Setting up a proxy using Apache2

Whenever you run Friend OS in a production environment, it's a good routine to protect the server with a proxy solution. This is because proxies can be configured to be highly secure. In this case, we are using Apache2, a widely used webserver, which has many security features.

To do this, you need to install the following modules:

sudo a2enmod headers
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_tunnel

After that, create a new virtual host, and let's enable SSL for it using letsencrypt. Then, to set up proxy for HTTP as well as websockets, use the following template in your virtual host:


SSLEngine on
SSLProxyEngine On
SSLCertificateFile /home/{YOUR_USER}/friendup/build/cfg/crt/certificate.pem
SSLCertificateKeyFile /home/{YOUR_USER}/friendup/build/cfg/crt/key.pem

SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "method, origin, content-type, accept, options, Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"
Header set Access-Control-Allow-Methods "POST, GET, PATCH, DELETE, PUT, OPTIONS"
SetEnv proxy-sendchunked
SetEnv proxy-sendcl

AllowEncodedSlashes NoDecode

<Location />
    Order allow,deny
    Allow from all
    ProxyPass flushpackets=on

#Friend Core websocket
<Location /fcws>
    Order allow,deny
    Allow from all
    ProxyPass wss:// flushpackets=on
    ProxyPassReverse wss://


Make sure to copy the certificates from letsencrypt, where fullchain.pem becomes certificate.pem, and privkey.pem becomes key.pem in cfg/crt/.