[SOLVED] Apache Reverse Proxy Setup Virtual Host

BluishHumility · July 17, 2022, 9:23pm

I was able to get this figured out by setting up a proxy for the web server running on the other box. It took a little reading and some trial and error, but now both web servers are working correctly and are externally accessible.

Deleted the port forwarding rules on my router. Now I have FBX in the DMZ, that’s it.
Added the domain of my second web service (on the other box) as a domain on the FreedomBox, just to get the Let’s Encrypt service to pick it up. Once the certificate was squared away, I deleted the domain out off of the FreedomBox list.
Configured a proxy service in Apache to redirect traffic for the other domain to the other box.

The last part took some hacking around and reading through documentation and forum posts, but I finally got it working. It gets set up in /etc/apache2/sites-enabled/000-default.conf. Mine wound up looking like this (added below the preexisting configuration already in the file):

<VirtualHost *:>
        ProxyPreserveHost On
        ProxyPass / http://192.168.0.6/
        ProxyPassReverse / http://192.168.0.6/
        ServerName YourDomain.com
    </VirtualHost>


#NameVirtualHost *:443
<VirtualHost *:443>
        ServerName YourDomain.com
        SSLEngine On

        # Set the path to SSL certificate
        SSLCertificateKeyFile /etc/letsencrypt/live/YourDomain.com/privkey.pem
        SSLCertificateFile /etc/letsencrypt/live/YourDomain.com/fullchain.pem

        # Global SSL Headers
        <Location "/">
                RequestHeader set X-Forwarded-Proto https
                RequestHeader set X-Forwarded-Ssl on
                RequestHeader set X-Url-Scheme https
        </Location>

        ProxyPreserveHost On
        ProxyPass / http://192.168.0.6:6006/
        ProxyPassReverse / http://192.168.0.6:6006/

    </VirtualHost>

The port number used for the SSL proxy does not need to be 6006, that is just a made up port. It does need to be a port that is not in use for something else (80 and 443 did not work), and the custom port needs to be allowed in the firewall (I just added in a custom service in Cockpit and it worked fine).

I edited the title of the thread because it seemed unlikely this rabbit hole I went down will be useful for people searching for a fix for Let’s Encrypt not working.