Install apache and the relevant SSL modules with:
yum update && yum install httpd mod_ssl
We should also ensure the 'mod_proxy' module is installed so that we can serve up our backend.
Typically you should not need to install the module as it comes bundled with the standard httpd package on RHEL - although to enable it we must make a few configuration changes to the httpd.conf file:
vi /etc/httpd/conf/httpd.conf
In some cases there might be an include statement to conf.modules.d - so we might need to edit the following file instead:
vi /etc/httpd/conf.modules.d/00-proxy.conf
And ensure the following lines have been uncommented:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Proceed by reloading the server:
sudo systemctl restart httpd
We should create a directory to hold our certificate and key:
mkdir -p /etc/httpd/ssl
then move our public and private key into the newly created directory.
and finally ensure they are locked down with:
chmod -R 400 /etc/httpd/ssl
We can now create our virtual host:
vi /etc/httpd/conf.d/yourdomain.com.conf
chmod 644 /etc/httpd/conf.d/yourdomain.com.conf
And add the following:
<VirtualHost *:443>
ServerName yourdomain.com
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/ssl_cert.pem
SSLCertificateKeyFile /etc/httpd/ssl/ssl_cert.key
# The location of the HTML files, and access control information
DocumentRoot /var/www/html/yourdomain.com
<Directory /var/www/html/yourdomain.com>
Options -Indexes
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Note: If your backend is using https you will also need to ensure the SSLProxyEngine directive is set to: 'On'.
Test the configuration with:
apachectl configtest
Also keep in mind that if you have SELinux turned on you may need to either compile the nesasery rules to allow apache to access the local web server running on tcp/8080 (http://blog.manton.im/2016/04/troubleshooting-selinux-on-centos-rhel.html) or disable it (although strongly discouraged.)
Proceed by restarting the server:
sudo systemctl httpd restart
Ensure the appropriate DNS records are setup and attempt to access your site - verifying the request is hitting the server listening on localhost tcp/8080.
Sources: https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6/html/Administration_and_Configuration_Guide/Install_the_Mod_proxy_HTTP_Connector_Into_Apache_HTTPD.html
No comments:
Post a Comment