Whenever you run Friend OS in a production environment, it's a good routine to protect the server with a proxy solution. This is because proxies can be configured to be highly secure. In this case, we are using Apache2, a widely used webserver, which has many security features.
To do this, you need to install the following modules:
sudo a2enmod headers
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_tunnel
After that, create a new virtual host, and let's enable SSL for it using letsencrypt. Then, to set up proxy for HTTP as well as websockets, use the following template in your virtual host:
#FRIEND CONFIG
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /home/{YOUR_USER}/friendup/build/cfg/crt/certificate.pem
SSLCertificateKeyFile /home/{YOUR_USER}/friendup/build/cfg/crt/key.pem
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "method, origin, content-type, accept, options, Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"
Header set Access-Control-Allow-Methods "POST, GET, PATCH, DELETE, PUT, OPTIONS"
SetEnv proxy-sendchunked
SetEnv proxy-sendcl
AllowEncodedSlashes NoDecode
<Location />
Order allow,deny
Allow from all
ProxyPass https://127.0.0.1:6502/ flushpackets=on
ProxyPassReverse https://127.0.0.1:6502/
</Location>
#Friend Core websocket
<Location /fcws>
Order allow,deny
Allow from all
ProxyPass wss://127.0.0.1:6500/ flushpackets=on
ProxyPassReverse wss://127.0.0.1:6500/
</Location>
#FRIEND CONFIG DONE
Make sure to copy the certificates from letsencrypt, where fullchain.pem becomes certificate.pem, and privkey.pem becomes key.pem in cfg/crt/.