apache ssl & ReverseProxy install and test

Sep 10, 10:13 AM

written from:
https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-apache-for-centos-7 (but skipped stuff on self-signing cert)
https://linuxize.com/post/how-to-install-node-js-on-centos-7/ (node)
http://kselax.ru/en/socket-io-apache-reverse-proxy/ (get reverse-proxy working)
https://geekflare.com/apache-setup-ssl-certificate/
https://sslforfree.com (create free certification)

starting with this one:
https://www.centosblog.com/configure-apache-https-reverse-proxy-centos-linux/

0) sslforfree.com – create certs

1) domain name pointing to IP number

2) sudo yum -y update ;

3) sudo curl -sL https://rpm.nodesource.com/setup_10.x | sudo bash -

4) sudo yum install —assumeyes install httpd mod_ssl nodejs ;

5) node —version ;

6) vi /etc/httpd/conf.d/ssl.conf ;

– ????????????????? change DocumentRoot – change ServerName – comment out SSLProtocol and SSLCipherSuite – SSLCertificateFile /etc/ssl/certs/certificate.crt – SSLCertificateKeyFile /etc/ssl/certs/private.key – SSLCACertificateFile /etc/ssl/certs/root-certificate.crt – add trailing text per: https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-apache-for-centos-7

7) – add the certs: cat > /etc/ssl/certs/certificate.crt ; cat > /etc/ssl/certs/private.key ; cat > /etc/ssl/certs/root-certificate.crt ;

7a) sudo chmod —verbose 700 /etc/ssl/certs/certificate.crt /etc/ssl/certs/private.key /etc/ssl/certs/root-certificate.crt ;

8) sudo apachectl configtest; ## check apache configuration

9) sudo systemctl enable/start/stop/restart/status httpd.service ;

10) sudo echo ‘This Test for all!’ >/var/www/html/index.html ; ##create a dummy webpage
10a) sudo echo ‘‘ > /var/www/html/phpinfo.php ; ## create a php test page

11) check new cert: https://www.ssllabs.com/ssltest/analyze.html?d=MYDOMAINNAME

https://www.centosblog.com/configure-apache-https-reverse-proxy-centos-linux/

20) sudo setsebool -P httpd_can_network_connect on ;

21) add to /etc/httpd/conf.d/ssl.conf:

ProxyPass http://localhost:3000/ ProxyPassReverse http://localhost:3000/

22) CRITICAL!

sudo setsebool -P httpd_can_network_connect on ; ?? IS THIS ALWAYS REQUIRED ???

http://kselax.ru/en/socket-io-apache-reverse-proxy/

30) create a server and start it

sudo npm install —global @feathersjs/cli ;
feathers g app;

for possible testing:
firewall-cmd —permanent —add-port=3030/tcp ; firewall-cmd —reload;

=========================================================

and put this either in the apache-conf or the (dot)access file:

ProxyPass / http://localhost:3030/
ProxyPassReverse / http://localhost:3030/

Mark Edwards

,

---

Commenting is closed for this article.

---