Apache reverse proxy configuration for socket.io

sudo a2enmod proxy_http
sudo a2enmod proxy_fcgi
sudo a2enmod proxy_wstunnel
# VirtualHost ms.example.net
<VirtualHost *:80>
  ServerName ms.example.net
  ProxyRequests Off
  ProxyPreserveHost On
  RemoteIPHeader X-Forwarded-For
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>
  RewriteEngine On
  RewriteCond %{REQUEST_URI} ^/socket.io          [NC]
  RewriteCond %{QUERY_STRING} transport=websocket [NC]
  RewriteRule /(.*) ws://localhost:14102/$1        [P,L]

  ProxyPass /socket.io http://localhost:14102/socket.io
  ProxyPassReverse /socket.io http://localhost:14102/socket.io
</VirtualHost>

<VirtualHost *:443>
  ServerName ms.example.net
  ProxyRequests Off
  ProxyPreserveHost On
  RemoteIPHeader X-Forwarded-For
  RewriteEngine on
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/example.net/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example.net/privkey.pem
  
  RewriteEngine On
  RewriteCond %{REQUEST_URI} ^/socket.io          [NC]
  RewriteCond %{QUERY_STRING} transport=websocket [NC]
  RewriteRule /(.*) ws://localhost:14102/$1        [P,L]
  ProxyPass /socket.io http://localhost:14102/socket.io
  ProxyPassReverse /socket.io http://localhost:14102/socket.io
  
</VirtualHost>

Use a secure URL for your initial connection, i.e. instead of “http://” use “https://”. If the WebSocket transport is chosen, then Socket.IO should automatically use “wss://” (SSL) for the WebSocket connection too.

var socket = io.connect('https://localhost', {secure: true});

References
http://xpo6.com/socket-io-via-apache-reverse-proxy/
https://stackoverflow.com/questions/36472920/apache-proxy-configuration-for-socket-io-project-not-in-root
https://gist.github.com/iacchus/954e0787d6893c5ab8e1
https://stackoverflow.com/questions/6599470/node-js-socket-io-with-ssl

Secure Apache with Let’s Encrypt on Ubuntu 18.04

Installing Certbot

sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache

Set Up the SSL Certificate

Certbot needs to be able to find the correct virtual host in your Apache configuration for it to automatically configure SSL. Specifically, it does this by looking for a ServerName directive that matches the domain you request a certificate for.

Obtaining an SSL Certificate

sudo certbot --apache -d example.com -d www.example.com

This runs certbot with the --apache plugin, using -d to specify the names you’d like the certificate to be valid for.

Verifying Certbot Auto-Renewal

sudo certbot renew --dry-run

References
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04

Cannot access javascript folder on Apache

Go to /etc/apache2/conf-available/javascript-common.conf, you will find this:

Alias /javascript /usr/share/javascript/
<Directory "/usr/share/javascript/">
     Options FollowSymLinks MultiViews
</Directory>

So you just have to comment this lines (with the # char) (is not recommend to edit directly the file in conf-enabled) to avoid the forbidden error. After that, do this:

a2disconf javascript-common
a2enconf javascript-common

References
https://serverfault.com/questions/274254/cannot-access-javascript-folder

Redirect Request to SSL on Apache

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName mysite.example.com
   DocumentRoot /usr/local/apache2/htdocs
   Redirect /secure https://mysite.example.com/secure
</VirtualHost>

<VirtualHost _default_:443>
   ServerName mysite.example.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
# etc...
</VirtualHost>

When redirecting everything you don’t even need a DocumentRoot:

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName www.example.com
   Redirect / https://secure.example.com/
</VirtualHost>

<VirtualHost _default_:443>
   ServerName secure.example.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
# etc...
</VirtualHost>

Note: Once the configuration is working as intended, a permanent redirection can be considered. This avoids caching issues by most browsers while testing. The directive would then become:

Redirect permanent / https://secure.example.com/

—————

<Directory /topsecret>
  SSLRequireSSL
</Directory>

References
https://wiki.apache.org/httpd/RedirectSSL
https://serverfault.com/questions/429634/restrict-apache-to-only-allow-access-using-ssl-for-some-directories
https://www.tecmint.com/redirect-http-to-https-on-apache/

