github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
69335153cedb0328116a51ae27ffc57afa00e97b
firezone/www/docs/reference/reverse-proxy-templates/apache.mdx
Jamil 69335153ce Remove docs.firezone.dev CNAME (#1418) 
This corresponds to step (1) of #1417
2023-02-09 15:19:19 -08:00

67 lines
2.4 KiB
Plaintext
Raw Blame History

---
title: Apache
sidebar_position: 1
---
The following are example [apache](https://httpd.apache.org/) configurations
with and without SSL termination.
These expect the apache to be running on the same host as Firezone and
`default['firezone']['phoenix']['port']` to be `13000`.
## Without SSL termination
Since Firezone requires HTTPS for the web portal, please bear in mind a
downstream proxy will need to terminate SSL connections in this scenario.
`<server-name>` needs to be replaced with your domain name.
This configuration needs to be placed in
`/etc/sites-available/<server-name>.conf`
and activated with `a2ensite <server-name>`
```conf
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
<VirtualHost *:80>
ServerName <server-name>
ProxyPassReverse "/" "http://127.0.0.1:13000/"
ProxyPass "/" "http://127.0.0.1:13000/"
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:13000/$1" [P,L]
</VirtualHost>
```
## With SSL termination
This configuration builds on the one above and uses Firezone's auto-generated
self-signed certificates.
```conf
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
Listen 443
<VirtualHost *:443>
ServerName <server-name>
RequestHeader set X-Forwarded-Proto "https"
ProxyPassReverse "/" "http://127.0.0.1:13000/"
ProxyPass "/" "http://127.0.0.1:13000/"
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:13000/$1" [P,L]
SSLEngine On
SSLCertificateFile "/var/opt/firezone/ssl/ca/acme-test.firez.one.crt"
SSLCertificateKeyFile "/var/opt/firezone/ssl/ca/acme-test.firez.one.key"
</VirtualHost>
```
Reference in New Issue View Git Blame Copy Permalink