onboardingwebsite

Onboarding einer neuen Website mit eigenem DNS-Eintrag

Abkürzungen:

  • sub.domain.tld = DNS-Eintrag
  • IPv4 = IPv4-Adresse des Servers der Webseite
  • IPv6 = IPv6-Adresse des Servers der Webseite

CNAME generieren, der auf die Maschine zeigt, auf der die Webseite liegen soll.

mkdir /srv/www/sub.domain.tld
mkdir /var/log/httpd/sub.domain.tld
vim /etc/httpd/conf.d/sub.domain.tld.conf
<VirtualHost IPv4:80 [IPv6]:80>
    ServerName sub.domain.tld

    DocumentRoot /srv/www/sub.domain.tld
    ErrorLog /var/log/httpd/sub.domain.tld/error.log
    CustomLog /var/log/httpd/sub.domain.tld/access.log combined

    <Directory /srv/www/sub.domain.tld>
        Order allow,deny
        Allow from all
        Require all granted
        Options Indexes
        AllowOverride all
    </Directory>

#    RewriteEngine on
#    RewriteCond %{HTTP_HOST}   !^$
#    RewriteRule ^/(.*)         https://sub.domain.tld/$1 [L,R]
</VirtualHost>
apachectl configtest
apachectl graceful
vim /opt/acmefetch/etc/sub.domain.tld.cfg
{
    "GENERAL": {
        "ACMEstaging": "acme-staging.api.letsencrypt.org",
        "ACMEservice": "acme-v01.api.letsencrypt.org",
        "accountKeyPath": "/etc/letsencrypt/ddeimeke.key"
    },
    "CERTS": [
        {
            "certOutput": "/etc/letsencrypt/sub.domain.tld.crt",
            "certFormat": "PEM",
            "keyOutput": "/etc/letsencrypt/sub.domain.tld.key",
            "keyFormat": "PEM",
            "chainOutput": "/etc/letsencrypt/chain.crt",
            "chainFormat": "PEM",
            "commonName": "sub.domain.tld",
            "SITES": {
                "sub.domain.tld": {
                    "challengeHandler": "LocalFile",
                    "challengeConfig": {
                        "www_root": "/srv/www/sub.domain.tld/",
                    }
                }
            }
        }
    ]
}
/opt/acmefetch/bin/acmefetch --cfg=/opt/acmefetch/etc/sub.domain.tld.cfg
vim /etc/httpd/conf.d/sub.domain.tld.conf
<VirtualHost IPv4:80 [IPv6]:80>
    ServerName sub.domain.tld

#    DocumentRoot /srv/www/sub.domain.tld
#    ErrorLog /var/log/httpd/sub.domain.tld/error.log
#    CustomLog /var/log/httpd/sub.domain.tld/access.log combined

#    <Directory /srv/www/sub.domain.tld>
#        Order allow,deny
#        Allow from all
#        Require all granted
#        Options Indexes
#        AllowOverride all
#    </Directory>

    RewriteEngine on
    RewriteCond %{HTTP_HOST}   !^$
    RewriteRule ^/(.*)         https://sub.domain.tld/$1 [L,R]
</VirtualHost>
vim /etc/httpd/conf.d/00-sub.domain.tld.conf
<VirtualHost IPv4:443 [IPv6]:443>
    ServerName sub.domain.tld
    ServerAdmin dirk.deimeke@myown-it.com
    DocumentRoot /srv/www/sub.domain.tld

    <Directory /srv/www/sub.domain.tld/.git>
        Order deny,allow
        Deny from all
        Require all denied
    </Directory>

    ErrorLog /var/log/httpd/sub.domain.tld/error.log
    CustomLog /var/log/httpd/sub.domain.tld/access.log combined

    RewriteEngine On

    SSLEngine On
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    SSLHonorCipherOrder     on
    SSLCompression          off

    Header add Strict-Transport-Security "max-age=15768000"

    SSLCertificateFile /etc/letsencrypt/sub.domain.tld.crt
    SSLCertificateKeyFile /etc/letsencrypt/sub.domain.tld.key
    SSLCertificateChainFile /etc/letsencrypt/chain.crt

    ExpiresActive on ExpiresDefault "access plus 1 week"

    <Directory /srv/www/sub.domain.tld>
        Order allow,deny
        Allow from all
        Require all granted
        Options Indexes FollowSymLinks
        AllowOverride all
    </Directory>

</VirtualHost>
apachectl configtest
apachectl graceful
  • onboardingwebsite.txt
  • Zuletzt geändert: 20200321 16:03
  • von Dirk Deimeke