Apache Reverse Proxy to Docker
Caddy, traefik, nginx are usually what comes to mind when you want to reverse proxy. Reverse proxying is something that I have never done before in Apache. I will admit even though Apache was the first web server software I used in my formative years, I’ve always opted for nginx for non-containerized applications. I had an Nextcloud server using Apache thanks to linode’s Nextcloud one-click app. I wanted to add Vaultwarden to the underutilized server. Since I wanted to get Vaultwarden working with minimal headache I chose to use the docker image.
Start the Vaultwarden container
docker pull vaultwarden/server:latest
docker run -d --name vaultwarden -v /vw-data/:/data/ -p 8080:80 vaultwarden/server:latestTo reverse proxy the docker container, configure the Apache site with the following:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName vaultwarden.domain.com
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPreserveHost On
ProxyPass / http://vaultwarden.domain.com:8080/
ProxyPassReverse / http://vaultwarden.domain.com:8080/
ErrorLog /${APACHE_LOG_DIR}/vaultwarden-error.log
CustomLog /${APACHE_LOG_DIR}/vaultwarden-access.log combined
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /notifications/hub(.*) ws://vaultwarden.domain.com:3012/$1 [P,L]
ProxyRequests Off
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
RequestHeader set X-Forwarded-Proto https
SSLCertificateFile /etc/letsencrypt/live/vaultwarden.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vaultwarden.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>Reload Apache and you should now have ssl traffic for your vaultwarden proxied to the docker container.
