ProxyPass apache https to a node server

Asked 18/1, 2016 at 22:24 Answered 27/12, 2022 at 10:19

node.js apache reverse-proxy mod-proxy http-proxy

I'm trying to make a apache server a gateway for my node server.
My apache will serve the static pages and the node will act as rest api server.
Both the node and the apache sits on the same server , ubuntu 64bit ec2.

I've tried to do this for https and failed, later i've tried to open up a http port for the proxy pass and it worked ( I've changed the node to be http in order for that to work).

my last resort will be turning the node to the web server, but I wish to keep it simple since it will go refactor soon and use meteor.

I'll appreciate any suggestion

This is my configuration for the apache

<VirtualHost *:443>

    ServerName secure.mysite.co.il
    ServerAdmin [email protected]
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    SSLCertificateFile /ssl/mysite.crt
    SSLCertificateKeyFile /ssl/mysite.key
    SSLCertificateChainFile /ssl/ca-bundle-client.crt

    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass /echo/test https://127.0.0.1:8001/echo/test
    ProxyPassReverse /echo/test https://127.0.0.1:8001/echo/test

successfull http config

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName mysite.co.il
    ServerAlias www.mysite.co.il
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / http://127.0.0.1:8001/
    ProxyPassReverse / http://127.0.0.1:8001/
</VirtualHost>

Viscount answered 18/1, 2016 at 22:24 Comment(5)

Is your node service configured for SSL? – Encourage 19/1, 2016 at 0:38

it serves the same ca var server = restify.createServer({ key: fs.readFileSync('/ssl/mysite.key'), certificate: fs.readFileSync('/ssl//mysite.crt'), name: 'mysite-rest', version: '1.0.0' }); – Viscount 19/1, 2016 at 6:26

I don't understand how Node can have port 8001 set up for both https and http connections at the same time. Have you tried testing out the https connection directly using OpenSSL ("openssl s_client -connect 127.0.0.1:8001")? – Encourage 19/1, 2016 at 7:6

as I mentioned "( I've changed the node to be http in order for that to work)". i've just removed the crt and key to make it http only for the test – Viscount 19/1, 2016 at 8:0

Wasn't sure whether you meant you'd disabled it in Apache (by just changing it to http) or both. Can you enable it in node again, try the above OpenSSL command, and then add both that output and your full node application to your question. Your Apache config looks good so suspect a node issue. – Encourage 19/1, 2016 at 8:9

SSLProxyEngine On needs to be declared to enable SSL for a reverse proxy config. This directive is documented here:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslproxyengine

Bowhead answered 19/1, 2016 at 4:59 Comment(3)

"Note that the SSLProxyEngine directive should not, in general, be included in a virtual host that will be acting as a forward proxy (using <Proxy> or <ProxyRequest> directives. SSLProxyEngine is not required to enable a forward proxy server to proxy SSL/TLS requests." – Encourage 19/1, 2016 at 7:9

BazzaDP, that statement is applicable to a "forward" proxy configuration. Tal is using a "reverse" proxy (more common).. and this does require SSLProxyEngine On – Bowhead 19/1, 2016 at 15:9

You are correct. Getting my proxies mixed up and had checked my own config and not seen it but do see it there now do obviously checked wrong earlier. Have an up its on me :-) – Encourage 19/1, 2016 at 16:23

The following config works for me. I used port 4433 however this is obviousy arbitrary

<VirtualHost _default_:443>
    SSLProxyEngine on

    ServerName example.com
    ServerAlias www.example.com 

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyVia Full
    <Proxy *>
      Require all granted
    </Proxy>

    ServerAdmin [email protected]
    DocumentRoot /var/www/example.com/public_html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
    #SSLCertificateChainFile /etc/letsencrypt/live/fullchain1.pem


    ProxyPass / https://example.com:4433/
    ProxyPassReverse / https://example.com:4433 /

    <Directory "/var/www/example.com/public_html">
        AllowOverride All
    </Directory>        

</VirtualHost>

Stubbs answered 20/2, 2018 at 5:24 Comment(0)

-2

The technologies are not compatible or interchangeable, ie, you cannot work with javascript and PHP, or HTML and CSS with REACT and NODEJS and WebPack3. You have to pick one, possibly 2 technologies, and settle with what does work as code bases frequently break and are not reliable. You will find that trying to incorporate more software will only break your existing code.

Czarist answered 27/12, 2022 at 10:19 Comment(1)

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center. – Yakut 27/12, 2022 at 16:1

Recommended topics

Hot tags