docs: apache reverse proxy

matifali · matifali · commit 1728e2652d46 · 2023-02-15T01:02:50.000+03:00
diff --git a/docs/admin/configure.md b/docs/admin/configure.md
@@ -47,6 +47,7 @@ subdomain that resolves to Coder (e.g. `*.coder.example.com`).
 The Coder server can directly use TLS certificates with `CODER_TLS_ENABLE` and accompanying configuration flags. However, Coder can also run behind a reverse-proxy to terminate TLS certificates from LetsEncrypt, for example.
 
 - Example: [Run Coder with Caddy and LetsEncrypt](https://github.com/coder/coder/tree/main/examples/web-server/caddy)
+- Apache: [Run Coder with Apache and LetsEncrypt](https://github.com/coder/coder/tree/main/examples/web-server/apache)
 
 ## PostgreSQL Database
 
diff --git a/examples/web-server/apache/README.md b/examples/web-server/apache/README.md
@@ -0,0 +1,120 @@
+# How to use Apache as a reverse-proxy with LetsEncrypt
+
+## Requirements
+
+1. Start a Coder deployment with a wildcard subdomain. See [this guide](https://coder.com/docs/v2/latest/admin/configure#wildcard-access-url) for more information.
+
+2. Configure your DNS provider to point your YOUR_SUBDOMAIN and \*.YOUR_SUBDOMAIN to your server's public ip.
+
+   > For example, to use `coder.example.com` as your subdomain, configure `coder.example.com` and `*.coder.example.com` to point to your server's public ip. This can be done by adding A records in your DNS provider's dashboard.
+
+3. Install Apache (assuming you're on Debian/Ubuntu):
+
+   ```console
+   sudo apt install apache2
+   ```
+
+4. Stop Apache service and disable default site:
+
+   ```console
+   sudo a2dissite 000-default.conf
+   sudo systemctl stop apache2
+   ```
+
+## Install and configure LetsEncrypt Certbot
+
+1. Install LetsEncrypt Certbot: Refer to the [CertBot documentation](https://certbot.eff.org/instructions?ws=other&os=pip&tab=wildcard)
+
+## Create DNS provider credentials
+
+1. Create an API token for the DNS provider you're using: e.g [CloudFlare](https://dash.cloudflare.com/profile/api-tokens) with the following permissions:
+
+   - Zone - DNS - Edit
+
+2. Create a file in `.secrets/certbot/cloudflare.ini` with the following content:
+
+   ```ini
+   dns_cloudflare_api_token = YOUR_API_TOKEN
+   ```
+
+3. Set the correct permissions:
+
+   ```console
+   sudo chmod 600 ~/.secrets/certbot/cloudflare.ini
+   ```
+
+## Create the certificate
+
+1. Create the wildcard certificate:
+
+   ```console
+   sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d coder.example.com -d *.coder.example.com
+   ```
+
+## Configure Apache
+
+> This example assumes Coder is running locally on `127.0.0.1:3000` for the subdomain `YOUR_SUBDOMAIN` e.g. `coder.example.com`.
+
+1. Create Apache configuration for Coder:
+
+   ```console
+   sudo nano /etc/apache2/sites-available/coder.conf
+   ```
+
+2. Add the following content:
+
+   ```apache
+    <VirtualHost *:443>
+      ServerName YOUR_SUBDOMAIN
+      ServerAlias *.YOUR_SUBDOMAIN
+      ErrorLog ${APACHE_LOG_DIR}/error.log
+      CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+      ProxyPass / http://127.0.0.1:3000/
+      ProxyPassReverse / http://127.0.0.1:3000/
+      ProxyRequests Off
+      ProxyPreserveHost On
+
+      # SSL configuration
+      SSLCertificateFile /etc/letsencrypt/live/YOUR_SUBDOMAIN/fullchain.pem
+      SSLCertificateKeyFile /etc/letsencrypt/live/YOUR_SUBDOMAIN/privkey.pem
+    </VirtualHost>
+   ```
+
+   > Don't forget to change:
+   > `YOUR_SUBDOMAIN` by your (sub)domain e.g. `coder.example.com`
+
+3. Enable the site:
+
+   ```console
+   sudo a2ensite coder.conf
+   ```
+
+4. Restart Apache:
+
+   ```console
+   sudo systemctl restart apache2
+   ```
+
+## Refresh certificates automatically
+
+1. Create a new file in `/etc/cron.weekly`:
+
+   ```console
+   sudo touch /etc/cron.weekly/certbot
+   ```
+
+2. Make it executable:
+
+   ```console
+   sudo chmod +x /etc/cron.weekly/certbot
+   ```
+
+3. And add this code:
+
+   ```sh
+   #!/bin/sh
+   sudo certbot renew -q
+   ```
+
+And that's it, you should now be able to access Coder at `https://YOUR_SUBDOMAIN`!
