Examples Of Apache Reverse Proxy Configs Here - Please post others!

A couple of people recently have been trying to get this working and as an Apache noob myself I understand their pain.

I managed it using smdion's excellent tutorial here

I use CaptInsano's ddclient docker container and I use a modified version of smdion's apache reverse proxy, (I needed to add some modules to run my ebook website) but smdion's original works brilliantly for all my other config needs.

I have been meaning to post this for a while so have a example proxy config that works for me, currently I have my own domain from namecheap.com and added SSL using smdion's guide.

I redirect all http traffic to https for security reasons and this is the config I use.

I'm in the process of sorting out a tutorial to demonstrate how to get an e-book library up and running, so not all this stuff is relevant. So pick out the bits you need or are relevant to you.

<VirtualHost *:80>

ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

##Redirect All To https - Uncomment below lines if necessary##
#<Location />
#Order deny,allow
#Deny from all
#</Location>	
#RewriteEngine On
#RewriteRule ^/?(.*) https://www.example.com/$1 [R=301,L]

##COPS## 
<Directory "/var/www/cops/">
AllowOverride None
Order allow,deny
Allow from all
</Directory>

##NZBGet##
<Location /nzbget>
ProxyPass http://UNRAID-IP:6789/nzbget
ProxyPassReverse http://UNRAID-IP:6789/nzbget
Order deny,allow
Deny from all
Allow from all
</Location>

##Sonarr##
<Location /sonarr>
ProxyPass http://UNRAID-IP:8989/sonarr
ProxyPassReverse http://UNRAID-IP:8989/sonarr
Order deny,allow
Deny from all
Allow from all
</Location>

##Couchpotato##
<Location /couch>
ProxyPass http://UNRAID-IP:5050/couch
ProxyPassReverse http://UNRAID-IP:5050/couch
Order deny,allow
Deny from all
Allow from all
</Location>

##Deluge##
<Location /deluge>
RequestHeader append X-Deluge-Base "/deluge/"
ProxyPass http://UNRAID-IP:8112
ProxyPassReverse http://UNRAID-IP:8112
Order deny,allow
Deny from all
Allow from all
</Location>

</VirtualHost>

<VirtualHost *:443>

ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite AES128+EECDH:AES128+EDH
SSLCertificateFile /config/ssl.crt
SSLCertificateKeyFile /config/decryptedssl.key
SSLCertificateChainFile /config/sub.class1.server.ca.pem

##COPS##
<Directory "/var/www/cops/">
AuthType Basic
AuthName "COPS"
AuthUserFile /config/.htpasswd
Require valid-user
AllowOverride None
Order allow,deny
Allow from all
</Directory>

##NZBget##
<Location /nzbget>
ProxyPass http://UNRAID-IP:6789/nzbget
ProxyPassReverse http://UNRAID-IP:6789/nzbget
AuthUserFile /config/.htpasswd
AuthType Basic
AuthName "NZBGet"
Require valid-user
</Location>

##Sonarr##
<Location /sonarr>
ProxyPass http://UNRAID-IP:8989/sonarr
ProxyPassReverse http://UNRAID-IP:8989/sonarr
AuthUserFile /config/.htpasswd
AuthType Basic
AuthName "Sonarr"
Require valid-user
</Location>

##Couchpotato##
<Location /couch>
ProxyPass http://UNRAID-IP:5050/couch
ProxyPassReverse http://UNRAID-IP:5050/couch
AuthUserFile /config/.htpasswd
AuthType Basic
AuthName "CouchPotato"
Require valid-user
</Location>

##Deluge##
<Location /deluge>
RequestHeader append X-Deluge-Base "/deluge/"
ProxyPass http://UNRAID-IP:8112
ProxyPassReverse http://UNRAID-IP:8112
AuthUserFile /config/.htpasswd
AuthType Basic
AuthName "Deluge"
Require valid-user
</Location>

##Guacamole##
<Location /guacamole>
ProxyPass http://192.168.1.1:8082/guacamole max=20 flushpackets=on
ProxyPassReverse http://192.168.1.1:8082/guacamole
AuthUserFile /config/.htpasswd
AuthType Basic
AuthName "Guacamole"
Require valid-user
</Location>

</VirtualHost>

My docker config currently looks like this

Hope this helps and it'd be cool if others posted their configs to form a sort of reference guide for those of us who are new to this sort of thing.

Others I've experimented with but not quite got working yet are Wallabag and Owncloud.

CHBMB - This is a good start.  Eventually you may want to update your OP with some background on what the actual values in your config file do.

One questions which is asked a lot is what "/web" is used for.  For anyone wondering its just a folder to hold any web pages you wish to point/redirect to using the apache server. This folder can be placed in your cache drive and by default will be empty.

How to setup reverse proxy?

The guide that is mentioned is not online anymore it seems.

How to setup reverse proxy?

