== How to configure a nodejs app with apache using ssl ==

This is a description of a specific implementation of [http://ethercalc.net ethercalc] on mcchesney.mayfirst.org using https only. The [wiki:how-to/servers/setup-ethercalc specific details on setting up ethercalc are also available].

You will not get the full setup guide for ethercalc and this implementation has not been tested and may not work on our shared infrastructure.

After installing ethercalc into a local nodejs instance and acquiring a ssl certificate, the ethercalc instance can be from `calc@mcchesney.mayfirst.org:~/` with the following command:

{{{
nohup /usr/local/bin/node ./nodejs/node-v0.8.18/node_modules/ethercalc/bin/ethercalc --keyfile keys/calc.mayfirst.org.key --certfile keys/calc.mayfirst.org.crt --basepath https://calc.mayfirst.org:8000 &
}}}

In this case the ethercalc x509 implementation produces a visitable domain at https://calc.mayfirst.org:8000 .  In order to remove the port number on the end of the url, apache needs to be involved in the process or another server needs to handle requests on port 443.  Configuring apache to handle these requests `mod_proxy` must be enabled in apache with the following commands.

{{{
a2enmod proxy
a2enmod proxy_http
service apache2 restart
}}}

Next a virtual host with it's own ip address needs to exist.  The apache virtual host config looks something like this:

{{{
0 mcchesney:/etc/apache2/sites-available# cat calc.mayfirst.org.ssl
<VirtualHost 209.234.253.233:443>
        # web config for calc.mayfirst.org
        ServerName calc.mayfirst.org
        # ServerAlias www.calc.mayfirst.org

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        #SSL Stuff
        SSLEngine On
        SSLProxyEngine On
        SSLCertificateFile /home/calc/keys/calc.mayfirst.org.apache.crt
        SSLCertificateKeyFile /home/calc/keys/calc.mayfirst.org.key
        SSLCertificateChainFile /home/calc/keys/calc.mayfirst.org.apache.intermediate.crt

        ProxyPreserveHost On
        ProxyRequests off
        ProxyPass / https://calc.mayfirst.org:8000/
        ProxyPassReverse / https://calc.mayfirst.org:8000/
</VirtualHost>
0 mcchesney:/etc/apache2/sites-available# 
}}}

The most unique parts of this virtual host are the references to Proxy commands and the <Proxy *> components.  With this configuration, https://calc.mayfirst.org actually passes information to and from https://calc.mayfirst.org:8000.  

Also note that in this particular configuration the virtual host uses a different set of ssl certificate files than the ethercalc configuration.  This may not be necessary, and the cert information remains the same.  The only difference is the apache certificates get chain loaded and the ethercalc cert has a combined root and intermediate certificate.

Generally, this approach should work for most nodejs apps, though there may be more lag for realtime editing.