This Apache 2.4 configuration will provide a proxy passthrough (using SSL) to the localhost Node.js TiddlyWiki listening on http://127.0.0.1:8080.

It only allows POST methods from the username defined by $TW5USER.

Additional information about TiddyWiki can be found here:

• http://tiddlywiki.com
• http://tiddlywiki.com/static/Installing%2520TiddlyWiki%2520on%2520Node.js.html

export TW5USER="$USER"
export TW5WIKI="my_new_wiki"
export SSL_LOCATION="Milton"
export SSL_STATE="Cambridgeshire"
export SSL_COUNTRYCODE="GB"
sudo -s -E -H
cd /
apt-get update -y
apt-get install -y nodejs nodejs-legacy npm apache2 apache2-utils
npm install -g tiddlywiki
openssl req \
  -subj "/CN=$(hostname -f)/O=$(hostname -d)/OU=$(getent passwd "$TW5USER" | cut -d':' -f5)/L=$SSL_LOCATION/ST=$SSL_STATE/C=$SSL_COUNTRYCODE" \
  -new -newkey rsa:4096 -days 1180 -nodes -x509 \
  -keyout "/etc/ssl/private/$(hostname -f).key" -out "/etc/ssl/certs/$(hostname -f).crt"
chmod 400 "/etc/ssl/certs/$(hostname -f).crt"
chmod 400 "/etc/ssl/private/$(hostname -f).key"
htpasswd -b -B -c /etc/apache2/tw.passwd "$TW5USER" "your_password_here"
cd /etc/apache2/sites-enabled
a2dissite *
cd /etc/apache2/sites-available
cat <<EOT > tw5.conf
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin $TW5USER@$(hostname -d | sed 's/^eng\.//')
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/tw-error.log
        CustomLog ${APACHE_LOG_DIR}/tw-access.log combined

        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/$(hostname -f).crt
        SSLCertificateKeyFile /etc/ssl/private/$(hostname -f).key

        BrowserMatch "MSIE [2-6]" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        RewriteEngine On
        RewriteCond %{LA-U:REMOTE_USER} !^${TW5USER}$
        RewriteCond %{REQUEST_METHOD} !^(GET|HEAD)
        RewriteRule .* - [R=405,L]

        Header merge Cache-Control no-cache

        <Location />
            AuthType basic
            #AuthName "Use 'guest' & email address for guest entry"
            AuthName "tw5"
            #AuthBasicProvider file anon
            AuthBasicProvider file
            AuthUserFile /etc/apache2/tw.passwd
            #Anonymous_NoUserID on
            #Anonymous_MustGiveEmail off
            #Anonymous_VerifyEmail off
            #Anonymous_LogEmail on
            #Anonymous anonymous anon guest www test welcome
            Require valid-user
        </Location>

        <Proxy *>
            Order Deny,Allow
            Allow from all
        </Proxy>
        ProxyPreserveHost Off
        ProxyPass / http://127.0.0.1:8080/
        AllowEncodedSlashes on
    </VirtualHost>
</IfModule>
EOT
a2ensite tw5.conf
a2enmod ssl
a2enmod rewrite
a2enmod headers
a2enmod proxy
a2enmod proxy_http
service apache2 restart
exit
cd
tiddlywiki "$TW5WIKI" --init server
screen -c /dev/null -d -m -S tw5 -t tw5 -U tiddlywiki "$TW5WIKI" --server