The guide that is mentioned is not online anymore it seems.

https://www.linuxserver.io/index.php/overview-reverse-proxy-with-docker/

Tried now, but I cant get it to work

Possible to get an example on how an working /site-confs/default.conf looks? thank you

Post what you've got so far..

<VirtualHost *:443>
    ServerName gumi.domain.com
    SSLEngine on
    SSLCertificateFile "/config/keys/cert.crt"
    SSLCertificateKeyFile "/config/keys/cert.key"
  DocumentRoot /config/www/

    <Directory "/config/www/">
        Options Indexes FollowSymLinks MultiViews
        AllowOverride all
            Order allow,deny
        Allow from all
    </Directory>

<Location /audio>
ProxyPass http://192.168.0.7:8080
ProxyPassReverse http://192.168.0.7:8080
</Location>

</VirtualHost>

What's in your Apache logs?  Both the docker one in the Unraid webui and the ones located in your appdata folder?

Here's mine for reference...

<VirtualHost *:80>
ServerName server.com
ServerAlias server.com
DocumentRoot /config/www/

Redirect permanent / https://server.com/

</VirtualHost>

<VirtualHost *:443>
ServerName server.com
ServerAdmin webmaster@localhost
DocumentRoot /config/www/

SSLCertificateFile /config/keys/2_server.com.crt
SSLCertificateKeyFile /config/keys/ssldecrypted.key
SSLCertificateChainFile /config/keys/sub.class1.server.ca.pem
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

SSLEngine on
SSLProxyEngine On
RewriteEngine On
ProxyPreserveHost Off

SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLHonorCipherOrder on

<Directory "/config/www/">
	Options Indexes FollowSymLinks MultiViews
	AllowOverride all
	Order allow,deny
	Allow from all
</Directory>
</VirtualHost>

I tried now with an clean install of apache and the excample with transmission and it worked.

But not working for an app running on another server, an Synology NAS.

The site loads but the page gets blank.

The same issue as described at the top here https://forum.synology.com/enu/viewtopic.php?f=34&t=19562&sid=1ace3282a017932786cf8e8a68db24c3&start=15

I tried now with an clean install of apache and the excample with transmission and it worked.

But not working for an app running on another server, an Synology NAS.

 

The site loads but the page gets blank.

The same issue as described at the top here https://forum.synology.com/enu/viewtopic.php?f=34&t=19562&sid=1ace3282a017932786cf8e8a68db24c3&start=15

That gives us no information that enables us to help you I'm afraid.

Well, I looked into it, and it looks like accessing Synology apps from behind an reverse proxy is an pain to get it to work, it works fine now with apps/dockers running on Unraid.

I guess I need to look more into it from the Synology side.

 

Others I've experimented with but not quite got working yet are Wallabag and Owncloud.

I run a separate Apache web server, however I use it for my reverse proxy as well. Including pointing to an Owncloud docker.

I use subdomain's instead of <Location>, so maybe that is why my proxy works, but figured I'd paste my config for the Owncloud docker below:

<VirtualHost *:443>
  ServerName my.website.com

   SSLProxyEngine on
   SSLCertificateFile /etc/letsencrypt/live/website.com/cert.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/website.com/privkey.pem
   SSLCertificateChainFile /etc/letsencrypt/live/website.com/chain.pem

   ProxyPreserveHost on
   ProxyPass / https://10.100.1.24:8000/
   ProxyPassReverse / https://10.100.1.24:8000/
</VirtualHost>

ninthwalker: I got it to work using that method too

And I got another app on the synology to work by creating another virtual host in the apache config.

It wont work right with <location> for some reason.

But this means that to get this to work correct I need an wildcard SSL sertification since each app/service needs to be on different subdomains.......was hoping I would not need one since they are expensive.

ninthwalker: I got it to work using that method too

And I got another app on the synology to work by creating another virtual host in the apache config.

It wont work right with <location> for some reason.

 

But this means that to get this to work correct I need an wildcard SSL sertification since each app/service needs to be on different subdomains.......was hoping I would not need one since they are expensive.

StartSSL is free....

hey there...

this is mine. without ssl currently since I'm just testing and playing around and not running live 24/7.

<VirtualHost *:80>
    DocumentRoot /config/www/

    ServerName domain.com
    ProxyPass		/	http://10.0.0.24:13160/
    ProxyPassReverse	/	http://10.0.0.24:13160/
</VirtualHost>

<VirtualHost *:80>
    ServerName admin.domain.com
    ProxyPass		/	http://10.0.0.24:66/
    ProxyPassReverse	/	http://10.0.0.24:66/
</VirtualHost>

<VirtualHost *:80>
    ServerName confluence.domain.com
    ProxyPass		/	http://10.0.0.24:13161/
    ProxyPassReverse	/	http://10.0.0.24:13161/
</VirtualHost>

<VirtualHost *:80>
    ServerName jira.domain.com
    ProxyPass		/	http://10.0.0.24:13162/
    ProxyPassReverse	/	http://10.0.0.24:13162/
</VirtualHost>

