How can I set up haproxy to send layer 7 requests (by domain name) to the right backedn (port 80 and 443)
Here is the an example from my test haproxy config file:
frontend example.com
bind :80,:443
acl ACL_example.com hdr(host) -i example.com www.example.com
use_backend example_80 if ACL_example.com
use_backend example_443 if { dst_port 443 }
backend example_80
balance roundrobin
server 001xx000x017 10.1.0.17:80 check
backend example_443
balance roundrobin
server 001xx000x017 10.1.0.17:443 check
In advance, many thanks for the help.
I figured it out, this is the layout of the actual config file for haproxy that works now:
frontend http_80
42 bind :80
41 # example.com
40 acl ACL_example_com hdr(host) -i example.com www.example.com
39
38 # sc.example.com
37 acl ACL_sc_example_com hdr(host) -i sc.example.com www.sc.example.com
36
35 # 001x.example.com
34 acl ACL_001x_example_com hdr(host) -i 001x.example.com www.001x.example.com
33
32 # example.com
31 acl ACL_example_com hdr(host) -i example.com www.example.com
30
29 # 001x01dns.example.com
28 acl ACL_001x01dns_example_com hdr(host) -i 001x01dns.example.com www.001x01dns.example.com
27
26 # example.tech
25 acl ACL_example_tech hdr(host) -i example.tech www.example.tech
24
23
22 use_backend example_80 if ACL_example_com
21 use_backend sc_example_80 if ACL_sc_example_com
ETC...
same logic is for port 443. Works perfect now :)
I have Node JS on my server, but it does not work. I think it's a problem of wearing.
With the following command :
# curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
# apt-get update
# apt-get install nodejs
That's all, I'm not doing anything else.
I installed drupal nodejs :
# cd /home/www.mydomaine.com/public_html
# npm install drupal-node.js
# npm install pm2 -g
Here is the configuration of my server :
<IfModule mod_fastcgi.c>
AddHandler php7-fcgi-www.mydomaine.com .php
Action php7-fcgi-www.mydomaine.com /php7-fcgi-www.mydomaine.com
Alias /php7-fcgi-www.mydomaine.com /usr/lib/cgi-bin/php7-fcgi-www.mydomaine.com
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-www.mydomaine.com -socket /run/php/php7.1-fpm.www.mydomaine.com.sock -idle-timeout 120 -pass-header Authorization
<Directory "/usr/lib/cgi-bin">
Require all granted
</Directory>
</IfModule>
<VirtualHost 138.74.184.65:80 [2001:21d0:0305:2100:0000:0000:0000:4741]:80>
ServerAdmin contact#mydomaine.com
ServerName mydomaine.com
ServerAlias www.mydomaine.com
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost 138.74.184.65:443 [2001:21d0:0305:2100:0000:0000:0000:4741]:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.mydomaine.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mydomaine.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.mydomaine.com/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Download-Options "noopen"
Header always set X-Permitted-Cross-Domain-Policies "none"
Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'"
Header set Set-Cookie HttpOnly;Secure
ServerAdmin contact#mydomaine.com
ServerName mydomaine.com
ServerAlias www.mydomaine.com
DocumentRoot /var/www/www.mydomaine.com/public_html/web/
<Directory /var/www/www.mydomaine.com/public_html/web>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
<IfModule mod_fastcgi.c>
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler php7-fcgi-www.mydomaine.com
</FilesMatch>
</IfModule>
ErrorLog /var/www/www.mydomaine.com/logs/error.log
CustomLog /var/www/www.mydomaine.com/logs/access.log combined
</VirtualHost>
</IfModule>
My site is in :
/home/www.mydomaine.com/public_html/web
Here is the NodeJS configuration for Drupal nodejs.config.js :
settings = {
scheme: 'http',
port: 8080,
host: 'localhost',
resource: '/socket.io',
serviceKey: 'hgfjkliutfh',
backend: {
port: 443,
host: 'www.mydomaine.com',
scheme: 'https',
basePath: '/web',
messagePath: '/nodejs/message'
},
