Skip to content

Running Solid behind a reverse proxy

Jump to bottom Edit New page
Nick Bell edited this page Oct 13, 2018 · 15 revisions

Need: Running Solid alongside other services on a single port

If you want to run multiple services on a single port 443 of a machine, you will need a reverse proxy (such as NGINX) to route on HTTP level between different back-end services.

One of Solid's authentication mechanisms is WebID-TLS: the client sends its client certificate during the TLS handshake. However, by default, this requires the client to set up a TLS connection directly with the Solid server: if the TLS handshake is performed by an intermediary, the Solid server cannot see the client certificate.

Solution 1: Run Solid on a different port

When running Solid on a different port than the reverse proxy, we can bypass that proxy.

The drawbacks are uglier URLs (such as https://example.org:1234/), and possibly firewall problems (if only ports 80 and 443 are allowed).

Solution 2: HAProxy

Example of a config:

https://gist.github.com/melvincarvalho/17c2675978576ed37f83c88fbc0a9327

Advanced usage:

https://www.haproxy.com/blog/using-haproxy-as-an-api-gateway-part-1/

Solution 3: Apache

    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
    ProxyPreserveHost on
    ProxyPass / https://localhost:8444/
    ProxyPassReverse / https://localhost:8444/
    ProxyPass /ci http://localhost:8080/ci
    ProxyPassReverse /ci http://localhost:8080/ci

see: https://github.com/linkeddata/gold/issues/88

see: https://gitter.im/linkeddata/chat?at=5a54c72fb48e8c3566bba507

Add a custom footer
Add a custom sidebar
Clone this wiki locally