0

I'm trying to make a Node.js + Express + Vue.js + Apache + MySQL application work on my server via HTTPS protocol. (works fine locally or via HTTP on the server).

There is a URL (subdomain) for API which returns a JSON result, let's say "api.mysite.com".

I tried different approaches, right now I use port 443 in my app.js (it doesn't help):

const PORT = process.env.PORT || 443

app.listen(PORT, () => {
    console.log(`Server stated on port ${PORT}`)
})

On my local machine I use port 5000 and access the app by "http://locahost:5000" (and it works fine).

"/etc/apache2/sites-available/my-site-api.conf":

<VirtualHost *:80>
    ServerName api.mysite.com
    ServerAlias api.mysite.com
    DocumentRoot /var/www/mysite/api
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =api.mysite.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

"/etc/apache2/sites-available/my-site-api-le-ssl.conf":

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName api.mysite.com
        ServerAlias api.mysite.com
        DocumentRoot /var/www/mysite/api
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        RewriteEngine on
        # Some rewrite rules in this file were disabled on your HTTPS site,
        # because they have the potential to create redirection loops.
        
        # RewriteCond %{SERVER_NAME} =api.mysite.com [OR]
        # RewriteCond %{SERVER_NAME} =api.mysite.com
        # RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/api.mysite.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/api.mysite.com/privkey.pem
    </VirtualHost>
</IfModule>

Let me know if you need any other info.

Thanks a lot in advance!

Gennady Birenberg
  • 1
  • 1
  • `"Apache/2.4.43 (Ubuntu) Server at api.myband.info Port 443".` is not an error. You should also not run node.js and apache on the same port. I also don't see where your Proxy rules are to forward the traffic from apache to node. – Evert Jul 19 '20 at 06:15
  • > ` "Apache/2.4.43 (Ubuntu) Server at api.myband.info Port 443".` is not an error You're right :) I'll remove it. – Gennady Birenberg Jul 19 '20 at 06:16
  • > I also don't see where your Proxy rules are to forward the traffic from apache to node. Probably that's what's missing, I'll look it up. – Gennady Birenberg Jul 19 '20 at 06:20

1 Answers1

1

Looks like both Apache and your app are configured to listen at port 443. I assume the essence error you're getting is that there should be only one listener per port, and it tells you that 443 is already busy by apache.

I can see 2 ways to go, if you want to expose your app under HTTPS/443

  1. set up Apache as a proxy, so that it listens to 443 and forwards requests to your app (which should continue to listen to 5000). That would require adding into Apache config something like this:
ProxyPass "/" "http://localhost:5000"
  1. Avoid using Apache and expose your app under https directly. In this case you'd have to supply your app initialization with params telling where to find the certificates, and you will have to run your app as a super user.

More details here: Enabling HTTPS on express.js

Alex Shchur
  • 741
  • 4
  • 13
  • I have lots of other sites on my server, which run under Apache (I try Node.js for the first time for the discussed app), most of them on port 443. Will any of your solutions affect the other sites? – Gennady Birenberg Jul 19 '20 at 06:44
  • if done properly, then no :) From my practice it's quite a common pattern to host multiple apps, each listening on non-secure port internally (like 5000), and then use apache (well, I usually use nginx for that) to forward specific domains exposed under HTTPS to specific internal ports – Alex Shchur Jul 19 '20 at 06:53
  • 1
    The ProxyPass approach worked! Just to clarify for noob like me: I placed this line both in `my-site-api.conf` and in `my-site-api.conf-le-ssl` and performed a2dissite/a2ensite for both of them. – Gennady Birenberg Jul 19 '20 at 07:17