Edit me

This is an example of a configuration of Apache as a proxy in front of JATOS. While it’s not necessary to run JATOS with a proxy, it’s common to do so in order to allow encryption.

Here I used Apache 2.4.18 on a Ubuntu system. I recommend to use at least version 2.4 since JATOS relies on WebSockets that aren’t supported by earlier Apache versions.

I had to add some modules to Apache to get it working:

sudo a2enmod rewrite
sudo a2enmod proxy_wstunnel
sudo a2enmod proxy
sudo a2enmod headers
sudo a2enmod ssl
sudo a2enmod lbmethod_byrequests
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
sudo a2enmod remoteip

The following is an example of a proxy config with Apache. I stored it in /etc/apache2/sites-available/example.com.conf and added it to Apache with the command sudo a2ensite example.com.conf.

  • It enforces access via HTTPS by redirecting all HTTP traffic.
  • As an additional security measurement you can uncomment the <Location "/jatos"> and config your local network. This will restrict the access to JATOS’ GUI (every URL starting with /jatos) to the local network.
<VirtualHost *:80>
  ServerName www.example.com
  
  # Redirect all unencrypted traffic to the respective HTTPS page
  Redirect "/" "https://www.example.com/"
</VirtualHost>

<VirtualHost *:443>
  ServerName www.example.com

  # Restrict access to JATOS GUI to local network
  #<Location "/jatos">
  #  Order deny,allow
  #  Deny from all
  #  Allow from 127.0.0.1 ::1
  #  Allow from localhost
  #  Allow from 192.168
  #</Location>

  # Needed for JATOS to get the correct host and protocol
  ProxyPreserveHost On
  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Ssl "on"
  
  # Your certificate for encryption
  SSLEngine On
  SSLCertificateFile /etc/ssl/certs/localhost.crt
  SSLCertificateKeyFile /etc/ssl/private/localhost.key

  # JATOS uses WebSockets for its batch and group channels
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://localhost:9000/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)           http://localhost:9000/$1 [P,L]

  # Proxy everything to the JATOS running on localhost on port 9000
  ProxyPass / http://localhost:9000/
  ProxyPassReverse / http://localhost:9000/
</VirtualHost>