Issue setting up Apache Reverse Proxy for Memgraph

Question

I'm facing issues while trying to run Memgraph lab behind Apache reverse proxy. I get the following error

Error in web browser

And my Apache configuration file is as follows:

<VirtualHost *:80>
    #ServerName my-server-name.com
    ServerName localhost

    # Redirect all port 80 traffic to 443
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost *:443>
    
    # Setup logging
    LogLevel info rewrite:trace1
    ErrorLog ${APACHE_LOG_DIR}.error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    
    # Configure SSL
    SSLEngine on
    SSLCertificateFile certificate-file.cer
    SSLCertificateKeyFile certificate-key.key
    SSLProxyEngine On

    # Disable weak SSL ciphers
    SSLProtocol -ALL +TLSv1.2
    SSLCipherSuite HIGH:!MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4
    SSLHonorCipherOrder on
    TraceEnable off

    # Enable HSTS with max age of 2 years
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

    ServerName localhost    
    ProxyPreserveHost On
    RewriteEngine On

    # Redirects for Memgraph
    ProxyRequests     Off
        ProxyPreserveHost On
        Timeout 5400
        ProxyTimeout 5400
        <Proxy http://localhost/memgraph*>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass         /memgraph  http://localhost:3000 nocanon
        ProxyPassReverse  /memgraph  http://localhost:3000
    
    # Enable ModSecurity
    SecRuleEngine Off
    SecStatusEngine off

</VirtualHost>

Tried reading through error logs but it only returned 504 error code. Expecting to access Memgraph Lab behind apache reverse proxy

Answer 1

1. I managed to solve my own question. The first issue was that Apache was not forwarding requests to the localhost of the docker container running memgraph-platform image. I had to restart the docker container with the network host option as follows:

docker run --rm -it -d --net host -p 7687:7687 -p 7444:7444 -p 3000:3000 -v mg_lib:/var/lib/memgraph -v mg_etc:/etc/memgraph memgraph/memgraph-platform

The --net host option makes the docker container use the host ports directly instead of binding specific ports to the host ports, so the -p 7687:7687 -p 7444:7444 -p 3000:3000 are redundant in this case and will probably throw a warning.

2. The other issue I was facing is that the Memgraph Lab web application doesn't have any option to serve the UI from a custom path such as /memgraph. This was a requirement since we host multiple applications on the same server. The solution was to use the mod_proxy_html Apache module. I changed my configuration file as follows:

<VirtualHost *:80>
    ServerName my-server-name.com

    # Redirect all port 80 traffic to 443
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost *:443>
    
    # Setup logging
    LogLevel info rewrite:trace1
    ErrorLog ${APACHE_LOG_DIR}.error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    
    # Configure SSL
    SSLEngine on
    SSLCertificateFile certificate-file.cer
    SSLCertificateKeyFile certificate-key.key
    SSLProxyEngine On

    # Disable weak SSL ciphers
    SSLProtocol -ALL +TLSv1.2
    SSLCipherSuite HIGH:!MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4
    SSLHonorCipherOrder on
    TraceEnable off

    # Enable HSTS with max age of 2 years
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

    ServerName localhost    
    ProxyPreserveHost On
    RewriteEngine On

    # Redirects for Memgraph
    ProxyRequests     Off
    ProxyPreserveHost On
    Timeout 5400
    ProxyTimeout 5400
    - <Proxy http://localhost/memgraph*>
    -   Order deny,allow
    -   Allow from all
    - </Proxy>
    - ProxyPass         /memgraph  http://localhost:3000 nocanon
    - ProxyPassReverse  /memgraph  http://localhost:3000
    + ProxyPass / http://127.0.0.1:3000/
    + ProxyHTMLURLMap http://127.0.0.1:3000/ /
    + <Location /memgraph/>
    +            ProxyPass http://127.0.0.1:3000/
    +            ProxyPreserveHost On
    +            ProxyPassReverse /
    +            SetOutputFilter INFLATE;proxy-html;DEFLATE
    +            ProxyHTMLExtended On
    +            ProxyHTMLURLMap / /memgraph/
    +            ProxyHTMLURLMap http://127.0.0.1:3000/ /memgraph/
    +            RequestHeader unset Accept-Encoding
    + </Location>
    + # Extra redirects for the Memgraph subdirectory
    + Redirect /memgraph /memgraph/



    # Enable ModSecurity
    SecRuleEngine Off
    SecStatusEngine off

</VirtualHost>