Amazon Linux Apache 2.4 reverse proxy with SSL to serve Node.js application

2017/10/09
By
Modified: 2017/10/09

Access Node APP with port

Recently, I spent about 36 hours researching, and thinking, and trying, and learning a lot about Apache server before I could crack this one.  After I found a solution, a had a long <VirtualHost> entry.  In this article I present only entries that are required for reverse proxy to work and your Node.js app still to be aware of client IP address.

Problem:
You want Apache 2.4 to be your front end for your Node.js application.  All the transaction should occur over HTTPS. Your visitors do not have to specify a post number in URL.


I do not cover here:
– how to install and configure Node.js;
– how to get a valid SSL certificate;

Apache Reverse Proxy error

Proxy Error

The proxy server could not handle the request GET /searchMaster.
Reason: Error during SSL Handshake with remote server
I was able to resolve this error (above) by adding one line in my <VirtualHost> group for Node.js application:  ProxyPreserveHost On

Test environment:
– Amazon EC2 Linux with Apache 2.4
– Node.js app running on the same Amazon server on port 1234
Prerequisites:
– you already can connect to your Node.js app using port number like this

https://sub.domain.com:1234/anything . . .


Requirements:

You need is to connect to your Node.js application like this:

https://sub.domain.com/anything . . .


Implementation:

-01- Open your Apache SSL configuration file with these console commands:

sudo su
nano +260 /etc/httpd/conf.d/ssl.conf

Note: +260 means go to line 260, witch is closer to the end of the file.

 

-02- Edit your <VirtualHost> entry for reverse proxy.

<VirtualHost *:443>
ServerName sub.domain.com

SSLEngine on
SSLCertificateFile /etc/ [ your path ] /sub.domain.com/fullchain.pem
SSLCertificateKeyFile / [ your path ] /sub.domain.com/privkey.pem

ProxyRequests off
ProxyPreserveHost On # <-- this line was the problem solver

SSLProxyEngine on
ProxyPass / https://localhost:1234/
</VirtualHost>

-03- Restart Apache server

service httpd restart

SSL Test Report-04- Test your site
See if your site https://sub.domain.com/ is accessible without a port number.  You should see your Node.js application. If reverse proxy works, first let’s celebrate (!!!), and lastly, let’s test the strength of your SSL configuration here:

https://www.ssllabs.com/ssltest/analyze.html

Surprisingly, for my just configured reverse proxy, I’ve got even higher mark comparing to a test against home directory suggested by Amazon in their configuration manual.

 

Tags: , , , , , , , , ,


Add Your Comment Ваш Комментарий

Your email address will not be published. Required fields are marked *

* Ваше Имя *
* Ваш Email (не будет показан на сайте)*
CAPTCHA Image

*