Google provide Wordpress Launcher although in beta. I have try them by adding custom domain via Google Cloud DNS, but i still not success in adding custom domain with SSL (https).
Any Idea ?
Wordpress from Google Click to Deploy launches on Google Compute Engine, not Google App Engine, meaning you are getting an entire Debian virtual machine, not just an App Engine instance. The App Engine instructions are not applicable.
Here's the process I used (replace "www.veggie.com" with your domain):
Go to Deployment Manager and select your Wordpress deployment.
Under "Get Started with WordPress", click "SSH" to open a Google Cloud Shell console on the Debian virtual machine hosting your site.
If you haven't already, generate a CSR using openssl req -new -newkey rsa:2048 -nodes -keyout www_veggie_com.key -out www_veggie_com.csr. More info
You will be prompted with some questions. Answer them using letters and numbers only. For example:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New Mexico
Locality Name (eg, city) []:Albuquerque
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Veggie Inc # put "NA" if not applicable
Organizational Unit Name (eg, section) []:NA # put "NA" if not applicable
Common Name (e.g. server FQDN or YOUR name) []:www.veggie.com # MUST BE the website you are securing. Use *.veggie.com if you purchased a wildcard certificate
Email Address []:webmaster#veggie.com
A challenge password []: # just leave this blank
An optional company name []: # leave this blank too
Move the private key to a safe place, e.g. sudo mv www_veggie_com.key /etc/ssl/ssl.key/
View the CSR (Certificate Signing Request) file using cat www_veggie_com.csr. It should look something like this:
-----BEGIN CERTIFICATE REQUEST-----
sdkfjhksdjfhkjsdvbksdjfkhsdkfhskdjfhskjdfhksdjfhkdsjvbnksjksjkjh
2398dfjk3290fdsjk3290slk093koldfj3j0igr0/4387yvdjkn4398fdh92439h
sdkfjhksdjfhkjsdvbksdjfkhsdkfhskdjfhskjdfhksdjfhkdsjvbnksjksjkjh
2398dfjk3290fdsjk3290slk093koldfj3j0igr0/4387yvdjkn4398fdh92439h
sdkfjhksdjfhkjsdvbksdjfkhsdkfhskdjfhskjdfhksdjfhkdsjvbnksjksjkjh
2398dfjk3290fdsjk3290slk093koldfj3j0igr0/4387yvdjkn4398fdh92439h
sdkfjhksdjfhkjsdvbksdjfkhsdkfhskdjfhskjdfhksdjfhkdsjvbnksjksjkjh
2398dfjk3290fdsjk3290slk093koldfj3j0igr0/4387yvdjkn4398fdh92439h
sdkfjhksdjfhkjsdvbksdjfkhsdkfhskdjfhskjdfhksdjfhkdsjvbnksjksjkjh
2398dfjk3290fdsjk3290slk093koldfj3j0igr0/4387yvdjkn4398fdh92439h
sdkfjhksdjfhkjsdvbksdjfkhsdkfhskdjfhskjdfhksdjfhkdsjvbnksjksjkjh
2398dfjk3290fdsjk3290slk093koldfj3j0igr0/4387yvdjkn4398fdh92439h
sdkfjhksdjfhkjsdvbksdjfkhsdkfhskdjfhskjdfhksdjfhkdsjvbnksjksjkjh
sdkfjhksdjfhkjsdvbksdjfkhsdkfhskdjfhskjdfhksdjfhkdsjvbnksjksjkjh
2398dfjk3290fdsjk3290slk093koldfj3j0igr0/4387yvdjkn4398fdh92439h
3fjkbdjgkedkj4vie929ckw0gfjdfgjs90q=
-----END CERTIFICATE REQUEST-----
Copy the contents of the CSR file to your clipboard (in Google Cloud Shell, just highlight the text with your mouse and hit Ctrl+C).
Go to the site where you purchased the certificate and find the option to Activate the certificate. You should be prompted to upload or copy and paste the CSR. If you are prompted to confirm the server type, it is an Apache server. After I did that, my certificate issuer sent me the certificates via email.
Once you have your certificates, return to the Google Cloud Shell.
