Apache HTTPS Redirector instead of socat.

[awakenine]

Hello Everyone. Thank you for the awesome project.

I would like to perform integration with https://github.com/outflanknl/RedELK project to have log shipping from all the components in one place. I'm faced that for using HTTPS on redirector and advanced logging of requests redirector socat is not enough, and I have to use web server (e.g. Apache) instead of socat.

I've success in running Apache HTTP proxy instead of Socat changing these lines

overlord/redbaron/modules/digitalocean/http-rdir/main.tf

Lines 28 to 32 in 960d642

	"apt-get update",
	"apt-get install -y tmux socat apache2",
	"a2enmod rewrite proxy proxy_http ssl",
	"systemctl stop apache2",
	"tmux new -d \"socat TCP4-LISTEN:80,fork TCP4:${element(var.redirect_to, count.index)}:${var.http-port}\" ';' split \"socat TCP4-LISTEN:443,fork TCP4:${element(var.redirect_to, count.index)}:${var.https-port}\"",

Lines that I added instead:

      "apt-get update",
      "apt-get install -y apache2",
      "a2enmod rewrite proxy proxy_http proxy_connect ssl proxy_html deflate headers",
      "echo \"\" > /etc/apache2/ports.conf",
      "wget https://gist.githubusercontent.com/awakenine/180037cebe2def828eb21546d71126cd/raw/d7aa6d72ef2cf00eaa1b5d7bf2178a8434a8139e/redelk-redir-apache.conf -O /etc/apache2/sites-available/redelk-redir-apache.conf",
      "echo \"export C2_IP=${element(var.redirect_to, count.index)}\" >> /etc/apache2/envvars",
      "echo \"export RDIR_DOMAIN=${digitalocean_droplet.http-rdir[count.index].name}\" >> /etc/apache2/envvars",
      "a2dissite 000-default.conf",
      "a2ensite redelk-redir-apache.conf",
      "systemctl restart apache2",

After that, I've tried to generate HTTPS certificate and copy it to the redirector machine.
First, I've used letsencrypt module to generate certificate to redirector (that was created automatically with c2). The certificate generates successfully but was not transferred to the redirector droplet, because it uses https://github.com/qsecure-labs/overlord/blob/960d6425299a6202ae91e476ea0b7d55dcf06c13/redbaron/modules/letsencrypt/digitalocean/create-cert-dns-do/main.tf which does not have file provisioner.
To use first option now I have to copy cert manually to the redirector.

Second, I've tried to generate certificate directly into the redirector with the following, but variable with subdomain + domain is not declared for http-rdir terraform config.
To use second option now I have to somehow call the subdomain + domain variable from http-rdir module.

"certbot --apache --non-interactive --agree-tos --email ${var.email} --domain ${var.domain} --pre-hook 'sudo service apache2 stop' --post-hook 'sudo service apache2 start'", #--dry-run is for staging not production chage this

I would be happy if you help me with any option to achieve HTTPS redirector working on Apache, because it is much more powerful than Socat, allows collect and save logs in different formats, use conditional redirect when it only matches specific traffic rules and finally allows to setup integration with RedELK tool that is really powerful if you would like to have all logs and possible events with a full timeline in one place.

[Sikkis]

Hi awakenine, First of all, thank you for your kind words. I wanted to add Apache HTTP redirection for a long time but due to my busy schedule, I did not come back to the project for a while to add more features, rather we just try to fix bugs & scripts that were available.

I don't think it could be that hard to implement, let me think about it over the weekend and come back at you with some solutions.