Reverse Proxy

« tiếng Việt »

updated: 2023-04-24

There are many ways to skin a cat and reverse proxy is optional. But for most cases it is recommended that you use one if you already have a website up. Below is a common set-up…

Let say you are serving a on port 443 and you want to serve a WebCC service at on the same machine that « Apache » the webserver is running, your configuration might look something like this:

    <IfModule mod_ssl.c>
    <VirtualHost *:443> 
        DocumentRoot /some/where/

        Include /your/certificate/options.config
        SSLCertificateFile /your/certificate/
        SSLCertificateKeyFile /your/certificate/

        <IfModule mod_proxy.c>
            ProxyPass /webcc "ws://localhost:7681/webcc"
            ProxyPassReverse /webcc "ws://localhost:7681/webcc"

            Header always set Content-Security-Policy "default-src 'self' ; style-src 'unsafe-inline' 'self' * ; script-src 'unsafe-inline' 'self' * ; object-src 'none' ; img-src 'self' * ; frame-src 'self' * ; font-src 'self' * ; frame-ancestors 'self' ; base-uri 'self' ; form-action 'self' ;"


With the above, you will need to set ttyd to listen on port 7681. The connection will utilize the websocket module so you need to enable to it in Apache:

    a2enmod wstunnel     

The very long line of Content-Security-Policy is necessary to prevent various attacks. Notably the frame-ancestor won’t let other website to use your resource. Meaning it will only allow to embed into an <iframe>.

I strongly recommend that you to look up other documentation to protect your own services.

«« Init Systems