Apache2 tips & tricks

Web

Proxyfier un site et subpath différent

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<VirtualHost *:8080>
  ServerName DOMAIN.FR

  SSLEngine on
  SSLCertificateFile    fullchain1.pem
  SSLCertificateKeyFile privkey1.pem

  SSLProxyEngine on
  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  SSLProxyCheckPeerExpire off
  ProxyPreserveHost off
  ProxyRequests on

  ## Root path
  ProxyPass / https://<https website>/
  ProxyPassReverse / https://<https website>/
  

  ## Root subpath with websocket application
  ProxyPass /subpath/api/websocket ws://localhost:5800/api/websocket
  ProxyPassReverse /subpath/api/websocket ws://localhost:5800/api/websocket
  ProxyPass /subpath/ http://localhost:5800/
  ProxyPassReverse /subpath/ http://localhost:5800/
  RewriteEngine on
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /subpath/(.*)  ws://localhost:5800/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /subpath/(.*)  http://localhost:5800/$1 [P,L]
  
</VirtualHost>

Proxification derière un proxy existant (Apache < 5.2)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<VirtualHost *:443>

  ServerName DOMAIN

  SSLEngine on
  SSLProtocol -ALL +TLSv1.2
  # New cipher suite optionnal
  SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
  SSLHonorCipherOrder on
  SSLCertificateFile "CER.pem"
  SSLCertificateKeyFile "KEY.pem"
  SSLCACertificateFile "ca_SSL_chain.pem"

  ProxyPass / http://localhost:8081/ nocanon
  ProxyPassReverse / http://localhost:8081/
  RequestHeader set X-Forwarded-Proto "https"
  AllowEncodedSlashes NoDecode
  ProxyPass /subpath/ https://<https website>/
  ProxyPassReverse /subpath/ https://<https website>/

  SSLProxyEngine on
  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  SSLProxyCheckPeerExpire off
  ProxyRemote https://<https website>/ 'http://<proxy_url>:<proxy port>'
  ProxyPreserveHost Off
  ProxyRequests Off

  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /subpath/(.*)  https://<https website>/$1 [P,L]

  <Proxy https://<https website>/>
    Order deny,allow
    Allow from all
    SetEnv Proxy-Chain-Auth On
    RequestHeader set Proxy-Authorization "Basic <base64 encoded usrname:password>"
    #SetEnv proxy-initial-not-pooled 1
  </Proxy>

  ErrorLog logs/error_log
  CustomLog logs/access_log common

</VirtualHost>
proxy tips & tricks apache2 web