You're viewing documentation for the legacy version of Firezone, now End-of-Life. View the latest docs here.

Reverse Proxy Template: Apache

The following are example apache configurations with and without SSL termination.

These expect the apache to be running on the same host as Firezone and default['firezone']['phoenix']['port'] to be 13000.

Without SSL termination

Since Firezone requires HTTPS for the web portal, please bear in mind a downstream proxy will need to terminate SSL connections in this scenario.

<server-name> needs to be replaced with your domain name.

This configuration needs to be placed in /etc/sites-available/<server-name>.conf

and activated with a2ensite <server-name>

LoadModule rewrite_module /usr/lib/apache2/modules/
LoadModule proxy_module /usr/lib/apache2/modules/
LoadModule proxy_http_module /usr/lib/apache2/modules/
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/
<VirtualHost *:80>
        ServerName <server-name>
        ProxyPassReverse "/" ""
        ProxyPass "/" ""
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://$1" [P,L]

With SSL termination

This configuration builds on the one above and uses Firezone's auto-generated self-signed certificates.

LoadModule rewrite_module /usr/lib/apache2/modules/
LoadModule proxy_module /usr/lib/apache2/modules/
LoadModule proxy_http_module /usr/lib/apache2/modules/
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/
LoadModule ssl_module /usr/lib/apache2/modules/
LoadModule headers_module /usr/lib/apache2/modules/
Listen 443
<VirtualHost *:443>
        ServerName <server-name>
        RequestHeader set X-Forwarded-Proto "https"
        ProxyPassReverse "/" ""
        ProxyPass "/" ""
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://$1" [P,L]
        SSLEngine On
        SSLCertificateFile "/var/opt/firezone/ssl/ca/"
        SSLCertificateKeyFile "/var/opt/firezone/ssl/ca/"
Last updated: May 21, 2024