From 6e762e7ee628f185029cadd2340362738ea6dfd7 Mon Sep 17 00:00:00 2001 From: tacerus Date: Tue, 15 Dec 2020 00:32:04 +0000 Subject: [PATCH 1/2] Creation of reverse-proxy.md With this file I am providing instructions on how to set up an Apache reverse proxy. --- docs/reverse-proxy.md | 75 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 docs/reverse-proxy.md diff --git a/docs/reverse-proxy.md b/docs/reverse-proxy.md new file mode 100644 index 0000000..d8772f0 --- /dev/null +++ b/docs/reverse-proxy.md @@ -0,0 +1,75 @@ +# Reverse Proxy Setup + +## Apache2 + +This allows you to access the Leon web app using an Apache virtual host. + +## Prerequisites + +- **A domain** +> DNS A (and/or AAAA) records have to point to your webserver. + +- **SSL certificate** +> A valid SSL certificate. + +> The setup is possible without SSL, though using HTTPS is highly recommended. The following configuration examples apply to a HTTPS enforced site. + +- **An operating system** +> Obvious. + +- **Apache2 / HTTPD** +> Apache2 needs to be installed, and the modules `mod_ssl`, `mod_proxy` as well as `mod_wstunnel` need to be loaded. +
Refer to the Apache documentation specific to your operating system to find the correct procedure on how to install and load modules as well as on how and where to define virtual hosts. + +- **Firewall** +> If a firewall is in place, the ports 80 and 443 need to be opened and/or forwarded accordingly. +
If Leon resides on a different machine, the configured `LEON_PORT` needs to be reachable by the webserver. + +- **Leon** +> A working Leon installation. It is recommended to test if Leon works as expected before attempting to troubleshoot issues with the reverse proxy. + +> Warning - As of writing this document, the following configuration examples only apply to the DEVELOPMENT branch of Leon. +
Since this branch is deemed stable enough by the author, the complex procedure for setting a reverse proxy up with Leon from the Master branch (it involves tampering with the source files) will not be explained. + +## Leon configuration (.env) + + # Server + LEON_HOST=https://leon.example.com + LEON_PORT=1337 + +## Apache virtual host (leon.conf) + +`leon.example.com` is the domain you will use to reach the Leon web app. + +`127.0.0.1` is the machine the web server reaches the Leon backend on. If Leon resides on a different machine, replace this with the hostname or IP address of that machine. + +`:1337` is the port the Leon backend listens on (you specified it above with `LEON_PORT`). + + + + ServerName leon.example.com + + RewriteEngine On + RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] + + + ServerName leon.example.com + + SSLEngine On + SSLCertificateFile "/path/to/fullchain.pem" + SSLCertificateKeyFile "/path/to/privkey.pem + + ProxyPreserveHost Off + ProxyPass / http://127.0.0.1:1337/ + ProxyPassReverse / http://127.0.0.1:1337/ + + RewriteEngine On + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteCond %{HTTP:Connection} upgrade [NC] + RewriteRule ^/?(.*) "ws://127.0.0.1:1337/$1" [P,L] + + + + That's it! + + From ad903ca175e574c0ce5962586378b5c520159c0a Mon Sep 17 00:00:00 2001 From: tacerus Date: Tue, 15 Dec 2020 00:37:04 +0000 Subject: [PATCH 2/2] Linking reverse-proxy --- docs/.vuepress/config.en-US.js | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/.vuepress/config.en-US.js b/docs/.vuepress/config.en-US.js index 0f990f8..7669abf 100644 --- a/docs/.vuepress/config.en-US.js +++ b/docs/.vuepress/config.en-US.js @@ -30,6 +30,7 @@ module.exports = { 'collaborative-logger', 'scripts', 'tests' + 'reverse-proxy' ] } ]