wiki:Software/Productionalisation/RunningOnPortFourFourThree
Last modified 7 years ago Last modified on 08/31/12 10:35:43

Running RaptorWeb on HTTPS behind Apache

Setting up RaptorWeb to run on https is fairly easy. Just follow the instructions below...

Step 1. Install Apache

On the server on which RaptorWeb is installed, install Apache HTTPD.

  • On Windows, go to http://httpd.apache.org/ and download and install the MSI.
  • On Linux, install Apache HTTPD through your package manager. For example, on RHEL/CentOS do the following:
    yum install httpd mod_ssl
    

Step 2. Configure Apache to Proxy to RaptorWeb

Next, you need to tell Apache HTTPD to proxy requests for https://YOURSERVER/ to http://localhost:8112/ by inserting a ProxyPass / http://localhost:8112/ directive into your Apache configuration.

For example, on RHEL/CentOS create a new file called /etc/httpd/conf.d/raptorweb.conf with the following content:

ProxyPass / http://localhost:8112/

Step 3. Configure the SSL certificate on your Apache setup

If you don't know how to do this, just use http://www.google.com - there are plenty of guides available.

Step 4. Firewall config

If you have a firewall, open :443 to allow people to access your new HTTPS server. Don't forget to close :8112 to stop direct unsecured access!

For example, on linux/iptables you will want the following line in /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

Step 5. Restart and test

Restart the apache daemon/service and try to access https://YOURSERVER/. If you see the RaptorWeb login page, then your job is done.

Troubleshooting

SELinux blocking proxying

Problem

A common problem on linux with selinux enabled is that by default the httpd daemon is not allowed to connect to network services. This problem manifests itself with the following symptoms:

  • You see an apache error page when trying to access https://YOURSERVER/
  • Your /var/log/httpd/ssl_error_log shows the following line:
    [Wed Aug 08 19:16:15 2012] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8112 (localhost) failed
    

Solution

To fix, issue the following command (as root):

setsebool -P httpd_can_network_connect 1