debug: true,
sslKeyPath: '/etc/letsencrypt/live/www.mydomaine.com/privkey.pem',
sslCertPath: '/etc/letsencrypt/live/www.mydomaine.com/cert.pem',
sslCAPath: '/etc/letsencrypt/live/www.mydomaine.com/chain.pem',
baseAuthPath: '/nodejs/',
extensions: [],
clientsCanWriteToChannels: false,
clientsCanWriteToClients: false,
transports: ['websocket', 'polling'],
jsMinification: true,
jsEtag: true,
logLevel: 1
};
enter image description here
Here is the contents of my iptables :
#!/bin/sh
# Réinitialise les règles
iptables -t filter -F
iptables -t filter -X
# Bloque tout le trafic
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP
# Autorise les connexions déjà établies et localhost
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
# ICMP (Ping)
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT
# SSH
iptables -t filter -A INPUT -p tcp --dport 4829 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 4829 -j ACCEPT
# DNS
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
# NTP (horloge du serveur)
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
# NODE JS
iptables -t filter -A OUTPUT -p tcp --dport 8080 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8080 -j ACCEPT
# HTTP
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
# HTTP Caldav
iptables -t filter -A OUTPUT -p tcp --dport 8008 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8008 -j ACCEPT
# HTTPS
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
# HTTPS Caldav
iptables -t filter -A OUTPUT -p tcp --dport 8008 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT
# FTP
iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
# Mail SMTP
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 465 -j ACCEPT
# Mail POP3
iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 995 -j ACCEPT
# Mail IMAP
iptables -t filter -A INPUT -p tcp --dport 993 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 993 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
# Anti Flood / Deni de service / scan de port
iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
Here is the contents of my /etc/hosts
127.0.0.1 localhost
138.74.184.65 vps000000.ovh.net vps000000
2001:21d0:0305:2100:0000:0000:0000:4741 vps000000.ovh.net vps000000
127.0.1.1 myname.fr
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Here is the contents of my /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Result of the command netstat -ntpl
root#vps000000:~# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2476/master
tcp 0 0 0.0.0.0:4829 0.0.0.0:* LISTEN 1423/sshd
tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN 1690/postgrey.pid -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1452/mysqld
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 24716/drupal
tcp6 0 0 :::25 :::* LISTEN 2476/master
tcp6 0 0 :::443 :::* LISTEN 24939/apache2
tcp6 0 0 :::4829 :::* LISTEN 1423/sshd
tcp6 0 0 :::7134 :::* LISTEN 1913/java
tcp6 0 0 :::80 :::* LISTEN 24939/apache2
Drupal displays this message :
The Node.js server was successfully reached.
On my site the following error is displayed in the console :
Failed to load for element whose source is «
http://localhost:8080/socket.io/socket.io.js ».
And :
Refused to load the script
'http://localhost:8080/socket.io/socket.io.js' because it violates the
following Content Security Policy directive: "default-src https: data:
'unsafe-inline' 'unsafe-eval'". Note that 'script-src' was not
explicitly set, so 'default-src' is used as a fallback.
In the terminal I have :
root#vps000000:/home/www.mydomaine.com/public_html/node_modules/drupal-node.js# node app.js
Started http server.
[2018/03/15 16:44:02] Route callback: checkServiceKey
[2018/03/15 16:44:02] Route callback: healthCheck
UPDATE
I have updated my configuration as below and drupal seems to have found /socket.io/socket.io.js I started to despair.
