Skip to main content

Appendix E – configuration example for Apache Proxy

<VirtualHost *:443>
  ServerName spark.gateway.com
  DocumentRoot C:/Apache24/htdocs/reverseproxy
  RequestHeader unset Accept-Encoding
  Header Set MCOE-Gateway "spark.gateway.v1"
  
  Header set Content-Security-Policy-Report-Only "default-src https://spark.gateway.com; \
    script-src https: 'unsafe-inline'; \
    style-src https: 'unsafe-inline'; \
    img-src data: https://spark.gateway.com; \
    connect-src wss: https://spark.gateway.com; \
    report-uri https://myserver.com/csp-report-master/report.php;"
    
  CustomLog "c:/apache24/logs/spark_access.log" common
  ErrorLog "c:/apache24/logs/spark_error.log"
  
  SSLEngine on
  SSLProxyEngine On
  SSLProtocol ALL -SSLv2 -SSLv3
  SSLHonorCipherOrder On
  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:  RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
  
  SSLCACertificateFile "c:/sslcerts/startcom.crt"
  SSLCertificateFile "c:/sslcerts/spark.gateway.com.crt"
  SSLCertificateKeyFile "c:/sslcerts/private.key"
  
  ProxyRequests Off
  ProxyPreserveHost Off
  ProxyHTMLEnable On
  ProxyHTMLExtended On
  ProxyHTMLCharsetOut UTF-8
  SetOutputFilter INFLATE;proxy-html;DEFLATE
  
  # For SparkView WebSocket
  ProxyPass "/LIST" "wss://internal.spark.gateway/LIST"
  ProxyPass "/RDP" "wss://internal.spark.gateway/RDP"
  ProxyPass "/GATEWAY" "wss://internal.spark.gateway/GATEWAY"
  ProxyPass "/CONF" "wss://internal.spark.gateway/CONF"
  ProxyPass "/LOGIN" "wss://internal.spark.gateway/LOGIN"
  
  ProxyPassReverse "/LIST" "wss://internal.spark.gateway/LIST"
  ProxyPassReverse "/RDP" "wss://internal.spark.gateway/RDP"
  ProxyPassReverse "/GATEWAY" "wss://internal.spark.gateway/GATEWAY"
  ProxyPassReverse "/CONF" "wss://internal.spark.gateway/CONF"
  ProxyPassReverse "/LOGIN" "wss://internal.spark.gateway/LOGIN"
  
  ProxyPass / https://internal.spark.gateway/
  ProxyPass / wss://internal.spark.gateway/
  
  ProxyPassReverse / https://internal.spark.gateway/
  ProxyPassReverse / wss://internal.spark.gateway/
</VirtualHost>

Must work with mod_proxy and mod_proxy_wstunnel.