Skip to content

Running Solid behind a reverse proxy

Jump to bottom Edit New page
Melvin Carvalho edited this page Oct 2, 2018 · 15 revisions

Need: Running Solid alongside other services on a single port

If you want to run multiple services on a single port 443 of a machine, you will need a reverse proxy (such as NGINX) to route on HTTP level between different back-end services.

One of Solid's authentication mechanisms is WebID-TLS: the client sends its client certificate during the TLS handshake. However, by default, this requires the client to set up a TLS connection directly with the Solid server: if the TLS handshake is performed by an intermediary, the Solid server cannot see the client certificate.

Solution 1: Run Solid on a different port

When running Solid on a different port than the reverse proxy, we can bypass that proxy.

The drawbacks are uglier URLs (such as https://example.org:1234/), and possibly firewall problems (if only ports 80 and 443 are allowed).

Solution 2: HAProxy

Example of a config:

https://gist.github.com/melvincarvalho/17c2675978576ed37f83c88fbc0a9327

Advanced usage:

https://www.haproxy.com/blog/using-haproxy-as-an-api-gateway-part-1/

Solution 3: Apache

    ProxyPass /ci http://localhost:8080/ci
    ProxyPassReverse /ci http://localhost:8080/ci

see: https://github.com/linkeddata/gold/issues/88

see: https://gitter.im/linkeddata/chat?at=5a54c72fb48e8c3566bba507

Add a custom footer
Add a custom sidebar
Clone this wiki locally