I needed to have two websites on the same server: one at jaimemontoya.net and the other at sponsorship.jaimemontoya.net. My first step was to create A and CNAME records for sponsorship.jaimemontoya.net and www.sponsorship.jaimemontoya.net, respectively.
Create A Record:
Create CNAME Record:
A and CNAME Records created successfully:
I created a new directory for the subdomain, and the index.html file that I wanted to display, assigning proper file owner and group to the directory and file:
root@jaimemontoya:/var/www# chown -R jmontoya:jmontoya sponsorship.jaimemontoya.net
root@jaimemontoya:/var/www# cd sponsorship.jaimemontoya.net/
root@jaimemontoya:/var/www/sponsorship.jaimemontoya.net# ls -l
total 4
-rw-r--r-- 1 jmontoya jmontoya 101 Nov 15 23:47 index.html
root@jaimemontoya:/var/www/sponsorship.jaimemontoya.net# pwd
/var/www/sponsorship.jaimemontoya.net
The content of index.html was simply this:
root@jaimemontoya:/var/www/sponsorship.jaimemontoya.net# cat index.html
<!DOCTYPE html>
<html>
<body>
<h1>My First Heading</h1>
<p>My first paragraph.</p>
</body>
</html>
I created /etc/apache2/sites-available/sponsorship.jaimemontoya.net.conf, the Apache configuration file for http://sponsorship.jaimemontoya.net whose purpose is to redirect http://sponsorship.jaimemontoya.net to https://sponsorship.jaimemontoya.net, with the following content:
# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName sponsorship.jaimemontoya.net
ServerAlias www.sponsorship.jaimemontoya.net
DocumentRoot /var/www/sponsorship.jaimemontoya.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
I created /etc/apache2/sites-available/sponsorship.jaimemontoya.net-le-ssl.conf, the Apache configuration file for https://sponsorship.jaimemontoya.net, with the following content:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName sponsorship.jaimemontoya.net
ServerAlias www.sponsorship.jaimemontoya.net
DocumentRoot /var/www/sponsorship.jaimemontoya.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</IfModule>
I checked the sites that were enabled:
root@jaimemontoya:/etc/apache2/sites-available# a2query -s
000-default-le-ssl (enabled by unknown)
000-default (enabled by site administrator)
I enabled my new Apache sites/Virtual Hosts for http://sponsorship.jaimemontoya.net and https://sponsorship.jaimemontoya.net:
root@jaimemontoya:/etc/apache2/sites-available# a2ensite sponsorship.jaimemontoya.net.conf
Enabling site sponsorship.jaimemontoya.net.
To activate the new configuration, you need to run:
systemctl reload apache2
root@jaimemontoya:/etc/apache2/sites-available# a2ensite sponsorship.jaimemontoya.net-le-ssl.conf
Enabling site sponsorship.jaimemontoya.net-le-ssl.
To activate the new configuration, you need to run:
systemctl reload apache2
I activated the new configuration:
root@jaimemontoya:/etc/apache2/sites-available# systemctl reload apache2I verified that my sites were enabled successfully:
root@jaimemontoya:/etc/apache2/sites-available# a2query -s
sponsorship.jaimemontoya.net-le-ssl (enabled by site administrator)
sponsorship.jaimemontoya.net (enabled by site administrator)
000-default-le-ssl (enabled by unknown)
000-default (enabled by site administrator)
I tried disabling and enabling sites and confirmed that everything worked as expected:
root@jaimemontoya:/etc/apache2/sites-available# a2dissite sponsorship.jaimemontoya.net.conf
Site sponsorship.jaimemontoya.net disabled.
To activate the new configuration, you need to run:
systemctl reload apache2
root@jaimemontoya:/etc/apache2/sites-available# systemctl reload apache2
root@jaimemontoya:/etc/apache2/sites-available# a2query -s
sponsorship.jaimemontoya.net-le-ssl (enabled by site administrator)
000-default-le-ssl (enabled by unknown)
000-default (enabled by site administrator)
root@jaimemontoya:/etc/apache2/sites-available# a2ensite sponsorship.jaimemontoya.net.conf
Enabling site sponsorship.jaimemontoya.net.
To activate the new configuration, you need to run:
systemctl reload apache2
root@jaimemontoya:/etc/apache2/sites-available# systemctl reload apache2
root@jaimemontoya:/etc/apache2/sites-available# a2query -s
sponsorship.jaimemontoya.net-le-ssl (enabled by site administrator)
sponsorship.jaimemontoya.net (enabled by site administrator)
000-default-le-ssl (enabled by unknown)
000-default (enabled by site administrator)
The subdomain https://sponsorship.jaimemontoya.net works correctly, invoking the content in /var/www/sponsorship.jaimemontoya.net, as specified in /etc/apache2/sites-available/sponsorship.jaimemontoya.net-le-ssl.conf. Visiting http://sponsorship.jaimemontoya.net redirects to https://sponsorship.jaimemontoya.net, as specified in /etc/apache2/sites-available/sponsorship.jaimemontoya.net.conf.
The "Not secure" message is still a problem. But the fix for that is going to be the topic for my next blog post.
UPDATE: My next blog post has arrived and you can find it at https://jaimemontoya.com/blog/2023/11/21/02/20/.