How to properly setup reverse proxy configuration for Apache2 and Cloudflare

I am setting up a 3rd-party app, Keygen, using a Docker image that utilizes Puma as the web server to serve an API listening on port 3000 from the host.

I purchased the domain from Cloudflare and added SSL to Apache2. It works fine, as I also have pgadmin4 installed, and I can access it with my domain via HTTPS.

Now, my routing structure is illustrated below:

I want to be able to hit https://licensing.my-domain.com/v1/api and have it proxy the request to the local 3000 port, which is the web server. I’ve already enabled the proxy mod in Apache2 and added proxy directives, but it doesn’t work.

When I try curl -I https://licensing.my-domain.com/v1/ping (the API to ping the server), it returns curl: (6) Could not resolve host: licensing.my-domain.com . Checking the Apache2 log, I cannot even see the request. I figured out that I might have to add a CNAME record to Cloudflare, but I don’t know what the target value should be.

If I just fill in with my-domain.com and do curl -I https://licensing.my-domain.com/v1/ping again, I do see the request coming to Apache2, but it responds with a 404 not found error. I think Apache2 sees it as my-domain.com/v1/ping since licensing.my-domain.com/v1/ping is redirected to my-domain.com/v1/ping, which does not exist.

I also found in the Keygen documentation that:

Your reverse proxy MUST be a well-behaved reverse proxy by setting all X-Forwarded-* headers. Keygen WILL NOT be accessible and WILL NOT operate correctly if your reverse proxy does not provide the following forwarding information:

  • X-Forwarded-Proto is used to determine if the original request was over TLS before passing through a TSL-terminating reverse proxy.
  • X-Forwarded-For is used to determine the original client IP for rate limiting/logging purposes.
  • X-Forwarded-Host is used to determine the original host of the request.

If your reverse proxy does not provide these headers, you MUST modify it to do so.

I don’t know how to properly configure Cloudflare or even Apache2 to make this work. I am actually new to these things, and I have already spent a few days on this. Can someone please help? Thank you!

From your diagram you need to add an A record pointing to 142.11.22.33. If you still have problems, if you can give the real link then it can be checked.

Apache can get the original client IP by restoring visitor IPs, see…

Passing the X-Forwarded- headers from Apache onwards is something you’ll probably need to find out elsewhere.

1 Like

I think I just got it working. I had to create a licensing.tab-nodes-tree.app.conf for the subdomain and reverse proxy configuration there. Thanks for the help.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.