New setup! When visiting the site from the web, you’re no longer being redirected to port 1966. Instead, Apache now acts as a reverse proxy.
The following config requests new certificates from Let’s Encrypt automatically thanks to mod_md.
HTTP requests are redirect to HTTPS. HTTPS requests for “/.well-known” URLs are left untouched for the Let’s Encrypt renewal to work. All other HTTPS requests are proxied to the old port 1966.
As each port can only be listened for by a single service and Apache is already listening on ports 80 and 443, I still need this one. Importantly, however, port 1966 is now HTTP only.
MDomain transjovian.org vault.transjovian.org toki.transjovian.org xn--vxagggm5c.transjovian.org archive.transjovian.org
MDCertificateAgreement accepted
<VirtualHost *:80>
ServerName transjovian.org
ServerAlias vault.transjovian.org toki.transjovian.org xn--vxagggm5c.transjovian.org
RewriteEngine on
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [redirect]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin alex@alexschroeder.ch
ServerName transjovian.org
ServerAlias vault.transjovian.org toki.transjovian.org xn--vxagggm5c.transjovian.org
RewriteEngine on
# Do not redirect /.well-known URL
RewriteCond %{REQUEST_URI} !^/\.well-known/
RewriteRule ^/(.*) http://%{HTTP_HOST}:1966/$1 [proxy]
DocumentRoot /home/alex/transjovian.org
<Directory /home/alex/transjovian.org>
Options Indexes MultiViews SymLinksIfOwnerMatch
AllowOverride All
Require all granted
</Directory>
Include conf-enabled/blocklist.conf
SSLEngine on
</VirtualHost>
The Phoebe service definition indicates that the Transjovian Council hostnames on port 1966 are served with no certificates (i.e. HTTP instead of HTTPS) using the “--no_cert” argument.
[Unit] Description=Phoebe After=network.target [Install] WantedBy=multi-user.target [Service] Type=simple WorkingDirectory=/home/alex/farm Restart=always User=alex Group=ssl-cert MemoryMax=100M MemoryHigh=90M Environment="PERL5LIB=/home/alex/perl5/perlbrew/perls/perl-5.32.0/lib" ExecStart=/home/alex/perl5/perlbrew/perls/perl-5.32.0/bin/perl \ /home/alex/perl5/perlbrew/perls/perl-5.32.0/bin/phoebe \ --wiki_dir=/home/alex/phoebe \ --log_level=info \ --port=1966 \ --host=transjovian.org \ --host=toki.transjovian.org \ --host=xn--vxagggm5c.transjovian.org \ --host=vault.transjovian.org \ --no_cert \ --port=1965 \ --host=transjovian.org \ --host=toki.transjovian.org \ --host=xn--vxagggm5c.transjovian.org \ --host=vault.transjovian.org \ --host=communitywiki.org \ --host=alexschroeder.ch \ --host=next.oddmuse.org \ --host=emacswiki.org \ --host=campaignwiki.org \ --cert_file=/home/alex/farm/cert.pem \ --key_file=/home/alex/farm/key.pem \ --wiki_main_page=Welcome \ --wiki_page=About \ --wiki_mime_type=image/png \ --wiki_mime_type=image/jpeg \ --wiki_mime_type=audio/mpeg \ --wiki_mime_type=video/webm \ --wiki_space=transjovian.org/test \ --wiki_space=transjovian.org/phoebe \ --wiki_space=transjovian.org/anthe \ --wiki_space=transjovian.org/gemini \ --wiki_space=transjovian.org/titan \ --wiki_space=transjovian.org/ijiraq \ --wiki_space=transjovian.org/elpher \ --wiki_space=transjovian.org/hyperion