The situation is that I'm using two servers on Debian stretch, a kestrel server that is used for hosting a Blazor server side application and Apache 2.4 for forwarding requests to the kestrel server.
The site that I'm trying to host is a .app domain, which enforces the use of HTTPS. Using certbot I installed a certificate from Let's Encrypt.
The kestrel server listens to 127.0.0.1 on port 5001. The Apache server has a virtual configuration set that makes use of a reverse proxy, that forwards all incoming requests to 127.0.0.1:5001.
However, the request are not passed to the kestrel server. When looking in the log of Apache I find the following:
[Mon Dec 16 20:18:16.576931 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1776): AH00925: initializing worker https://127.0.0.1:5001 shared
[Mon Dec 16 20:18:16.576956 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1818): AH00927: initializing worker https://127.0.0.1:5001 local
[Mon Dec 16 20:18:16.576971 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1853): AH00930: initialized pool in child 28760 for (127.0.0.1) min=0 max=25 smax=25
[Mon Dec 16 20:18:16.577334 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1776): AH00925: initializing worker https://127.0.0.1:5001 shared
[Mon Dec 16 20:18:16.577357 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1818): AH00927: initializing worker https://127.0.0.1:5001 local
[Mon Dec 16 20:18:16.577370 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1853): AH00930: initialized pool in child 28759 for (127.0.0.1) min=0 max=25 smax=25
Which lets me to believe that the reverse proxy should work. However, when visiting the site I receive an This site can’t provide a secure connection.
The virtual host configuration is as beneath:
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RewriteEngine on
RewriteCond %{SERVER_NAME} =privateinfo.app [OR]
RewriteCond %{SERVER_NAME} =https://privateinfo.app
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:*>
ServerAdmin [email protected]
ServerName https://privateinfo.app
ServerAlias https://privateinfo.app
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass /privateinfo.app https://127.0.0.1:5001
ProxyPassReverse /privateinfo.app https://127.0.0.1:5001
LogLevel info ssl:warn warn debug
ErrorLog ${APACHE_LOG_DIR}/privateinfo.app/error.log
CustomLog ${APACHE_LOG_DIR}/privateinfo.app/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias privateinfo.app
SSLCertificateFile /etc/letsencrypt/live/privateinfo.app/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/privateinfo.app/privkey.pem
</VirtualHost>
The log of the kestrel service provides the following information:
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Now listening on: https://127.0.0.1:5001
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Application started. Press Ctrl+C to shut down.
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Hosting environment: Production
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Am I overlooking something, why won't the Apache server forward the request to the kestrel server?
Found there was a problem with the configuration. The application was served from a folder within the apache www directory.
Giving it the following folder structure /www/privateinfo.app.
The second problem I found was running the app.dll from the wrong folder. This needed to be done in the /www/privatinfo.app/publish directory.
The configuration that worked for me using Apache2 with a reverse proxy:
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RewriteEngine on
RewriteCond %{SERVER_NAME} =privateinfo.app [OR]
RewriteCond %{SERVER_NAME} =https://privateinfo.app
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:*>
ServerAdmin [email protected]
ServerName https://privateinfo.app
ServerAlias https://privateinfo.app
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:5001
ProxyPassReverse / https://127.0.0.1:5001
LogLevel info ssl:warn warn debug
ErrorLog ${APACHE_LOG_DIR}/privateinfo.app/error.log
CustomLog ${APACHE_LOG_DIR}/privateinfo.app/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias privateinfo.app
SSLCertificateFile /etc/letsencrypt/live/privateinfo.app/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/privateinfo.app/privkey.pem
</VirtualHost>