Ease Apache 2 server administration with a2tools
a2tools is a script written with the intent to ease and automate the daily administration of a Apache 2 server. This howto describe its installation and usage.
This howto is tested on :
- Debian 5.0 Lenny
- Debian 6.0 Squeeze
- Debian 7.0 Wheezy
Prerequisite
This howto needs :
- a Apache 2 HTTP server, as described by Install Apache 2 on Debian.
This howto recommands :
- the enabling of HTTPS on Apache 2, as described by Enable the HTTPS protocol with Apache 2 on Debian.
- the installation of Let's Encrypt client acme.sh, as described by Install the certbot client (Let's Encrypt) acme.sh on Debian.
Installation
Install the tool :
command wget "https://raw.github.com/biapy/howto.biapy.com/master/apache2/a2tools" \
--quiet --no-check-certificate --output-document="/usr/local/bin/a2tools"
command chmod +x "/usr/local/bin/a2tools"
Introducing a2tools
The details of the tool usage is given by :
command a2tools --help
Simple Virtual Host
Create a virtual host serving a folder :
# command a2tools "www.domain.com" "/opt/www.domain.com"
Redirection
Create a virtual host redirecting a domain and all of its sub-domains to another web site:
# command a2tools --template=redirect \
# --alias="*.domain.com" \
# "domain.com" "http://www.domain.com/"
Reverse proxy
Create a virtual host serving a web site hosted on another server (by reverse proxying) :
# command a2tools --template=reverse-proxy "www.domain.com" "http://domain.server.lan/"
Note : On the "domain.server.lan" host, a virtual host "www.domain.com" must be setup. If the "domain.server.lan" use Apache 2, apply the settings described by Get the real IP address of a visitor accessing to a Apache 2 server behind a reverse proxy.
Removal of a domain
Delete all virtual host for a domain:
# command a2tools --remove "www.domain.com"
Secure host (HTTPS)
Any HTTPS host needs the creation of a valid SSL certificate for its domain name, as described by Create a SSL / TLS certificate on Debian.
Create a HTTPS virtual host with the --ssl='auto' option to automaticaly create a Let's Encrypt certificate:
# sudo a2tools --ssl='auto' 'www.domain.com' '/opt/www.domain.com'
Create a HTTPS virtual host with the --ssl option having for argument the name of the choosen SSL certificate (generaly, the domain name of the web site), if you have an existing certificate :
# command a2tools --ssl='www.domain.com' 'www.domain.com' '/opt/www.domain.com'
If the choosen certificate is a wildcard valid for all sub-domains, use:
# command a2tools --ssl='*.domain.com' 'www.domain.com" '/opt/www.domain.com'
Note: Adding an argument to the --ssl option is equivalent to use these options:
# command a2tools --ssl \
# --private-key="/etc/ssl/private/www.domain.com.key" \
# --public-key="/etc/ssl/certificates/www.domain.com.crt" \
# --root-ca="/etc/ssl/roots/www.domain.com-root.ca" \
# --chain-ca="/etc/ssl/chains/www.domain.com.ca" \
# 'www.domain.com' '/opt/www.domain.com'
A missing functionnality from Internet Explorer 6 to 8 on Windows XP limits to one SSL certificate by IP address. To host many sub-domains on a same server, the use of wildcard certificates (ie. "*.domain.com") is recommanded.
To host several domains on one server without errors on Internet Explorer ,use the option --bind-ip to specify the IP address linked to the choosen SSL certificate. If you own a OVH server, assign a failover IP to the server.