Reverse proxy setup, how hard can it be?
Hi, thankyou so much for any help, we are very grateful. Myself (server owner) and my backend API developer have spent so many days on this now, and cant find any solution.
All we are trying to do is setup a reverse proxy to handle a SSL certification from our http API being requested from our HTTPS front end. We have a newly deployed GoDaddy VPC server running AlmaLinux v8.9.0 STANDARD kvm and cPanel Version 120.0.2
We have 3 accounts setup in WHM, the one we are trying to configure here is:
Domain: carcritics.com.au
IP address: 184.168.180
username: carcriticsadm
We have firstly tried to setup Apache4 to provide a reverse proxy but were unsuccessful.
This was as far as we got with the Apache config file, which we added to the ‘Pre VirtualHost Include' ‘All Versions’ section under WHM's Apache configuration:
<VirtualHost *:80>
ServerName carcritics.com.au
# Redirect permanent / https://carcritics.com.au/
</VirtualHost>
<VirtualHost *:443>
ServerName carcritics.com.au
SSLEngine on
SSLCertificateFile /etc/ssl/certs/180.124.168.184.host.secureserver.net.crt
SSLCertificateKeyFile /etc/ssl/private/180.124.168.184.host.secureserver.net.key
ProxyPass /api http://carcritics.com.au:8080/api
ProxyPassReverse /api http://carcritics.com.au:8080/api
</VirtualHost>
We then gave up with trying to do it with Apache as we noticed NGINX in WHM said it provided a reverse proxy, so we installed NGINX and setup proxypass, and our API is being redirected to HTTPS but we are getting certificate errors. So we updated nginx.conf to this:
include /etc/nginx/conf.d/modules/*.conf;
user nobody;
worker_processes 1;
worker_shutdown_timeout 10s;
worker_rlimit_nofile 65536;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
server_tokens off;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
# everything below this line we added
server {
listen 443 ssl;
server_name carcritics.com.au;
ssl_certificate /home/carcriticsadm/ssl/certs/_wildcard__carcritics_com_au_b24df_42be1_1719952425_8d2f5e7fa75ed28a1b1cc985c8bc2fbd.crt;
ssl_certificate_key /home/carcriticsadm/ssl/keys/b24df_42be1_369548f574101a34374dbfb69d6893aa.key;
location / {
proxy_pass https://carcritics.com.au:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
server_name carcritics.com.au;
return 301 https://$host$request_uri; # Redirect HTTP to HTTPS
}
We have tried all certificates found on the server , all certificates were automatically created by AutoSSL via Lets Encrypt, via the WHM control panel. They are:
/home/carcriticsadm/ssl/certs
_wildcard__carcritics_com_au_b24df_42be1_1719952425_8d2f5e7fa75ed28a1b1cc985c8bc2fbd.crt
carcritics_com_au_c4c17_3c5cd_1743309131_fbc2e93c034ea58c3f865e71c8d39949.crt
carcritics_com_da28b_3a4c5_1743291605_a4402b3ba3ba76db68b8e9db3d00bc97.crt
Again thankyou for any help.
-
Hey there! I don't have additional details on my end about this type of configuration as this is beyond what cPanel support can configure. The only official proxy tool we have is Nginx:
https://docs.cpanel.net/knowledge-base/web-services/nginx-with-reverse-proxy/
and even then it's just a reverse proxy to Apache to take advance of the Nginx caching features.
I'm sorry I don't have more details on this one for you, but another user may be able to share their proxy experience.
0 -
Depending on your application, you might find it simpler to manage this setup by using mod_passenger with the Application Manager. Takes a lot of the management responsibility out of the equation for you since it'd use the same cert that Apache would otherwise use for your domain and such: https://docs.cpanel.net/cpanel/software/application-manager/
Otherwise, you'd want to follow the steps here for Apache: https://support.cpanel.net/hc/en-us/articles/1500011220222-How-do-you-create-an-Apache-Reverse-Proxy-with-mod-proxy
If you were going to stick with Nginx, edit the configuration as covered here (doesn't contain proxy-specific info): https://support.cpanel.net/hc/en-us/articles/360052143374-How-to-customize-a-site-s-NGINX-Server-Block
0
Please sign in to leave a comment.
Comments
2 comments