Apache proxy in front of shinyproxy

ShinyProxy
#1

Hi,

I’m trying to use shinyproxy with an apache reverse proxy, to support the off-loading of an SSL certificate. There is an example proxy configuration for nginx on the webpage (http://www.shinyproxy.io/security/), I would like to do the same, but using apache.

My apache config file:

<VirtualHost *:443>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine On

    # Set the path to SSL certificate
    # Usage: SSLCertificateFile /path/to/cert.pem
    SSLCertificateFile /etc/apache2/ssl/ca.crt
    SSLCertificateKeyFile /etc/apache2/ssl/ca.key

    ProxyPreserveHost On

    ProxyPass / http://0.0.0.0:8080/
    ProxyPassReverse / http://0.0.0.0:8080/

I can connect to shinyproxy and start a container, but can’t establish a connection with the container. The error message from browser console is:

WebSocket connection to ‘wss://10.10.1.60/frosty_bhabha/websocket/’ failed: Error during WebSocket handshake: Unexpected response code: 404

where “frosty_bhabha” is the running container’s name. Any idea, what the problem could be?

Is there someone who managed to set up shinyproxy behind an apache reverse proxy?

Regards,
Jancsi

1 Like
Apache proxy redirection - partially loaded pages
#2 
    **This works for me - edited part of a more complex front end. _swarm_ is where I run shinyprox - not on the same computer as Apache**
    RedirectMatch permanent ^/shinyproxy/$ /shinyproxy/
RedirectMatch permanent ^/app/$ /app/

ProxyPreserveHost On

ProxyPassMatch 			"^/(.+)/websocket" 	"ws://swarm:8080/$1/websocket" keepalive=On

ProxyPass               "/shinyproxy/" 		"http://swarm:8080/app/run_gen3"
ProxyPassReverse        "/shinyproxy/" 		"http://swarm:8080/app/"
ProxyPass               "/shinyproxy/" 	!

ProxyPass 				"/app/"				"http://swarm:8080/app/run_gen3"
ProxyPassReverse		"/app/"				"http://swarm:8080/app/"
ProxyPass				"/app/"	!
	

ProxyRequests Off
#3

Thank you, a little modification and the ProxyPassMatch solved the problem.

#4

Could you please show your solution?

1 Like
#5

<VirtualHost *:443>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # This directive toggles the usage of the SSL/TLS Protocol Engine
    SSLEngine On

    # Set the path to SSL certificate
    # Usage: SSLCertificateFile /path/to/cert.pem
    SSLCertificateFile /etc/apache2/ssl/ca.crt
    SSLCertificateKeyFile /etc/apache2/ssl/ca.key

    # Configure HTTP request headers
    RequestHeader set X-Forwarded-Proto https

    # The ProxyPreserveHost On directive is
    # used so that the desired hostname is passed through,
    # in case we are proxying multiple hostnames to a single machine
    ProxyPreserveHost On

    # Maps remote servers into the local server URL-space using regex
    ProxyPassMatch          "^/(.+)/websocket"      "ws://localhost:8082/$1/websocket" keepalive=On

    # Maps remote servers into the local server URL-space
    ProxyPass               /      http://localhost:8082/

    # Adjust the URL in HTTP response headers sent from reverse proxied server
    ProxyPassReverse        /      http://localhost:8082/

    ProxyRequests Off

    #ServerName localhost
2 Likes
#6

Thanks, Janos,

I had it almost working, but was not sure if I had to use wss: instead of ws, because my browser showed a “partially broken key”.

I found out that is was not due to websocket, but because of the link to the external logo image. Works ok after replacing the image by a local on https.

Dieter