NickName:bikeactuary Ask DateTime:2020-12-29T08:00:57

VirtualHost reverse proxy new https port to http Ubuntu/Apache2

EDIT: I found/realize this may be better asked on serverfault, so I am x-posting and redirecting there please. I will delete this post. https://serverfault.com/questions/1047948/apache-ubuntu-multiple-ports-or-subdomains-with-ssl-reverse-proxy-to-different

I'm struggling with something here. I have an Ubuntu 18.04 VM in azure + Apache2 installed. I have a domain (mysitedotcom) pointing to my web server and recently secured the server setting up SSL. I got a cert using letsencrypt.

I am also running an RStudio shiny server (port 3838) and Rstudio Server open source (8787). These are free versions where SSL is not an option. I learned that now with my web server using SSL I will not be able to embed content from my shiny server in my webpages (wordpress) via iframes.

SO I am trying to set up a VirtualHost/reverse proxy/something for my shiny and rstudio servers at their respective ports. I tried following these directions: https://www.r-bloggers.com/2015/12/shiny-https-securing-shiny-open-source-with-ssl/ The problem is these and other instructions online seem to assume this is the only server running on a machine or at least that you are NOT running a web server. I do not want to redirect all port 80 traffic to my shiny server. I need to define new HTTPS ports aside from 443, and to redirect that traffic locally to an HTTP port.

Now that I have set up my web server as shown below, how can I also set up separate 'public' ports as I previously had, but with SSL, and send traffic to the ports these servers are running at?

http(s)://mysite.com >> webserver (OK)
http(s)://mysite.com:48787 >> rstudio @ 8787
http(s)://mysite.com:43838 >> shiny @ 3838

Will open my firewalls (azure and ufw) to 48787 and 43838, and close down the currents ports in azure (but leave open in ufw). I believe I can use existing cert:

root@wp-vm:/# ls /etc/letsencrypt/live/mysite.com
README  cert.pem  chain.pem  fullchain.pem  privkey.pem

root@wp-vm:/# cat /etc/apache2/sites-available/mysite.com.conf
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName mysite.com
    ServerAlias www.mysite.com
    DocumentRoot /var/www/mysite.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www/mysite.com/>
        AllowOverride All
    </Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mysite.com [OR]
RewriteCond %{SERVER_NAME} =mysite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

EDIT: Also, I've told Apache to listen at the new ports:

root@wp-vm:/# cat /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

# Added for shiny
<IfModule ssl_module>
        Listen 43838
</IfModule>

<IfModule mod_gnutls.c>
        Listen 43838
</IfModule>

# Added for rstudio
<IfModule ssl_module>
        Listen 48787
</IfModule>

<IfModule mod_gnutls.c>
        Listen 48787
</IfModule>

firewall status:

root@wp-vm:/etc/apache2/sites-available# ufw status
Status: active

To                         Action      From
--                         ------      ----
Apache Full                ALLOW       Anywhere
8787                       ALLOW       66.my.home.ip
3838                       ALLOW       Anywhere
Apache Full (v6)           ALLOW       Anywhere (v6)
3838 (v6)                  ALLOW       Anywhere (v6)

EDIT: I have now also tried loading some additional modules in apache2.conf (proxy_module, proxy_http_module, headers_module, deflate_module, and libxml2 LoadFile), and including the below in my EXISTING mysite.com.conf virtualhost block to achieve the desired result through existing 443 port and a subdirectory (mysite.com/rstudio) pointing to the service.

  <Location /rstudio>
      ProxyPass http://localhost:8787
      ProxyPassReverse http://localhost:8787
      Order allow,deny
      Allow from all
  </Location>

Reloaded firewall but this did not work. clearly I am missing something, just wish I knew what.

Copyright Notice：Content Author:「bikeactuary」，Reproduced under the CC 4.0 BY-SA copyright license with a link to the original source and this disclaimer.
Link to original article：https://stackoverflow.com/questions/65485623/virtualhost-reverse-proxy-new-https-port-to-http-ubuntu-apache2