Here’s the situation: you have an Angular application that you want to host on apache, and a Spring Boot application running with its embedded tomcat, or that you want t o deploy on tomcat. However, you don’t want to expose your tomcat default 8080 or 8443 ports.
The solution is to use Apache a reverse proxy for tomcat. Only the apache standard http and https ports will be exposed, and you only need to deal with https certificates at the apache level.
To achieve this :
1. Enable the apache proxy mod
a2enmod proxy
a2enmod proxy_http
systemctl restart apache22. Configure apache as a proxy
Edit /etc/apache2/sites-enabled/default-ssl.conf
In the following examples, all traffic to /api will be redirected to the localhost tomcat /api endpoint.
If your tomcat server uses https, then you must enable Apache as a https proxy, and mostlikely disable all https security verification because you will access the tomcat using your localhost ip address, which won’t match the url of the https certifcate :
<VirtualHost *:443>
...
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyRequests On
ProxyPreserveHost On
ProxyPass /api https://127.0.0.1:8443/api
ProxyPassReverse /api https://127.0.0.1:8443/api
<Location "/api">
Order allow,deny
Allow from all
</Location>
...
</VirtualHost>If your tomcat is using plain old http, and not https, then a simpler configuration will be enough :
<VirtualHost *:443>
...
ProxyRequests On
ProxyPreserveHost On
ProxyPass /api http://127.0.0.1:8080/api
ProxyPassReverse /api http://127.0.0.1:8080/api
<Location "/api">
Order allow,deny
Allow from all
</Location>
...
</VirtualHost>