Hello,
can someone help me setting up virtual hosts for docker apps (wordpress, nextcloud) in UCS4.2?
I have read the thread VirtualHosts UCS 4.0 - but it didn’t work for me.
What do I have to adopt if the document root is a docker proxy path?
Thanks,
Bernd
Hey,
it would be helpful to see what you’ve tried — meaning the actual configuration you’ve built. And some more information about what “it didn’t work for me” means.
Without knowing the details of your configuration: if you want to proxy everything, you can set DocumentRoot to any path (preferably an empty one, e.g. create /srv/empty and point it there) and simply ProxyPass(Reverse) / …
Kind regards,
mosu
Hi,
well, I’ve tried some things… But what I meant by “it didn’t…” is:
ucr commit command didn’t do anything.ProxyPass(Reverse) / … to the conf-file which I installed under /etc/apache2/sites-available
So actually, in the daylight, the conf-file now is:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@TDL.de
ServerName nextcloud.TDL.de
DocumentRoot /var/www
<Directory /var/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLCertificateFile /etc/univention/letsencrypt/signed.crt
SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
SSLCACertificateFile /etc/univention/ssl/ucsCA/CAcert.pem
SSLCertificateChainFile /etc/univention/letsencrypt/intermediate.pem
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
ProxyPass / http://127.0.0.1:40002/ retry=0
ProxyPassReverse / http://127.0.0.1:40002/
</VirtualHost>
</IfModule>
And I think it is working - at least I get the friendly comment about a untrustfull domain from nextcloud.
Thank you,
Bernd
So to finish this here (I guess):
Sleep often helps 
/etc/univention/templates/info/myname-nextcloud-vhost.info with a content like:Type: file
File: etc/apache2/sites-available/nextcloud.conf
Variables: appcenter/apps/.*/ports/.*
/etc/univention/templates/files/etc/apache2/sites-available/nextcloud.conf:<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@TDL.de
ServerName nextcloud.TDL.de
DocumentRoot /var/www
<Directory /var/www>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www
SetEnv HTTP_HOME /var/www
</Directory>
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLCertificateFile /etc/univention/letsencrypt/signed.crt
SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
SSLCACertificateFile /etc/univention/ssl/ucsCA/CAcert.pem
SSLCertificateChainFile /etc/univention/letsencrypt/intermediate.pem
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
@!@
from univention.appcenter.app_cache import Apps
from univention.appcenter.utils import app_ports
for app_id, container_port, host_port in app_ports():
app = Apps().find(app_id)
if app and app.auto_mod_proxy and app.has_local_web_interface() and app_id == 'nextcloud':
web_interface = '/' # app.web_interface
scheme = app.web_interface_proxy_scheme
if scheme == 'both':
scheme = 'https'
if app.web_interface_port_https == container_port:
print '''
ProxyPass %(web_interface)s %(scheme)s://127.0.0.1:%(web_port)s%(web_interface)s retry=0
ProxyPassReverse %(web_interface)s %(scheme)s://127.0.0.1:%(web_port)s%(web_interface)s
''' % {'id': app.id, 'web_interface': web_interface, 'web_port': host_port, 'scheme': scheme}
else:
# not relevant for mod_proxy
continue
@!@
</VirtualHost>
</IfModule>
ucr commit /etc/apache2/sites-available/nextcloud.conf
config.php inside the docker and set the overwrites to ‘/’. See Nextcloud Reverse Proxy ohne Unterverzeichnis /nextcloud
Time to get some sleep soon,
Bernd
For everyone who’s trying that on UCS 5.0-6 here is an updated version for the python part:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@TDL.de
ServerName nextcloud.TDL.de
DocumentRoot /var/www
<Directory /var/www>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www
SetEnv HTTP_HOME /var/www
</Directory>
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLCertificateFile /etc/univention/letsencrypt/signed.crt
SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
SSLCACertificateFile /etc/univention/ssl/ucsCA/CAcert.pem
SSLCertificateChainFile /etc/univention/letsencrypt/intermediate.pem
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
@!@
from univention.appcenter.app_cache import Apps
from univention.appcenter.utils import app_ports
for app_id, container_port, host_port in app_ports():
app = Apps().find(app_id)
if app and app.auto_mod_proxy and app.has_local_web_interface() and app_id == 'nextcloud':
web_interface = '/' # app.web_interface
scheme = app.web_interface_proxy_scheme
if scheme == 'both':
scheme = 'https'
if app.web_interface_port_https == container_port:
print('''
ProxyPass %(web_interface)s %(scheme)s://127.0.0.1:%(web_port)s%(web_interface)s retry=0
ProxyPassReverse %(web_interface)s %(scheme)s://127.0.0.1:%(web_port)s%(web_interface)s
''' % {'web_interface': web_interface, 'web_port': host_port, 'scheme': scheme})
else:
# not relevant for mod_proxy
continue
@!@
</VirtualHost>
</IfModule>