Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata

Mods must be enabled:

sudo a2enmod proxy_wstunnel = WebSocket Proxy Module
sudo a2enmod proxy_http     = Regular   Proxy Module
Server A = Apache ProxyPass only [no website content] >> for htpasswd/Authorization read here

Server B = WebSocket Application to be accesed via domain.com/application

Comodo Positive SSL Certificate which is 3 files. The Server.key created when creating the CSR, the domain cert and the "intermediate cert(s) [possibly already bundled or need to be bundled into one file]

Server B will only have the Domain.cert and Server.key

Server A will have all 3 files.

Example Apache Config for Server A:

 
    ServerName domain.com
    Redirect / https://www.domain.com/




    ServerName www.domain.com
   
    ##SSL CONFIG
    SSLProxyEngine On
    SSLProxyCheckPeerCN on
    SSLProxyCheckPeerExpire on
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/domain/domain.crt
    SSLCACertificateFile /etc/apache2/ssl/domain/bundle.ca
    SSLCertificateKeyFile /etc/apache2/ssl/domain/server.key
    
    ##PROXY GENERAL CONFIG
    ProxyRequests Off
    
        Order deny,allow
        Allow from all
    
    ProxyPreserveHost on

    ##CUSTOM WEBSOCKET LOCATION [ALL 3 WORK  tags allow more parameters]
    ##Non Secure WebSocket = ws://192.168.1.50:443/application
    ##Secure WebSocket = wss://192.168.1.50:443/application

    ##WITH AUTHORIZATION OPTION
    
    	AllowOverride AuthConfig
    	AuthUserFile /home/[USERNAME]/.htpasswd
    	AuthName "Authorization Required"
    	AuthType Basic
    	require user [USERNAME]
    	ProxyPass wss://192.168.1.50:443/application
    	ProxyPassReverse wss://192.168.1.50:443/application
    

    ##OR W/O AUTH
    
    	ProxyPass wss://192.168.1.150:443/application
    	ProxyPassReverse wss://192.168.1.150:443/application
    

    ##OR W/O LOCATION TAGS
        ProxyPass /application wss://192.168.1.42:443/application
        ProxyPassReverse /application wss://192.168.1.42:443/application
    

    ##MAIN WEBPAGE domain.com 
        ProxyPass / https://192.168.1.42:443/
 	ProxyPassReverse / https://192.168.1.42:443/
Example Apache Config for Server B:
##NO INTERMEDIATE CERT BUNDLE
    ServerName www.domain.com
    DocumentRoot /var/www/html
    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/domain.log
    CustomLog ${APACHE_LOG_DIR}/domain.log combined
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/domain/domain.crt	
    SSLCertificateKeyFile /etc/apache2/ssl/domain/server.key

If you use Auth, I would recommend configure Fail2Ban to monitor Apache Auth via HTPasswd

  • No labels