Join Log in
Score:0
TonyD avatar Server

Setting up SSL in Apache2 with backend docker app

cv flag
TonyD

I'm running Ubuntu server (18.04) on an Azure VM, with Apache2 (2.4.29). I have a backend app running in docker on the same host that is called by my site. This works easy enough without SSL. I added my SSL certificate, and a static page loads fine over https (so the certificate is valid). When I add the page that calls my app (listening on host port 8080) I get an error:

GET https://myhost.com:8080/api/fetchService net::ERR_SSL_PROTOCOL_ERROR

Since my app in the container isnt setup for SSL, how do I configure Apache2 to interact with the local container without SSL?

virtual host conf:

<IfModule mod_ssl.c>
 <VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName myhost.com
        DocumentRoot /var/www/myhost.com/public_html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

    LoadModule ssl_module modules/mod_ssl.so

    SSLProxyEngine on

    ProxyPreserveHost On

    ProxyPass *:8080/ http://myhost.com:8080/

    ProxyPassReverse *:8080/ http://myhost.com:8080/

    Header set Access-Control-Allow-Origin "*"

    SSLCertificateFile /etc/letsencrypt/live/myhost.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/myhost.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
 </VirtualHost>
</IfModule>
383
1 + 4
ssl
in flag
Gerald Schneider
You already did. But you are bypassing Apache by calling the container directly.
0
Reply
TonyD avatar
cv flag
TonyD
Ok, so is there anyway to serve up the web page via Apache that interacts with the backend docker service (which doesnt support ssl)?
0
Reply
in flag
Gerald Schneider
You already did that. Just use `https://myhost.com/api/fetchService` instead of `https://myhost.com:8080/api/fetchService`.
0
Reply
TonyD avatar
cv flag
TonyD
So i test by going to my html page in the apache virtual host: `https://myhost.com/index.html`. That page calls my docker app at `https://myhost.com:8080/api/fetchService`
0
Reply
Score:0
TonyD avatar Server
cv flag
TonyD

Posting for anyone else with the same problem. I ended up creating a 2nd virtual host for the reverse proxy.

so site1 -> for the apache webpage with ssl,

site2 -> reverse proxy to terminate ssl for container service. Then copied orig ssl virtual host file and adjusted for new virtual host 8443:

comment out Document Root (e.g. # Document Root)

<Location />
    Order allow,deny
    Allow from all
    ProxyPass http://localhost:8080/ flushpackets=on
    ProxyPassReverse http://localhost:8080/ 
</Location>

Also added a 2nd listening port in ports.conf (e.g. 8443) and enabled site. a2ensite reverse-ssl.conf systemctl restart apache2

good to go!

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.