I mentioned in my previous post that the scrap heap was still hosting the website while the 715 is running gitlab and a fileserver (fileserver.xyz for now). Both of those services run on normal website ports (80 and 443) so I can’t have my router port forward those ports to both computers. If only one server can get the ports, then how can both servers show websites? The answer: ProxyPass. Well, at least with Apache2.

Here’s how it works. In the configuration file for the scrap heap website, I have a bunch of extra virtual hosts. The main one is there as usual, but underneath I have additional ones on ports 80 and 443 whose ServerName is a subdomain of my website, files.* and git.* in my case. In each of those virtual hosts I then have ProxyPass and ProxyPassReverse for “/” set to the local address of the 715. for the hosts on port 80 I use http and for 443 I use https. ProxyPass essentially redirects all traffic on that subdomain to the other server. ProxyPassReverse makes sure the locations of redirects stay relative to the front-end server (or something like that, all I know is that you need to have both and they must be the same).

For SSL/TLS frontends and backends, and I want everything to be encrypted, you have to do a few more steps. First, you enable SSLEngine. You also need to enable SSLProxyEngine. Then, you must turn off SSLProxyCheckPeerCN. This is something to do with the certificates matching but again all I know is that it doesn’t work if I leave it on. After that, you put SSLCertificateFile and SSLCertficateKeyFile and have those to the fullchain.pem and privkey.pem that was made by certbot. Once that is out of the way, then you have the usual ServerName and ProxyPass stuff.

Here are a few examples. First is the unencrypted one:

<VirtualHost *:80>
	ServerName files.byronlathi.com
	ProxyPass / http://192.168.1.126:81
	ProxyPassReverse / http://192.168.1.126:81
</VirtualHost>

The port 81 is cause you can’t have web servers on the same port on the same machine. I could probably use VMs since I have 4 NICs on the 715, but lazy.

Here is the encrypted example:

<VirtualHost *:443>
	SSLEngine On
	SSLProxyEngine On
	SSLProxyCheckPeerCN off
	SSLCertificateFile /path/to/fullchain.pem
	SSLCertificateKeyFile /path/to/privkey.pem

	ServerName git.byronlathi.com
	ProxyPass / https://192.168.1.126/
	ProxyPassReverse / https://192.168.1.126/
</VirtualHost>