Category Archives: Misc

Apache as a reverse proxy for a Tomcat server on Debian 10

Here’s the situation: you have an Angular application that you want to host on apache, and a Spring Boot application running with its embedded tomcat, or that you want t o deploy on tomcat. However, you don’t want to expose your tomcat default 8080 or 8443 ports.

The solution is to use Apache a reverse proxy for tomcat. Only the apache standard http and https ports will be exposed, and you only need to deal with https certificates at the apache level.

To achieve this :

1. Enable the apache proxy mod

a2enmod proxy
a2enmod proxy_http
systemctl restart apache2

2. Configure apache as a proxy

Edit /etc/apache2/sites-enabled/default-ssl.conf

In the following examples, all traffic to /api will be redirected to the localhost tomcat /api endpoint.

If your tomcat server uses https, then you must enable Apache as a https proxy, and mostlikely disable all https security verification because you will access the tomcat using your localhost ip address, which won’t match the url of the https certifcate :

<VirtualHost *:443>
    ...
    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
    ProxyRequests On
    ProxyPreserveHost On
    ProxyPass /api https://127.0.0.1:8443/api
    ProxyPassReverse /api https://127.0.0.1:8443/api
 
    <Location "/api">
        Order allow,deny
        Allow from all
    </Location>
    ...
</VirtualHost>

If your tomcat is using plain old http, and not https, then a simpler configuration will be enough :

<VirtualHost *:443>
    ...
    ProxyRequests On
    ProxyPreserveHost On
    ProxyPass /api http://127.0.0.1:8080/api
    ProxyPassReverse /api http://127.0.0.1:8080/api
 
    <Location "/api">
        Order allow,deny
        Allow from all
    </Location>
    ...
</VirtualHost>

Backingup WordPress with UpdraftPlus

I had a couple of bad surprises with wordpress websites getting compromised because WordPress was not thouroughly updated.

Since, I looked for an easy WordPress backup solution, one that would take care of backing up not only posts, but plugins, pictures, etc. And ideally, that would be free.

UpdraftPlus has since saved my life more than once, not only from hackers, but also from erroneous configuration changes.

How to digitally sign your outgoing emails with Outlook ?

Would you like to prove to your contacts the authenticity of your emails ? A S/MIME signature of your messages may be a solution. It will guarantee that a message comes from you, and that its content wasn’t altered. You can do it for free – as long as it’s for a personnal use – using a Comodo free email certificate. The solution may be seducing, but there are two caveats.

First, the validation of your signature is done by your recipient email client, and most email clients just don’t support it. As a rule of thumb, consider only the outlook desktop app supports it (gmail, outlook.com, default android client don’t support it, iphone can support it but it’s disabled by default). And there’s nothing you can do about it.

Second, the procedure to sign your messages may give some headaches, and it’ll be different for each email client. But at least, here is a step by step guide to digitally sign outgoing messages on Outlook.

  1. Get a mail Certificate
  2. Install your mail certificate in your local certificate store
  3. Check that your certificate is properly installed
  4. Configure Outlook to sign outgoing messages

1. Get a mail certificate

If you don’t already own a mail certificate, you can get a free one from Comodo here, or directly here.
Continue reading