Configuration of a Docker App

retched · June 18, 2025, 12:47am

SYSTEM INFORMATION
OS type and version	AlmaLinux 9
Virtualmin version	2.303

Trying to figure out how to configure the Virtualmin in this instance:

(I’m using 4.4.4.4 to represent my IP and mydomain.com as the virtual host. The )

I have a Docker (Engine) app that I can access at 4.4.4.4:3000 and is configured for such.
I have a domain configured through webmin called mydomain.com

I would like to point mydomain.com/thatapp to the Docker app. However, I get a SSL Handshake error after trying to configure the server using ProxyPass and ProxyPassReverse directives in the Apache configuration file. What am I missing to get this to work?

I did find one additional thread that closely resembles my problem but it called for adding a .htaccess directive file but it breaks the server to the point I get 500 Server Errors trying to access any page.

lawk · June 18, 2025, 11:09am

does the app run with https:// and self signed cert?

then it might need something like:

SSLProxyCheckPeerName off
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLProxyEngine on

Sometimes some apps also want the real ip passthrough:

RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
RequestHeader set X-Real-IP expr=%{REMOTE_ADDR}

sometimes also:

ProxyPreserveHost On

some also want websockets:

RewriteCond %{HTTP:Upgrade} =websocket
RewriteRule /(.*) ws://127.0.0.1:3001/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket
RewriteRule /(.*) http://127.0.0.1:3001/$1 [P,L]

or

RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule ^/?(.*) "wss://127.0.0.1:9443/$1" [P]

These for me are mostly one of the culprits when getting reverse proxy to work with a docker app.

Ilia · June 18, 2025, 11:31am

You should try using the “Virtualmin / Web Configuration ⇾ Proxy Paths” page.

If you want to edit it manually, you could add the following directives to your Apache config, which should solve the problem you described earlier:

# Disables the remote server certificate checks
# (only needed for self-signed certificates)
SSLProxyCheckPeerCN     off
SSLProxyCheckPeerName   off
SSLProxyCheckPeerExpire off