add apache2 reverse proxy documentation (#868)

* add apache2 reverse proxy documentation * add certbot Co-authored-by: dni <dni.khr@gmail.com>
2024-11-19 18:11:30 +01:00 · 2022-08-13 14:41:23 +02:00 · 2022-08-13 14:41:23 +02:00 · 32a09f7359
commit 32a09f7359
parent e5d8c500d2
1 changed files with 42 additions and 1 deletions
--- a/docs/guide/installation.md
+++ b/docs/guide/installation.md
@ -216,6 +216,47 @@ sudo systemctl enable lnbits.service
 sudo systemctl start lnbits.service
 ```

+## Running behind an apache2 reverse proxy over https
+Install apache2 and enable apache2 mods
+```sh
+apt-get install apache2 certbot
+a2enmod headers ssl proxy proxy-http
+```
+create a ssl certificate with letsencrypt
+```sh
+certbot certonly --webroot --agree-tos --text --non-interactive --webroot-path /var/www/html -d lnbits.org
+```
+create a apache2 vhost at: /etc/apache2/sites-enabled/lnbits.conf
+```sh
+cat <<EOF > /etc/apache2/sites-enabled/lnbits.conf
+<VirtualHost *:443>
+  ServerName lnbits.org
+  SSLEngine On
+  SSLProxyEngine On
+  SSLCertificateFile /etc/letsencrypt/live/lnbits.org/fullchain.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/lnbits.org/privkey.pem
+  Include /etc/letsencrypt/options-ssl-apache.conf
+  LogLevel info
+  ErrorLog /var/log/apache2/lnbits.log
+  CustomLog /var/log/apache2/lnbits-access.log combined
+  RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+  RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
+  ProxyPreserveHost On
+  ProxyPass / http://localhost:5000/
+  ProxyPassReverse / http://localhost:5000/
+  <Proxy *>
+      Order deny,allow
+      Allow from all
+  </Proxy>
+</VirtualHost>
+EOF
+```
+restart apache2
+```sh
+service restart apache2
+```
+
+
 ## Using https without reverse proxy
 The most common way of using LNbits via https is to use a reverse proxy such as Caddy, nginx, or ngriok. However, you can also run LNbits via https without additional software. This is useful for development purposes or if you want to use LNbits in your local network.

@ -236,7 +277,7 @@ To create a certificate, first `cd` into your LNbits folder and execute the foll
 ```sh
 openssl req -new -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out cert.pem -keyout key.pem
 ```
-This will create two new files (`key.pem` and `cert.pem `). 
+This will create two new files (`key.pem` and `cert.pem `).

 Alternatively, you can use mkcert ([more info](https://kifarunix.com/how-to-create-self-signed-ssl-certificate-with-mkcert-on-ubuntu-18-04/)):
 ```sh