I’m trying to use shinyproxy with an apache reverse proxy, to support the off-loading of an SSL certificate. There is an example proxy configuration for nginx on the webpage (http://www.shinyproxy.io/security/), I would like to do the same, but using apache.
My apache config file:
<VirtualHost *:443>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine On
# Set the path to SSL certificate
# Usage: SSLCertificateFile /path/to/cert.pem
SSLCertificateFile /etc/apache2/ssl/ca.crt
SSLCertificateKeyFile /etc/apache2/ssl/ca.key
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:8080/
ProxyPassReverse / http://0.0.0.0:8080/
I can connect to shinyproxy and start a container, but can’t establish a connection with the container. The error message from browser console is:
WebSocket connection to ‘wss://10.10.1.60/frosty_bhabha/websocket/’ failed: Error during WebSocket handshake: Unexpected response code: 404
where “frosty_bhabha” is the running container’s name. Any idea, what the problem could be?
Is there someone who managed to set up shinyproxy behind an apache reverse proxy?
**This works for me - edited part of a more complex front end. _swarm_ is where I run shinyprox - not on the same computer as Apache**
RedirectMatch permanent ^/shinyproxy/$ /shinyproxy/
RedirectMatch permanent ^/app/$ /app/
ProxyPreserveHost On
ProxyPassMatch "^/(.+)/websocket" "ws://swarm:8080/$1/websocket" keepalive=On
ProxyPass "/shinyproxy/" "http://swarm:8080/app/run_gen3"
ProxyPassReverse "/shinyproxy/" "http://swarm:8080/app/"
ProxyPass "/shinyproxy/" !
ProxyPass "/app/" "http://swarm:8080/app/run_gen3"
ProxyPassReverse "/app/" "http://swarm:8080/app/"
ProxyPass "/app/" !
ProxyRequests Off
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# This directive toggles the usage of the SSL/TLS Protocol Engine
SSLEngine On
# Set the path to SSL certificate
# Usage: SSLCertificateFile /path/to/cert.pem
SSLCertificateFile /etc/apache2/ssl/ca.crt
SSLCertificateKeyFile /etc/apache2/ssl/ca.key
# Configure HTTP request headers
RequestHeader set X-Forwarded-Proto https
# The ProxyPreserveHost On directive is
# used so that the desired hostname is passed through,
# in case we are proxying multiple hostnames to a single machine
ProxyPreserveHost On
# Maps remote servers into the local server URL-space using regex
ProxyPassMatch "^/(.+)/websocket" "ws://localhost:8082/$1/websocket" keepalive=On
# Maps remote servers into the local server URL-space
ProxyPass / http://localhost:8082/
# Adjust the URL in HTTP response headers sent from reverse proxied server
ProxyPassReverse / http://localhost:8082/
ProxyRequests Off
#ServerName localhost
I had it almost working, but was not sure if I had to use wss: instead of ws, because my browser showed a “partially broken key”.
I found out that is was not due to websocket, but because of the link to the external logo image. Works ok after replacing the image by a local on https.