Use the gear menu > Upload File to upload your SSL certificates to your server. I put the certificates in /etc/ssl/ssl.crt/.
Enter sudo nano /etc/apache2/sites-available/wordpress.conf to use Nano to edit your server's configuration file to point to your certificate(s) and your key file. My wordpress.conf only had a <VirtualHost *:80> section, so I added a <VirtualHost *:443> section at the bottom:
<VirtualHost *:443>
ServerAdmin webmaster#veggie.com
ServerName www.veggie.com:443
DocumentRoot /var/www/html
# Copy <Directory /> and other settings from <VirtualHost *:80> here as well
SSLEngine on
SSLCertificateFile /etc/ssl/ssl.crt/www_veggie_com.crt
SSLCertificateKeyFile /etc/ssl/ssl.key/www_veggie_com.key
SSLCertificateChainFile /etc/ssl/ssl.crt/www_veggie_com.ca-bundle
</VirtualHost>
Restart the Apache server using sudo service apache2 restart
Try visiting your homepage via https (e.g. https://www.veggie.com) and see if it worked.
This is bit of a complicated process. Despite Googles efforts to https the whole internet and the fact that every App Engine app gets a secure appspot.com-subdomain, adding your own domain with your own certificate is bit complicated.
The process is documented here
1. SSH into the server
SSH into the server running your HTTP website as a user with sudo privileges.
2. Install snapd
You'll need to install snapd and make sure you follow any instructions to enable classic snap support.
Follow these instructions on snapcraft's site to install snapd.
https://snapcraft.io/docs/installing-snap-on-debian
3. Ensure that your version of snapd is up to date
Execute the following instructions on the command line on the machine to ensure that you have the latest version of snapd.
sudo snap install core; sudo snap refresh core
4. Remove certbot-auto and any Certbot OS packages
If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. The exact command to do this depends on your OS, but common examples are sudo apt-get remove certbot, sudo dnf remove certbot, or sudo yum remove certbot.
If you previously used Certbot through the certbot-auto script, you should also remove its installation by following the instructions here.
5. Install Certbot
Run this command on the command line on the machine to install Certbot.
sudo snap install --classic certbot
6. Prepare the Certbot command
Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.
sudo ln -s /snap/bin/certbot /usr/bin/certbot
7. Choose how you'd like to run Certbot
Either get and install your certificates...
Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.
sudo certbot --apache
Or, just get a certificate
If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command.
sudo certbot certonly --apache
8. Test automatic renewal
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration.
You can test automatic renewal for your certificates by running this command:
sudo certbot renew --dry-run
If that command completes without errors, your certificates will renew automatically in the background.
9. Confirm that Certbot worked
To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar.
Source:
https://certbot.eff.org/lets-encrypt/debianstretch-apache
Here's the steps I used for free SSL certificate on wordpress VM launched in google cloud.
Make sure "Allow http" and "Allow https" are selected in vm settings and also overall firewall rules for the your project has 443/80 rules (which are there by default).
Enabling Free SSL Certificate :
Change the domain name below from my-domain.com to required domain name.
Step 1 :
wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto
sudo ./certbot-auto certonly --webroot -w /var/www/html/ -d my-domain.com -d www.my-domain.com
Step 2:
sudo vi /etc/apache2/sites-available/default-ssl.conf
Add following after ServerAdmin
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
At the end of file
Comment out two SnakeOil Certs lines and add below.
SSLCertificateFile "/etc/letsencrypt/live/my-domain.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/my-domain.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/my-domain.com/chain.pem"
Step 3 :
sudo vi /etc/apache2/sites-available/wordpress.conf
Remove all 3 lines
Add below lines
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ServerName www.my-domain.com
ServerAlias my-domain.com
Redirect permanent / https://www.my-domain.com/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Step 4 :
Restart apache
sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart
Step 5 (Optional) :
Enable auto renewal for cert :
sudo mv certbot-auto /etc/letsencrypt/
sudo crontab -e
Add following at the end
45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart
Step 6 :
Test https version is working in browser.
