Is it possible to redirect certain subdomain from port 80/443 to custom port with https/ssl?

Keywords: NodeJS - AWS - Technical issue - Services (Apache, MariaDB, MySQL…)

bnsupport ID: 7bd5e236-d699-4a9d-d6ab-905dddfe0927

bndiagnostic output:

? Apache: Found possible issues
? Resources: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/administration/use-pagespeed/#disable-pagespeed
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/
https://docs.bitnami.com/installer/faq/linux-faq/administration/increase-memory-linux/

bndiagnostic failure reason: The suggested guides are not related with my issue

Description:
I have set up my domain like example.com and everything works. Now I have a sub domain like test.example.com which uses another directory.

For example for example.com I have example-vhost.conf and example-https-vhost.conf` set up with app located at /opt/bitnami/example. In the config file I redirect port 3000 to 80/443 and it works great.

For my test one I use another directory /opt/bitnami/example_test and I have the similar conf files example_test-vhost.conf and example_test-https-vhost.conf and set the ProxyPass and ProxyPassReverse as port 3002.

Then when I go to test.example.com it is still going to port 80/443 and the app files are still from /opt/bitnami/example which means all the new config not working. I have to type http://test.example.com:3002 to reach /opt/bitnami/example_test. Same thing happens if you type http://example.com:3002 but it is not allowed for this domain. Port 3002 can only be accessed through test.example.com.

Show can I do this without buying a new instance?

P.S. I am using AWS lightsail with nodejs instance

My example_test.vhost.conf:

    <VirtualHost 127.0.0.1:80 _default_80>
    ServerName test.example.com
    ServerAlias test.example.com
    DocumentRoot /opt/bitnami/example_test
    # BEGIN: Configuration for letsencrypt
    Include “/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf”
    # END: Configuration for letsencrypt
    # BEGIN: Support domain renewal when using mod_proxy without Location

    ProxyPass /.well-known !

    # END: Support domain renewal when using mod_proxy without Location
    # BEGIN: Enable HTTP to HTTPS redirection
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteCond %{HTTP_HOST} !^localhost
    RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
    RewriteCond %{REQUEST_URI} !^/.well-known
    RewriteRule ^/(.<em>) https://%{SERVER_NAME}/$1 [R,L]
    # END: Enable HTTP to HTTPS redirection
    # BEGIN: Enable www to non-www redirection
    RewriteCond %{HTTP_HOST} ^www.(.</em> )$ [NC]
    RewriteCond %{HTTP_HOST} !^localhost
    RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
    RewriteCond %{REQUEST_URI} !^/.well-known
    RewriteRule ^(.*)$ http://%1$1 [R=permanent,L]
    # END: Enable www to non-www redirection
    <Directory “/opt/bitnami/example_test”>
    Options -Indexes +FollowSymLinks -MultiViews
    AllowOverride All
    Require all granted

    <Proxy *>
    Order allow,deny
    Allow from all

    ProxyPass / http://localhost:3002/
    ProxyPassReverse / http://localhost:3002/
    # BEGIN: Support domain renewal when using mod_proxy within Location
    <Location /.well-known>

    ProxyPass !

    # END: Support domain renewal when using mod_proxy within Location

Should be example_test-vhost.conf

Hi @legenddaniel

Thanks for using Bitnami NodeJS!

Hmm, at first sight, it seems that the VirtualHosts for your subdomain should work. I have tried implementing this myself and changes weren’t applied until the Apache service was restarted. Have you tried restarting the services to ensure the changes are applied?

sudo /opt/bitnami/ctlscript.sh restart apache

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Hi Jose,

Thank you for your answer. However I have restarted it many times. I even restarted my instance.

I have read some tutorials about the similar implementation on other stacks like WordPress and I found them setting in /opt/bitnami/apps/exampple/conf.
I also see some tutorials saying the directory should be bitnami/htdocs but there’s only a index.html in my htdocs.
I found so many ‘suspicious’ conf file but I only modify the *-vhost.conf under /opt/bitnami/conf/vhosts. Do I need to take a look at other files?

Hi @legenddaniel

Do I need to take a look at other files?

