OpenVPN port-share with Apache/SSL
port-share option sets the port the other application is listening.
What you want to do, is to configure
and set Apache to listen on port 10443:
That's because two applications can't open same port at once.
OpenVPN's port-share option allows you to redirect traffic to another HTTPS site , not to a regular web server; the error you're seeing
[error] [client 127.0.0.1] Invalid method in request \x16\x03\x01
occurs when an SSL request is sent to a non-0SSL site. I can reproduce the error by using
port-share localhost 80
(instead of 443) If you set up your HTTPS site correctly then port-sharing will work.
While finding an answer that suits my server I found everyone talking about
portshare function of the OpenVPN config. However, in my case, I need to know the actual client IP address for logging and other functions. I found that using
portshare causes the local IP of the server to be logged.
To fix this,
portshare [port]function in OpenVPN
- Set Apache server to listen to
- Install the ProxyProtocol extension (following the instructions in the repo readme), available from: https://github.com/roadrunner2/mod-proxy-protocol
- Add the line
ProxyProtocol Onin the Apache config.
It should work and serve the above purpose. Just posted this and hope it can help someone who wants to do something like I did.