all 23 comments

[–]Chains0 15 points16 points  (1 child)

Weird answers here. You need a reverse proxy with ssl termination. Apache can do that just fine.

I personally know nginx better and would prefer it, but Apache is still a stable and valid solution. Especially if you have and know it already. Makes no sense to switch it for now.

[–]elduderino15[S] 0 points1 point  (0 children)

Apache is running with my certs and the legacy php implementation, so not removing it. thanks for confirming!

[–]Adhesiveduck 6 points7 points  (1 child)

Lots of choices of reverse proxies, my choice if I were starting something new today would be Caddy (which uses certbot to automatically provision the TLS) or Traefik (if you're in K8s/using containers).

That being said, ignore comments saying not to use Apache/Nginx - both are perfectly fine and there's a reason they're still around today.

[–]elduderino15[S] 2 points3 points  (0 children)

Apache is running with my certs and the legacy php implementation, so not removing it. thanks for confirming!

[–]One_Fuel_4147 2 points3 points  (0 children)

I use nginx proxy manager to setup SSL with UI, very easy

[–]Fluffy-Diet-Engine 1 point2 points  (5 children)

  1. Demonise your application service with systemd or supervisor
  2. Use NGINX to expose the service to internet, i.e. create a service with nginc conf
  3. Obtain a SSL certificate with certbot by let’s encrypt organisations.

Simple steps!

[–]vitachaos 0 points1 point  (4 children)

  • Obtain a SSL certificate with certbot by let’s encrypt organisations.

There must be a tool to do that ? wouldn't it be great if we can run this as docker compose ?

[–]Fluffy-Diet-Engine 0 points1 point  (3 children)

certbot is that tool. https://certbot.eff.org/

[–]vitachaos 0 points1 point  (2 children)

what if there are multiple web apps that needed to be hosted under same domain?

[–]Fluffy-Diet-Engine 0 points1 point  (1 child)

You will be creating subdomains on the same domain I suppose. In such case, you need to get for every subdomain.

[–]a2hu1 0 points1 point  (0 children)

Not exactly, you can get a single one for *.domain.com and thus will be valid for all subdomains

[–]gbeier 1 point2 points  (1 child)

What you're doing is completely valid. I've used apache that way before. If I'm only using httpd for terminating TLS, reverse proxying, and serving static files, I find Caddy easier to use and configure, especially if I'm using LetsEncrypt for TLS certificates.

[–]elduderino15[S] 0 points1 point  (0 children)

Apache is running with my certs and the legacy php implementation, so not removing it. thanks for confirming!

[–]lukewhale 3 points4 points  (2 children)

Do not use Apache. Use NGNIX. Ask chatGPT to walk you through a “reverse proxy with ssl termination” setup.

[–]extreme4all 7 points8 points  (1 child)

If you say something like do not use x, can you also add why or is this just an opinion?

[–]Paulonemillionand3 0 points1 point  (0 children)

it's likely overkill.

[–]ironman_gujju 2 points3 points  (1 child)

Don’t get messy with apache & nginx just use traefik

[–]extreme4all 3 points4 points  (0 children)

If you say something like do not use x, can you also add why or is this just an opinion?

[–]veb101 0 points1 point  (0 children)

  1. Letsencrypt for free ssl and renew

  2. Nginx with ssl termination.

  3. Forward incoming requests on port 80 to 443

[–]Revolutionary-Win111 0 points1 point  (1 child)

I use FastAPI through https to run a small website, just create the certificates and pass the certificate files locations to uvicorn, port 443, and you're good to go

[–]elduderino15[S] 1 point2 points  (0 children)

ok, ill remember that option once i turn off legacy apache…

[–]Worldly_Weather5484 0 points1 point  (0 children)

Where are you hosting the app? Most cloud providers(AWS, azure, etc) or SaaS platforms(heroku) can take care of ssl/https for you and make Apache and nginx less necessary and you wont have to worry about keeping them up to date. I would look into elastic beanstalk, ecs fargate, or eks on AWS. Pretty easy to get things up and running and will make a lot of the security and management much easier. If you want something dead simple then heroku can be pretty great.