Join Log in
Score:0
BartInfinity avatar Server

Apache Reverse Proxy from HTTPS with HSTS from specific port to specific port on HTTP

cn flag
BartInfinity

If host some app on some port ie 3000 through docker but that app doesn't support HTTPS while my whole domain has SSL and HSTS enabled which doesn't allow me to even enter to that app (because HSTS redirects everything to HTTPS). I heard it is possible to access HTTP sites through HTTPS through Proxy Reserve but I've completely no idea how to set it up, I tried many times in many ways and everything fails. The only success I got was when I redirected my domain to that app under port 3000 but I lost all my main websites which are not acceptable. I have also a different apache virtual host under a subdomain that is doing something similar, it transfers subdomain.domian.com to a specific app on a specific port. But do I have to create a whole separate virtual host just to access the app on a specific port? If so then I would drop that whole idea with a proxy reserve and will use IP instead of domain.

I tried something like that:

ProxyPass :3000/ http://localhost:3000/
ProxyPassReverse :3000/ http://localhost:3000/
Header unset Strict-Transport-Security

Didn't work.

There is no way to force apache to open a specific port outside of HSTS? If only something like from above would works.

The only way it worked was when I set it up like this:

ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
Header unset Strict-Transport-Security

However, I lose my website hosting under port:80 and:443.

I tried also with something like that and it worked, but partially:

ProxyPass /app http://localhost:3000/
ProxyPassReverse /app http://localhost:3000/
Header unset Strict-Transport-Security

Because app opened under such address mydomain.com/app but could not load many files as it tried to load it from main domain mydomain.com, not from mydomain.com/app

I also read somewhere on StackExchange that to do what I want I would need to create a separate virtual host but that is a pain in the* because I would need to create all SSL stuff and copy all directives that I have under mydomain.com:80/:443 - too much trouble just for one simple app hosted under one specific port.

If there is truly no way to do it as I would like then I will drop that whole idea and will use direct access through IP: PORT of my server, their HSTS is not working I hope so. I would like to find a simple and fast solution since I would like to host many docker containers under different ports but that whole stuff with ports and SSL is super annoying.

Of course, I'm using apache2 and I enabled all necessary mods.

222
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.