Combine r-handler and tls

Question

Is it possible to provide the Apache R-mod via TLS directly? Without the need to set up a reverse proxy?

I'm trying to set up an OpenCPU instance without the typical reverse proxy configuration. It should be accessible via HTTPS and HTTPS only.

Whenever I try to enable the TLS/SSL engine, Apache ignores that and on port 443 I'll get a header missmatch as HTTP is delivered over port 443.

<IfModule mod_ssl.c>
SSLStaplingCache "shmcb:${APACHE_LOG_DIR}/stapling-cache(150000)"
<IfModule mod_R.c>

    RSourceOnStartup "/usr/lib/opencpu/rapache/onstartup.R"

    <Location /ocpu>
        SSLEngine on
        SSLUseStapling on
        SSLCertificateFile  /etc/ssl/xxx.pem
        SSLCertificateKeyFile /etc/ssl/private/xxx.key
        SSLCertificateChainFile /etc/ssl/certs/chain.pem

        SetHandler r-handler
        RHandler opencpu:::rapachehandler
        SetOutputFilter DEFLATE
        SetInputFilter DEFLATE
    </Location>

    Alias /favicon.ico /usr/lib/opencpu/rapache/favicon.ico
    Alias /robots.txt /usr/lib/opencpu/rapache/robots.txt

    # Increase prefork defaults
    <IfVersion >= 2.4>
        #StartServers 10
        MaxConnectionsPerChild 200
        <Directory /usr/lib/opencpu/rapache>
            Require all granted
        </Directory>
    </IfVersion>

</IfModule>

I think that is the default setup? Which reverse proxy do you mean? — Jeroen Ooms, Dec 11 '19 at 11:03
I wanted to explicitly block HTTP. But I solved it via Redirect now. See answer below. — MPW, Dec 11 '19 at 11:06

score 0 · Accepted Answer · answered Dec 11 '19 at 11:05

It seems that the Location /ocpu is valid for both VirtualHosts, the one for HTTP and HTTPS.

So it suffices to redirect HTTP to HTTPS in 000-default.conf and to correctly set up TLS in the default-ssl.conf.

<VirtualHost *:80>
    ServerName xxx
    ServerAdmin xxx

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Redirect / https://xxx/

</VirtualHost>

And

# cat default-ssl.conf 
<IfModule mod_ssl.c>
    SSLStaplingCache "shmcb:${APACHE_LOG_DIR}/stapling-cache(150000)"
    LogLevel Debug
    <VirtualHost *:443>
        ServerName xxx
        ServerAdmin xxx

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLUseStapling on

        SSLCertificateFile  /etc/ssl/certs/xxx.pem
        SSLCertificateKeyFile /etc/ssl/private/xxx.key
        SSLCertificateChainFile /etc/ssl/certs/xxx.pem

        DocumentRoot /var/www/html

    </VirtualHost>
</IfModule>

No need to change anything in the opencpu.conf.

Combine r-handler and tls

1 Answers1