...
First of all, let's have a look to api.conf. This VirtualHost configuration file will group SSL access for all Abiquo Appliance Manager webapps and API endpoint: (api.conf)
| Code Block |
|---|
<VirtualHost *:80>
RewriteEngine On
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName api.example.com
RewriteEngine On
ProxyRequests Off
ProxyPreserveHost On
# Avoid CORS when uploading a template from different domains
<IfModule mod_headers.c>
SetEnvIfNoCase Origin "https?://(api\.example\.com|theme1\.example\.com|theme2\.example\.com|dc2rs\.example\.com)(:\d+)?$" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
</IfModule>
# Subdomain1 download RewriteRule
RewriteCond %{HTTP_REFERER} ^https://theme1\.example\.com/ui/ [NC]
RewriteCond %{REQUEST_URI} ^/(.*)/files/.*$ [NC]
RewriteRule /(.*)/files/(.*) https://theme1.example.com/$1/files/$2 [R,L]
# Subdomain2 download RewriteRule
RewriteCond %{HTTP_REFERER} ^https://theme2\.example\.com/ui/ [NC]
RewriteCond %{REQUEST_URI} ^/(.*)/files/.*$ [NC]
RewriteRule /(.*)/files/(.*) https://theme2.example.com/$1/files/$2 [R,L]
<Location /api>
ProxyPass ajp://localhost:8010/api retry=0
ProxyPassReverse ajp://localhost:8010/api
</Location>
# All Abiquo Appliance Managers managed in each datacenter
# Datacenter1 Appliance Manager
<Location /am>
ProxyPass ajp://192.168.1.100:8010/am retry=0 timeout=1800
ProxyPassReverse ajp://192.168.1.100:8010/am
</Location>
# Datacenter2 Appliance Manager
<Location /am-barcelona>
ProxyPass ajp://192.168.1.150:8010/am retry=0 keepalive=On timeout=1800
ProxyPassReverse ajp://192.168.1.150:8010/am
</Location>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/ssl/example.com.pem
SSLCertificateKeyFile /etc/httpd/ssl/example.com.key
CustomLog /var/log/httpd/api-access.log combined
ErrorLog /var/log/httpd/api-error.log
</VirtualHost> |
...
There are other sections and parameters such as the certificate configuration, apache log files and ProxyPass extra options such retry, keepalive and timeout that can be modified and customised depending in your environment. Refer to Apache website documentation to further information.
Now, we should create a VirtualHost configuration file per each subdomain. All files will look almost the same:
theme1.conf
| Code Block |
|---|
<VirtualHost *:80> RewriteEngine On RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301] </VirtualHost> <VirtualHost *:443> ServerName theme1.example.com RewriteEngine On ProxyRequests Off ProxyPreserveHost On <Directory "/var/www/html/ui"> Options MultiViews AllowOverride None Order allow,deny Allow from all </Directory> RewriteRule ^/$ /ui/ [R] # Theme and config AliasMatch AliasMatch ^/ui/theme/(.*)$ /var/www/html/ui/theme1/$1 AliasMatch ^/ui/config/client-config.json /var/www/html/ui/config/theme1.json <Location /api> ProxyPass ajp://192.168.1.100:8010/api retry=0 ProxyPassReverse ajp://192.168.1.100:8010/api </Location> <Location /m> ProxyPass ajp://192.168.1.100:8010/m retry=0 ProxyPassReverse ajp://192.168.1.100:8010/m </Location> <Location /am> ProxyPass ajp://192.168.1.100:8010/am retry=0 timeout=1800 ProxyPassReverse ajp://192.168.1.100:8010/am </Location> <Location /am-barcelona> ProxyPass ajp://192.168.1.150:8010/am retry=0 keepalive=On timeout=1800 ProxyPassReverse ajp://192.168.1.150:8010/am </Location> <Location /legal> ProxyPass ajp://192.168.1.100:8010/legal retry=0 ProxyPassReverse ajp://192.168.1.100:8010/legal </Location> SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/httpd/ssl/example.com.pem SSLCertificateKeyFile /etc/httpd/ssl/example.com.key CustomLog /var/log/httpd/theme1-access.log combined ErrorLog /var/log/httpd/theme1-error.log </VirtualHost> |
theme2.conf
| Code Block |
|---|
<VirtualHost *:80>
RewriteEngine On
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName theme2.example.com
RewriteEngine On
ProxyRequests Off
ProxyPreserveHost On
<Directory "/var/www/html/ui">
Options MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
RewriteRule ^/$ /ui/ [R]
# Theme and config AliasMatch
AliasMatch ^/ui/theme/(.*)$ /var/www/html/ui/theme2/$1
AliasMatch ^/ui/config/client-config.json /var/www/html/ui/config/theme2.json
<Location /api>
ProxyPass ajp://192.168.1.100:8010/api retry=0
ProxyPassReverse ajp://192.168.1.100:8010/api
</Location>
<Location /m>
ProxyPass ajp://192.168.1.100:8010/m retry=0
ProxyPassReverse ajp://192.168.1.100:8010/m
</Location>
<Location /am>
ProxyPass ajp://192.168.1.100:8010/am retry=0 timeout=1800
ProxyPassReverse ajp://192.168.1.100:8010/am
</Location>
<Location /am-barcelona>
ProxyPass ajp://192.168.1.150:8010/am retry=0 keepalive=On timeout=1800
ProxyPassReverse ajp://192.168.1.150:8010/am
</Location>
<Location /legal>
ProxyPass ajp://192.168.1.100:8010/legal retry=0
ProxyPassReverse ajp://192.168.1.100:8010/legal
</Location>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/ssl/example.com.pem
SSLCertificateKeyFile /etc/httpd/ssl/example.com.key
CustomLog /var/log/httpd/theme2-access.log combined
ErrorLog /var/log/httpd/theme2-error.log
</VirtualHost> |
The only differences are the ServerName directive and the AliasMatch rules required to apply the desired theme per subdomain:
theme1.example.com
| Code Block |
|---|
ServerName theme1.example.com
AliasMatch ^/ui/theme/(.*)$ /var/www/html/ui/theme1/$1
AliasMatch ^/ui/config/client-config.json /var/www/html/ui/config/theme1.json |
theme2.example.com
| Code Block |
|---|
ServerName theme2.example.com
AliasMatch ^/ui/theme/(.*)$ /var/www/html/ui/theme2/$1
AliasMatch ^/ui/config/client-config.json /var/www/html/ui/config/theme2.json |
# tree /etc/httpd/conf.d/
/etc/httpd/conf.d/
??? api.conf
??? ssl.conf
??? theme1.conf
??? theme2.conf
...