It's possible to have a solid server in a debian with other Apache Vhost


#1

It’s simple and I think that the title give and Idea. For install and trial , i can use a Virtualmachine for solid server , but on cloud I don’t have a machine only for server. I can share solid server, with a machine that have several Apache Vhost running ?
Best


#2

Yes, I’ve done this with Virtualmin1. I create a new virtual server with a separate solid user, and the pod.vhost.conf (e.g.in sites-available) has the following bits in it:

SSLEngine on
SSLCertificateFile /home/solid/ssl.cert
SSLCertificateKeyFile /home/solid/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /home/solid/ssl.ca
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<location />
ProxyPreserveHost on
ProxyPass https://localhost:8444/
ProxyPassReverse https://localhost:8444/
Header add Access-Control-Allow-Origin "*"
</location>

Virtualmin takes care of creating the LetsEncrypt certificates for me, creating ssl.ca ssl.cert ssl.combined ssl.everything ssl.key in the /home folder for the solid.

config.json cert lines should look like:

"sslKey": "/home/solid/ssl.key",
"sslCert": "/home/solid/ssl.combined"

- don’t do what I did, which is use ssl.cert for sslCert - you’ll get unable to verify the first certificate errors as you’re not including full chain. Hope this helps.

1 You don’t necessarily need Virtualmin - can just use Webmin (and get the LetsEncrypt goodness from that) but that would make it harder to separate your pod userspace from the rest of the system. Anyway, hopefully a working vhost will help you work it out.

Nick


#3

Thanks a lot . I will try .
Only , I don’t use virtualmin or similar, I use always command line :wink:


#4

The command line is never far away believe me… but Virtualmin is a shortcut to a reasonably secure starting point for a multi domain server. You can do it all with vanilla Debian and I have done this with Raspbian but I use Virtualmin for my public servers and I was pleased to see how easy it was to get NSS to work with it!