create new tag
view all tags

Configuring Apache

There are also the following pages which may be useful:

Getting Started

Probably the simplest thing you will want to do when first getting started is to check apache can serve anything. This example demonstrates how to authorize all users to be able to view files in the standard document root directory (usually this is /var/www/html).

You will need to add a virtualhost to the configuration (the LCFG tag name is main but it could be anything). In this case it is sufficient to just use the wildcard * (asterisk) symbol to have apache listen on all interfaces.

Within that virtual host a directory block must be added, the path references the value of LCFG resource which holds the path to the default document root. Note that the syntax for granting access uses require all which is supported by Apache 2.4 and newer.

The characters are replaced with newlines by the LCFG server which avoids the cpp mangling the formatting.

#include <lcfg/options/apacheconf.h>

!apacheconf.vhosts                mADD(main)
apacheconf.vhostaddr_main        *

apacheconf.vhostverbatim_main docroot
apacheconf.vhostline_main_docroot    \
<Directory "<%apacheconf.documentroot%>">¶\
  Options Indexes FollowSymLinks¶\
  Require all granted¶\

Using the x509 component

Following on from the basic example, this adds a second virtualhost which will handle https requests.

If your site uses the x509 component to manage SSL certificates, the certificates can be generated like this:

#define _X509_PATH_CERT /etc/pki/tls/certs
#include <lcfg/options/x509-client.h>

!x509.keys                              mADD(mainssl)

x509.service_mainssl                   <%profile.node%>.<%profile.domain%>
x509.keyfile_mainssl                   _X509_PATH_CERT/mainssl.key
x509.certfile_mainssl                  _X509_PATH_CERT/mainssl.crt
x509.chainfile_mainssl                 _X509_PATH_CERT/mainssl.chain
x509.pemfile_mainssl                   _X509_PATH_CERT/mainssl.pem
x509.hashed_mainssl                    _X509_PATH_CERT/mainssl.CA
x509.uid_mainssl                       <%apacheconf.user%>
x509.gid_mainssl                       <%apacheconf.group%>

To enable SSL support the apacheconf-ssl.h header must be included. The basics of the second virtualhost (LCFG tag mainssl) are identical to the previous example. SSL support is enabled for the virtualhost using the boolean vhostssl_<tag> resource. The paths to the certificate, key and chain files must also be specified and they reference the previous x509 resources.

#include <lcfg/options/apacheconf-ssl.h>

!apacheconf.vhosts                    mPREPEND(mainssl)
apacheconf.vhostaddr_mainssl          <%apacheconf.vhostaddr_main%>
apacheconf.vhostverbatim_mainssl      <%apacheconf.vhostverbatim_main%>
apacheconf.vhostline_mainssl_docroot  <%apacheconf.vhostline_main_docroot%>

apacheconf.vhostssl_mainssl           yes
apacheconf.vhostsslcert_mainssl       <%x509.certfile_mainssl%>
apacheconf.vhostsslkey_mainssl        <%x509.keyfile_mainssl%>
apacheconf.vhostsslchain_mainssl      <%x509.chainfile_mainssl%>

Note that the mainssl tag is prepended to the list to ensure it always comes before the main tag. Since the virtualhost associated with the main tag uses a wildcard for the port it would match https requests on 443 if it came before the mainssl virtualhost in the apache configuration.

-- Main.squinney - 2016-04-28

Topic revision: r3 - 2016-11-24 - squinney
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback