I am working on an howto to use the hiawatha webserver as reverse proxy. You might want that because it can ban hackers ip’s when they are trying XSS, injection DOS and so on.
Anyway, a reverse proxy config looks like:
Hostname = rain.example.com
ReverseProxy .* http://192.168.0.50:80/rainloop
RequireTLS = yes
TLScertFile = /etc/letsencrypt/live/rain.example.com/hiawatha-hc.pem
if you want to get letsencrypt certificates for many websites behind this secured webproxy you can do this by this trick:
1- copy the config but delete lines with reverse proxy. You are taking the backend website offline effectively,
2- server the domains locally
3- run letsencrypt for your domain
4- switch the config back
Improvements on my clunky code are always welcome…
update multiple certificates
date --rfc-3339 seconds | sed 's/ /-/'
echo “Time is $TIMESTAMP"
####we will get certificates for the following domains in hiawatha.conf
cp $CONFIG /root/tmp/hiawatha.conf$TIMESTAMP
cp $CONFIG /root/tmp/hiawatha.confbackup
lets take all TLS and reverse proxy config out while updating, serving only one local website
cat /root/tmp/hiawatha.confbackup | egrep -v “ReverseProxy|RequireTLS|TLScertFile” > $CONFIG
echo “website is offline, will get the certs now” & sleep 3
for i in
echo $DOMAINS ; do
echo "getting certs for $i"
./letsencrypt-auto certonly -a webroot --webroot-path $WEBROOT -d $i --server https://acme-v01.api.letsencrypt.org/directory
sleep 33 # can take a while
###if all is well we have a new certificate, but we need to adjust it to hiawatha pem format
echo "certs $i are in lets make a pem"
cat $LECROOT/$i/privkey.pem $LECROOT/$i/cert.pem $LECROOT/$i/chain.pem > $LECROOT/$i/hiawatha-hc.pem
chown www-data:www-data $LECROOT/$i/hiawatha-hc.pem
chmod 440 $LECROOT/$i/hiawatha-hc.pem
echo "pemfile is $LECROOT/$i/hiawatha-hc.pem"
#copy back the original configfile
cp /root/tmp/hiawatha.confbackup $CONFIG