ServerAdmin webmaster@localhost LogLevel warn CustomLog /var/log/rudder/apache2/access.log combined ErrorLog /var/log/rudder/apache2/error.log # include redirection to https Include /opt/rudder/etc/rudder-apache-relay-nossl.conf #SINGLE_VHOST_START # This default virtual host serves (on root servers) both Web/API and node communication # using the agent certificate. # See below for other configuration options. ServerAdmin webmaster@localhost LogLevel warn CustomLog /var/log/rudder/apache2/access.log combined ErrorLog /var/log/rudder/apache2/error.log # include relay configuration, plus webapp configuration if root server # configuration to use the agent certificate, required for node-server communication, # is included in rudder-apache-relay-ssl.conf Include /opt/rudder/etc/rudder-apache-relay-ssl.conf IncludeOptional /opt/rudder/etc/rudder-apache-webapp-ssl.conf #SINGLE_VHOST_END #MULTI_VHOST_START # ############################################################################# # # To use a different certificate/port/configuration for Web/API access and # # and node communication, comment the default virtual host and uncomment and # # modify the following configuration. # # # # This is useful for: # # # # * using a different certificate for the web UI/API # # * separating the network flows for security reasons # # # # You will need a criteria to match the requests in the right virtual host, # # either a different port or a properly configured ServerName. # # # # If the 2 VirtualHosts share the same IP address and port, and cannot be # # differentiated by the “VirtualHost” statement : # # - The DNS name, if any, that is configured on the nodes as Policy Server # # must be used as “ServerName” for the nodes communication vhost. # # If the nodes use the server's IP address as Policy Server, then use # # the IP address for “ServerName”. # # - 127.0.0.1 must be specified as “ServerAlias" for the Node Communication # # vhost, as the Rudder agent that runs on the Rudder server itself uses # # 127.0.0.1 as policy server. # # - It is good practice to also use the actual server's IP address as a # # “ServerAlias" for node communication, so the nodes can access the server # # with a Policy Server configured either to its DNS name or IP address. # # # # - The hostname used for accessing the Web server interface and API must be # # specified as "ServerName" for the Web/API vhost. # # # ############################################################################# # # # If you change the port for one of the virtual hosts you will likely need to add # # Listen # # ######################## # # Node communication # ######################## # # #AGENT_VHOST # # ServerAdmin webmaster@localhost # # # ServerName # # ServerAlias 127.0.0.1 # # LogLevel warn # CustomLog /var/log/rudder/apache2/access.log combined # ErrorLog /var/log/rudder/apache2/error.log # # Include /opt/rudder/etc/rudder-apache-relay-ssl.conf # # # ################ # # Web/API # ################ # # #USER_VHOST # # ServerAdmin webmaster@localhost # # ServerName # # LogLevel warn # CustomLog /var/log/rudder/apache2/access.log combined # ErrorLog /var/log/rudder/apache2/error.log # # # Webapp config does not provide ssl configuration # SSLEngine on # SSLCertificateFile # SSLCertificateKeyFile # # SSLProtocol -all +TLSv1.3 # SSLHonorCipherOrder off # SSLSessionTickets off # # # To use settings provided by letsencrypt # # # Include /etc/letsencrypt/options-ssl-apache.conf # # Include /opt/rudder/etc/rudder-apache-webapp-ssl.conf # #MULTI_VHOST_END