apache reverse proxy
jebba
parent
ad774b3faa
commit
60ce55c16c
|
|
@ -1681,6 +1681,78 @@ shouldn't appear anymore.
|
|||
* http://localhost:9663/
|
||||
|
||||
|
||||
## Set up Apache Web Reverse Proxy
|
||||
Now that the site is nominally working, we can set up the Apache
|
||||
web server as a reverse proxy so we can access the site at an
|
||||
encrypted URL, such as:
|
||||
|
||||
* https://www.mychestserver.org
|
||||
|
||||
|
||||
Note, setting this up will re-break the web sockets until we
|
||||
update that lila-ws configuration below.
|
||||
|
||||
Open yet another terminal on your workstation and ssh into the
|
||||
server again, ala:
|
||||
|
||||
```
|
||||
ssh mychestserver
|
||||
```
|
||||
|
||||
Using your favorite text editor, such as vim, edit the Apache configuration
|
||||
file:
|
||||
|
||||
```
|
||||
sudo vim /etc/apache2/sites-enabled/000-default-le-ssl.conf
|
||||
```
|
||||
|
||||
The full configuration file should look like this:
|
||||
|
||||
```
|
||||
<IfModule mod_ssl.c>
|
||||
<VirtualHost *:443>
|
||||
ProxyRequests On
|
||||
ProxyVia On
|
||||
ServerAdmin webmaster@localhost
|
||||
DocumentRoot /var/www/html
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
RewriteEngine on
|
||||
AllowEncodedSlashes NoDecode
|
||||
ProxyPass / http://localhost:9663/ nocanon
|
||||
ProxyPassReverse / http://localhost:9663/
|
||||
RewriteCond %{HTTP:Upgrade} =websocket [NC]
|
||||
RewriteRule /(.*) ws://localhost:9664/$1 [P,L]
|
||||
Header set "Access-Control-Allow-Origin" "https://www.mychestserver.org"
|
||||
Header set "Access-Control-Allow-Methods" "POST, GET, OPTIONS"
|
||||
ServerName www.mychestserver.org
|
||||
SSLCertificateFile /etc/letsencrypt/live/www.mychestserver.org/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/www.mychestserver.org/privkey.pem
|
||||
Include /etc/letsencrypt/options-ssl-apache.conf
|
||||
</VirtualHost>
|
||||
</IfModule>
|
||||
```
|
||||
|
||||
Then restart the webserver with the new config:
|
||||
|
||||
```
|
||||
sudo systemctl restart apache2.service
|
||||
|
||||
# Logs are:
|
||||
sudo tail -f /var/log/apache2/*.log
|
||||
```
|
||||
|
||||
Now you should be able to go to this page, but note,
|
||||
everything will be broken! We're going to have to
|
||||
configure Lila below for the domain. But you can see that
|
||||
the Apache proxy part is at least redirecting to the
|
||||
Lila server.
|
||||
|
||||
In your workstation browser, check:
|
||||
|
||||
* https://www.mychestserver.org/
|
||||
|
||||
|
||||
## Configure Web Sockets lila-ws
|
||||
Configure `lila-ws` thusly:
|
||||
|
||||
|
|
@ -1716,3 +1788,5 @@ Potentially include items such as:
|
|||
* Mail.
|
||||
* Bots.
|
||||
* git branches
|
||||
* Apache SSL tweaks.
|
||||
* Apache redirects to only use parts of site.
|
||||
|
|
|
|||
Loading…
Reference in New Issue