Technical

Tips, Tricks and Technical Information

HTTPS proxies for Drastic APIs and service

apache logo smIf you want to run APIs or WebRTC connections externally, you can configure Apache to act as a reverse proxy using HTTPS on an external port (like 5000). and forward that traffic to an internal HTTP service running on a different port (like 15000). Here’s how to do it step by step:

Linux

### Step 1: Enable Necessary Apache Modules


Ensure that you have the necessary Apache modules enabled. You can do this by running the following commands:

bash


sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod ssl

After enabling the modules, restart Apache:

bash


sudo systemctl restart apache2

### Step 2: Configure Apache Virtual Host for HTTPS Proxying

1. Create or modify a Virtual Host file for your domain (e.g., `drastic.com`). This file is usually located in `/etc/apache2/sites-available/`. You might name it something like `drastic.com.conf`.

2. Here is an example configuration that listens on HTTPS (port 5000) and proxies to an internal HTTP service on `127.0.0.1:15000`:

apache


<VirtualHost *:5000>
  ServerName drastic.com

  # Enable SSL
  SSLEngine On
  SSLCertificateFile /path/to/your/certificate.crt
  SSLCertificateKeyFile /path/to/your/private.key
  SSLCertificateChainFile /path/to/your/chainfile.crt

  # Proxy configuration
  ProxyPreserveHost On
  ProxyPass / http://127.0.0.1:15000/
  ProxyPassReverse / http://127.0.0.1:15000/

  # Optional: For WebSocket support (if needed)
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*) ws://127.0.0.1:15000/$1 [P,L]

  # Error handling
  ErrorLog ${APACHE_LOG_DIR}/drastic.com_error.log
  CustomLog ${APACHE_LOG_DIR}/drastic.com_access.log combined
</VirtualHost>

Make sure to replace `/path/to/your/certificate.crt`, `/path/to/your/private.key`, and `/path/to/your/chainfile.crt` with the actual paths to your SSL certificate, key, and chain files.

### Step 3: Listen on Port 5000


By default, Apache may not be configured to listen on port 5000. To change this, edit the `ports.conf` file:

bash


sudo nano /etc/apache2/ports.conf

Add the following line to make Apache listen on port 5000 for HTTPS:

apache


Listen 5000

### Step 4: Enable the Site and Restart Apache

Now, enable the site and restart Apache:

bash


sudo a2ensite drastic.com.conf
sudo systemctl restart apache2

### Step 5: Firewall Configuration (if applicable)

If you have a firewall running (like `ufw`), make sure to allow traffic on port 5000:

bash


sudo ufw allow 5000/tcp

### Test the Configuration


Once everything is set up, visit `https://drastic.com:5000` in your browser. It should proxy the requests to `http://127.0.0.1:15000`.

 

Windows

### Step 1: Enable Required Modules

UwAmp should already come with the necessary Apache modules, but you’ll need to make sure they are enabled. You can do this by modifying the `httpd.conf` file located in the UwAmp installation directory (typically something like `UwAmp\bin\apache\conf\httpd.conf`).

1. Open the `httpd.conf` file in a text editor (like Notepad or Notepad++).
2. Look for the following lines and make sure they are uncommented (i.e., they don't have a `#` at the beginning):

apache


LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so

If they are commented (preceded by a `#`), remove the `#` and save the file.

### Step 2: Configure Apache Virtual Host for HTTPS Proxying

Next, configure Apache to listen on HTTPS (port 5000) and forward requests to the internal HTTP service (port 15000).

1. In the `httpd.conf` file, add a new Virtual Host entry for your domain (e.g., `drastic.com`). You can place this configuration at the bottom of the file or in a separate virtual hosts configuration file (e.g., `extra/httpd-vhosts.conf`, depending on UwAmp's setup).

Here’s an example of what you should add:

apache


<VirtualHost *:5000>
  ServerName drastic.com

  # Enable SSL
  SSLEngine On
  SSLCertificateFile "C:/path/to/your/certificate.crt"
  SSLCertificateKeyFile "C:/path/to/your/private.key"
  SSLCertificateChainFile "C:/path/to/your/chainfile.crt"

  # Proxy configuration
  ProxyPreserveHost On
  ProxyPass / http://127.0.0.1:15000/
  ProxyPassReverse / http://127.0.0.1:15000/

  # Optional: WebSocket support (if needed)
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*) ws://127.0.0.1:15000/$1 [P,L]

  # Logging (optional)
  ErrorLog "C:/UwAmp/logs/drastic.com_error.log"
  CustomLog "C:/UwAmp/logs/drastic.com_access.log" combined
</VirtualHost>

Make sure to replace `C:/path/to/your/certificate.crt`, `C:/path/to/your/private.key`, and `C:/path/to/your/chainfile.crt` with the correct paths to your SSL certificate, private key, and chain files.

### Step 3: Listen on Port 5000

By default, UwAmp may not be configured to listen on port 5000. To change this, locate the `Listen` directive in `httpd.conf` (or wherever it is set) and add the following line:

apache


Listen 5000

This instructs Apache to listen on port 5000 for incoming HTTPS connections.

### Step 4: Allow SSL and HTTP Traffic (Configure Windows Firewall)

You’ll need to ensure that the Windows firewall allows traffic through port 5000 for HTTPS. Follow these steps:

1. Open the **Windows Defender Firewall**.
2. Click **Advanced Settings**.
3. Select **Inbound Rules**, then click **New Rule**.
4. Choose **Port** and click **Next**.
5. Enter **5000** in the "Specific local ports" field and click **Next**.
6. Allow the connection and click **Next**.
7. Choose when the rule applies (domain/private/public), then click **Next**.
8. Name the rule (e.g., "Apache HTTPS Port 5000") and click **Finish**.

### Step 5: Restart UwAmp Apache

To apply the changes, you’ll need to restart Apache in UwAmp. You can do this through the UwAmp control panel:

1. Open UwAmp.
2. In the control panel, stop and restart Apache using the buttons provided.

### Step 6: Test the Configuration

Once Apache has restarted, open your browser and navigate to `https://drastic.com:5000`. The request should now be proxied to the internal service running on `http://127.0.0.1:15000`.

### Troubleshooting

- **Check Apache logs**: If something doesn’t work as expected, check the logs in `C:/UwAmp/logs/` for error details.
- **Certificate issues**: If you encounter issues related to SSL certificates, make sure the certificate files are correctly referenced and valid.

This should allow you to proxy traffic from `https://drastic.com:5000` to an internal service running at `http://127.0.0.1:15000`. 

Image

For more than two decades, Drastic™ has been developing cutting edge digital video solutions for television, post production and sports broadcasting, from real time web delivery to 8K broadcast.

We offer standalone software for the end user or enterprise, integrated solutions for automated workflows, and OEM tools for custom applications or branded devices.

Contact Us

Address:
523 The Queensway, Suite 201
Toronto, ON
M8Y 1J7, Canada

Phone: +1 (416) 255 5636

Email: sales@drastictech.com

Fax: + 1 (416) 255 8780

Follow us on Social Media