====== Using Apache2 as Proxy ======
[{{ :installation:proxy-schematic2.png |//basic network architecture//}}]
This document shows a sample configuration process to use reverse proxy as a method to make DHD Web Apps available on a public network.
**Important**\\ The content of this document is for information only. The information presented in this document does not form part of any quotation or contract, is believed to be accurate and reliable and may be changed without notice. No liability will be accepted by the publisher for any consequence of its use.
===== Required apache2 modules =====
Modules required by apache2 are:
* proxy
* proxy_html
* proxy_http
* proxy_wstunnel
* rewrite
=== Linux ===
Install Apache2 via
sudo apt install apache2
Enable all required modules by using
sudo a2enmod [MODNAME]
Create new directory ''/etc/apache2/proxy''
Add your new proxy file with all configuration data to the default (or designated) vhost (default: ''*80'')
File path: ''/etc/apache2/sites-enabled/000-default.conf''
Add line:
Include /etc/apache2/proxy/*.conf
before ''''
For more advanced hosting, use the code snipped provided below for windows. Make sure to adjust paths.
=== Windows ===
Windows apache2 distribution used here was XAMPP.
Enable all required modules by uncommenting them in ''httpd.conf'' located in ''C:/XAMPP/apache/conf/''.
Create new directory ''C:/XAMPP/apache/conf/proxy/''.
Add a new virtual host in ''C:/XAMPP/apache/conf/extra/httpd-vhosts.conf''. Code:
ServerAdmin webmaster@localhost
DocumentRoot "C:/xampp/htdocs/"
Include "C:/xampp/apache/conf/proxy/*.conf"
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
In this snippet port 80 is bound to apache, the vhost gets a document root and also includes the newly generated proxy folder. Also, hosting in document root is enabled.
Then, add the proxy1.conf as described below.
===== Sample Configuration (per device or unique target, Linux & Windows) =====
Create file ''proxy1.conf'' at ''/etc/apache2/proxy''
The following is an example code for a device:
ProxyPass http://10.5.33.104:81/
ProxyPassReverse http://10.5.33.104:81/
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://10.5.33.104:81/xxx [P,L]
Require all granted
Exchange the three IPs provided here with the designated device IP. (Only IP, not port or paths).
''/demo1/'' in the ''Location'' tag is just a sample path and can be replaced. The ''/'' in the end must be set and entered with any call in chrome.
Rewrite rules are neccessary to allow connection upgrade request pass the proxy.
To apply changes, save the conf file and on unix systens, use
sudo service apache2 restart
On windows, restart the apache2 service.
===== Using Authentication =====
User Auth requires the following additional module:
* auth_basic
Enable it using
sudo a2enmod auth_basic
Create a ''.htpasswd'' file in ''/etc/apache2/proxy/'' directory
To create a ''.htpasswd'' file, install:
sudo apt install apache2 apache2-utils
then create it using:
sudo htpasswd -c /etc/apache2/proxy/.htpasswd username
You will be prompted for the new users password. To add another user to the file run the command again, but **without -c** argument.
Then modify your ''proxy1.conf'' file to add authentication:
ProxyPass http://10.5.33.104:81/
ProxyPassReverse http://10.5.33.104:81/
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://10.5.33.104:81/xxx [P,L]
Require valid-user
AuthType Basic
AuthName "Enter Password"
AuthUserFile /etc/apache2/proxy/.htpasswd
**Note**\\ Don't use a relative path to ''.htpasswd'' file.
To apply changes, save the conf file and use
sudo service apache2 restart
===== Using SSL Encryption =====
For XAMPP / Windows, see: https://commaster.net/content/how-setup-lets-encrypt-apache-windows
Because of the rewrite rule in the vhosts (see link above) no "https" rules have to be added in ''proxy1.conf''.