Amazon Linux Apache 2.4 reverse proxy with SSL to serve Node.js application

Access Node APP with port

Recently, I spent about 36 hours researching, and thinking, and trying, and learning a lot about Apache server before I could crack this one.  After I found a solution, a had a long <VirtualHost> entry.  In this article I present only entries that are required for reverse proxy to work and your Node.js app still to be aware of client IP address.

Problem:
You want Apache 2.4 to be your front end for your Node.js application.  All the transaction should occur over HTTPS. Your visitors do not have to specify a post number in URL.


I do not cover here:

– how to install and configure Node.js;
– how to get a valid SSL certificate;

Apache Reverse Proxy error

Proxy Error

The proxy server could not handle the request GET /searchMaster.
Reason: Error during SSL Handshake with remote server
I was able to resolve this error (above) by adding one line in my <VirtualHost> group for Node.js application:  ProxyPreserveHost On

Test environment:
– Amazon EC2 Linux with Apache 2.4
– Node.js app running on the same Amazon server on port 1234
Prerequisites:
– you already can connect to your Node.js app using port number like this

https://sub.domain.com:1234/anything . . .


Requirements:

You need is to connect to your Node.js application like this:

https://sub.domain.com/anything . . .


Implementation:

-01- Open your Apache SSL configuration file with these console commands:

sudo su
nano +260 /etc/httpd/conf.d/ssl.conf

Note: +260 means go to line 260, witch is closer to the end of the file.

 

-02- Edit your <VirtualHost> entry for reverse proxy.

<VirtualHost *:443>
ServerName sub.domain.com

SSLEngine on
SSLCertificateFile /etc/ [ your path ] /sub.domain.com/fullchain.pem
SSLCertificateKeyFile / [ your path ] /sub.domain.com/privkey.pem

ProxyRequests off
ProxyPreserveHost On # <-- this line was the problem solver

SSLProxyEngine on
ProxyPass / https://localhost:1234/
</VirtualHost>

-03- Restart Apache server

service httpd restart

SSL Test Report-04- Test your site
See if your site https://sub.domain.com/ is accessible without a port number.  You should see your Node.js application. If reverse proxy works, first let’s celebrate (!!!), and lastly, let’s test the strength of your SSL configuration here:

https://www.ssllabs.com/ssltest/analyze.html

Surprisingly, for my just configured reverse proxy, I’ve got even higher mark comparing to a test against home directory suggested by Amazon in their configuration manual.

 

(Visited 294 times, 1 visits today)

Be the first to comment

Your question, correction or clarification Ваш вопрос, поправка или уточнение

Editor on duty will review your comment. Can't wait? Discuss your topic right now in forums, if you register and login.     Required fields are marked with * Ваше послание пойдет на просмотр в редакцию. Не можете ждать? Обсудите ваш вопрос прямо сейчас в форуме Русский Круг , ecли вы зарегистрируетесь и войдёте под своим именем.     Поля, обязательные для заполнения, помечены *
* *