Apache server configuration¶
The current recommended configuration is to have a forward facing web server (Apache/NGINX) proxy pass to a locally running server (Gunicorn/Django dev server). The following all assumes that there is a locally running server running on port 8080, and uses Apache as the example configs listed below, as well as the hostname https://roquefort.linguistics.mcgill.ca/.
Additionally, since there is sensitive data involved, we heavily recommend using HTTPS rather than HTTP.
Note
All commands assume Ubuntu 16.04. Commands may differ depending on other operating systems.
Enabling prerequisite Apache modules¶
sudo apt-get install apache2
sudo service apache2 stop
sudo a2enmod rewrite
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_http
HTTP server config¶
The HTTP server config uses the rewrite module to change any HTTP requests into HTTPS ones, so that there is never any use
of http://roquefort.linguistics.mcgill.ca/ over https://roquefort.linguistics.mcgill.ca/. The following config
would be saved to a file named roquefort.linguistics.mcgill.ca.conf
in /etc/apache2/sites-available/
.
<VirtualHost *:80>
# Update for other hostname
ServerName roquefort.linguistics.mcgill.ca
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Update for other hostname
RewriteCond %{SERVER_NAME} =roquefort.linguistics.mcgill.ca
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Enable the site via:
sudo a2ensite roquefort.linguistics.mcgill.ca.conf
HTTPS server config¶
The primary configuration file for the Apache server is the HTTPS one below. SSL certificates are easily generated through Let’s encrypt.
The Proxy module for Apache is used to forward all requests to the locally running ISCAN server. The following config
would be saved to a file named roquefort.linguistics.mcgill.ca-ssl.conf
in /etc/apache2/sites-available/
.
<IfModule mod_ssl.c>
<VirtualHost *:443>
# Update for other hostname
ServerName roquefort.linguistics.mcgill.ca
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# Update for actual location
SSLCertificateFile /etc/letsencrypt/live/roquefort.linguistics.mcgill.ca/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/roquefort.linguistics.mcgill.ca/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<Location "/">
ProxyPass http://localhost:8080/
ProxyPassReverse http://localhost:8080/
ProxyPreserveHost On
RequestHeader unset X-Forwarded-Proto
RequestHeader set X-Forwarded-Proto https env=HTTPS
</Location>
</VirtualHost>
</IfModule>
Enable the site via:
sudo a2ensite roquefort.linguistics.mcgill.ca-ssl.conf
Once the configuration files are set up, the Apache server can be rebooted via:
sudo service apache2 restart