Set up an apache reverse proxy with SSL certs and multiple domains

Hello! I need help configuring Apache to act as a reverse proxy with https and multiple domains, such that www.myfirstdomain.com and www.myseconddomain.com both point to x.x.x.x and than the server will selectively forward to, let's say, x.x.x.x:2400 (myfirstdomain.com, http), x.x.x.x.:2401 (myfirstdomain.com, https), x.x.x.x:2600 (myseconddomain.com, http) and x.x.x.x.:2601 (mysecondomain.com, https).

I tried many options but in the end I got stuck because I issued more than 5 certs (renews) per week and also I couldn't make it work.

myfirstdomain.com and www.myfirstdomain.com (http and https) were configured as follows:

/etc/apache2/sites-available/000-default.conf :

<VirtualHost *:80>
    ServerName myfirstdomain.com
    ServerAlias www.myfirstdomain.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/myfirstdomain/public
    <Directory /var/www/html/myfirstdomain/public>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =myfirstdomain.com
    RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

    RewriteCond %{SERVER_NAME} =www.myfirstdomain.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName myfirstdomain.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/myfirstdomain/public
    <Directory /var/www/html/myfirstdomain/public>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
    </Directory>

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =myfirstdomain.com
    RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Then I generated the certs with certbot --apache for both www and non-www and I had this file:

/etc/apache2/sites-available/000-default-le-ssl.conf:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName myfirstdomain.com
        ServerAlias www.myfirstdomain.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/myfirstdomain/public
        <Directory /var/www/html/myfirstdomain/public>
                Options Indexes FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        RewriteEngine on
        # Some rewrite rules in this file were disabled on your HTTPS site,
        # because they have the potential to create redirection loops.

        #     RewriteCond %{SERVER_NAME} =myfirstdomain.com
        #     RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

        #     RewriteCond %{SERVER_NAME} =www.myfirstdomain.com
        #     RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


            SSLCertificateFile /etc/letsencrypt/live/www.myfirstdomain.com/fullchain.pem
            SSLCertificateKeyFile /etc/letsencrypt/live/www.myfirstdomain.com/privkey.pem
            Include /etc/letsencrypt/options-ssl-apache.conf
        </VirtualHost>
    </IfModule>

I don't understand why it disabled the rules in the last config. They were okay when I had all the certs in place, maybe the fact that the certs couldn't be renewed caused that.

Can someone, please, help me? I would really like to know how to achieve this.
P.S.: sorry if I didn't write my actual domain name, it was useless anyway...

2 Likes

Your question/problem is not directly related to this forum.

The problem is that you don't understand how to implement a reverse proxy in Apache.
Based on your configs, you haven't even tried. There should have been at least one "proxypass" statement found in there.

I would suggest asking your question in an apache forum.

Once you have a fully functional web server (that can proxy to all your internal sites via HTTP), you can then try to get them all certificates.
If you run into any problems with that part, feel free to come back and post those questions/problems in this forum.

3 Likes