-1

I am setting up a public web server for several of my own web sites, using Webmin and Apache 2.

Adding a virtual host and special options for it is fairly straight-forward with Webmin.

However, I need some advice on how to set up both a http and a https configuration, using the same options.

Currently, my technique is to add two virtual hosts, one for port 80 and one for 443. That creates two separate .conf files. The problem is that each time I add an option to one virtual host, I have to remember doing the same for the other as well.

How can I avoid this redundant duplication of options per site?

I know about the 'Include' directive, but how do I manage this efficiently with Webmin, so that Webmin doesn't get confused? I guess I'll have to manually create the include file first and move some directives into it before adding the second virtual host with the SSL option?

How do others approach this?

Basically, it's like this question, but with Webmin thrown in.

ThomasAtFault
  • 99
  • 3

1 Answers1

4

How do I manage this efficiently with Webmin?

Webmin only allows configuration limited to the features on its web based interface. That's why normal configuration methods doesn't work, and question involving web configuration panels are considered off-topic. Ease of configuration can mean two different things, and you can't have both:

  • Easy to use without knowledge on configuration files => web configuration panels.
  • Easy to manage and reproduce => configuration files using Includes, macros etc.

How to set up both a http and a https configuration, using the same options?

Without Webmin. If this is the target, you'd use the Includes and the macros. If you have several hostnames with same settings and you regularly change some settings for them all, it would be ideal to create a <Macro> and feed the changing details with Use. For identical http and https:

<Macro VHost $name $domain>
<VirtualHost *:80>
    ServerName $domain
    ServerAlias www.$domain

    DocumentRoot "/var/www/vhosts/$name"
    ErrorLog "/var/log/httpd/$name.error_log"
    CustomLog "/var/log/httpd/$name.access_log" combined
</VirtualHost>
<VirtualHost *:443>
    ServerName $domain
    ServerAlias www.$domain

    SSLEngine on
    SSLCertificateFile "/path/to/$domain.cert"
    SSLCertificateKeyFile "/path/to/$domain.key"

    DocumentRoot "/var/www/vhosts/$name"
    ErrorLog "/var/log/httpd/$name.error_log"
    CustomLog "/var/log/httpd/$name.access_log" combined
</VirtualHost>
</Macro>

Use VHost example1 example.com
Use VHost example2 example.net

UndefMacro VHost

However, if this identical http and https for every domain indicates that you have a valid certificate for each and every doamin, why would you allow http connections at all? You could simply redirect all http to https and forget about having to configure anything twice. The http configuration would be really simple and static:

  • Using macros, inside the <Macro>:

    <VirtualHost *:80>
    ServerName $domain
    ServerAlias www.$domain

    Redirect / https://$domain/
</VirtualHost>
<VirtualHost *:443>

  • Global default (first) http virtualhost redirecting to corresponding https, using e.g. mod_rewrite:

    <VirtualHost *:80>
    ServerName default.example.com

    RewriteEngine On
    RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

  • Any other approach for redirecting http to https.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
  • Thanks for your effort, looks concise. Didn't know about . I have had recurring troubles with letsencrypt (change of auth method, not well supported on osx, etc.), so I still wanted to keep the non-ssl option for now. Maybe I'll follow your suggestion to switch entirely to https, though. – ThomasAtFault Apr 05 '18 at 16:02