Re: httpd configuration.

Paco Esteban Wed, 06 Jan 2021 01:22:41 -0800

On Tue, 05 Jan 2021, consultor wrote:

> Hello
> 
> I have a server 6.8 that works correctly with the main domain, but it does
> not work with the second. Could you please help?
> 
> httpd.conf
> 
> # $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $
> 
> server "consultores.ca" {
>       listen on * port 80
>         root "/htdocs/consultores/"
>       location "/.well-known/acme-challenge/*" {
>               root "/acme"
>               request strip 2
>       }
>       location * {
>               block return 302 "https://$HTTP_HOST$REQUEST_URI";
>       }
> }
> 
> server "consultores.ca" {
>       listen on * tls port 443
>         root "/htdocs/consultores"
>       tls {
>               certificate "/etc/letsencrypt/live/consultores.ca/fullchain.pem"
>               key "/etc/letsencrypt/live/consultores.ca/privkey.pem"
>       }
>       location "/pub/*" {
>               directory auto index
>       }
>       location "/.well-known/acme-challenge/*" {
>               root "/acme"
>               request strip 2
>       }
> }
> 
> server "consultores.ca/ENA" {
>       listen on * port 80
>         root "/htdocs/ENA/"
>       location "/.well-known/acme-challenge/*" {
>               root "/acme"
>               request strip 2
>       }
>       location * {
>               block return 302 "https://$HTTP_HOST$REQUEST_URI";
>       }
> }
> 
> server "consultores.ca/ENA" {
>       listen on * tls port 443
>         root "/htdocs/ENA"
>       tls {
>               certificate "/etc/letsencrypt/live/consultores.ca/fullchain.pem"
>               key "/etc/letsencrypt/live/consultores.ca/privkey.pem"
>       }
>       location "/pub/*" {
>               directory auto index
>       }
>       location "/.well-known/acme-challenge/*" {
>               root "/acme"
>               request strip 2
>       }
> }
>


You are only using one domain, thus all should go into one server block.
Use locations to set different parameters for "/" vs "/ENA".  That does
not belong on the server name.

I usually go for a single server block listening on port 80 with pretty
much the same redirection you have, and one server block per domain
listening on 443, with as many locations as needed.

Something like:

    server "default" {
            listen on * port 80
            log {
                    access "default.access.log"
                    error "default.error.log"
                    style combined
            }

            location "/.well-known/acme-challenge/*" {
                    root "/acme"
                    request strip 2
            }
            location "/*" {
                    block return 301 "https://$HTTP_HOST$REQUEST_URI";
            }

            root "/htdocs/null"
    }

And then:

    server "mydomain.com" {
            listen on * tls port 443

            alias www.mydomain.com

            tls {
                    certificate 
"/etc/ssl/letsencrypt/mydomain.com/fullchain.pem"
                    key "/etc/ssl/letsencrypt/mydomain.com/privkey.pem"
            }
            log {
                    access "access.log"
                    error "error.log"
                    style combined
            }


            location "/foo/*" {
                    root "/foo"
                    request strip 1
            }
            location "/bar/*" {
                    root "/bar"
                    request strip 1
            }
            location "/baz" {
                    block return 301 "https://foobarbaz.com";
            }

            root "/htdocs/mydomain.com"
    }

Remember httpd.conf(5) is your friend.

-- 
Paco Esteban.
0x5818130B8A6DBC03

Re: httpd configuration.

Reply via email to