the folder you are in when performing the command.
creat a single copy of a MySQL DB
rootname@VPShosting:~# mysqldump -u username -p database_to_backup > backup_name.sql
install auto backup process of the MySQL/mariaDB database | automysqlbackup
https://dev.to/xarala221/how-to-backup-mysql-databases-on-ubuntu-vps-server-automatically-497c
The program installs a cron script with automysqlbackup that runs every day. The daily backup files will be named monday/tuesday/wednesday..and replaced when ever a new bachup is duefor the specific backup. The same goes for weekly and monthly backups. You should tweak these settings in a way that you will be comfortable if something happens. Have in mind that this can mount to an enormous amount of backup data so you might check out tweaks and work arounds to adjust to your server capabilities and monetary possibilities.
install automysqlbackup
rootname@VPShosting:~# sudo apt-get install automysqlbackup
rootname@VPShosting:~# sudo automysqlbackup
information into deep about automysqlbackup

listing automysqlbackup folders
rootname@VPShosting:~# cd /var/lib/automysqlbackup
rootname@VPShosting:~# /var/lib/automysqlbackup# ls
daily monthly weekly
listing daily backed up files:
rootname@VPShosting:/var/lib/automysqlbackup# ls -R /var/lib/automysqlbackup/daily
console print automysqlbackup - daily
/var/lib/automysqlbackup/daily:
friendicaDB sys
/var/lib/automysqlbackup/daily/friendicaDB:
friendicaDB_2023-11-14_21h39m.Tuesday.sql.gz
friendicaDB_2023-11-15_06h25m.Wednesday.sql.gz
/var/lib/automysqlbackup/daily/sys:
sys_2023-11-14_21h39m.Tuesday.sql.gz
sys_2023-11-15_06h25m.Wednesday.sql.gz
rootname@VPShosting:/var/lib/automysqlbackup#
to have a look at automysqlbackup as is:
rootname@VPShosting:~# nano /etc/default/automysqlbackup
automysqlbackup configuracion file
# By default, the Debian version of automysqlbackup will use:
# mysqldump --defaults-file=/etc/mysql/debian.cnf
# but you might want to overwrite with a specific user & pass.
# To do this, simply edit bellow.
# Username to access the MySQL server e.g. dbuser
#USERNAME=`grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Username to access the MySQL server e.g. password
#PASSWORD=`grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d"=" -f2 | awk '{print $1}'`
# Host name (or IP address) of MySQL server e.g localhost
DBHOST=localhost
# List of DBNAMES for Daily/Weekly Backup e.g. "DB1 DB2 DB3"
# Note that it's absolutely normal that the db named "mysql" is not in this
# list, as it's added later by the script. See the MDBNAMES directives below
# in this file (advanced options).
# This is ONLY a convenient default, if you don't like it, don't complain
# and write your own.
# The following is a quick hack that will find the names of the databases by
# reading the mysql folder content. Feel free to replace by something else.
# DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ `
# This one does a list of dbs using a MySQL statement.
DBNAMES=`mysql --defaults-file=/etc/mysql/debian.cnf --execute="SHOW DATABASES" | awk '{print $1}' | grep -v ^Database$ | grep -v ^mysql$ | grep -v ^performance_schema$ | grep -v ^information_schema$ | tr \\\r>
# Backup directory location e.g /backups
# Folders inside this one will be created (daily, weekly, etc.), and the
# subfolders will be database names. Note that backups will be owned by
# root, with Unix rights 0600.
BACKUPDIR="/var/lib/automysqlbackup"
# Mail setup
# What would you like to be mailed to you?
# - log : send only log file
# - files : send log file and sql files as attachments (see docs)
# - stdout : will simply output the log to the screen if run manually.
# - quiet : Only send logs if an error occurs to the MAILADDR.
MAILCONTENT="quiet"
# Set the maximum allowed email size in k. (4000 = approx 5MB email [see
# docs])
MAXATTSIZE="4000"
# Email Address to send mail to? (user@domain.com)
MAILADDR="root"
# ============================================================
# === ADVANCED OPTIONS ( Read the doc's below for details )===
#=============================================================
# List of DBBNAMES for Monthly Backups.
MDBNAMES="mysql $DBNAMES"
# List of DBNAMES to EXLUCDE if DBNAMES are set to all (must be in " quotes)
DBEXCLUDE=""
# Include CREATE DATABASE in backup?
CREATE_DATABASE=yes
# Separate backup directory and file for each DB? (yes or no)
SEPDIR=yes
# Which day do you want weekly backups? (1 to 7 where 1 is Monday)
DOWEEKLY=6
# Which day of the month to execute the monthly backup (00 = no monthly backup)
# Two digit required
DOMONTHLY=01
# Choose Compression type. (gzip or bzip2)
COMP=gzip
# Compress backups on the fly with gzip or bzip2 (yes or no)
COMPDIRECT=no
# Compress communications between backup server and MySQL server?
COMMCOMP=no
# Additionally keep a copy of the most recent backup in a seperate
# directory.
LATEST=no
# The maximum size of the buffer for client/server communication. e.g. 16MB
# (maximum is 1GB)
MAX_ALLOWED_PACKET=
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
# For connections to localhost. Sometimes the Unix socket file must be
# specified.
SOCKET=
# Command to run before backups (uncomment to use)
#PREBACKUP="/etc/mysql-backup-pre"
# Command run after backups (uncomment to use)
#POSTBACKUP="/etc/mysql-backup-post"
# Backup of stored procedures and routines (comment to remove)
ROUTINES=yes
# Mysqldump additional option (like "--single-transaction")
OPTIONS=""
#debian #linux #friendica #fediVerse #fediTutorial

