LightningTip via Apache2 reverse proxy - michael1011/lightningtip GitHub Wiki

LightningTip via Apache2 reverse proxy

If your website is SSL-enabled, such as via LetsEncrypt certbot certificates, and you are finding LightningTip is having permissions errors reading those certificate files with the available LightningTip configuration options, you may want to consider running LightningTip via apache2 reverse proxy instead and let apache2 handle the encryption for you.

1. Configure LightningTip to run on an alternative REST port

Configure LightningTip to run on an alternative REST port by editing $HOME/.lightningtip/lightningtip.conf as follows:

resthost = localhost:10000
accessdomain = *

2. Setup Apache reverse proxy

Setup an apache2 reverse proxy by editing /etc/apache2/sites-available/000-default.conf as follows, replacing SERVERNAME, and adding the correct paths for your certbot issued certificates, or other authority-issued SSL certificates:

<VirtualHost *:8081>
    SSLEngine On
    SSLCertificateFile /path/to/ssl/file.pem
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:10000/
    ProxyPassReverse / http://127.0.0.1:10000/
    ServerName SERVERNAME
</VirtualHost>

Restart apache2 to implement the changes.

sudo service apache2 restart

This will work with the default lightningTip.js without any further changes to that file.

apache2 will proxy connections to port 8081 to LightningTip running on localhost:10000 as well as take care of the SSL certificates.