Changing the domain and Jenkins reconfiguration

I changed the domain used for my server and reconfigured Apache2 to have a homepage to link to all the services now running on it - phpmyadmin, jenkins, the node-app and now the homepage.

Changing the Domain

With my domain renewal coming up I decided I didn’t want to renew the imade-aserver.xyz domain and instead use my twulz.com domain that I’ve purchased instead. First up I needed to update the config files corresponding to the new domain:

sudo cp imade-aserver.xyz-le-ssl.conf twulz.com-le-ssl.conf
sudo nano twulz.com-le-ssl.conf
sudo nano /etc/apache2/sites-available/twulz.com.conf

/etc/apache2/sites-available/twulz.com-le-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName twulz.com
        ServerAlias www.twulz.com
        DocumentRoot /var/www/twulz.com
        ProxyPreserveHost On
        ProxyRequests Off
        AllowEncodedSlashes NoDecode

        <Proxy *>
        Order deny,allow
        Allow from all
        </Proxy>

        ProxyPass /jenkins http://127.0.0.1:8080/jenkins nocanon
        ProxyPassReverse /jenkins http://127.0.0.1:8080/jenkins
        ProxyPassReverse /jenkins http://imade-aserver.xyz/jenkins

        Redirect 301 /blog https://imade-athing.com/

        ProxyPass /php !
        ProxyPass /phpmyadmin !
        ProxyPass /api http://127.0.0.1:4000
        ProxyPassReverse /api http://127.0.0.1:4000
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        Include /etc/letsencrypt/options-ssl-apache.conf

        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"
        SSLCertificateFile --redacted--
        SSLCertificateKeyFile --redacted--
    </VirtualHost>
</IfModule>

So this will mean that the node-app server will instead be accessible from the /api/ path with a normal website to more easily navigate everything I’m using the domain for.

/etc/apache2/sites-available/twulz.com.conf

<VirtualHost *:80>
    ServerName twulz.com
    Redirect permanent / https://twulz.com/
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =www.twulz.com [OR]
    RewriteCond %{SERVER_NAME} =twulz.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

I then created a new index.html file with a “Hello World!” just to check the normal server functionality in case I break phpmyadmin, the node-app or jenkins separately.

sudo mkdir /var/www/twulz.com
sudo chown -R $USER:$USER /var/www/twulz.com
sudo chmod -R 755 /var/www/twulz.com
sudo nano /var/www/twulz.com/index.html

To tell apache2 to use the new server there’s a few commands I needed to run:

sudo a2ensite twulz.com.conf
sudo a2dissite imade-aserver.xyz.conf
sudo apache2ctl configtest
sudo systemctl restart apache2

Success!

Adding a homepage for navigation

I created a simple homepage using Bootstrap 4 (the same as I use for this blog) to be served at the root directory to allow for navigating to all the services on the server. The code can be found over on Github.

I simply removed the placeholder index.html and cloned the repo into /var/www/twulz.com which was already being served by apache2 and now I could easily navigate between all my services!

Server Homepage

Security Test and Updates

I used the Mozilla Observatory to test my website for security issues. I couldn’t resolve all of the recommendations they have because of some dependencies for using phpmyadmin.

I did add this section to /etc/apache2/sites-available/twulz.com-le-ssl.conf below SSLCertificateKeyFile which brought up my score to a B which is the best I could do without disabling features of phpmyadmin.

<IfModule headers_module>
    RequestHeader set X-HTTPS 1
    Header set Content-Security-Policy "font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self'; object-src 'none'; frame-ancestors 'self';"
    Header set X-Content-Type-Options nosniff
    Header set X-Frame-Options "SAMEORIGIN;"
    Header set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
</IfModule>

About Me

Engineer, maker, do-er...
I basically just like to make things.

Archives