Dieser Beitrag wurde bearbeitet. (2 Monate her)

Als Antwort auf utopiArte

friendica

utopiArte

Als Antwort auf utopiArte • 2 Monate her (Empfangen 1 Monat her) • •

Solved as follows:

The SSL let's encrypt cert is created out of the http file of the given domain or subdomain:
/etc/apache2/sites-available/domain.org.conf

standard domain.org.conf

<VirtualHost *:80>
ServerAdmin admin@domain.org
ServerName domain.org
DocumentRoot /var/www/domainorg
# AllowOverride is specifically added for the friendica server
<Directory /var/www/domainorg>
AllowOverride All
</Directory>
# AllowOverride is specifically added for the friendica server
ErrorLog ${APACHE_LOG_DIR}/domainorg_error.log
CustomLog ${APACHE_LOG_DIR}/domainorg_access.log combined
</VirtualHost>

The SSL domain reference file created from the http filename get's added by default -le-ssl to the existing domain.org.conf name. The port for SSL connections is 443 while the standard http connection is over port 80.

domain.org-le-ssl.conf

This is the content of the file c

Solved as follows:

The SSL let's encrypt cert is created out of the http file of the given domain or subdomain:
/etc/apache2/sites-available/domain.org.conf

standard domain.org.conf

<VirtualHost *:80>
ServerAdmin admin@domain.org
ServerName domain.org
DocumentRoot /var/www/domainorg
# AllowOverride is specifically added for the friendica server
<Directory /var/www/domainorg>
AllowOverride All
</Directory>
# AllowOverride is specifically added for the friendica server
ErrorLog ${APACHE_LOG_DIR}/domainorg_error.log
CustomLog ${APACHE_LOG_DIR}/domainorg_access.log combined
</VirtualHost>

domain.org-le-ssl.conf

This is the content of the file created for a multi domain VPS server. This contenet matches the content that was in the original 000-default-le-ssl.conf file of the single domain VPS setup, created by the certbot routine. The SSL certificate is supposed to be updated automatically every year. For now it is not clear if the changes made will be affected negatively by that automatic SSL cert update.

