XAMPP how to secure forward proxy for port 443

Solution 1:

<VirtualHost *:443>    
      ServerName demo.website.com
      ServerAlias website.com
      <Location /api/socket>
        ProxyPass ws://localhost:5000/api/socket
        ProxyPassReverse ws://localhost:5000/api/socket
      </Location>
      <Location />
        ProxyPass http://localhost:5000/
        ProxyPassReverse http://localhost:5000/
      </Location>
      SSLEngine on
      SSLCertificateFile "conf/ssl.crt/cert1.crt"
      SSLCertificateKeyFile "conf/ssl.key/cert1.key"
    </VirtualHost>

Is this fine from security point of view?

Technically that will work as expected/needed and that is not an immediate security problem (like running an open proxy server) .

For a more secure environment you might want to make some trade-offs and tune much more than just using the the default settings your Apache httpd package shipped with :

• regularly check for and install security updates and big fixes
• https://httpd.apache.org/docs/2.4/misc/security_tips.html is one of many starter guides on hardening your Apache httpd server
• tune your TLS settings.
  Test your server with https://www.ssllabs.com/ssltest/ follow their recommendations and those from https://cipherli.st/
• in particular for API's but also for more generic web sites/applications you might want to limit what http methods are allowed to only a subset of GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK.
• when you only need reverse proxy functionality, use something more lightweight instead of a complete web server such Apache.