Basic Apache2 Reverse Proxy

Tested on Linux (Ubuntu 19.04+)

Prerequisites

  • bot installed in /path/to/bot/ running on default http://localhost:20000
  • certbot installed
  • Apache2 installed
  • Enable Apache Modules: proxy proxy_http proxy_wstunnel
    • a2enmod proxy
    • a2enmod proxy_http
    • a2enmod proxy_wstunnel

Configuration

  1. Create new file /etc/apache2/sites-enabled/sogebot.conf
<VirtualHost <yourIP>:80>
   ServerName sogebot.yourdomain.com

    ErrorLog ${APACHE_LOG_DIR}/sogebot_error.log
   CustomLog ${APACHE_LOG_DIR}/sogebot_access.log combined

    RewriteEngine on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 </VirtualHost>
 <VirtualHost <yourIP>:443>
		ServerName sogebot.yourdomain.com

		ErrorLog ${APACHE_LOG_DIR}/sogebot_error.log
	    CustomLog ${APACHE_LOG_DIR}/sogebot_access.log combined

		SSLEngine On
		SSLCertificateFile       /path/to/certfile/cert1.pem
		SSLCertificateKeyFile    /path/to/certfile/privkey1.pem
		SSLCertificateChainFile  /path/to/certfile/fullchain1.pem


		ProxyRequests off
		ProxyVia on

		RewriteEngine On
		RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
		RewriteCond %{QUERY_STRING} transport=websocket    [NC]
		RewriteRule /(.*)           ws://localhost:20000/$1 [P,L]

		ProxyPass        /socket.io http://localhost:20000/socket.io
		ProxyPassReverse /socket.io http://localhost:20000/socket.io

		<Location />
			ProxyPass http://127.0.0.1:20000/
			ProxyPassReverse http://127.0.0.1:20000/
		</Location>
		#ProxyPass / http://localhost:20000/
		#ProxyPassReverse / http://localhost:20000/

		# BrowserMatch "MSIE [2-6]" \
		#               nokeepalive ssl-unclean-shutdown \
		#               downgrade-1.0 force-response-1.0

		BrowserMatch "MSIE [2-6]" \
					   nokeepalive ssl-unclean-shutdown \
					   downgrade-1.0 force-response-1.0

</VirtualHost>

Rename IP and Domain with yours!!!
You can use Wildcard (*) as IP also.

  1. Run certbot (output may vary by your configuration) and select which domain should have HTTPS enabled. We are selecting 1 for domain and we already set redirect to HTTPS, so we don’t want any further changes 1
$ certbot

 Which names would you like to activate HTTPS for?
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 1: change.this.domain
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Select the appropriate numbers separated by commas and/or spaces, or leave input
 blank to select all options shown (Enter 'c' to cancel): 1

 Obtaining a new certificate
 Performing the following challenges:
 http-01 challenge for change.this.domain
 Waiting for verification...
 Cleaning up challenges
 Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/00-changeme.conf
 
 Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 1: No redirect - Make no further changes to the webserver configuration.
 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
 new sites, or if you're confident your site works on HTTPS. You can undo this
 change by editing your web server's configuration.
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Congratulations! You have successfully enabled https://change.this.domain
 
 You should test your configuration at:
 https://www.ssllabs.com/ssltest/analyze.html?d=change.this.domain
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 IMPORTANT NOTES:
  - Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/change.this.domain/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/change.this.domain/privkey.pem
    Your cert will expire on 2020-09-30. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the "certonly" option. To non-interactively renew *all* of
    your certificates, run "certbot renew"
  - If you like Certbot, please consider supporting our work by:
 
    Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
    Donating to EFF:                    https://eff.org/donate-le
  1. Check if Apache2 configuration is OK

  2. Restart APache2 Webserver and enjoy your bot on https://sogebot.yourdomain.com

$ systemctl restart apache2 # systemd

OR

$ service apache2 restart # sysv init

Useful Links:

1 Like