8 February 2020

Using Apache mod_macro

Apache mod_macro can be used to simplify Apache configurations on servers with large number of identically configured VirtualHosts.

Create your macro configuration. In this example we create two macros, one for http & one for https. You should only enable one of these, and if https is enabled http is automatically redirected to https. Unless the requests starts with /.well-known/acme-challenge/ which is used by Let’s Encrypt for creating & renewing certificates.

<Macro VHostHTTP $vhost>
  <VirtualHost *:80>
    ServerName    $vhost
    ServerAlias   www.$vhost
    DocumentRoot  /var/www/$vhost/htdocs
    ScriptAlias   /cgi-bin/ /var/www/$vhost/cgi-bin/
  </VirtualHost>
</Macro>

<Macro VHostHTTPS $vhost>
  <VirtualHost *:80>
    ServerName    $vhost
    ServerAlias   www.$vhost
    <Location "/">
      <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
        Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
      </If>
    </Location>
    DocumentRoot  /var/www/$vhost/htdocs
  </VirtualHost>
  <VirtualHost *:443>
    ServerName    $vhost
    ServerAlias   www.$vhost
    DocumentRoot  /var/www/$vhost/htdocs
    ScriptAlias   /cgi-bin/ /var/www/$vhost/cgi-bin/
    SSLCertificateFile /etc/letsencrypt/live/$vhost/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/$vhost/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateChainFile /etc/letsencrypt/live/$vhost/chain.pem
  </VirtualHost>
</Macro>

ServerName $vhost

ServerAlias www.$vhost

DocumentRoot /var/www/$vhost/htdocs

ScriptAlias /cgi-bin/ /var/www/$vhost/cgi-bin/

</VirtualHost>

</Macro>

ServerName $vhost

ServerAlias www.$vhost

Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"

</If>

</Location>

DocumentRoot /var/www/$vhost/htdocs

</VirtualHost>

ServerName $vhost

ServerAlias www.$vhost

DocumentRoot /var/www/$vhost/htdocs

ScriptAlias /cgi-bin/ /var/www/$vhost/cgi-bin/

SSLCertificateFile /etc/letsencrypt/live/$vhost/cert.pem

SSLCertificateKeyFile /etc/letsencrypt/live/$vhost/privkey.pem

Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateChainFile /etc/letsencrypt/live/$vhost/chain.pem

</VirtualHost>

</Macro>

Enable mod_macro. This will both enable loading the module, and load the newly created configuration.

a2enmod macro
service apache2 restart

1 2	a2enmod macro service apache2 restart

Create your virtualhost configuration. You could create one of these per site or create a single master configuration that includes all of your virtualhosts, one per line. First enable VHostHTTP, then once you’ve provisioned a Let’s Encrypt certificate change it to VHostHTTPS.

Use VHostHTTPS example.com

1	Use VHostHTTPS example.com

Reload Apache to enable your new virtualhost:

a2ensite example.com
service apache2 reload

1 2	a2ensite example.com service apache2 reload

Posted February 8, 2020 by msb in category "Apache", "Let's Encrypt

2 COMMENTS :

By Seth on 1 March, 2022

Thanks for the guide, sadly certbot doesn’t support mod_macro so I’m back to creating multiple files.
1. By msb (Post author) on 30 March, 2022
  
  The above configuration using mod_macro with certbot works for me. Certbot itself doesn’t know anything about mod_macro, it just creates the certs. Then you use the above mod_macro config to enable individual virtualhosts. You do need to create an individual apache virtualhost config for each site, but with mod_macro that config becomes a simple one-liner that automatically enables https with the Let’s Encrypt certificate.

Comments are closed.