Jan 24, 2022 by Thibault Debatty | 2869 views
https://cylab.be/blog/198/configure-apache-reverse-proxy-in-front-of-cyrange
In a previous blog post, we showed how to install cyrange cyber range web interface using docker-compose. So now the cyrange Docker container is exposed on port 8080 on your server, and the guacamole container is exposed on port 8081. In this blog post we show how to configure Apache as a reverse proxy in front of your containers.
Before we start, you will need a domain name that points to your server. For the example below, we will use cyrange.mydomain.com
.
Install apache web server:
sudo apt-get install apache2
sudo a2enmod proxy
sudo a2enmod proxy_http
Create the configuration file /etc/apache2/sites-available/cyrange.conf for cyrange. Don’t forget to modify the servername (cyrange.domain.com
) to match your domain name:
<VirtualHost *:80>
ServerName cyrange.mydomain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/
<Location / >
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:8080/
ProxyPassReverse http://127.0.0.1:8080/
ProxyPassReverseCookiePath / /
</Location>
# guacamole
<Location /g/ >
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:8081/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8081/guacamole/
</Location>
<Location /g/websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://127.0.0.1:8081/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8081/guacamole/websocket-tunnel
</Location>
ErrorLog ${APACHE_LOG_DIR}/cyrange.error.log
CustomLog ${APACHE_LOG_DIR}/cyrange.access.log combined
</VirtualHost>
Enable your configuration:
sudo a2ensite cyrange
sudo service apache2 reload
In the directory where you installed cyrange, modify cyrange.env to indicate the new URL of the app:
APP_URL=http://cyrange.mydomain.com
Restart cyrange containers:
docker-compose down
docker-compose up -d
The cyrange web interface will now be available at http://cyrange.yourdomain.com
Now that apache is properly configured, you should configure https, for example using letsencrypt.
This blog post is licensed under CC BY-SA 4.0