Listed on

Proxying internal websites via OS X Server

Proxying internal websites via OS X Server



After rearranging my network to use an OS X server for my main web server there were a few web based systems that I need to expose to the outside world. The advice on Reverse Proxy with macOS Server (http://stationinthemetro.com/2017/05/02/reverse-proxy-with-macos-server) by Mark Boszko worked for me.
I am reproducing the core of the article Reverse Proxy with macOS Server in case the original should cease to be available:

To proxy the internal system site2.example.com (site2) with IP address 192.168.1.15.

Create a web app configuration file on the macOS Server machine
/Library/Server/Web/Config/apache2/httpd_site2webapp.conf:
ProxyPreserveHost On
ProxyPassReverse / http://192.168.1.15:80/
ProxyPass / http://192.168.1.15:80/
ServerName site2.example.com


and the plist file which refers to the conf file
/Library/Server/Web/Config/apache2/webapps/com.example.site2webapp.plist:


<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">   <!-- See man pages for webapp.plist(5) and webappctl(8) for information about this example webapp.plist -->   <plist version="1.0">     <dict>         <key>includeFiles</key>             <array> <!-- Include files are activated in virtual host when webapp is started -->                 <string>/Library/Server/Web/Config/apache2/httpd_site2webapp.conf</string>             </array>         <key>name</key>             <string>com.example.site2webapp</string>         <key>displayName</key> <!-- Name shown in Server app -->             <string>site2WebApp</string>         <key>installationIndicatorFilePath</key> <!-- The presence of this file indicates web app is installed -->             <string>/Library/Server/Web/Config/apache2/httpd_site2webapp.conf</string>         <key>sslPolicy</key><!-- Determines webapp SSL behavior -->             <integer>0</integer> <!-- 0: default, UseSSLWhenEnabled -->                                  <!-- 1: UseSSLAlways -->                                  <!-- 2: UseSSLOnlyWhenCertificateIsTrustable -->                                  <!-- 3: UseSSLNever -->                                  <!-- 4: UseSSLAndNonSSL -->     </dict> </plist>

Ensure that the files are owned by root and group wheel with permissions 644.

And then add the new domain to the server by:
  1. In the Websites tab of Server.app, click the + below the Websites to add a new site
  2. Enter site2.example.com for Domain Name
  3. Leave everything else as default
  4. Click Edit Advanced Settings…
  5. Under the section “Make these web apps available on this website:” check Enable for site2WebApp
  6. Click OK
  7. Click Create

Please refer to the original article (http://stationinthemetro.com/2017/05/02/reverse-proxy-with-macos-server) from which I have copied the example and a significant portion of the text for more detail.