tlg/prompts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Linux-Servers.md: Added Apache reverse proxy forwarding to another host

Browse Source
This commit is contained in:
tlg
2026-03-16 17:16:10 +01:00
parent c78083d1cc
commit 52ea2b6528
1 changed files with 89 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
Linux-Servers.md
View File

@@ -212,6 +212,95 @@ Your tasks are:
--- ---
# Apache reverse proxy forwarding to another host
## Setup
The setup comprises two servers which are connected via WireGuard.
### Linux server sv005.destengs.com
- In a data center
- Managed using Virtualmin
- Two Virtual Servers:
- kipurchat.creature-go.com
- affine.creature-go.com
- Uses Apache reverse proxy
- WireGuard IP address 10.8.0.1
### Linux server DesTEngSsv006
- Local server
- Uses Traefik to route ingest traffic to microservices
- WireGuard IP address 10.8.0.6
- Provides the AFFiNE microservice
- Internal at 127.0.0.1:8092
## Previous problems
In the past I often faced problems with the Apache directives.
### SSL certificate renewal failed
The Virtual Server kipurchat.creature-go.com was set up using Virtualmin some monthes ago. Then a forward was installed which routed the traffic of kipurchat.creature-go.com from sv005.destengs.com to DesTEngSsv006. When the automated SSL certificate renewal was triggered the renewal failed. The Apache directives file needed to be fixed so that the ACME check could succeed.
## Assistance for affine.creature-go.com forwarding
I just created the Virtual Server affine.creature-go.com . https://affine.creature-go.com/ works, has a valid SSL certificate and shows the expected Virtualmin Welcome-Page.
I would like to have your assistance to set up the forwarding for affine.creature-go.com to get a bullet-proof Apache directives file which also will allow the SSL certificate renewal in some weeks.
## Your tasks
### Interview
Interview me to
- Fully understand the situation
- Clarify the objective
- Obtain all files you need
### Update DesTEngSsv006 configuration
Help me to update the DesTEngSsv006 configuration so that affine.creature-go.com forwarding works as expected and SSL certificate renewal will succeed.
1. The Apache VHost Config: Could you share the current contents of the Apache configuration file for affine.creature-go.com on sv005? (Usually found in /etc/apache2/sites-available/ or managed via Virtualmin's "Edit Directives" section).
2. Traefik's Entrypoint: On DesTEngSsv006, is Traefik listening for incoming traffic on port 80/443 over the WireGuard interface (10.8.0.6)?
3. Traefik Configuration: Have you already set up a router and service in Traefik for affine.creature-go.com? If so, could you share that snippet (labels in Docker or your YAML/TOML config)?
4. SSL Strategy: Is sv005 the only place where you want SSL to be terminated, or are you also trying to use Let's Encrypt on the Traefik side? (Standard practice here is to terminate at sv005 and send plain HTTP or "pseudo-HTTPS" over the tunnel).
## Interview answers
1. Attached is affine.creature-go.com.conf
2. Traefik is listening on 10.8.0.6:8080
3. Attached is the main Traefik config file traefik.yml from the DesTEngSsv006 directory /home/trf/.local/share/traefik and the three .yml config files {affine.yml, dashboard.yml, openwebui.yml} from the DesTEngSsv006 directory /home/trf/.local/share/traefik/dynamic/
4. Terminate SSL at sv005 and send plain HTTP over the tunnel
What about the already existing RewriteCond lines in the Apache config file?
I would appreciate if you would update the complete affine.creature-go.com.conf file instead of giving me snippets which I have to insert at the hopefully correct position.
Questions about both sections <VirtualHost ...:80> and <VirtualHost ...:443>:
- You did remove <Directory /home/affine/cgi-bin> but you did leave
<Directory /home/affine/public_html> in - why didn't you take out both
directories because they are not used? Any objections if I would remove the <Directory /home/affine/public_html>?
- There is no mail support at affine.creature-go.com so I plan to remove
RewriteCond and RewriteRule for Webmail - any objections?
Questions about <VirtualHost ...:443> section:
- Why did you relocate the SSL Configuration block?
---