Apache2

有沒有辦法共享或重用 Apache 配置

  • June 11, 2020

我的 Apache 伺服器上有以下目錄結構

/var/www/domain.com/
   index.html
   site-1/
   site-2/
   .
   .
   .
   site-N/

每個站點使用以下配置文件,其中變數“port”、“site”和“hub”是唯一改變的值

<IfModule mod_ssl.c>
   <VirtualHost *:443>
       # DOMAIN CONFIGURATION
       Define domain domain.dev

       ServerName ${domain}
       ServerAlias www.${domain}
       DocumentRoot /var/www/${domain}

       <Directory "/var/www/${domain}">
           AuthType Basic
           AuthName "${domain} Authentication"
           AuthUserFile /etc/apache2/.htpasswd
           Require valid-user
           <Files "manifest.json">
               Require all granted
           </Files>
       </Directory>

       SSLEngine on
       RewriteEngine on
       SSLProxyEngine on
       SSLProxyVerify none
       SSLProxyCheckPeerCN off
       SSLProxyCheckPeerName off
       SSLProxyCheckPeerExpire off

       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined

       SSLCertificateFile /etc/letsencrypt/live/${domain}/cert.pem
       SSLCertificateKeyFile /etc/letsencrypt/live/${domain}/privkey.pem
       SSLCertificateChainFile /etc/letsencrypt/live/${domain}/fullchain.pem

       <FilesMatch "\.(cgi|shtml|phtml|php)$">
           SSLOptions +StdEnvVars
       </FilesMatch>

       <Directory /usr/lib/cgi-bin>
           SSLOptions +StdEnvVars
       </Directory>

       # SITE CONFIGURATION
       Define site site-1
       Define port 5001
       Define protocol https
       Define hub site-1-hub

       ProxyPassMatch "^/${site}/api/(.+)" "${protocol}://localhost:${port}/api/$1"
       ProxyPassReverse "/" "${protocol}://localhost:${port}/"

       ProxyPassMatch "^/${site}/${hub}/(.+)" "${protocol}://localhost:${port}/${hub}/$1"
       ProxyPassReverse "/" "${protocol}://localhost:${port}/${hub}"

       RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
       RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
       RewriteRule "^/${site}/(.+)" "wss://localhost:${port}/$1" [P]
   </VirtualHost>

**有沒有辦法共享、重用或集中“域配置”和“站點配置”部分,這樣我就不必在同一個域下的多個站點之間複製配置?**如果是這樣,我將能夠對一個共享配置進行更改,該配置將應用於使用它的任何域或站點。

apache2ctl -S 輸出

       VirtualHost configuration:
   *:80                   localhost (/etc/apache2/sites-enabled/000-default.conf:1)
   ServerRoot: "/etc/apache2"
   Main DocumentRoot: "/var/www/html"
   Main ErrorLog: "/var/log/apache2/error.log"
   Mutex ssl-stapling: using_defaults
   Mutex proxy: using_defaults
   Mutex ssl-cache: using_defaults
   Mutex default: dir="/var/run/apache2/" mechanism=default 
   Mutex watchdog-callback: using_defaults
   Mutex rewrite-map: using_defaults
   Mutex ssl-stapling-refresh: using_defaults
   PidFile: "/var/run/apache2/apache2.pid"
   Define: DUMP_VHOSTS
   Define: DUMP_RUN_CFG
   User: name="www-data" id=33
   Group: name="www-data" id=33

**這是Esa Jokinen**提供的解決方案的工作實現(注意:mod_macro模組需要通過sudo a2enmod macro在命令行執行來啟用)

/etc/apache2/sites-available/domain.dev.conf 內容:

<Macro Domain $domain>
   ServerName $domain
   ServerAlias www.$domain
   DocumentRoot /var/www/$domain

   # Basic authentication
   <Directory "/var/www/$domain">
       AuthType Basic
       AuthName "$domain Authentication"
       AuthUserFile /etc/apache2/.htpasswd
       Require valid-user
       <Files "manifest.json">
           Require all granted
       </Files>
   </Directory>

   RewriteEngine on
   
   SSLEngine on
   SSLProxyEngine on
   SSLProxyVerify none
   SSLProxyCheckPeerCN off
   SSLProxyCheckPeerName off
   SSLProxyCheckPeerExpire off

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined

   SSLCertificateFile /etc/letsencrypt/live/$domain/cert.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/$domain/privkey.pem
   SSLCertificateChainFile /etc/letsencrypt/live/$domain/fullchain.pem

   <FilesMatch "\.(cgi|shtml|phtml|php)$">
       SSLOptions +StdEnvVars
   </FilesMatch>

   <Directory /usr/lib/cgi-bin>
       SSLOptions +StdEnvVars
   </Directory>
</Macro>

<Macro Site $site $port $protocol $hub>
   ProxyPassMatch "^/$site/api/(.+)" "$protocol://localhost:$port/api/$1"
   ProxyPassReverse "/" "$protocol://localhost:$port/"

   ProxyPassMatch "^/$site/$hub/(.+)" "$protocol://localhost:$port/$hub/$1"
   ProxyPassReverse "/" "$protocol://localhost:$port/$hub"

   RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
   RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
   RewriteRule "^/$site/(.+)" "wss://localhost:$port/$1" [P]
</Macro>

<IfModule mod_ssl.c>
   <VirtualHost *:443>
       Use Domain domain.dev

       Use Site site-1 5003 https site-1-hub
       Use Site site-2 5004 https site-2-hub
       .
       .
       .
       Use Site site-N 500N https site-N-hub
   </VirtualHost>
</IfModule>

Apache Module mod_macro可能正是您正在尋找的。您可以定義一個宏:

<Macro MyProxySites $site $port $protocol $hub>
   ProxyPassMatch "^/$site/api/(.+)" "$protocol://localhost:$port/api/$1"
   ProxyPassReverse "/" "$protocol://localhost:$port/"

   ProxyPassMatch "^/$site/$hub/(.+)" "$protocol://localhost:$port/$hub/$1"
   ProxyPassReverse "/" "$protocol://localhost:$port/$hub"

   RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
   RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
   RewriteRule "^/$site/(.+)" "wss://localhost:$port/$1" [P]
</Macro>

然後在您的配置中多次使用它,例如

<IfModule mod_ssl.c>
   <VirtualHost *:443>
       ServerName example.com
       ServerAlias www.example.com
       DocumentRoot /var/www/example.com

       # . . .
       Use MyProxySites site-1 5001 https site-1-hub
       Use MyProxySites site-2 5002 https site-2-hub
   </VirtualHost>
   <VirtualHost *:443>
       ServerName example.net
       ServerAlias www.example.net
       DocumentRoot /var/www/example.net

       # . . .
       Use MyProxySites site-3 5003 https site-3-hub
       Use MyProxySites site-4 5004 https site-4-hub
   </VirtualHost>
</IfModule>

從您的問題很難說出您的確切目標,但是如果每個站點的域都發生變化並且域只有一個代理,您也可以將其直接建構到宏中:

<Macro MyProxySites $domain $site $port $protocol $hub>
   <VirtualHost *:443>
       ServerName $domain
       ServerAlias www.$domain
       DocumentRoot /var/www/$domain

       ProxyPassMatch "^/$site/api/(.+)" "$protocol://localhost:$port/api/$1"
       ProxyPassReverse "/" "$protocol://localhost:$port/"

       ProxyPassMatch "^/$site/$hub/(.+)" "$protocol://localhost:$port/$hub/$1"
       ProxyPassReverse "/" "$protocol://localhost:$port/$hub"

       RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
       RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
       RewriteRule "^/$site/(.+)" "wss://localhost:$port/$1" [P]
   </VirtualHost>
</Macro>

Use MyProxySites example.com site-1 5001 https site-1-hub
Use MyProxySites example.net site-2 5002 https site-2-hub
Use MyProxySites example.org site-3 5003 https site-3-hub

引用自:https://serverfault.com/questions/1020772