Here is the NodeJS configuration for Drupal nodejs.config.js :
settings = {
scheme: 'http',
port: 8080,
host: 'www.s1biose.com',
resource: '/socket.io',
serviceKey: 'hgfjkliutfh',
backend: {
port: 443,
host: 'www.s1biose.com',
scheme: 'https',
basePath: '/web',
messagePath: '/nodejs/message'
},
debug: true,
sslKeyPath: '/etc/letsencrypt/live/www.s1biose.com/privkey.pem',
sslCertPath: '/etc/letsencrypt/live/www.s1biose.com/cert.pem',
sslCAPath: '/etc/letsencrypt/live/www.s1biose.com/chain.pem',
baseAuthPath: '/nodejs/',
extensions: [],
clientsCanWriteToChannels: false,
clientsCanWriteToClients: false,
transports: ['websocket', 'polling'],
jsMinification: true,
jsEtag: true,
logLevel: 1
};
On Drupal my configuration is as follows :
enter image description here
Now the console displays the following message :
Refused to connect to 'wss://www.s1biose.com:8080/socket.io/?EIO=3&transport=websocket&sid=8T6_V7vjKg48n731AAAJ' because it violates the following Content Security Policy directive: "default-src https: data: 'unsafe-inline' 'unsafe-eval'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
n.doOpen # universalModuleDefinition:3
What does this message mean ? Am I on the right track ? On my previous configuration console indicated that it does not find the file /socket.io/socket.io.js is that sque I progress ?
What is this "wss" instead of "https" is this normal ?
On Apache you configure ports in /etc/apache2/ports.config.
In your ports.config your server is listening on port 80, however on your node settings file, you’re pointing to port 8080 and missing the backend port 80.
See step 5:
https://www.drupal.org/project/drupalchat/issues/1415624
And also, your firewall (iptables) rules are reflecting on port 8080.
So, you need to match up port 80 or 8080.
Then try to access your site and check the Apache logs ..../ logs/Apache/access.log and
....../error.log
Besides, your host in in Apache and other settings files don’t match up localhost or 'www.mydomaine.com'??
Furthermore, your /etc/hosts doesn’t know about 'www.mydomaine.com' thus not reachable in your machine as it’s not in DNS.
In /etc/hosts add
127.0.0.1 mydomaine.com
Updated
Also, the refused message indicates that you need to allow .js files in your content security policy in your security.conf file or .htaccess file on shared host example:
content="default-src 'self' https:// example.com/js/"
See this example for background on the topic:
https://www.sitepoint.com/improving-web-security-with-the-content-security-policy/
**update new **
Based on your newest comments and error it’s clear that 1) content policy isn’t changed in Apache config(see above details) and 2)
In your nodejs config file there is mismatch between https and backend of https(443 port). First, try to get http working and then move to ssl. 3) use real DNS than localhost.
Try this changes (have ** don’t add the *)
settings = {
scheme: 'http',
port: 8080,
host: 'www.s1biose.com',
resource: '/socket.io',
serviceKey: 'hgfjkliutfh',
backend: {
port: **80**,
host: 'www.s1biose.com',
scheme: '**http**',
basePath: '/web',
messagePath: '/nodejs/message'
I'd like to capture a HTTP service call from HostA -> HostB to test the client on HostA. Both OS are Linux. I tried following but fail.
What's the recommended way to do this?
I would like to use transparent proxy mode because I cannot modify client and cannot redirect all traffic from HostA to hostB as other service also running on HostA. I'd like only redirect the connection of the client from host A to host B.
The client in Host A call a service on Host B on a certain port 10001 by HTTP.
I tried setup HostC with mitmproxy (HostA and HostC are in the same subnet)
HostA (ip_A) -> HostC(ip_C) with mitmproxy-> HostB(ip_B) , I set the ip table to build transparent mode.
Following is what I setup for on HostA
sudo iptables -t mangle -I OUTPUT -p tcp --dport 10001 -j MARK --set-mark 1
sudo ip route add default via ip_C table 100
sudo ip rule add fwmark 0x1 table 100
On HostC
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A PREROUTING -o eth0 -p tcp --dport 10001 -j REDIRECT --to-port 8080
mitmproxy -T --host
This doesn't work. client on HostA connection timeout.
