I have a Ubuntu server (18.04) which hosts some websites on Apache2, and also has a node app running. I want the node app to use SSL, but as it's not running as root it doesn't have permission to listen to ports below 1024.
So I set up an iptables rule like below, and listen on port 8443:
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
This works for node, but now the websites all break due to a certificate mismatch (Error code: SSL_ERROR_BAD_CERT_DOMAIN in Firefox). I presume this is due to HTTPS web requests also being forwarded to that same port.
Is there a way to detect and forward only the node requests, leaving Apache alone? Or some other solution.
To form this answer, I will assume that when you say that you have other apache sites hosted on that server, that they will also use HTTPS. Due to this, routing port 443 to the node service will break your SSL sites within apache2 in every single circumstance... unless you proxy.
You'd be better off running a new Apache VHost, and using ProxyPass, and making sure that you're pointing the proxy pass to localhost but with the important port number on the end, e.g. https://localhost:8443.
As per usual, DigitalOcean have a good guide on how to achieve this here:
https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension