Skip to content

SSL Termination with Apache for Martini Server Runtime

Apache HTTP Server is a versatile web server and reverse proxy that excels in handling SSL termination. By integrating Apache with the Martini Server Runtime, you can ensure secure processing of HTTPS requests while efficiently forwarding them to your backend application. This setup not only enhances the security of your web applications but also streamlines SSL certificate management.

Prerequisites

  • Apache: Ensure you have Apache installed on your server.
  • SSL Certificate: Obtain an SSL certificate for your-domain.com. You can use Let's Encrypt for free certificates.

  • Modules enabled: Make sure you have the necessary Apache modules enabled:

    1
2
3
    sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod ssl

Configuration

Assuming you have Apache installed and have your DNS configured you may follow the steps below to configure SSL Termination. Make sure to replace placeholders your-domain.com to your actual domain name.

1. Create a Virtual Host Configuration

Open or create a new configuration file in /etc/apache2/sites-available/. You can name it your-domain.com.conf:

1
sudo nano /etc/apache2/sites-available/your-domain.conf

2. Add the following configuration to handle SSL termination and reverse proxy to Martini Server Runtime

This configuration assumes Martini Server Runtime is running on the same machine and using the default port localhost:8080 if not replace ProxyPass and ProxyPassReverse to your Martini Server Runtime desired destination. Update the paths for SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile with the correct file paths.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<VirtualHost *:443>
    ServerName your-domain.com

    # SSL Configuration
    SSLEngine on
    SSLCertificateFile /path/to/your/certificate.crt
    SSLCertificateKeyFile /path/to/your/private.key
    SSLCertificateChainFile /path/to/your/chainfile.pem

    # Proxy settings
    ProxyPreserveHost On
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

    # Optional: Log settings
    ErrorLog ${APACHE_LOG_DIR}/your-domain.com-error.log
    CustomLog ${APACHE_LOG_DIR}/your-domain.com-access.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName your-domain.com
    Redirect permanent / https://your-domain.com/
</VirtualHost>

3. Enable the Site

Enable the new site configuration:

1
sudo a2ensite your-domain.conf

4. Restart Apache

After making the configuration changes, restart Apache to apply them:

1
sudo systemctl restart apache2

5. Start Martini Runtime

If Martini Runtime is not already running, start it.

6. Verify

Visit https://your-domain.com in your web browser to verify that your configuration is working.

Additional Security Settings

You may want to add some security headers or tweak your SSL settings. Here’s a basic example:

1
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Ensure Headers Module is Enabled: Make sure the headers module is enabled:

1
sudo a2enmod headers

Once added restart Apache for changes to take effect.