If I try traceroute on HostA
traceroute ip_B -p 10000 -T
It shows ip_B is unreachable on TCP from HostA
I also tried setup mitmproxy on HostA, but when I try to redirect traffic of port 10001
on HostA
sudo iptables -t nat -A OUTPUT -p tcp --dport 10001 -j REDIRECT --to-port 8080
mitmproxy -T --host
The service call could be capture by mitmproxy on HostA but cannot get response.
Thanks a lot for your help.
I have already running 2 servers at digital ocean and I installed nginx for webserver and nodejs for app server.
For app server :
Nodeapp Directory : /var/appdata/myapp/
Nodejs app running at 4680 Port;
However in the app server I have couple iptables options(firewall)
IPTABLES Options I did for appserver:
*filter
# Default policy is to drop all traffic
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
# Allow all loopback traffic
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
# Allow ping.
-A INPUT -p icmp -m state --state NEW --icmp-type 8 -j ACCEPT
# Allow incoming SSH, HTTP and HTTPS traffic
-A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT
# Allow inbound traffic from established connections.
# This includes ICMP error returns.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Log what was incoming but denied (optional but useful).
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7
# Allow outgoing SSH, HTTP and HTTPS traffic
# This is useful because we won't be able to download and install
# NPM packages otherwise and use git over SSH
-A OUTPUT -o eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT
# Allow dns lookup
-A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
-A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
# Set rate limits for DOS attack prevention (optional)
# The rates here greatly depend on your application
-A INPUT -p tcp -m multiport --dports 80,443 -m limit --limit 250/minute --limit-burst 1000 -j ACCEPT
# Log any traffic which was sent to you
# for forwarding (optional but useful).
-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7
COMMIT
For Webserver default config is like this-
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
proxy_pass http://10.135.9.223:4680 ;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
With All these option I almost write down everything I guess but if anything missed pls let me tell.
So the main problem here is
when I enter url for http://web-server-ip-address it responds 504 gateway timed out
EDIT :
When I disable the firewall there is no problem.
Disabled the firewall and take an advantage on cloudflare if you're not familiar with those types of errors
I have rewritten the question, using the answer from Pedro.
I am getting the error “no listening sockets available, shutting down”, when i try to execute simple script :
$ apache2ctl -f `pwd`/conf/httpd.conf -d `pwd`
on Linux Mint based on Ubuntu.
i am in the directory /usr/www/apache3/site.toddle,
The contents of /usr/www/apache3/site.toddle/conf/httpd.conf is
User www-data
Group www-data
# added to get rid of apache2: Configuration error: No MPM loaded
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
#copied from 000-default.conf from /etc/apache2/sites-available
<VirtualHost *:1081>
ServerName my586
ServerAdmin webmaster#localhost
DocumentRoot /usr/www/apache3/site.toddle/htdocs/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
I have followed the Pedro answer and links.
1) using sudo gedit /etc/apache2/ports.conf added to the /etc/apache2/ports.conf the line and saved the file:
#original: Listen 80
Listen 1081
2) restarted apache using $ sudo /etc/init.d/apache2 restart
3) configured iptables using Pedro example for port 1081:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 1081
sudo iptables-save
sudo iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 1081
sudo iptables-save
But running the command: apache2ctl -fpwd/conf/httpd.conf -dpwd
gives the error "no listening sockets available, shutting down
AH00015: Unable to open logs
Action '-f /usr/www/apache3/site.toddle/conf/httpd.conf -d /usr/www/apache3/site.toddle' failed."
Checking with netstat, gives that apache listens to the port 1081:
$ sudo netstat -ltnp | grep ':1081'
tcp6 0 0 :::1081 :::* LISTEN 3160/apache2
The rules that have always worked for me for redirecting incoming traffic on port 80 to an apache server on port 1080 are:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 1080
sudo iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 1080
You could test these rules by listening with netcat on port 1080 on your server, and trying to connect to your server on port 80 using netcat from a different machine.
Then make sure that your apache server has it's config set to you port 1080.
See this post for setting Apache to run on different port:
Configure apache to listen on port other than 80