ROS WebUI behind Apache reverse proxy

RouterOS General
1

Hi guys,

got my first MT router few weeks ago, among other things I’m trying to “reverse proxy” the ROS WebUI via an Apache server running inside my LAN in order to keep standard HTTP/S ports free for NAT, have a neat public URL, manage TLS certificates with ease.

Using simple standard config…


<VirtualHost *:80>

 ServerName ***
 RedirectMatch permanent ^(.*)$ https://***$1

 ErrorLog ${APACHE_LOG_DIR}/router_error.log
 CustomLog ${APACHE_LOG_DIR}/router_access.log combined

</VirtualHost>

<VirtualHost *:443>

 ServerName ***

 ProxyRequests off
 ProxyPreserveHost On

 ProxyPass / http://192.168.2.1:8080/
 ProxyPassReverse / http://192.168.2.1:8080/

 SSLEngine on

 SSLCertificateFile       /etc/letsencrypt/live/***/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/***/privkey.pem
 SSLCACertificateFile  /etc/letsencrypt/live/***/chain.pem

 ErrorLog ${APACHE_LOG_DIR}/router_error.log
 CustomLog ${APACHE_LOG_DIR}/router_access.log combined

</VirtualHost>

…results in a spoiled behavior as you can see from following animated GIF (click on thumbnail):

Via direct LAN connection (http://:) runs smoothly, of course.

Well I ain’t no Apache nerd (you don’t say!) but I’m quite sure config needs improvements…maybe rewrite rules? Or some code lines about web socket?
Any idea? Thanks in advance!

2

nobody have hints? :cry:

3

Have a look at Chrome’s developer tools (F12), and more specifically the network tab.

Compare what you see there with what you’ll get if you open up the router directly. This will give you a hint as to what may be going on.

I would guess that what’s happening is that RouterOS is producting full links, rather than relative ones. But that’s just pure speculation.

Also, if you’re just going to use the web server for a reverse proxy, maybe consider using Nginx instead of Apache?

4

enable mod_substitute.so, mod_proxy.so and mod_proxy_http.so

<Location /router/ >
ProxyPass http://192.168.88.1/
ProxyPassReverse http://192.168.88.1/
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|/graph.|/router/graph.|i"
Substitute "s|"/graphs"|"/router/graphs/"|i"
Substitute "s|/help/|/router/help/|i"
Substitute "s|/favicon.png|/router/favicon.png|i"

ProxyPass /webfig http://192.168.88.1/webfig
ProxyPassReverse /webfig http://192.168.88.1/webfig
ProxyPass /jsproxy http://192.168.88.1/jsproxy
ProxyPassReverse /jsproxy http://192.168.88.1/jsproxy