Skip to content

Instantly share code, notes, and snippets.

@maybemkl

maybemkl/Apache Config for Martin on Custom Domain.md

Last active February 16, 2025 23:24
Show Gist options
  • Save maybemkl/8ceda5fe4bfe713a4d78c2f20e4a2796 to your computer and use it in GitHub Desktop.
Save maybemkl/8ceda5fe4bfe713a4d78c2f20e4a2796 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Apache Config for Martin on Custom Domain.md

SSL & Reverse Proxy Setup on Apache

Here are steps to setup set up SSL for your domain and configured Apache to reverse‑proxy a backend app running on port 3000. I wrote this tutorial to make Martin work on a custom domain on a Google VM, but it should work on any server using Apache2.

1. Obtain an SSL Certificate (via Certbot):

  • Run the Certbot Apache plugin to request a certificate for your domain: 
    sudo certbot --apache -d YOUR_DOMAIN.COM
  • This creates certificate files (e.g.,
    /etc/letsencrypt/live/YOUR_DOMAIN.COM/fullchain.pem and
    /etc/letsencrypt/live/YOUR_DOMAIN.COM/privkey.pem).

2. Configure HTTP-to-HTTPS Redirection:

  • In your HTTP VirtualHost (port 80, e.g., in /etc/apache2/sites-enabled/000-default.conf), add a redirect: 
    <VirtualHost *:80>
    ServerName YOUR_DOMAIN.COM
    DocumentRoot /var/www/html
    Redirect / https://YOUR_DOMAIN.COM/
    ...
</VirtualHost>

3. Configure the SSL (Port 443) VirtualHost with Reverse Proxy:

  • In the SSL VirtualHost (port 443), enable SSL and add reverse‑proxy rules so that requests to a specific URL (e.g. /martin/) are forwarded to your backend app on port 3000: 
    <VirtualHost *:443>
    ServerName YOUR_DOMAIN.COM
    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/YOUR_DOMAIN.COM/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/YOUR_DOMAIN.COM/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    # Reverse Proxy: map /martin to the app on port 3000
    ProxyPreserveHost On
    ProxyPass /martin/ http://localhost:3000/
    ProxyPassReverse /martin/ http://localhost:3000/

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

4. Enable Necessary Apache Modules:

  • Make sure these modules are enabled: 
    sudo a2enmod ssl proxy proxy_http

5. Restart Apache:

  • Reload Apache to apply the changes: 
    sudo systemctl restart apache2

6. Firewall & Backend Considerations:

  • Ensure that your public firewall (or cloud firewall) permits incoming traffic on port 443.
  • The backend app on port 3000 runs locally (only accessible to Apache), so you don’t need to open port 3000 publicly.

Future Expansion (Multiple Apps)

If you later want to run another app (like a Flask) concurrently with Martin:

  • You can assign each backend a unique port (e.g., 3000 for Martin, 5000 for Flask).
  • Then update the Apache SSL VirtualHost to proxy different URL prefixes (or subdomains) to the correct ports.

For example, proxy /martin/ to port 3000 and /flask/ to port 5000.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment