space/georg/Leon_Apache_Reverse_Proxy.md

# Leon: Apache Reverse Proxy

<https://github.com/leon-ai/>

# Reverse Proxy Setup

## Apache2

This allows you to access the Leon web app using an Apache virtual host.

## Prerequisites

-   **A domain**

> DNS A (and/or AAAA) records have to point to your webserver.

-   **SSL certificate**

> A valid SSL certificate.

> The setup is possible without SSL, though using HTTPS is highly
> recommended. The following configuration examples apply to a HTTPS
> enforced site.

-   **An operating system**

> Obvious.

-   **Apache2 / HTTPD**

> Apache2 needs to be installed, and the modules `mod_ssl`, `mod_proxy`
> as well as `mod_wstunnel` need to be loaded.  
> Refer to the Apache documentation specific to your operating system to
> find the correct procedure on how to install and load modules as well
> as on how and where to define virtual hosts.

-   **Firewall**

> If a firewall is in place, the ports 80 and 443 need to be opened
> and/or forwarded accordingly.  
> If Leon resides on a different machine, the configured `LEON_PORT`
> needs to be reachable by the webserver.

-   **Leon**

> A working Leon installation. It is recommended to test if Leon works
> as expected before attempting to troubleshoot issues with the reverse
> proxy.

> Warning - As of writing this document, the following configuration
> examples only apply to the DEVELOPMENT branch of Leon.  
> Since this branch is deemed stable enough by the author, the complex
> procedure for setting a reverse proxy up with Leon from the Master
> branch (it involves tampering with the source files) will not be
> explained.

## Leon configuration (.env)

    # Server
    LEON_HOST=https://leon.example.com
    LEON_PORT=1337

## Apache virtual host (leon.conf)

`leon.example.com` is the domain we will use to reach the Leon web app.

`localhost` is where the web server reach the Leon backend. If Leon
resides on a different machine, replace this with the hostname or IP
address of that machine.

`:1337` is the port the Leon backend listens on (you specified it above
with `LEON_PORT`).

    <VirtualHost *:80>
      ServerName            leon.example.com
      
      RewriteEngine         On
      RewriteRule           ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
    </VirtualHost>
    <VirtualHost *:443>
      ServerName            leon.example.com
      
      SSLEngine             On
      SSLCertificateFile    "/path/to/fullchain.pem"
      SSLCertificateKeyFile "/path/to/privkey.pem
      
      ProxyPreserveHost     Off
      ProxyPass /           http://127.0.0.1:1337/
      ProxyPassReverse /    http://127.0.0.1:1337/
      
      RewriteEngine         On
      RewriteCond           %{HTTP:Upgrade} websocket [NC]
      RewriteCond           %{HTTP:Connection} upgrade [NC]
      RewriteRule           ^/?(.*) "ws://127.0.0.1:1337/$1" [P,L]
    </VirtualHost>

That's it!
Init Signed-off-by: Georg <georg@lysergic.dev> 2021-08-11 15:41:35 +02:00			`# Leon: Apache Reverse Proxy`

			`<https://github.com/leon-ai/>`

			`# Reverse Proxy Setup`

			`## Apache2`

			`This allows you to access the Leon web app using an Apache virtual host.`

			`## Prerequisites`

			`- A domain`

			`> DNS A (and/or AAAA) records have to point to your webserver.`

			`- SSL certificate`

			`> A valid SSL certificate.`

			`> The setup is possible without SSL, though using HTTPS is highly`
			`> recommended. The following configuration examples apply to a HTTPS`
			`> enforced site.`

			`- An operating system`

			`> Obvious.`

			`- Apache2 / HTTPD`

			> Apache2 needs to be installed, and the modules `mod_ssl`, `mod_proxy`
			> as well as `mod_wstunnel` need to be loaded.
			`> Refer to the Apache documentation specific to your operating system to`
			`> find the correct procedure on how to install and load modules as well`
			`> as on how and where to define virtual hosts.`

			`- Firewall`

			`> If a firewall is in place, the ports 80 and 443 need to be opened`
			`> and/or forwarded accordingly.`
			> If Leon resides on a different machine, the configured `LEON_PORT`
			`> needs to be reachable by the webserver.`

			`- Leon`

			`> A working Leon installation. It is recommended to test if Leon works`
			`> as expected before attempting to troubleshoot issues with the reverse`
			`> proxy.`

			`> Warning - As of writing this document, the following configuration`
			`> examples only apply to the DEVELOPMENT branch of Leon.`
			`> Since this branch is deemed stable enough by the author, the complex`
			`> procedure for setting a reverse proxy up with Leon from the Master`
			`> branch (it involves tampering with the source files) will not be`
			`> explained.`

			`## Leon configuration (.env)`

			`# Server`
			`LEON_HOST=https://leon.example.com`
			`LEON_PORT=1337`

			`## Apache virtual host (leon.conf)`

			`leon.example.com` is the domain we will use to reach the Leon web app.

			`localhost` is where the web server reach the Leon backend. If Leon
			`resides on a different machine, replace this with the hostname or IP`
			`address of that machine.`

			`:1337` is the port the Leon backend listens on (you specified it above
			with `LEON_PORT`).

			`<VirtualHost *:80>`
			`ServerName leon.example.com`

			`RewriteEngine On`
			`RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]`
			`</VirtualHost>`
			`<VirtualHost *:443>`
			`ServerName leon.example.com`

			`SSLEngine On`
			`SSLCertificateFile "/path/to/fullchain.pem"`
			`SSLCertificateKeyFile "/path/to/privkey.pem`

			`ProxyPreserveHost Off`
			`ProxyPass / http://127.0.0.1:1337/`
			`ProxyPassReverse / http://127.0.0.1:1337/`

			`RewriteEngine On`
			`RewriteCond %{HTTP:Upgrade} websocket [NC]`
			`RewriteCond %{HTTP:Connection} upgrade [NC]`
			`RewriteRule ^/?(.*) "ws://127.0.0.1:1337/$1" [P,L]`
			`</VirtualHost>`

			`That's it!`