Explains how to install and configure Apache with a mod_md module to secure traffic with Let's Encrypt free TLS/SSL certificate on Ubuntu 20.04 LTS Linux.

An easy-to-use secure configuration generator for web, database, and mail software

<VirtualHost example.com:*>
  ProxyPreserveHost On

  ProxyPass /api http://localhost:3000/
  ProxyPassReverse /api http://localhost:3000/

  ServerName localhost
</VirtualHost>

One of the things that really got me on board with NodeJS was the idea that I didn’t need a host container for it. Building a web app just means including a library that listens for HTTP requests on a port and respond. No more Apache! One less thing to worry about that isn’t my app!

And then it starts getting complicated.

For a start, port 80 is a privileged port, so when you try to launch the app to test or develop on your own machine you need to do so with sudo. That’s a little annoying, but you could default to port 80 & allow an override. But now you are adding more code to workaround it.

And what about SSL? If you are going to use SSL in production (and you should) then your code is going to have to know about that too and read the certs and set that up. And that’s even more annoying for development, anyone working on your code is going to have to create their own certs just to launch your app. Unless you code in more workarounds.

So that’s a suddenly a lot of code you are maintaining which might create its own problems.

The alternative … use a webserver as a proxy for your app in production. It doesn’t have to be Apache, you could use Nginx for example. I use Apache because I’m reasonably familiar with it.

Let's say you want http://www.example.com/secure/ to always be sent over SSL (I presume here that both the normal and the SSL vhost have the same content). You could do this by linking to the correct page from within your HTML pages... but there will always be some user who will sneak by it that way.

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName www.example.com
   Redirect permanent / https://secure.example.com/
</VirtualHost>

<VirtualHost _default_:443>
   ServerName secure.example.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
   # etc...
</VirtualHost>

You want to force people coming to your site to use HTTPS. Either for the entire site or a small sub-section of it.

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context

Le module mod_rewrite utilise un moteur de réécriture à base de règles, basé sur un interpréteur d'expressions rationnelles PCRE, pour réécrire les URLs à la volée. Par défaut, mod_rewrite met en correspondance une URL avec le système de fichiers. Cependant, on peut aussi l'utiliser pour rediriger une URL vers une autre URL, ou pour invoquer une requête interne à destination du mandataire.

mod_rewrite fournit une méthode souple et puissante pour manipuler les URLs en utilisant un nombre illimité de règles. Chaque règle peut être associée à un nombre illimité de conditions, afin de vous permettre de réécrire les URLs en fonction de variables du serveur, de variables d'environnement, d'en-têtes HTTP, ou de repères temporels.

mod_rewrite agit sur la totalité de l'URL, y compris la partie chemin. Une règle de réécriture peut être invoquée dans httpd.conf ou dans un fichier .htaccess. Le chemin généré par une règle de réécriture peut inclure une chaîne de paramètres, ou peut renvoyer vers un traitement secondaire interne, une redirection vers une requête externe ou vers le mandataire interne.