EDIT: I found/realize this may be better asked on serverfault, so I am x-posting and redirecting there please. I will delete this post.
https://serverfault.com/questions/1047948/apache-ubuntu-multiple-ports-or-subdomains-with-ssl-reverse-proxy-to-different
I'm struggling with something here. I have an Ubuntu 18.04 VM in azure + Apache2 installed.
I have a domain (mysitedotcom) pointing to my web server and recently secured the server setting up SSL. I got a cert using letsencrypt.
I am also running an RStudio shiny server (port 3838) and Rstudio Server open source (8787). These are free versions where SSL is not an option. I learned that now with my web server using SSL I will not be able to embed content from my shiny server in my webpages (wordpress) via iframes.
SO I am trying to set up a VirtualHost/reverse proxy/something for my shiny and rstudio servers at their respective ports. I tried following these directions: https://www.r-bloggers.com/2015/12/shiny-https-securing-shiny-open-source-with-ssl/
The problem is these and other instructions online seem to assume this is the only server running on a machine or at least that you are NOT running a web server. I do not want to redirect all port 80 traffic to my shiny server. I need to define new HTTPS ports aside from 443, and to redirect that traffic locally to an HTTP port.
Now that I have set up my web server as shown below, how can I also set up separate 'public' ports as I previously had, but with SSL, and send traffic to the ports these servers are running at?
http(s)://mysite.com >> webserver (OK)
http(s)://mysite.com:48787 >> rstudio @ 8787
http(s)://mysite.com:43838 >> shiny @ 3838
Will open my firewalls (azure and ufw) to 48787 and 43838, and close down the currents ports in azure (but leave open in ufw). I believe I can use existing cert:
root@wp-vm:/# ls /etc/letsencrypt/live/mysite.com
README cert.pem chain.pem fullchain.pem privkey.pem
root@wp-vm:/# cat /etc/apache2/sites-available/mysite.com.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/mysite.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/mysite.com/>
AllowOverride All
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mysite.com [OR]
RewriteCond %{SERVER_NAME} =mysite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
EDIT:
Also, I've told Apache to listen at the new ports:
root@wp-vm:/# cat /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# Added for shiny
<IfModule ssl_module>
Listen 43838
</IfModule>
<IfModule mod_gnutls.c>
Listen 43838
</IfModule>
# Added for rstudio
<IfModule ssl_module>
Listen 48787
</IfModule>
<IfModule mod_gnutls.c>
Listen 48787
</IfModule>
firewall status:
root@wp-vm:/etc/apache2/sites-available# ufw status
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
8787 ALLOW 66.my.home.ip
3838 ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
3838 (v6) ALLOW Anywhere (v6)
EDIT: I have now also tried loading some additional modules in apache2.conf (proxy_module, proxy_http_module, headers_module, deflate_module, and libxml2 LoadFile), and including the below in my EXISTING mysite.com.conf virtualhost block to achieve the desired result through existing 443 port and a subdirectory (mysite.com/rstudio) pointing to the service.
<Location /rstudio>
ProxyPass http://localhost:8787
ProxyPassReverse http://localhost:8787
Order allow,deny
Allow from all
</Location>
Reloaded firewall but this did not work. clearly I am missing something, just wish I knew what.
Copyright Notice:Content Author:「bikeactuary」,Reproduced under the CC 4.0 BY-SA copyright license with a link to the original source and this disclaimer.
Link to original article:https://stackoverflow.com/questions/65485623/virtualhost-reverse-proxy-new-https-port-to-http-ubuntu-apache2