-
Notifications
You must be signed in to change notification settings - Fork 28
LightningTip via Apache2 reverse proxy
If your website is SSL-enabled, such as via LetsEncrypt certbot certificates, and you are finding LightningTip is having permissions errors reading those certificate files with the available LightningTip configuration options, you may want to consider running LightningTip via apache2 reverse proxy instead and let apache2 handle the encryption for you.
Configure LightningTip to run on an alternative REST port by editing $HOME/.lightningtip/lightningtip.conf as follows:
resthost = localhost:10000
accessdomain = *
Setup an apache2 reverse proxy by editing /etc/apache2/sites-available/000-default.conf as follows, replacing SERVERNAME, and adding the correct paths for your certbot issued certificates, or other authority-issued SSL certificates:
<VirtualHost *:8081>
SSLEngine On
SSLCertificateFile /path/to/ssl/file.pem
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:10000/
ProxyPassReverse / http://127.0.0.1:10000/
ServerName SERVERNAME
</VirtualHost>
Restart apache2 to implement the changes.
sudo service apache2 restart
This will work with the default lightningTip.js without any further changes to that file.
apache2 will proxy connections to port 8081 to LightningTip running on localhost:10000 as well as take care of the SSL certificates.