Only after making sure that https is working :
Go to WP-Admin :
Settings > General > change site url and host url to https://my-domain.com
Note : Any error in typing wrong url in step 6, you can loose web access to wordpress. After that, you have to follow other steps to gain the access back through ssh.
Hope this helps.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 months ago.
Improve this question
I made React.js project , but it needs server side rendering, So now I have to migrate from CRA to next.js . the problem: I have to upload my website on apache web server, from what I gathered from google, I need installed node.js and pm2 (latest versions), also configured apache for reverse proxy. I also created ecoystem for pm2(I guess it was necessary). it looks like this at the moment:
module.exports = {
apps : [{
name: "nextjs-app",
script: "npm",
args: "run build",
env: {
NODE_ENV: "production"
}
}]
};
but when I ran pm2 start npm -- start , terminal is giving me respone like this:
pm2 start npm -- start
[PM2] Spawning PM2 daemon with pm2_home=/home/georgianar/.pm2
[PM2] PM2 Successfully daemonized
[PM2] Starting /usr/local/bin/npm in fork_mode (1 instance)
[PM2] Done.
but when I try to see list of process, there is none, and when user tries to enter the website, site log shows that there is no service on port 3000
AH01114: HTTP: failed to make connection to backend: localhost
and
(111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (localhost:3000) failed
any idea why?
Well if you want to run both on the same server you can do it in many ways
To run both Node.js and Apache on the same server, follow these steps: https://nodejs.org/en/download/package-manager/
To run your Node.js application as a service, you can use multiple methods such as creating a service, using a process manager (PM2 is common), or running a script on server startup with a cron job. For more information, see this link: How do I run a node.js app as a background service?. You'll need a server start script, typically named server.js, to do this. An example can be found at Next.js: https://nextjs.org/docs/advanced-features/custom-server. To run the application manually in the background, navigate to the app directory and run node ./server.js &
Set up a tunnel using proxypass on Apache. This is commonly used to run the Node.js application on a specific URL. You'll need to install the Apache module mod_proxy and edit the configuration for your Apache server. An example configuration could look like this:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster#example.com
ProxyPreserveHost On
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
You can also wrap the proxypass to run under a specific path using the location tag, like this:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster#example.com
ProxyPreserveHost On
<Location "/mynodeapplication/">
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</Location>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
This will run your application at https://yoururl/mynodeapplication. For more information, see this link: https://httpd.apache.org/docs/trunk/mod/mod_proxy.html.
I hope this covers most of it.
To run Next on Apache, you'll need to set up the Apache settings so that when the domain or subdomain you want Next to run on is accessed, Apache points the request to the local port on the machine that's running Next. Another issue is that Next's built-in server doesn't support SSL (which I'm assuming you want), and using a custom server instead (like Express) loses you many features and optimizations that would otherwise just work with the Next server. So you'll not only need to have Apache redirect to Next, but also have Apache handle the SSL certificate.
To do this, specify a VirtualHost for the server on port 80 to redirect to HTTPS. For example, at least in Ubuntu, in etc/apache2/sites-available/000-default.conf, you can add:
<VirtualHost *:80>
ServerName subdomain.example.com
Redirect / https://subdomain.example.com/
</VirtualHost>
And then set up the SSL certificate for SSL requests (on port 443), and tell Apache to route client requests to the local machine port, and to route the local machine port's responses back to the client. If you're using LetsEncrypt, you can add this into 000-default-le-ssl.conf:
<VirtualHost *:443>
ServerName subdomain.example.com
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://0.0.0.0:16534/
ProxyPassReverse / http://0.0.0.0:16534/
SSLEngine On
SSLProxyEngine On
SSLCertificateFile <insert path to fullchain.pem>
SSLCertificateKeyFile <insert path to privkey.pem>
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Above, I'm running Next on port 16534 - this is the port you'd see Next logging when it starts:
ready - started server on 0.0.0.0:49447, url: http://localhost:16534
so substitute it with whichever port you're using.
You'll also need to make sure the DNS server for your website points users to your webserver's external IP address by adding an A record, if you don't have one already. If the Next app is to run on a subdomain, you'll need a separate A record for the subdomain.