<VirtualHost *:80>
    ServerName cloud.domain.com
    ProxyPass		/	http://10.0.0.24:13163/
    ProxyPassReverse	/	http://10.0.0.24:13163/
</VirtualHost>

<VirtualHost *:80>
    ServerName guacamole.domain.com
    ProxyPass		/	http://10.0.0.24:13165/
    ProxyPassReverse	/	http://10.0.0.24:13165/
</VirtualHost>

<VirtualHost *:80>
    ServerName putty.domain.com
    ProxyPass		/	http://10.0.0.24:22/
    ProxyPassReverse	/	http://10.0.0.24:22/
</VirtualHost>

<VirtualHost *:80>
    ServerName imap.domain.com
    ProxyPass		/	http://10.0.0.24:143/
    ProxyPassReverse	/	http://10.0.0.24:143/
</VirtualHost>

<VirtualHost *:80>
    ServerName smtp.domain.com
    ProxyPass		/	http://10.0.0.24:25/
    ProxyPassReverse	/	http://10.0.0.24:25/
</VirtualHost>

<VirtualHost *:80>
    ServerName ts3.domain.com
    ProxyPass		/	http://10.0.0.24:9987/
    ProxyPassReverse	/	http://10.0.0.24:9987/
</VirtualHost>

twok: yes that is how I did it

CHBMB: true, I have used them for the past year, just fount out a few days ago that they have changed their website (it no more looks like something from the 90s) and that you can have 5 subdomains on 1free SSL, so I guess that works enough for me. Wildcard SSL is not free (starts at 60USD/year)

twok: yes that is how I did it

 

CHBMB: true, I have used them for the past year, just fount out a few days ago that they have changed their website (it no more looks like something from the 90s) and that you can have 5 subdomains on 1free SSL, so I guess that works enough for me. Wildcard SSL is not free (starts at 60USD/year)

You should check out LetsEncrypt.

Free SSL's that autoupdate for however many sub/domains you want. A lot of people are switching to them including big public sites too.

Someone even made a docker that includes it as well.

- NinthWalker

there is already an Apache docker template with LetsEncrypt included somewhere and I'm thinking to try out Nginx with LetsEncrypt but I haven't found any time for it. I'm working to get a docker mail server running since I always enrage in VMs and mess them up....

I recommend to checkout those from linuxserver.io that stuff and the guides / forum there did really help me out. (i'm still a total noobie with all that linux stuff)

cheers,

Matt

Wasn't sure of where to post these questions but as they revolve around basic apache docker reverse proxy questions I figured here would be as good as in the linuxserver.io owncloud thread.

Goal:  My goal is to get owncloud published externally with SSL. 

Current status:  I've got owncloud working externally and Apache docker working as well (at least I can hit the http/https default links that show it's running)

Configuration:  Apache is using 80/443 on the docker and 8008 and 4433 on the host (unraid duh). 

Status:  I've done nothing so far other than learn how to SSH into the docker itself from within unraid.  I'm mostly comfortable with VI but my Linux knowledge is extremely basic.  I've followed the page here:

https://www.linuxserver.io/index.php/overview-reverse-proxy-with-docker/

And specifically when I get to the part about modifying the default.conf file in Apache here:

https://www.linuxserver.io/index.php/overview-reverse-proxy-with-docker/installation-of-apacheweb-docker/

I'm making the assumption that the "location" sets can be simply appended to the end of the default.conf file or do they need to reside within the framework sections for VirtualHost for the Non-SSL vs SSL pages?

Thanks for the help!

Edit:  I'm an absolute idiot--yes they reside within the virtualhost framework.  Good grief....

Does anyone have an example of a config that gets 100% on ssllabs? I know that its probably unnecessary to get 100% but if someone has a working config that does get over an A rating I would appreciate it.

check out my working nginx-lets encrypt config. i finally got most of my stuff working and even got the unraid web gui is passed through.

https://lime-technology.com/forum/index.php?topic=51720.0

What about proxying the unraid web interface itself? I had to move it from port 80 to allow Apache that... but I'd like to access it from outside my network.

My strong preference is for a domain.com/site address rather than a subdomain.domain.com style address

Hence something LIKE (this does NOT work though!!)

<Location /unraid/>
ProxyPass http://192.168.0.7:xx/
ProxyPassReverse http://192.168.0.7:xx/
</Location>

Any ideas?

Not a good idea and has been discussed in the past.  If you want access to Unraid from WAN then a VPN is the only way to go.

1 minute ago, CHBMB said:

Not a good idea and has been discussed in the past.  If you want access to Unraid from WAN then a VPN is the only way to go.

Presumably security worries? I assume Teamviewer into my local VM and then load up the unRAID web interface that way works fine?

Yeah TV into VM is another way, not quite as direct and you need to "trust" teamviewer, but better than proxying the webui.