Operate GateOne behind Apache reverse proxy
After installing GateOne on my Raspberry Pi 2 Debian system, I can log on to SSH via HTTP and browser. But only from my internal network, as the external accessible port is blocked by Apache. To add GateOne from outside, I either can disable Apache (no, won`t do it) or make GateOne accessible through Apache. I`ll use Apache as a reverse proxy for this.
Note: you`ll need Apache 2.4 for this, as GateOne uses Websocket for communication, and this is included only ootb with Apache 2.4.
Configuration
GateOne
I won`t use a subdomain for this example, so no new Apache virtual host will be use. This means that I have to use a URL prefix to access GateOne. The prefix is: /ssh. This must be configured in the GateOne configuration file:
sudo vim /opt/gateone/server.conf
Change the parameter url_prefix and restart GateOne
url_prefix = "/ssh"
To be able to access GateOne from external, the URL of the external server must be added to origin. In my case, this means that www.itsfullofstars.de is added.
origins = "https://www.itsfullofstars.de:8081;http://127.0.0.1;http://localhost
Apache
To make use of Apache as a reverse proxy, first the modules must be enabled. You can do this with a2enmod. Add also the web socket module
sudo a2enmod proxy_wstunnel sudo a2enmod proxy_http
Edit the apache configuration to add a reverse proxy for /ssh. Do this for HTTP and WS. In case GateOne listens on TLS, do this for HTTPS and WSS.
ProxyPass /ssh ws://127.0.0.1:9080/ssh
ProxyPassReverse /ssh ws://127.0.0.1:9080/ssh
ProxyPass /ssh http://127.0.0.1:9080/ssh
ProxyPassReverse /ssh http://127.0.0.1:9080/ssh
Restart Apache.
sudo service apache2 restart
Now its possible to access GateOne through /ssh from external.
1 Comment
PaceyIV · March 27, 2017 at 18:09
Can you check if you see the strange behavior that I reported here https://github.com/liftoff/GateOne/issues/661?