How to run an app running in a specific port using https

Hi,
i have installed certbot to generate certificate on debian:

sudo apt install certbot python3-certbot-apache
sudo certbot --apache -d your_domain -d www.your_domain

it works as expected when I see the apache file i sse this:

nano /etc/apache2/sites-available/000-default-le-ssl.conf

i have this content :

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

ServerName your_domain.fr
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias your_domain.fr
SSLCertificateFile /etc/letsencrypt/live/your_domain.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your_domain.fr/privkey.pem
</VirtualHost>
</IfModule>

i have an application running in the port 3000.
when i type your_domain.fr:3000 it works but when i type
https://your_domain.fr:3000 it doesnt work. could you help please ?

1 Like

Usually applications cannot run HTTP and HTTPS on the same port. Also, configuring HTTPS on Apache doesn't magically make any other application use HTTPS too.

Also, do you really want to have that application accessible on port 3000? What application is it anyway?

Maybe it's a good idea to put that application on port 3000 behind a reverse proxy set up in Apache, so that Apache does all the HTTPS stuff and you can keep your application HTTP on port 3000. See Reverse Proxy Guide - Apache HTTP Server Version 2.4 for more info about setting up a reverse proxy using Apache.

5 Likes

thnaks for your time, it is an application running using docker compose. which is running on the port 3000.
i'm new to apache, do you think if I put that application on port 3000 behind a reverse proxy set up in Apache it will work.?

thanks

2 Likes

Here details on Apache can be found in documentation and forums:

2 Likes

If the Internet can reach your server on port 3000.
If the application is "OK" with being proxied.
If you know enough about your application to move the service port used [if needed].
If you understand apache well enough to setup the reverse proxy.
Then, I think yes; It could work.

That said, you should first read up on SNI.
Because you may not need to connect to your application via port 3000.
It might be possible to use SNI and connect to your application via port 443 [HTTPS].
Note: I know absolutely nothing about your application, so this advice is very very general.

3 Likes

Here is the preferred method (snap) to install Certbot:

And the second choice (pip) to install Certbot:

3 Likes

thnaks for your time,
well, it is a simple application which running on the port 3000 using docker compose. i have bought a domain name(yourdomain.fr), and i have created a certificate using certbot as explained above.

i can see the apache defaut page when i run https://yourdomain.fr on the browser.
but now my problem is to be able to access to my application using https://yourdomain.fr:3000 if you could help please

example.com is the proper domain name to use if you redacted the actual domain name.

As https://example.com/ shows the intended usages

Example Domain
This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.

Also see:

3 Likes

Yes. See the guide I linked in my post above.

Please note that this is not a generic computer help forum, but specifically for HTTPS/TLS/SSL/ACME/Let's Encrypt. While you might get lucky and have volunteers guide you through the process of setting up a reverse proxy, it might also be possible you need to ask for help for that specific Apache task elsewhere.

The alternative is to have your application on port 3000 run HTTPS on a different port (e.g. 3001), but personally I would not advise that, as it would be much more difficult to redirect HTTP on port 3000 to HTTPS on port 3001. Apache currently is already set up to do that for you, but using port 80 -> 443. So a reverse proxy would be the best solution IMO.

1 Like