UCC uses Apache 2 as a webserver for its website and member web-hosting services.
Member domains (username.ucc.asn.au) and the main website resolve as CNAMEs to mooneye.
The configuration for member VirtualHosts is on mooneye in /etc/apache2/sites-available/members. These VirtualHost entries simply proxy pass-through to http://realwww.ucc.gu.uwa.edu.au/~username (a CNAME to mussel). ProxyPassthroughReverse is also used so that HTTP headers don't come back to the user with the wrong domain name. For some reason this doesn't seem to work for URLs pointing to a directory without a trailing slash.
Most web-serving happens on mussel, and most of the configuration for this is stored in /etc/apache2/sites-available/. Most of the file names are fairly self-explanatory, but it is worth noting that both the main website and member webspace are configured in default.
Most HTTPS services are hosted under https://secure.ucc.asn.au, which also points to mussel (though it uses the interface listening on 220.127.116.11, not 18.104.22.168). Originally, this was because we didn't want to buy an SSL certificate for every machine. Now we have a wildcard certificate, so subdomains* can be accessed using HTTPS as well!
* SSL wildcards are not actually wildcards — they only support one level of subdomain, so *.ucc.asn.au won't match something.weird.ucc.asn.au.
Have a look at /etc/apache2/sites-available/secure on mussel to see how it's configured (it's world-readable).