Cloudron behind apache2 proxy

heronymous

Greetings everyone from a small balkan country named Macedonia

I'm having some issues deploying Cloudron behind an apache2 proxy. This is my current setup:

1. Public Gatekeeper Proxy Server > Cloudron VM in a separate location (we use VPN for interconnecting both DCs).
2. The domain is proxied through Cloudflare.
3. The error I get is: Too many redirects.

So far, I've tried basically everything I can think of and spent days trying Google for a solution. I've used both Flexible and Strict SSL (I installed the certificate on the proxy server only) in Cloudflare. I turned off Cloudflare Proxy and set the domain to DNS-only mode.

I also tried various configurations in the apache2 vhost. This is the one for port 80:

<VirtualHost *:80>
    ServerAdmin contact@infoproject.biz
    ServerName hero.cloudron
    ServerAlias *.hero.cloudron
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ProxyRequests off
    SSLProxyEngine on
    ProxyPreserveHost on
    Header set Access-Control-Allow-Origin "*"
 <Location />
        ProxyPass http://10.10.9.134/
        ProxyPassReverse http://10.10.9.134/
        Order allow,deny
        Allow from all
 </Location>
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^(.*)\.hero\.cloudron$ [NC]
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

And the one for port 443:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin info@hero.cloudron
    ServerName hero.cloudron
    ServerAlias *.hero.cloudron
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ProxyRequests off
    SSLProxyEngine on
    ProxyPreserveHost on
    Header set Access-Control-Allow-Origin "*"
 <Location />
        ProxyPass http://10.10.9.134/
        ProxyPassReverse http://10.10.9.134/
        Order allow,deny
        Allow from all
 </Location>
   SSLEngine on
   SSLCertificateFile    /etc/ssl/certs/hero.cloudron-cf-origin-ca.pem
   SSLCertificateKeyFile /etc/ssl/private/hero.cloudron-cf-private-key.key
</VirtualHost>
</IfModule>

Any help is greatly appreciated. I really do not know what else to try and what else to do. The only way I can expose the Cloudron VM to a public IP with a domain is to proxy the requests.

girish

@heronymous there are some thread here with "nginx proxy manager" setup. Maybe you can look into those for ideas. For example, https://forum.cloudron.io/topic/5898/nginx-in-front-of-cloudron-install/ .https://forum.cloudron.io/topic/5898/nginx-in-front-of-cloudron-install/

If the domain is proxied via Cloudflare: a request goes from browser -> Cloudflare -> Public Gatekeeper Proxy Server -> Cloudron ? Is that your setup?

heronymous

Hey! Thanks, for replying. Yes, that's exactly my setup:

Browser -> Cloudflare -> Public Gatekeeper Proxy Server -> Cloudron

I'm already using that same setup for many other services (proxying: Nextcloud, various APIs for our software etc...). All services are setup in exactly the same way: Domain is on cloudflare > the domain lands on the public IP of the gatekeeper proxy server > the requests are proxied to whatever VMs they need.

I will also try later tonight to setup some headers (such as: X-Forwarded-Proto, X-Forwarded-For etc...)

heronymous

Unfortunately, I'm still at a loss. No matter what I do, I get the dreaded too_many_redirects error. Any suggestions will be appreciated (I've also tried about 50 different apache2 configurations). I can provide additional information if needed.

Does Cloudron need any special headers redirected and proxied perhaps? Should I setup anything to the Cloudron VM (I've done a clean install, on a clean Ubuntu 22.04 VM).

robi

can you validate with nginx as the proxy instead?