Configure Let’s Encrypt for Apache on Ubuntu

sudo apt-get install python-letsencrypt-apache 
letsencrypt --apache
nano /etc/apache2/apache2.conf
<VirtualHost *:443>
	SSLEngine on
	SSLCertificateKeyFile /etc/letsencrypt/live/dl.mhdr.ir/privkey.pem
	SSLCertificateFile /etc/letsencrypt/live/dl.mhdr.ir/cert.pem
	SSLCertificateChainFile /etc/letsencrypt/live/dl.mhdr.ir/chain.pem
    DocumentRoot "/var/www/html/dl"
    ServerName dl.mhdr.ir
</VirtualHost>
service apache2 restart

PPA

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

note : only the last VitualHost will be detected by letsencrypt
References
https://certbot.eff.org/#ubuntuxenial-apache
https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension
https://letsencrypt.org/

Use Spring Boot behind Apache front-end proxy server

Apache

a2enmod proxy
a2enmod proxy_http
a2enmod proxy_ajp
a2enmod rewrite
a2enmod deflate
a2enmod headers
a2enmod proxy_balancer
a2enmod proxy_connect
a2enmod proxy_html
sudo a2enmod remoteip
sudo service apache2 restart
<VirtualHost *:80>
  ServerName iterator.ir

  ProxyRequests Off
  ProxyPreserveHost On
  RemoteIPHeader X-Forwarded-For
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  ProxyPass / http://localhost:13602/
  ProxyPassReverse / http://localhost:13602/
</VirtualHost>
<VirtualHost *:443>
	SSLEngine on
	RewriteEngine on
	SSLCertificateKeyFile /etc/letsencrypt/live/lastlab.pupli.net/privkey.pem
	SSLCertificateFile /etc/letsencrypt/live/lastlab.pupli.net/cert.pem
	SSLCertificateChainFile /etc/letsencrypt/live/lastlab.pupli.net/chain.pem
	ServerName lastlab.pupli.net
 
	ProxyRequests Off
	ProxyPreserveHost On
	RemoteIPHeader X-Forwarded-For
	<Proxy *>
		Order deny,allow
		Allow from all
	</Proxy>
 
	ProxyPass / http://localhost:14001/
	ProxyPassReverse / http://localhost:14001/
</VirtualHost>

Spring Boot
set server.use-forward-headers to server.use-forward-headers in Spring Boot application.properties

Java

String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null) {
	   ipAddress = request.getRemoteAddr();
}

References
https://docs.spring.io/spring-boot/docs/current/reference/html/howto-embedded-servlet-containers.html#howto-use-tomcat-behind-a-proxy-server
https://www.mkyong.com/java/how-to-get-client-ip-address-in-java/
http://serverfault.com/questions/130925/passing-ip-address-with-mod-proxy
https://www.leaseweb.com/labs/2014/12/tutorial-apache-2-4-transparent-reverse-proxy/
http://www.thegeekstuff.com/2011/07/Apache-Virtual-Host/
https://devops.profitbricks.com/tutorials/configure-apache-as-a-reverse-proxy-using-mod_proxy-on-ubuntu/
https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension

Install WordPress on Ubuntu

Install Apache

sudo apt-get install apache2

Install MySQL

sudo apt-get install mysql-server php5-mysql

Install PHP

sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt php5-curl
sudo apt-get install php5-cli

Create a MySQL Database and User for WordPress

mysql -u root -p
create database wordpressdb;
create user wordpressuser@localhost identified by 'pass1234';
grant all privileges on wordpressdb.* to wordpressuser@localhost;
FLUSH PRIVILEGES;

exit

Download WordPress

wget http://wordpress.org/latest.tar.gz

or

sudo apt-get install wordpress
sudo apt-get install php5-gd libssh2-php

The group ownership we will give to our web server process, which is www-data. This will allow Apache to interact with the content as necessary.

sudo chown -R :www-data /var/www/html/wordpress

Refernces :

https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-ubuntu-14-04
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-14-04
https://kyup.com/tutorials/install-wordpress/
https://help.ubuntu.com/community/WordPress
https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lamp-on-ubuntu-16-04
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-16-04