I'm running apache2 on ubuntu 16.04. I've configured apache2 to run multiple sites. One of the sites has https setup and to help support this I've added the following rule to redirect http requests to use https:
<VirtualHost *:80>
ServerName http://example.com
Redirect permanent / https://example.com/
</VirtualHost>
This has been too much of a blanket rule as it's redirecting other site's https requests to the domain above.
How can I re-configure the conf above to only redirect http requests for example.com and not the other sites on the same server?
The first listed virtualhost for each host:port acts as the default, catching all unmatched ServerNames. Make sure you don't define your special-case first.
See apachectl -S output for a summary of where your vhosts are loaded from and which one is the default.
I'm trying out Phoenix and for reasons beyond my control, I need it to be served through apache2.
There's a guide for serving Phoenix behind a proxy webserver but it only gives an example configuration for nginx (which I would be using if I could).
So I went to the documentation for mod_proxy and added these two lines to my VirtualHost:
<VirtualHost *:443>
...
LoadModule proxy_module modules/mod_proxy.so
ProxyPass /back http://www.example.com:4000 timeout=10
...
</VirtualHost>
I have the default Phoenix app running in development mode on port 4000. I tried going to https://example.com/back and the result is
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
I've checked my logs at /var/log/apache2/error.log and there is no error message corresponding to GET /back, although there IS a corresponding entry in access.log. All of the other things I'm serving are still working fine. I'm at a loss here, any pointers?
The problem was twofold.
Firstly, proxy submodules needed to be enabled.
sudo a2enmod proxy_http && sudo service apache2 restart
What led me to this fix was enabling a higher log level in apache2.conf:
LogLevel debug proxy:trace4
The relevant error was AH01144 (list of apache2 errors).
Secondly, I needed a reverse proxy:
<VirtualHost *:443>
...
ProxyPass /back http://www.example.com:4000 timeout=10
ProxyPassReverse /back http://www.example.com:4000 timeout=10
...
</VirtualHost>
I'm trying to add subdomains to my home server.
svn.domain.com
trac.domain.com
Due to dynamic IP I use dyndns service, on top of that I have domain.com hosted somewhere else. I created CNAME for subdomains on remote host to point to my user.dyndns.org domain.
So now when I visit either of subdomains: trac or svn, I see "It works!" message.
This done, I created two virtual host files under /etc/apache2/sites-enabled
file1: svn.domain.com and file2: trac.domain.com
contents:
<VirtualHost *:80>
ServerName trac.domain.com
DocumentRoot = /var/www/trac/repos
<Directory /var/www/trac/repos>
Order allow,deny
allow from all
</Directory>
</VirtualHost>
And
<VirtualHost *:80>
ServerName svn.domain.com
DocumentRoot = /var/svn/repos
<Directory /var/svn/repos>
Order allow,deny
allow from all
</Directory>
</VirtualHost>
But I get error: ERROR: Site trac.domain.com does not exist!
what am I doing wrong?
I had this problem when upgrading from Apache 2.2 to Apache 2.4. The (ridiculous) solution was to ensure all files end with .conf, or a2ensite would ERROR: Site example does not exist!.
Also, when linked manually in sites-enabled, they would not even load without the .conf extension.
I also came across the same problem when I upgraded from Apache 2.2 to 2.4; all my virtual hosts suddenly broke and while trying to search for why this was the case, I stumbled across this question.
It turns out the reason is because of a difference between my old apache2.conf and the new apache2.conf. My old Apache 2.2 conf file had the line
Include sites-enabled/
whereas my new Apache 2.4 conf file had the line
IncludeOptional sites-enabled/*.conf
Lo and behold, when I changed the line to
IncludeOptional sites-enabled/
everything went back to normal.
