science695
commented
3 years ago Apache and umbrella can exist on the same system. But they cannot both listen to ports 80 and 443.
I would assume that umbrella should get 80 and 443, and that apache would be serving your backend, and have some high port like 8001. You use that address / port in your umbrella setup for the backend.
Hi,
I'm trying to set up API Umbrella for my Django app. The django app comes from a Bitnami image that is made on Debian 10 that uses Apache to serve content. Currently, it is an app that is hosted on EC2 with SSL support set up, via Apache 2.4. My team found out about API Umbrella to perhaps solve the problem of how all requests are essentially open, since we have no token authorization, no rate limiting, and no keys which means there is public access to all of its resources. To restrict access, we found this as a possible solution, and I'm trying to install it on the EC2 server.
I'm encountering a number of challenges - first, I'm using Docker because I couldn't find a Debian 10 release (no big deal at all). I set up a configuration file and I believe it is working. When I first set up the Docker image, I got the homepage fine on the self-signed certificate (viewable in Firefox only, since Chrome requires a special flag to view self-signed SSL pages). I don't recall seeing it work via http only, perhaps my memory is wrong or API umbrella automatically redirects to SSL. So I then realized, I need to get SSL working on the docker image (presumably with the certificates I currently use).
A question - It would be easiest to have API umbrella and my django app on the same EC2 instance, unless it is specifically the case that this is not possible, and they need to be on separate machines?
Right now SSL is configured through an Apache conf file. Inside the file that configures port 80, the virtual host points to the WSGI file that Django requires in order to work with the apache module. Inside the config file that configures port 443, there is a mixture of SSL required options and the virtual host that is essentially the same as port 80 with some SSL settings in place.
As I ran the docker image, I occasionally got the message that the port 80 and 443 are binded to. So I thought that I should host the django app on a random port 20000, and have apache only listen on that port. But I was unsure how the docker image which listens on 443 and 80 would work with my current apache setup. It seems that they cannot listen on the same ports. So I thought I have to forward all requests that docker api umbrella captures on 80 and 443 to 20000.
So then I wrote a new Apache config file that says the django app is on port 20000, and made apache only listen to 20000 and turned off listening to 443 and 80. But now I can't see the API umbrella site at all, even though the container is running and the API-umbrella daemon is running inside the container. I'm unsure of how I wire this all together. It seems that Apache and API umbrella cannot coexist on the same filesystem. Is this the case? If it's not, what's a high level plan for setting up this reverse proxy with Apache?
I deeply appreciate the help. Even if it's not the case that it can work, any advice about alternatives like other technologies that solve the problem of rate limiting and authorization (like JWT) for my API is welcomed advice.