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@domain.org
ServerName domain.org
DocumentRoot /var/www/domainorg
# AllowOverride is specifically added for the friendica server
<Directory /var/www/domainorg>
AllowOverride All
</Directory>
# AllowOverride is specifically added for the friendica server
ErrorLog ${APACHE_LOG_DIR}/domainorg_error.log
CustomLog ${APACHE_LOG_DIR}/domainorg_access.log combined
ServerName domain.org
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/privkey.pem
</VirtualHost>
</IfModule>

activating and deactivating .conf fles

To make the changes come into effect the new conf file has to be activated, the old one that shouldn't apply anymore should be deactivated and the apache server itself has to be reloaded or to be restarted:

rootname@VPShosting:~# a2ensite domain.org
rootname@VPShosting:~# a2ensite domain.org-le-ssl.conf
rootname@VPShosting:~# a2dissite 000-default.conf
rootname@VPShosting:~# a2dissite 000-default-le-ssl.conf
rootname@VPShosting:~# systemctl restart apache2

Reloading the site took a while longer than nomal, indicating that new background tasks where happening.

testing the new folder structure

and if site configuration was actually in place.
Renaming the index file of the old /html folder.
Reloading the site did still work so the old /html folder structure wasn't active anymore.
Renaming the entire old /html folder structure taking it out of access completely.
Creating a new /html folder.
Creating a new html. index file in /var/www/html.

rootname@VPShosting:~# mv /var/www/html/index.php /var/www/html/index_old.php
rootname@VPShosting:~# mv /var/www/html/ /var/www/html_old/
rootname@VPShosting:~# mkdir /var/www/html/
rootname@VPShosting:~# nano /var/www/html/index.html

<html>
<title>name-based virtual hosting setup</title>
<h1>Welcome to the /html/ index.html fall back file.</h1>
<p>This is a test file for a name-based virtual hosting setup</p>
</html>

Next steps:
Installing a SSL cert for subdomain.org.
Installing a subdomain test site.
Installing a new friendica domain.com site from scratch.

#serveradmin #DocumentRoot #ErrorLog #CustomLog

Dieser Beitrag wurde bearbeitet. (2 Monate her)

Als Antwort auf TupambAdminOrg [2024.03]

friendica

TupambAdminOrg [2024.03]

Als Antwort auf TupambAdminOrg [2024.03] • 2 Monate her (Empfangen 1 Monat her) • •

v.02

Move the existing friendica installation to a new directory folder in /var/www/:

new directory

Create directory.
Create a copy of the working installation from /var/www/html/ in the new /var/www/domainorg/ directory.
Check ownership of /domainorg/ itself and of the folders in /domainorg/.
As the folders where copied as user root the ownership of www-data for the instalation has to be established again.
Set the ownership of the folder /var/www/domainorg/ itself to root.

rootname@VPShosting:~# mkdir /var/www/domainorg/
rootname@VPShosting:~# cp -R /var/www/html/ /var/www/domainorg/
rootname@VPShosting:~# ls -l /var/www/
rootname@VPShosting:~# ls -l /var/www/domainorg/
rootname@VPShosting:~# chown -R www-data:www-data /var/www/domainorg/
rootname@VPShosting:~# chown root:root /var/www/domainorg/

Create a standard http and https domain registry file on the

v.02

Move the existing friendica installation to a new directory folder in /var/www/:

new directory

Create a standard http and https domain registry file on the VPS server in:
/etc/apache2/sites-available/

The original settings of the server are defined in the folder /etc/apache2/sites-available/ by the files 000-default.conf and for the SSL settings in 000-default-le-ssl.conf.

original 000-default file settings

original 000-default.conf file settings

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	# ServerName domain.org
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

original 000-default-le-ssl.conf file settings

<IfModule mod_ssl.c>
<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	# ServerName domain.org
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
<Directory /var/www/html>
    AllowOverride All
</Directory>
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
ServerName domain.org
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/privkey.pem
</VirtualHost>
</IfModule>

create domain.org.conf

This is actually a by default step as we are going to setup the SSL HTTPS setting as standard and mandatory.
Create and open the .conf file with the nano text editor.
Create the following content in that domain.org.conf file and safe it. This content is taken from the original 000-default.conf file. The only change is actually the DocumentRoot entry.

rootname@VPShosting:~# nano /etc/apache2/sites-available/domain.org.conf

domain.org.conf content to be inserted

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	# ServerName domain.org
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/doamainorg
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

STRG + X | SHIFT + Y | ENTER

create domain.org-le-ssl.conf

Create and open the .conf file with the nano text editor.
Create the following content in that domain.org-le-ssl file and safe it. This content is taken from the original 000-default-le-ssl.conf file. The only change is actually the DocumentRoot entry.