No, I think that due to your configuration, the only relevant files should be the ones under /opt/bitnami/apache/conf/vhosts/".

I have checked your configuration and it seems you are not configuring a subdomain, but rather another different domain: XXXXXgo.ca (using ProxyPass 3000) and XXXXXXgo.link (using ProxyPass 3002)/
In fact, I can access both domains just fine using my web browser. Is that the intended behavior (rather than a subdomain)?

In any case, could you please share the output of the following commands (notice that you may need to run them connected via SSH to your instance)?:

$ curl -I localhost:3000
$ curl -I localhost:3002
$ curl --silent localhost:3000 | grep -o '.\{420\}$' | tail -1
$ curl --silent localhost:3002 | grep -o '.\{420\}$' | tail -1

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Hi @jcarmona,

Since we couldn’t work it out so we buy another domain and change our test.example.com to example.link but still not working.

For your curl requests they all respond correctly with the http header and html. But still example.link should be by default on port 3002 instead of 3000. If you are accessing port 3002 you should see 3002 in the console.log.

For your curl requests they all respond correctly with the http header and HTML.

Okay, so that means that both applications on port 3000 and 3002 are actually running. I was hoping that you could share the output of the commands to actually see if the webpage they deliver is the same, as per my tests I can connect to example.ca and example.link with no problems.

Can you make sure that the two applications deliver different content?

If you are accessing port 3002 you should see 3002 in the console.log.

Can you see an entry when you access the site using http://localhost:3002 ?

If you want to verify that the ProxyPass directive is working, you can change the port in your configuration file to some other where no Node app is running:

/opt/bitnami/apache/conf/vhosts/nextapp_test-vhost.conf

...
-  ProxyPass / http://localhost:3002/
-  ProxyPassReverse / http://localhost:3002/
+  ProxyPass / http://localhost:3100/
+  ProxyPassReverse / http://localhost:3100/
  # BEGIN: Support domain renewal when using mod_proxy within Location
  <Location /.well-known>
    <IfModule mod_proxy.c>
      ProxyPass !
    </IfModule>
  </Location>
  # END: Support domain renewal when using mod_proxy within Location
</VirtualHost>

Then restart the Apache service and try to access your site (example.link). You should be able to see something like 503 Service Temporarily Unavailable.

Could you please check that?

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Hi @jcarmona,

curl -I localhost:3000:

HTTP/1.1 200 OK
X-Powered-By: Next.js
ETag: “2d51-Lqu8OzeXdULMj0BS/cFBYwn2HzE”
Content-Type: text/html; charset=utf-8
Content-Length: 11601
Vary: Accept-Encoding
Date: Tue, 20 Jul 2021 13:56:05 GMT
Connection: keep-alive
Keep-Alive: timeout=5

curl -I localhost:3002

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate
X-Powered-By: Next.js
ETag: “2558-Kp82Tqjjz4jG20SnluzCXwOFx2s”
Content-Type: text/html; charset=utf-8
Content-Length: 9560
Vary: Accept-Encoding
Date: Tue, 20 Jul 2021 13:57:43 GMT
Connection: keep-alive
Keep-Alive: timeout=5

$ curl --silent localhost:3000 | grep -o '.\{420\}$' | tail -1
156d458114fbefc.e8a48df9c29faf46b8e2.js" async=""></script><script src="/_next/static/chunks/pages/_app-ef77053a5f4b41a6447a.js" async=""></script><script src="/_next/static/chunks/pages/index-2948414f28559e4389d5.js" async=""></script><script src="/_next/static/ztb1lz_7xMtsvoEayVdYX/_buildManifest.js" async=""></script><script src="/_next/static/ztb1lz_7xMtsvoEayVdYX/_ssgManifest.js" async=""></script></body></html>
$ curl --silent localhost:3002 | grep -o '.\{420\}$' | tail -1
799308"></script><script src="/_next/static/chunks/webpack.js?ts=1626789799308"></script><script src="/_next/static/chunks/pages/_app.js?ts=1626789799308"></script><script src="/_next/static/chunks/pages/index.js?ts=1626789799308"></script><script src="/_next/static/development/_buildManifest.js?ts=1626789799308"></script><script src="/_next/static/development/_ssgManifest.js?ts=1626789799308"></script></body></html>

They are hosting different files but can’t access via example.link.

