Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache Reverse Proxy on Centos 6 cPanel?

Discussion in 'Security' started by Magezi Sagesse, Nov 24, 2017.

  1. Magezi Sagesse

    Magezi Sagesse Registered

    Joined:
    Nov 24, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Uganda
    cPanel Access Level:
    Root Administrator
    My server (VPS) is running centos 6 and apache 2.3 web server , I want to configure SSL Terminating Reverse Proxy (phusionpassenger.com/library/deploy/standalone/proxy_ssl.html Using an SSL terminating reverse proxy with Passenger Standalone - Passenger Library) on my cpanel account domain. I got SSL certificate installed already on the domain using whm but what I need is to configure the reverse proxy as given in this example :
    Code:
    SSLStrictSNIVHostCheck off
    <VirtualHost *:80>
       Redirect permanent / www.example.com
       ServerName example.com
       ServerAlias www.example.com
    </VirtualHost>
    
    <VirtualHost *:443>
       ServerName www.example.com
    
       ProxyPreserveHost On
       ProxyPass / http://localhost:3000/
       ProxyPassReverse / http://localhost:3000/
    
       SSLEngine on
       SSLProtocol all -SSLv2 -SSLv3
       SSLHonorCipherOrder on
       SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
       SSLCertificateFile "/private/etc/apache2/server.crt"
       SSLCertificateKeyFile "/private/etc/apache2/server.key"
       SSLCompression off # not always present
    
       Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
       Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    
       ServerSignature Off
    </VirtualHost>
    
    I don't know where I should do that and how since with the cpanel and whm the apache configuration file should not be modified manually to avoid being wiped out when it get auto generated by the cpanel program.

    I also thought of going to check if there is a place for that configuration in /var/cpanel/userdata/cpaneluser/domain.com_SSL but I found:

    Code:
    ---
    documentroot: /home/domain/public_html
    group: domain
    hascgi: 1
    homedir: /home/domain
    ip: 192.168.53.12
    ipv6: ~
    owner: root
    phpopenbasedirprotect: ~
    port: 443
    secruleengineoff: ~
    serveradmin: [EMAIL]webmaster@domain.com[/EMAIL]
    serveralias: mail.domain.com www.domain.com
    servername: domain.com
    ssl: 1
    usecanonicalname: 'Off'
    user: cpaneluser
    userdirprotect: ''
    
    
    and in /var/cpanel/userdata/cpaneluser/domain.com found:

    Code:
    ---
    customlog:
      -
       format: combined
       target: /usr/local/apache/domlogs/domain.com
      -
       format: "\"%{%s}t %I .\\n%{%s}t %O .\""
       target: /usr/local/apache/domlogs/domain.com-bytes_log
    documentroot: /home/domain/public_html
    group: domain
    hascgi: 1
    homedir: /home/domain
    ip: 192.168.53.12
    owner: root
    phpopenbasedirprotect: 1
    port: 80
    scriptalias:
      -
       path: /home/domain/public_html/cgi-bin
       url: /cgi-bin/
    serveradmin: webmaster@domain.com
    serveralias: mail.domain.com www.domain.com
    servername: domain.com
    usecanonicalname: 'Off'
    user: cpaneluser
    
    I couldn't understand almost everything in those configuration files which makes hard for me to adapt them according to the reverse proxy configuration I want.
     
    #1 Magezi Sagesse, Nov 24, 2017
    Last edited by a moderator: Nov 25, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,782
    Likes Received:
    1,712
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    We document how to make custom changes to the Apache configuration at:

    Advanced Apache Configuration - EasyApache 4 - cPanel Documentation

    Additionally, if the changes are within the virtual host entries, we document how to customize them at:

    Modify Apache Virtual Hosts with Include Files - EasyApache 4 - cPanel Documentation

    Thank you.
     
Loading...

Share This Page