Version 1 (modified by 11 years ago) ( diff ) | ,
---|
How to configure a nodejs app with apache using ssl
This is a description of a specific implementation of [ethercalc.net ethercalc] on mcchesney.mayfirst.org using https only. You will not get the full setup guide for ethercalc and this implementation has not been tested and may not work on our shared infrastructure.
After installing ethercalc into a local nodejs instance and acquiring a ssl certificate, the ethercalc instance can be from calc@mcchesney.mayfirst.org:~/
with the following command:
nohup /usr/local/bin/node ./nodejs/node-v0.8.18/node_modules/ethercalc/bin/ethercalc --keyfile keys/calc.mayfirst.org.key --certfile keys/calc.mayfirst.org.crt --basepath https://calc.mayfirst.org:8000 &
In this case the ethercalc x509 implementation produces a visitable domain at https://calc.mayfirst.org:8000 . In order to remove the port number on the end of the url, apache needs to be involved in the process or another server needs to handle requests on port 443. Configuring apache to handle these requests mod_proxy
must be enabled in apache with the following commands.
a2enmod proxy a2enmod proxy_http service apache2 restart
Next a virtual host with it's own ip address needs to exist. The apache virtual host config looks something like this:
0 mcchesney:/etc/apache2/sites-available# cat calc.mayfirst.org.ssl <VirtualHost 209.234.253.233:443> # web config for calc.mayfirst.org ServerName calc.mayfirst.org # ServerAlias www.calc.mayfirst.org <Proxy *> Order deny,allow Allow from all </Proxy> #SSL Stuff SSLEngine On SSLProxyEngine On SSLCertificateFile /home/calc/keys/calc.mayfirst.org.apache.crt SSLCertificateKeyFile /home/calc/keys/calc.mayfirst.org.key SSLCertificateChainFile /home/calc/keys/calc.mayfirst.org.apache.intermediate.crt ProxyPreserveHost On ProxyRequests off ProxyPass / https://calc.mayfirst.org:8000/ ProxyPassReverse / https://calc.mayfirst.org:8000/ </VirtualHost> 0 mcchesney:/etc/apache2/sites-available#
The most unique parts of this virtual host are the references to Proxy commands and the <Proxy *> components. With this configuration, https://calc.mayfirst.org actually passes information to and from https://calc.mayfirst.org:8000.
Also note that in this particular configuration the virtual host uses a different set of ssl certificate files than the ethercalc configuration. This may not be necessary, and the cert information remains the same. The only difference is the apache certificates get chain loaded and the ethercalc cert has a combined root and intermediate certificate.
Generally, this approach should work for most nodejs apps, though there may be more lag for realtime editing.