This document shows a sample configuration process to use reverse proxy as a method to make DHD Web Apps available on a public network.
Important
The content of this document is for information only. The information presented in this document does not form part of any quotation or contract, is believed to be accurate and reliable and may be changed without notice. No liability will be accepted by the publisher for any consequence of its use.
Modules required by apache2 are:
Install Apache2 via
sudo apt install apache2
Enable all required modules by using
sudo a2enmod [MODNAME]
Create new directory /etc/apache2/proxy
Add your new proxy file with all configuration data to the default (or designated) vhost (default: *80
)
File path: /etc/apache2/sites-enabled/000-default.conf
Add line:
Include /etc/apache2/proxy/*.conf
before </VirtualHost>
For more advanced hosting, use the code snipped provided below for windows. Make sure to adjust paths.
Windows apache2 distribution used here was XAMPP.
Enable all required modules by uncommenting them in httpd.conf
located in C:/XAMPP/apache/conf/
.
Create new directory C:/XAMPP/apache/conf/proxy/
.
Add a new virtual host in C:/XAMPP/apache/conf/extra/httpd-vhosts.conf
. Code:
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot "C:/xampp/htdocs/" Include "C:/xampp/apache/conf/proxy/*.conf" <Directory "C:/xampp/htdocs"> Options Indexes FollowSymLinks Includes ExecCGI AllowOverride All Require all granted </Directory> </VirtualHost>
In this snippet port 80 is bound to apache, the vhost gets a document root and also includes the newly generated proxy folder. Also, hosting in document root is enabled.
Then, add the proxy1.conf as described below.
Create file proxy1.conf
at /etc/apache2/proxy
The following is an example code for a device:
<Location /demo1/> ProxyPass http://10.5.33.104:81/ ProxyPassReverse http://10.5.33.104:81/ RewriteEngine On RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteRule /(.*) ws://10.5.33.104:81/xxx [P,L] Require all granted </Location>
Exchange the three IPs provided here with the designated device IP. (Only IP, not port or paths).
/demo1/
in the Location
tag is just a sample path and can be replaced. The /
in the end must be set and entered with any call in chrome.
Rewrite rules are neccessary to allow connection upgrade request pass the proxy.
To apply changes, save the conf file and on unix systens, use
sudo service apache2 restart
On windows, restart the apache2 service.
User Auth requires the following additional module:
Enable it using
sudo a2enmod auth_basic
Create a .htpasswd
file in /etc/apache2/proxy/
directory
To create a .htpasswd
file, install:
sudo apt install apache2 apache2-utils
then create it using:
sudo htpasswd -c /etc/apache2/proxy/.htpasswd username
You will be prompted for the new users password. To add another user to the file run the command again, but without -c argument.
Then modify your proxy1.conf
file to add authentication:
ProxyPass http://10.5.33.104:81/ ProxyPassReverse http://10.5.33.104:81/ RewriteEngine On RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteRule /(.*) ws://10.5.33.104:81/xxx [P,L] Require valid-user AuthType Basic AuthName "Enter Password" AuthUserFile /etc/apache2/proxy/.htpasswd
Note
Don't use a relative path to .htpasswd
file.
To apply changes, save the conf file and use
sudo service apache2 restart
For XAMPP / Windows, see: https://commaster.net/content/how-setup-lets-encrypt-apache-windows
Because of the rewrite rule in the vhosts (see link above) no “https” rules have to be added in proxy1.conf
.