0

I have a VPS with 2 services at different ports and self signed SSL for an IP. It is Supabase at port 8000 and t-rex service at port 6767. I need them both on HTTPs like https://192.0.2.1:8000 for Supabase & https://192.0.2.1:6767 for t-rex.

I works with HTTP but how to do this with HTTPS? I tried it with Apache2, and it works. But I have no idea how to add 6767? As I understand HTTPS is on port 443.

<VirtualHost 192.0.2.1:443>
    ServerName 192.0.2.1:8000

    SSLEngine on
    SSLProxyEngine On
    SSLCertificateFile /etc/ssl/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/private.key

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://192.0.2.1:8000/
    ProxyPassReverse / http://192.0.2.1:8000/
</VirtualHost>

SSLEngine                on
SSLCertificateFile       /etc/ssl/certificate.crt
SSLCertificateKeyFile    /etc/ssl/private/private.key
SSLCertificateChainFile  /etc/ssl/ca_bundle.crt

If this is not possible with Apache2, NGINX is fine, too.

4
  • 1
    https defaults to 443, but what makes the "s" happen is SSL and that can live on any port. So instead of having your virtual host listen on 443, have it listen on 8000 and you should be fine.
    – tsc_chazz
    Commented Mar 2 at 0:33
  • @tsc_chazz thanks, but how to make two https with ports? I need it like 172.245.6.*:8000/ and 172.245.6.*:6767/ to work on same server. Now it works only for this url 172.245.6.*/ and when I try to use it with any port I get ERR_SSL_PROTOCOL_ERROR
    – SERG
    Commented Mar 2 at 7:54
  • 1
    home and enduser question are offtopic. Apache has a nice manual so please RTM on nginx you can use multiple ports in one server alias, but no apache as iirc you need to have multiple vhosts
    – djdomi
    Commented Mar 2 at 8:42
  • 1
    @SERG I'll just say this: <Virtual Host 172.246.6.*:8000>, <VirtualHost 172.246.6.*:6767>, and no server name for either of them, just the raw IP address - with no port - since that's what you're using now.
    – tsc_chazz
    Commented Mar 2 at 16:28

1 Answer 1

1

Your ProxyPass directives for the Supabase back-end service on port 8000 suggest the services are already listening on these ports on the same IP address; I assume it is the same with the t-rex server on port 6767. Obviously, two services cannot listen on the same port.

ProxyPass / http://192.0.2.1:8000/
ProxyPassReverse / http://192.0.2.1:8000/

You could bind the non-TLS services to the local loopback and then add a reverse proxy to offer the TLS on the public IP address.

Now you can use Apache as a reverse proxy with:

Listen 192.0.2.1:8000
Listen 192.0.2.1:6767

<VirtualHost 192.0.2.1:8000>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/private.key

    ProxyPass / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000/
</VirtualHost>

<VirtualHost 192.0.2.1:6767>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/private.key

    ProxyPass / http://127.0.0.1:6767/
    ProxyPassReverse / http://127.0.0.1:6767/
</VirtualHost>

You do not need the SSLProxyEngine On because the back-ends are not using TLS.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .