Hello all,
I just want to contribute with my experience.
Documentation recommends the usage of an NGINX instance as Reverse Proxy in front of the actual Datagerry Webserver.
I have been using an Apache instance instead for the same reason, and I’d like to share my configuration.
Apache Web Server version, on Debian 10 platform, is:
================================
Server version: Apache/2.4.38 (Debian)
Server built: 2020-08-25T20:08:29
================================
Certificate Authority certificate, web server’s Certificate and Key are in the /etc/apache2/certs/ directory.
So that Apache Web Server runs as Reverse Proxy with SSL offloading.
Datagerry’s own webserver is configured to only listen on “127.0.0.1:4000” address.
Apache’s enabled site configuration is the following:
================================
<VirtualHost *:443>
ServerAdmin webmaster@mydomain.com
ServerName cmdb1.mydomain.com:443
ProxyPass / http://127.0.0.1:4000/
ProxyPassReverse / http://127.0.0.1:4000/
SSLEngine on
SSLProxyEngine on
SSLCACertificateFile /etc/apache2/certs/CA-mydomain.com.crt
SSLCertificateFile /etc/apache2/certs/cmdb1.mydomain.com.crt
SSLCertificateKeyFile /etc/apache2/certs/cmdb1.mydomain.com.key
# Mozilla SSL Configuration Generator
# https://ssl-config.mozilla.org/#server=apache&version=2.4.38&config=modern&openssl=1.1.1d&guideline=5.6
Protocols h2 http/1.1
Header always set Strict-Transport-Security "max-age=63072000"
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder off
SSLSessionTickets off
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
================================
I hope you appreciate it, feel free to share your thoughts.
Regards
Gino