I proxy the port to 3003 in both example-vhost.conf and example-https-vhost.conf but example.link still visitable which means example.link is not listening on 3002.

For now I run dev mode on port 3002, and I restart Apache by sudo /opt/bitnami/ctlscript.sh restart apache

Hi @legenddaniel

I think I might have found the issue here! On further inspection of your virtual host config files, I noticed that you set the ServerAlias * flag in two of them:

/opt/bitnami/apache/conf/vhosts/apache/conf/vhosts/nextapp-vhost.conf

<VirtualHost 127.0.0.1:80 _default_:80>
  ServerAlias * <------ HERE
  DocumentRoot /opt/bitnami/nextapp
  # BEGIN: Configuration for letsencrypt
  Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
  # END: Configuration for letsencrypt
  # BEGIN: Support domain renewal when using mod_proxy without Location
  <IfModule mod_proxy.c>
    ProxyPass /.well-known !
  </IfModule>

/opt/bitnami/apache/conf/vhosts/apache/conf/vhosts/nextapp-https-vhost.conf

<VirtualHost 127.0.0.1:443 _default_:443>
  ServerAlias *  <------- HERE
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache/conf/XXXXXXgo.ca.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache/conf/XXXXXXgo.ca.key"
  DocumentRoot /opt/bitnami/nextapp
  # BEGIN: Configuration for letsencrypt
  Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
  # END: Configuration for letsencrypt
  # BEGIN: Support domain renewal when using mod_proxy without Location

When you try to access using the domain example.link, the wildcard (*) ServerAlias flag matches, and thus, you are served the same page as when accessing example.ca. Notice that for your other vhost config files you explicitly set the ServerName and ServerAlias to specific values:

For instance, /opt/bitnami/apache/conf/vhosts/apache/conf/vhosts/nextapp_test-https-vhost.conf

<VirtualHost 127.0.0.1:443 _default_:443>
  ServerName example.link
  ServerAlias www.example.link
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache/conf/XXXXXXX.ca.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache/conf/XXXXXX.ca.key"
  DocumentRoot /opt/bitnami/nextapp_test
  # BEGIN: Configuration for letsencrypt
  Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
  # END: Configuration for letsencrypt

Let’s try to solve this by performing changes in nextapp-vhost.conf & nextapp-https-vhost.conf:

/opt/bitnami/apache/conf/vhosts/apache/conf/vhosts/nextapp-vhost.conf

<VirtualHost 127.0.0.1:80 _default_:80>
- ServerAlias *
+ ServerName example.ca
+ ServerAlias www.example.ca
  DocumentRoot /opt/bitnami/nextapp
  # BEGIN: Configuration for letsencrypt
  Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
  # END: Configuration for letsencrypt
  # BEGIN: Support domain renewal when using mod_proxy without Location
  <IfModule mod_proxy.c>
    ProxyPass /.well-known !
  </IfModule>

/opt/bitnami/apache/conf/vhosts/apache/conf/vhosts/nextapp-https-vhost.conf

<VirtualHost 127.0.0.1:443 _default_:443>
- ServerAlias *
+ ServerName example.ca
+ ServerAlias www.example.ca
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache/conf/XXXXXXgo.ca.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache/conf/XXXXXXgo.ca.key"
  DocumentRoot /opt/bitnami/nextapp
  # BEGIN: Configuration for letsencrypt
  Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
  # END: Configuration for letsencrypt
  # BEGIN: Support domain renewal when using mod_proxy without Location

After that, ensure that the proxy port is set to 3002 and your node application is running. Restart your Apache service with sudo /opt/bitnami/ctlscript.sh restart apache and see if this solves it!

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

1 Like

Thank you Jose for saving my life!!!

My pleasure :slightly_smiling_face:

Glad to see you were able to solve your issue! We are marking the previous answer as “Solution” and this topic as “Closed”.

If you have any other questions, please do not hesitate to let us know. Feel free to create a new topic referencing this one if necessary.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart: