I need help. My system is working, but I would like some advice about potential scripting methods or other automation.
I’m using Virtualmin GPL to control a gateway reverse proxy server directing traffic to multiple backend servers, also controlled by Virtualmin GPL, and each hosting multiple virtual hosts.
Each of the backend servers needs access by https (port 443), and at present also allowing http (port 80). The applications served (mainly Drupal) require that the website name not change because of redirection - i.e. if a user enters “https://mysite.example.com” that is exactly what the backend server must see.
I have achieved a working setup thus:
Each target virtual host has a matching virtual host in the gateway server. The external DNS points to the gateway machine. The gateway machine is configured with a hosts file so that the URI resolves to the backend server. So - the world addresses “mysite.example.com” at xxx.xxx.xxx.xxx, but the gateway addresses “mysite.example.com” at yyy.yyy.yyy.yyy.
The virtual host in the gateway server is configured as a reverse proxy by using “Edit Proxy Website” to enable proxying and setting the Proxy to URL = “http://mysite.example.com”.
Then using Virtualmin on the backend server Execute the Manage SSL Certificate and get a Letsencrypt certificate for mysite.example.com on the backend
Using Virtualmin at the gateway server, reconfigure the gateway virtual host to disable proxy.
Use Virtualmin at the gateway to get another Letsencrypt certificate for mysite.example.com on the gateway.
Re-enable the proxy, but now set the URL to “https://mysite.example.com”
Use webadmin on the gateway to modify the Apache config to add “SSLProxyEngine on” before the ProxyPass statement in the port 443 virtual host.
The result is that the backend website will be served using https, regardless of whether the user asked for http or https, and a valid letsencrypt certificate will be served.
Now I have three months before all the letsencrypt certificates expire, during which time I hope to find some way of automating the renewal process.
Virtualmin 6.03, Webmin 1.881, Centos 7.5 1804