Try moving the files to /sites-available. Then run a2ensite svn.domain.com and a2ensite trac.domain.com and reload Apache.
if you type a2ensite. it will prompt. Which sites do you want to enable (ie., after you put a .conf file in the sites-available and link it from sites-enabled.
a2ensite expect the full name of the conf file with the .conf extension
a2ensite ONLY accepts .conf files, so copy all sites in sites-available so the have a .conf extension (renaming didn't work itconfused the linkssomehow), erase the original files from sites-available AND sites-enabled. use a2ensite on the new files (you don't need to add .conf) and it all works, with our without the *.conf in /etc/apache2/apach2.conf
There must be some "memory" of the original file even when it is renamed -the symbolic link renames also, butthe erases & enabling "new" .con files works and you can then use a2dissite and a2ensite as before
1) remove all default site inside sites-enable
a2dissite <site-configuration-file-name>
2) take a closed look at your config file: start with a minimum properties like:
<VirtualHost [Domain]:80>
ServerAdmin webmaster#localhost
ServerName [Domain]
DocumentRoot [webAppPath]
<Directory [webAppPath]>
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/my_domain_name_error.log
CustomLog ${APACHE_LOG_DIR}/my_domain_name_access.log combined
</VirtualHost>
My solution for local server name is replacing:
sudo a2ensite serverName
with
sudo a2ensite serverName.conf
I am planning on getting a VPS soon and have two sites I want to host. I have my local vhosts setup for my development environment using host file to port it correctly.
My question is hopefully simple: When setting up with two separate domains that point to the one VPS server is Apache smart enough, like on the local environment, to automatically filter any requests for domain.com to the correct VHOST like it does locally? I would just like to be sure :)
Thanks!
Example of what I am asking:
Say Domain1.com and Domain2.com are both on my VPS.
When someone requests www.Domain1.com apache sees this and passes it through to the domain1.com vhost file.
When someone requests www.Domain2.com apache sees this and passes it through to the domain2.com vhost file.
Repasting my answer from Hosting two domains using only one VPS? as here it is even more relevant.
As complete beginner, I have been trying to host multiple domains on one Apache VPS. Tutorials had too much information that lead me to confusion.
Below I describe, for complete beginners, how to host multiple domains on one VPS server with Ubuntu and Apache.
IMPORTANT! You need to use root account to execute most operations.
IMPORTANT! If you have been trying to make some changes to apache configuration before, undo them.
Creating VirtualHosts
Create folders for your domains on server.
For example:
/home/apache/domain1
/home/apache/domain2
Put index.html file in each folder with any text.
This is domain1
This is domain2
Go to /etc/apache2/sites-available folder.
Create file domain1.conf
sudo nano domain1.conf
<VirtualHost *:80>
DocumentRoot /home/apache/domain1
ServerName domain1.com
ServerAlias www.domain1.com
</VirtualHost>
Create file domain2.conf
sudo nano domain2.conf
<VirtualHost *:80>
DocumentRoot /home/apache/domain2
ServerName domain2.com
ServerAlias www.domain2.com
</VirtualHost>
You can create subdomains same way.
sudo nano blog.conf
<VirtualHost *:80>
DocumentRoot /home/apache/blog
ServerName blog.domain.com
ServerAlias www.blog.domain.com
</VirtualHost>
Enable created sites
sudo a2ensite domain1.conf
sudo a2ensite domain2.conf
Restart apache
sudo service apache2 reload
Redirecting domain to server
Created VirtualHosts will work only if you redirect your domain name to server IP. Domains are just names that can be translated to IP numbers.
Local computer
To test your configuration on local machine, you need to edit hosts file.
sudo nano /etc/hosts
It should look like this.
127.0.0.1 localhost domain1.com domain2.com
Hosts file tells your computer that domain needs to be redirected to local machine.
IMPORTANT! If you create entry in hosts file for existing domain, for example
127.0.0.1 stackoverflow.com
you will loose access to this website.
Server
In order to redirect domain to you web server, you need to create or modify "A"-type DNS record for given domain to IP address of your server. You can do it by panel control provided by your domain registrar.
If you do not know IP address of your server, log in to that server and type in command line:
ifconfig
The simple answer is 'yes', Apache is that clever. If you are used to using a local vhost file in conjunction with your hosts file to simulate local domains, the exact same technique can be applied on a VPS. The part you are doing with the hosts file is essentially creating a local name server, other than that Apache doesn't know the difference. Simply set the ServerName directive for each named vhost and you should find it working the same as it does locally.