Creating Multiple Sub Domains using a Single Cloudflare Tunnel with Apache on Debian

1 hour ago
benshollis
3 minutes

Apache supports name based virtual-hosts. This means all subdomains can exist on a single virtual machine with a single install of apache. Apache will then decide what site to serve based on the Host Header.

Example Setup

Create separate site configs

/etc/apache2/sites-available/arc.conf
/etc/apache2/sites-available/blog.conf
/etc/apache2/sites-available/images.conf

Example arc conf

<VirtualHost *:80>
    ServerName arc.hollis.fun
    DocumentRoot /var/www/arc

    <Directory /var/www/arc>
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Example blog conf

<VirtualHost *:80>
    ServerName blog.hollis.fun
    DocumentRoot /var/www/blog

    <Directory /var/www/blog>
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Then enable them

sudo a2ensite arc.conf
sudo a2ensite blog.conf
sudo systemctl reload apache2

Cloudflare Tunnels/DNS Settings

A single cloudflare tunnel can route multiple subdomains when configured to do so.
First edit the clouflare config

sudo nano /etc/cloudflared/config.yml

Now add the new subdomain

ingress:
  - hostname: arc.hollis.fun
    service: http://localhost:80
  - service: http_status:404

Then restart

sudo systemctl restart cloudflared

Enabling SSL Keys

Cloudflare has a built in way to generate SSL keys to implement into the tunnel.

First login to cloudflare.com and go to SSL/TLS>Origin Server and generate keys

Make a new directory to store the keys

sudo mkdir -p /etc/ssl/cloudflare

Then create the files and paste into them

sudo nano /etc/ssl/cloudflare/origin.pem
sudo nano /etc/ssl/cloudflare/origin.key

Now lock down permissions

sudo chmod 600 /etc/ssl/cloudflare/origin.key
sudo chmod 644 /etc/ssl/cloudflare/origin.pem
sudo chown root:root /etc/ssl/cloudflare/origin.*

Then enable ssl in apache

sudo a2enmod ssl
sudo systemctl restart apache2

Now create a SSL Virtualhost

sudo nano /etc/apache2/sites-available/arc-ssl.conf
<VirtualHost *:443>
    ServerName arc.hollis.fun
    ServerAlias *.hollis.fun

    DocumentRoot /var/www/arc

    SSLEngine on
    SSLCertificateFile /etc/ssl/cloudflare/origin.pem
    SSLCertificateKeyFile /etc/ssl/cloudflare/origin.key

    <Directory /var/www/arc>
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/arc_ssl_error.log
    CustomLog ${APACHE_LOG_DIR}/arc_ssl_access.log combined
</VirtualHost>

Finally enable the site

sudo a2ensite arc-ssl.conf
sudo systemctl reload apache2

Disabling the Default Site

sudo a2dissite 000-default.conf

Disable the “Index of” page from appearing again

sudo a2dismod autoindex
sudo systemctl reload apache2
Leave a Reply 0

Your email address will not be published. Required fields are marked *