3

Normally in my vhost blocks I do:

Define SITE example.com

SSLCertificateFile /path/to/${SITE}.crt
SSLCertificateKeyFile /path/to/${SITE}.key

I'm wondering if it's possible to create a variable in Apache that would correspond to my filenames for example.com.crt and example.com.key?

I assume not, but it's worth asking to consolidate my vhost blocks.

Jeff
  • 1,416
  • 3
  • 28
  • 50

2 Answers2

3

For Apache, you can use mod_macro

First define a VHost Macro for repetitive configurations:

 <Macro VHost $host $port $dir>
  Listen $port
  <VirtualHost *:$port>

    ServerName $host
    DocumentRoot $dir

    <Directory $dir>
      # do something here...
    </Directory>

    # limit access to intranet subdir.
    <Directory $dir/intranet>
      order deny,allow
      deny from all
      allow from 10.0.0.0/8
    </Directory>
  </VirtualHost>
</Macro>

Then you can use of VHost with different arguments.

Use VHost www.apache.org 80 /projects/apache/web
Use VHost www.perl.com 8080 /projects/perl/web
Use VHost www.ensmp.fr 1234 /projects/mines/web

I've got 50 domains (like a.com, b.com, c.com, d.com, etc) based on the same wordpress code directory. While convert to https, every domain has its own certificate and private key files. I don't want to copy & paste & change the VirtualHost block codes for 50 times.

By mod_macro I don't need to do the VirtualHost block 50 times. I did it this way, which makes it easier. Below macro include redirect www to non-www domain name:

<Macro VHost $domain>
<VirtualHost *:443>
    ServerName www.$domain
    Redirect permanent / https://$domain/

    Include /path/to/apache-common-ssl.conf

    SSLCertificateFile /etc/pki/tls/certs/$domain.cer
    SSLCertificateKeyFile /etc/pki/tls/private/$domain.key
    SSLCertificateChainFile /etc/pki/tls/certs/$domain-fullchain.cer
</VirtualHost>

<VirtualHost *:443>
    ServerName $domain
    DocumentRoot /home/wordpress
    <Directory /home/wordpress>
        # Stuff about the directory ...
    </Directory>

    Include /path/to/apache-common-ssl.conf

    SSLCertificateFile /etc/pki/tls/certs/$domain.cer
    SSLCertificateKeyFile /etc/pki/tls/private/$domain.key
    SSLCertificateChainFile /etc/pki/tls/certs/$domain-fullchain.cer
</VirtualHost>
</Macro>

Use VHost a.com
Use VHost b.com
Use VHost c.com
......
Sunry
  • 209
  • 2
  • 10
  • Nice, but could you please modify your answer so that the macro directly solves the problem in the question. In particular, please include the SSLCertificateKey and KeyFIle. – hackerb9 Sep 02 '22 at 23:33
  • If someone confirms this works, and I'm sure it does, I'll mark this as the correct answer. – Jeff Sep 03 '22 at 09:17
  • By your question, I found mod_macro, it also solved my question. @jeff – Sunry Sep 04 '22 at 00:24
1

Apache wants to read the certificates on startup, so you won't be able to define them runtime (i.e. during handshake).

Lacek
  • 7,233
  • 24
  • 28