Recently, I spent about 36 hours researching, and thinking, and trying, and learning a lot about Apache server before I could crack this one. After I found a solution, a had a long <VirtualHost> entry. In this article I present only entries that are required for reverse proxy to work and your Node.js app still to be aware of client IP address.
Problem:
You want Apache 2.4 to be your front end for your Node.js application. All the transaction should occur over HTTPS. Your visitors do not have to specify a post number in URL.
I do not cover here:
– how to install and configure Node.js;
– how to get a valid SSL certificate;
Proxy ErrorThe proxy server could not handle the request GET /searchMaster.Reason: Error during SSL Handshake with remote server |
I was able to resolve this error (above) by adding one line in my <VirtualHost> group for Node.js application: ProxyPreserveHost On |
Test environment:
– Amazon EC2 Linux with Apache 2.4
– Node.js app running on the same Amazon server on port 1234
Prerequisites:
– you already can connect to your Node.js app using port number like this
https://sub.domain.com:1234/anything . . .
Requirements:
You need is to connect to your Node.js application like this:
https://sub.domain.com/anything . . .
Implementation:
-01- Open your Apache SSL configuration file with these console commands:
sudo su
nano +260 /etc/httpd/conf.d/ssl.conf
Note: +260 means go to line 260, witch is closer to the end of the file.
-02- Edit your <VirtualHost> entry for reverse proxy.
<VirtualHost *:443>
ServerName sub.domain.com
SSLEngine on
SSLCertificateFile /etc/ [ your path ] /sub.domain.com/fullchain.pem
SSLCertificateKeyFile / [ your path ] /sub.domain.com/privkey.pem
ProxyRequests off
ProxyPreserveHost On # <-- this line was the problem solver
SSLProxyEngine on
ProxyPass / https://localhost:1234/
</VirtualHost>
-03- Restart Apache server
service httpd restart
-04- Test your site
See if your site https://sub.domain.com/ is accessible without a port number. You should see your Node.js application. If reverse proxy works, first let’s celebrate (!!!), and lastly, let’s test the strength of your SSL configuration here:
https://www.ssllabs.com/ssltest/analyze.html
Surprisingly, for my just configured reverse proxy, I’ve got even higher mark comparing to a test against home directory suggested by Amazon in their configuration manual.
Be the first to comment