Reverse proxy in Apache + CentOS for HTTPS requests to PostgREST webserver

Question

I would like to make https requests to my postgREST webserver, which by design doesn't support https. I spend several days now I don't know any further...

My setup

My server is running on CentOS 7.9.2009
I have a website domain that uses Wordpress to serve my content in home/myuser/public_html
I setup PostgREST 7.0.1 on my server which runs on port 3000
I am running Apache/2.4.51 (cPanel)

My Problem

The following request works just fine: http://my-domain.com:3000/my_db_table
I would like to run the same request like: https://my-domain.com/api/my_db_table
My Apache configuration is in an "includes" file, seems to be loaded (as errors occur when I put wrong syntax intentionally in this file) and it looks like this:

<VirtualHost *:443>

    DocumentRoot /
    ServerName my-domain.com
    ServerAlias my-domain
    ErrorLog /home/myuser/public_html/api/error.log
    CustomLog /home/myuser/public_html/api/access.log combined

    SSLEngine on
    SSLUseStapling off
    SSLCertificateFile /etc/ssl/certs/server.my-domain.com.crt
    SSLCertificateKeyFile /etc/ssl/private/server.my-domain.com.key


    <Location /api/ >
         ProxyPreserveHost On
         ProxyPass http://localhost:3000/
         ProxyPassReverse http://localhost:3000/
         RequestHeader set X-Forwarded-Port "443"
         RequestHeader set X-Forwarded-Proto "https"
   </Location>
</VirtualHost>

running httpd -t returns Syntax OK
after my changes I run sudo systemctl restart httpd
when I then try to do a request like curl -i https://my-domain.com/api/my_db_table I am redirected to the 404 page of my Wordpress website
the error.log file of my apache config does not include any errors (it included errors for stapling which I resolved by adding the line SSLUseStapling off in my config)

I don't know what to do anymore. And because I don't have any error logs I even don't know how to start debugging it. I would be happy for any hint somebody could provide me.

score 0 · Answer 1 · answered Dec 21 '21 at 15:43

0

Some things to check:

Is SELinux running? If so is the SEBoolean httpd_can_network_connect set to 1?
Is mod_proxy installed?
Is anything on the non-proxied VirtualHost using the path /api? As in, would it block the calls to the Location? Better answer: How to handle relative urls correctly with a reverse proxy

Not an apache expert, but these sprang to mind!

answered Dec 21 '21 at 15:43

shearn89

3,143
2
14
39

Thanks for your reply. However, I probably can rule out your suggestions. (1) No, it is disabled. (2) Running `httpd -M` shows me `proxy_module`, so it seems to be enabled. (3) I just created the `/api` directory in my wordpress environment in `home/myuser/public_html`, so there shouldn't be anything but this proxy – JoeBe Dec 21 '21 at 16:36

score 0 · Answer 2 · answered Dec 22 '21 at 23:07

0

Adding to the second point of the answer given by shearn89, verify that the module mod_proxy_http is also installed (use a2enmod proxy_http to install it).

answered Dec 22 '21 at 23:07

Laurence Isla

1

Reverse proxy in Apache + CentOS for HTTPS requests to PostgREST webserver

2 Answers2