apache 2 reverse proxy with tls on debian 7

In this setup the reverse proxy server does the ssl encryption. Therefore you must trust your reverse proxy server enough to hold the private SSL certificates for your websites! Do not use this setup if you can't trust your reverse proxy sufficiently!

  1. install apache 2

    apt-get install apache2
  2. enable mod_ssl and mod_rewrite

    a2enmod ssl
    a2enmod rewrite
    service apache2 restart
  3. create site configureation for the virtual host

    Put this file under eg. /etc/apache2/sites-available/example.com also make sure to read trough the entire file and change it according to your setup...

    You might want to change:

    • all occurances of example.com to your respective domain name
    • the ProxyPass and ProxyPassReverse targets to your actual internal server url
    • the SSLCertificateFile and SSLCertificateKeyFile to the actual certificates for your domain

      <VirtualHost *:80>
        ServerName example.com
        ServerAlias example.com
        RewriteEngine On
        RewriteCond %{SERVER_PORT} !^443$
        RewriteRule ^/(.*)$ https://example.com/$1 [L,R]
      <VirtualHost *:443>
        ServerName example.com
        ServerAlias example.com
        ProxyRequests Off
        ProxyPass /
        ProxyPassReverse /
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined
        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
          SSLOptions +StdEnvVars
        <Directory /usr/lib/cgi-bin>
          SSLOptions +StdEnvVars
        BrowserMatch "MSIE [2-6]" \
                      nokeepalive ssl-unclean-shutdown \
                      downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  4. enable site

    use the name of the file you created in /etc/apache2/sites-available insted of example.com for the a2ensite command

    a2ensite example.com
    service apache2 reload

setup redmine on debian 7 with sqlite backend in document root, listen on a dedicated port

  1. install redmine dependencies

     apt-get install apache2-mod-passenger redmine redmine-sqlite
  2. add desired listening port to apache config

    apache ports are configured here on debian 7 /etc/apache2/ports.conf

     Listen 8083
  3. create redmine apache config

    I named the site file: /etc/apache2/sites-available/redmine

     <VirtualHost *:8083>
       DocumentRoot /usr/share/redmine/public
       <Directory /usr/share/redmine/public>
         AllowOverride all
         Options -MultiViews
  4. enable site and restart apache

     a2ensite redmine
     service apache2 restart

access to redmine

    redmine is now running you can access it with

    redmine default username: admin
    redmine default password: admin

apache reverse proxy to the fresh redmine installation

  1. install apache2 to run as reverse proxy

    install debian packages

     apt-get install libapache2-mod-proxy-html

    enable mod

     a2enmod proxy
     a2enmod proxy_http
     a2enmod proxy_html
  2. create reverse proxy config eg. under /etc/apache2/sites-available/redmine.example.com

     <VirtualHost *:80>
       ServerName redmine.example.com
       ServerAlias redmine.example.com
       ProxyRequests Off
       ProxyPass /
       ProxyPassReverse /
  3. enable site and restart apache

     a2ensite redmine.example.com
     service apache2 reload
  4. if you want to use virtual hosts in combination with ssl you must configure SNI (server name indication)

    Actually it's already enabled in debian 7 packages, all you need to do is to add this line to your /etc/apache2/ports.conf file to make it work:

     NameVirtualHost *:443

    make sure /etc/apache2/sites-available/default-ssl does not define <VirtualHost _default_:443> rather than *:443 and that ServerName is set.

     <VirtualHost *:443>
       ServerName example.com


How to install owncloud on debian

# install dependencies
apt-get install apache2 php5 php5-gd php-xml-parser php5-intl
apt-get install php5-sqlite php5-mysql curl libcurl3 php5-curl
#apt-get install smbclient # supported but not mandatory, not interested

# enable required apache2 modules
a2enmod rewrite
a2enmod headers

# get and deploy owncloud

cd /var/www

wget http://download.owncloud.org/community/owncloud-5.0.11.tar.bz2
tar -xvf owncloud-5.0.11.tar.bz2 --strip-components=1 owncloud/
rm -f owncloud-5.0.11.tar.bz2
chown -R www-data:www-data /var/www

How to setup a apache reverse proxy for a vhost setup

# install apache2
sudo apt-get install libapache2-mod-proxy-html

# enable required apache mods
sudo a2enmod proxy
sudo a2enmod proxy_http

# create a new site definition eg.
cat << EOF | sudo bash -c 'cat >> /etc/apache2/sites-available/example.com'

<VirtualHost *:80>

  # domain for v-host resolving
  ServerName example.com
  ServerAlias example.com

  # no normal proxy function, only reverse proxying
  ProxyRequests Off

  # TODO find out what this is good for, it's certainly not required
  #<Proxy *>
  #  AddDefaultCharset Off
  #  Order deny,allow
  #  Allow from all

  # might be interesting too
  #SSLProxyEngine on

  # defined forwarding targed
  ProxyPass /
  ProxyPassReverse /



# enable the new site (the file name you chose for the revers proxy config)
sudo a2ensite example.com

# reload apache
sudo service apache2 reload

debian keept freezing on boot during fsck

I fixed my debain squeeze with lvm2 fulldisk encryption. When booting it always froze when doing fsck. What I did was basically booting the squeeze installation-image into recovery mode and run fsck there. If I had knows how easy this can be solved, I would have saved my self a lot of troubles.