.htaccess to force SSL and also point to NodeJS

Question

I have a GoDaddy VPS managed server. I've installed Node/NPM, SSL certs, etc. successfully, but running into a couple issues with .htaccess. I can force http to https with the following code in .htaccess:

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I can also bypass having to do an Apache reverse proxy so that the server/domain is using NodeJS instead of Apache by adding the following to .htaccess:

RewriteEngine on
RewriteRule  (.*)  http://localhost:3000/$1  [P,L]

The issue I'm having is getting both to work at the same time. Force SSL AND point to NodeJS for the server.

I'm not sure if .htaccess is the best route to go for both goals.

Do you have access to apache .conf files? – Dusan Bajic Aug 21 '18 at 07:19 — Dusan Bajic, Aug 21 '18 at 07:19
I do. I have root access. – codemonkey Aug 21 '18 at 10:02 — codemonkey, Aug 21 '18 at 10:02

score 0 · Answer 1 · answered Aug 21 '18 at 12:19

You should not use .htaccess at all if you have access to Apache configuration files (detailed explanation here).

In your http (:80) Virtual host configuration you can put your https forcing rules, and in your https (:443) Virtual host you can put your reverse proxy rules. Also, using ProxyPass directive instead of RewriteRule with [P] flag might give some performance benefit:

ProxyPass         / http://localhost:3000/
ProxyPassReverse  / http://localhost:3000/

Tweet.log · Answer 2 · 2018-08-24T09:34:32.067

If you have access to Apache .conf files, try to create virtual host with following code:

<VirtualHost *:80>
    ServerName www.example.com
    Redirect permanent / https://www.example.com/
</VirtualHost>


<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine on
    SSLCertificateFile /etc/path/to/fullchain.pem
    SSLCertificateKeyFile /etc/path/to/privkey.pem

    ProxyRequests off
    SSLProxyEngine on

    ErrorLog /var/log/nodejs/errorLog443.log
    TransferLog /var/log/nodejs/transferLog443.log

    <Location />
        ProxyPass http://localhost:3000/

        Order deny,allow
        Deny from all
        Allow from all
    </Location>

</VirtualHost>

Then enable just created apache virtual host and don't forget install all required sub modules:

sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http

sudo a2ensite example.apache.host.conf

sudo service apache2 restart

If you need to create a new apache .conf file, please follow this few steps:

Navigate to apache vhost default directory /etc/apache2/sites-avaliable and create new virtual host configuration file with example code.
Enable this configuration file use linux symlink or use apache tool a2ensite.
Restart or reload apache service.

Example:

cd /etc/apache2/sites-avaliable
vim new-virtual-host.conf

Put example configuration described top to this file.

Create symlink:

cd /etc/apache2/sites-enabled/
ln -s ../sites-available/new-virtual-host.conf new-virtual-host.conf

or

sudo a2ensite new-virtual-host.conf

Finaly reload new configuration by restarting apache service:

sudo service apache2 restart

The best way to manage/create web host ssl certificates is use Let’s Encrypt service. Please follow guide here

If you have already valid certificate, you can of course convert it to pem format by folowing this gude.

Updated for Centos OS:

For Centos OS just open apache2 config file at location /etc/httpd/conf/httpd.conf, scroll down to the very bottom of the document to the section called Virtual Hosts. There you can edit/add virtual host section with appropirate configuration you need.

For addition information how to configure Apache service on Centos OS please read guide How To Set Up Apache Virtual Hosts on CentOS 6

I'm trying your solution, but have a few questions. 1. Should I create a .conf file to add the virtual host info that Apache will include, or should I just put it in the main httpd.conf file? 2. I have .crt files for the certs not .pem. Do I need to convert the certificates? 3. The sudo a2enmod command returns a2enmod: command not found. I run these as root, so I don't think it's a permissions issue. Is there something else that needs to be enabled? — codemonkey, Aug 22 '18 at 04:25
Can you write the apache version you have installed? Just write a command `apache2 -v` on linux. — Tweet.log, Aug 22 '18 at 09:54
Also, could you please tell us what linux distribution is used in your VPS? — Tweet.log, Aug 23 '18 at 17:16
That's exactly reason why a2enmod and additional commands does not working. Centos OS have a bit different logic of apache2 configuration, but configuration described above should working. it's my mistake I didn't asked for the linux distribution a bit earlier sry for that ;) — Tweet.log, Aug 24 '18 at 09:52
Thank you for your time and suggestions. I cancelled my VPS with GoDaddy and I'm trying out DigitalOcean. Way easier to spin up a NodeJS server on Ubuntu. Apparently GoDaddy had cloud servers with NodeJS, but they got rid of it completely because they said they didn't know what they were doing haha. — codemonkey, Aug 26 '18 at 06:23

.htaccess to force SSL and also point to NodeJS

2 Answers2