rootname@VPShosting:~# nano /etc/apache2/sites-available/domain.org-le-ssl

domain.org-le-ssl content to be inserted

<IfModule mod_ssl.c>
<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	# ServerName domain.org
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/domainorg
<Directory /var/www/html>
    AllowOverride All
</Directory>
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
ServerName domain.org
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/privkey.pem
</VirtualHost>
</IfModule>

STRG + X | SHIFT + Y | ENTER

Check domain IP redirect settings by the domain registry provider!
Those settings should be fine as they were set and working by the inicial setup.

activating and deactivating .conf files

To make the changes come into effect the new conf file have to be activated, the old ones that don't apply anymore should be deactivated and the apache server itself has to be reloaded or to be restarted:

Reloading the site should take a while longer than nomal, indicating that new inicial background tasks are happening.

test the new folder structure

Check if the new site configuration is actually in place.
Rename the index file of the old /html folder.
Reload the site. It should still work. If so, the old index.html isn't active anymore.
Rename the entire old /html folder structure taking it out of access completely.
Create a new /html folder.
Create a new html. index file in /var/www/html/

content to be inserted into index.html

<html>
<title>name-based virtual hosting setup</title>
<h1>Welcome to the /html/ index.html fall back file.</h1>
<p>This is a test file for a name-based virtual hosting setup</p>
</html>

STRG + X | SHIFT + Y | ENTER

#hosting

Dieser Beitrag wurde bearbeitet. (1 Monat her)

Als Antwort auf TupambAdminOrg [2024.03]

friendica

TupambAdminOrg [2024.03]

Als Antwort auf TupambAdminOrg [2024.03] • 1 Monat her • •

Create a [sub]domain

Create the inicial folder to host the content:
rootname@VPShosting:~# mkdir /var/www/subdomainorg/

Create a index.html file to test the new subdomain:
rootname@VPShosting:~# nano /var/www/html/subdomainorg/index.html

content of index.html

<html>
<title>subdomainorg</title>
<h1>Welcome to sub.domain.org Website</h1>
<p>This is the first test subdomain site hosted with name-based virtual hosting</p>
</html>

Create ownership for the user www-data of the files and folders in /subdomainorg/:
rootname@VPShosting:~# chown -R www-data:www-data /var/www/subdomainorg/

Change ownership of the folder /subdomainorg/ itself to the user root:
rootname@VPShosting:~# chown root:root /var/www/subdomainorg

Create a domain registry file on the VPS server in /etc/apache2/sites-available/ for the subdomain:

Dieser Beitrag wurde bearbeitet. (1 Monat her)

Als Antwort auf TupambAdminOrg [2024.03]

friendica

TupambAdminOrg [2024.03]

Als Antwort auf TupambAdminOrg [2024.03] • 1 Monat her • •

Once the subdomain appears in your browser as a http site, you can proceed to create a let's encrypt SSL certificate for the domain.

As this is just creating a new certificate on an already existing let's encrypt registered certbot environment, this is quite fast and straight forward. The cert builds on the information created by the previous step of creating a sub.domain.org.conf file in /etc/apache2/sites-available/ and will create a new .conf file named:
sub.domain.org-le-ssl.conf

rootname@VPShosting:~$ sudo certbot --apache

print of the certbot routine

Once the subdomain appears in your browser as a http site, you can proceed to create a let's encrypt SSL certificate for the domain.

rootname@VPShosting:~$ sudo certbot --apache

print of the certbot routine

root@VPShosting:~# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: domain.org
2: sub.domain.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Requesting a certificate for sub.domain.org
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/sub.domain.org/fullchain.pem
Key is saved at: /etc/letsencrypt/live/sub.domain.org/privkey.pem
This certificate expires on 2025-05-25.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for sub.domain.org to /etc/apache2/sites-available/sub.domain.org-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on sub.domain.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: letsencrypt.org/donate
* Donating to EFF: eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Successfully deployed certificate for sub.domain.org to /etc/apache2/sites-available/sub.domain.org-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on
sub.domain.org

Diese Webseite verwendet Cookies. Durch die weitere Benutzung der Webseite stimmst du dieser Verwendung zu. https://inne.city/tos

Verbinden Sie Ihr Profil hier wahlweise auch mit Twitter, BlueSky, Wordpress, Blogger und anderen Plattformen...

⇧