Stuck in letsencrypt ssl integration on Ubuntu


#1

Good morning,
I am new in the community, glad to be one of you. It’s the first time I setup SSL, I chose to use letsencrypt.

I have an Angular application running on https, and that is working. I also have REST APIs implemented in NodeJS, and I am stuck on being able to provide them securely. The service is running on port 8443, and if I disable the certificate request they work (this to explain that no change to the code should be done).

The NodeJS code is as follows:

const privateKey = fs.readFileSync(<path_to_privkey.pem>, ‘utf8’);
const certificate = fs.readFileSync(<path_to_cert.pem>, ‘utf8’);
const ca = fs.readFileSync(<path_to_chain.pem>, ‘utf8’);

let activateHttps = true;

const credentials = {
key: privateKey,
cert: certificate,
ca: ca,
requestCert: activateHttps,
rejectUnauthorized: activateHttps
};

APIs are accessed with https://:8443/api/. Routing is implemented in NodeJS.

The configuration on sites-enabled/000-default.conf is as follows:

LoadModule ssl_module libexec/apache2/mod_ssl.so
<VirtualHost :>
ServerName
ServerAlias
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted

DocumentRoot /var/www/html
ErrorLog {APACHE_LOG_DIR}/error.log CustomLog {APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
SSLEngine on
SSLCertificateFile <path_to_cert>
SSLCertificateKeyFile <path_to_key>
SSLCertificateChainFile <path_to_chain>
<Location /api>
ProxyPass https://:8443/api #tried redirect but not working!
ProxyPassReverse https://:8443/api

The NodeJS application is hosted in another directory, different from /var/www/html.

I can’t figure out why https is not working when providing APIs. Any help? Thanks in advance


#2

Not 100% sure… but: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html shows:

When used inside a <Location> section, the first argument is omitted and the local directory is obtained from the <Location> . The same occurs inside a <LocationMatch> section, but will probably not work as intended, as ProxyPassReverse will interpret the regexp literally as a path; if needed in this situation, specify the ProxyPassReverse outside the section or in a separate <Location> section.