locked
when running behind reverse proxy, does app need to be running on https? RRS feed

  • Question

  • User1874493748 posted

    I am potentially planning to run asp.net core on linux behind an apache reverse proxy. 


    when running the asp.net core does it need to be running on https?


    I can set apache https directive as follow - and when i access this from the browser it is working fine.


    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:5000/
    ProxyPassReverse / http://127.0.0.1:5000/
    ServerName app.domain.com
    ServerAlias *.app.domain.com
    ErrorLog ${APACHE_LOG_DIR}helloapp-error.log
    CustomLog ${APACHE_LOG_DIR}helloapp-access.log common


    Are there any issues with this?

    Tuesday, December 1, 2020 9:56 PM

All replies

  • User-474980206 posted

    depends on how trusted the apps on the hosting server are.  if its a trusted server (or docker image), and port 5000 is blocked from external access, then you should be good.

    if its a shared host, then trouble.

    Tuesday, December 1, 2020 10:48 PM
  • User1874493748 posted

    it will be my own VPS. the other web apps that will run there will  be other apps i own / have written.

    Tuesday, December 1, 2020 11:06 PM
  • User-474980206 posted

    Then just be sure the asp.net port is not open to external servers.

    Wednesday, December 2, 2020 3:22 PM