I have the following apache configuration file for a reverse proxy :
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
ErrorLog /var/log/apache2/NewPC-error.log
CustomLog /var/log/apache2/NewPC-access.log common
SSLEngine on
SSLProtocol all -SSLv2
SSLCertificateFile /etc/ssl/private/localhost.crt
SSLCertificateKeyFile /etc/ssl/private/localhost.key
</VirtualHost>
The reverse proxy works properly bu I always have the port number (5000) in the URL.
Is there any way to remove if please ?
Regards,
The configuration looks good and what you described shouldn't happen unless it's the application running behind the proxyPass that is sending a redirect/location to the client including the port.
You can test it simulating requests to the application running on port 5000 with curl (-v option) or the tool you prefer.
Related
I am running nodejs for my systems backend management but I have a mediawiki for documentation. I was able to access the mediawiki through example.com/mediawiki but no I get too many redirects. Though I can still access my backend as normal, example.com/login. I have checked my other configs for rogue redirects and didnt find any. Also, I checked apache2.conf.
Here is my vhost
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
Redirect permanent / https://example.com/
Redirect permanent /mediawiki https://example.com/mediawiki/
</VirtualHost>
<VirtualHost *:443>
Redirect permanent / https://example.com/login
SSLEngine on
SSLProxyEngine on
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLHonorCipherOrder on
SSLCertificateFile /etc/ssl/certs/example_cert.crt
SSLCertificateKeyFile /etc/ssl/private/example_cert.key
SSLCertificateChainFile /etc/ssl/certs/incommon_interm.crt
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
Header set Access-Control-Allow-Origin "*"
ProxyRequests Off
ProxyPreserveHost On
ProxyVia On
<Proxy *>
Require all granted
</Proxy>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:9000/$1 [P,L]
ProxyPass /login http://localhost:3000/login
ProxyPassReverse /login http://localhost:3000/login
</VirtualHost>
I'm trying to expose web app via subdomain with SSL or via route.
Subdomain Method:
The webapp I'm running is on port: http://localhost:4567/
With the following configuration, the web browser tells me the app is "not secure" (non-https).
The app is generally working fine, but is non-https.
What am I doing wrong?
Are there alternative configurations?
<IfModule mod_ssl.c>
Listen 443
NameVirtualHost *:443
</IfModule>
<VirtualHost *:80>
ServerName blast.example.com
Redirect permanent / https://blast.example.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin me#gmail.com
ServerName blast.example.com
# ProxyPreserveHost On
ProxyRequests off
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
# ProxyPass / http://localhost:4567/
# ProxyPassReverse / http://localhost:4567/
<Location />
ProxyPass http://localhost:4567/
ProxyPassReverse http://localhost:4567/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile ...
SSLCertificateKeyFile ...
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
I had been following the prescription given at How to configure multiple subdomain with SSL in Apache?
Path/Route Method
I had also tried exposing the app as a route path (ie https://example.com/blast)
<Location /blast/ >
ProxyPass http://localhost:4567/
ProxyPassReverse http://localhost:4567/
</Location>
but the reverse proxy didn't see to work in that, if I started with:
https://example.com/blast
And clicked whatever on the start page.
The app would generate a internal URL without the /blast part, resulting in 404:
https://example.com/blah-blah-generated-url
(should be https://example.com/blast/blah-blah-generated-url)
In general, the subdomain path seems to work better except for the non-https problem.
Setting up a path/route:
Making the application accessible with https://example.com/blast. If the application generates new routes, ProxyPassReverse is needed; otherwise; only ProxyPass is needed.
<VirtualHost *:443>
...
ProxyPass "/blast/" "http://localhost:4567/"
ProxyPassReverse "/blast/" "/"
...
Found in Example 1, here: ProxyPassReverse doesn't rewrite Location (http header)
I use apache2 on Ubuntu and acme with letsencrypt in order to secure my website.
I also want to redirect from http://mywebsite.com to https://mywebsite.com but this does not work with the following config:
File name-xy.conf looks like this:
<VirtualHost *:80>
ServerName mywebsite.com
ProxyRequests off
ProxyPreserveHost On
<Location / >
ProxyPass "ajp://localhost:9090/"
ProxyPassReverse "ajp://localhost:9090/"
</Location>
</VirtualHost>
File name-xy-ssl.conf looks like this:
<VirtualHost *:80>
ServerName mywebsite.com
RewriteEngine on
#RewriteCond %{SERVER_NAME} =www.mywebsite.com [OR]
RewriteCond %{HTTPS} =mywebsite.com
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# forward ORDS requests to tomcat
<VirtualHost *:443>
ServerName mywebsite.com
# SSL certificates settings
#Include /etc/apache2/conf-enabled/options-ssl-apache.conf
SSLCertificateFile /etc/apache2/ssl/mywebsite.com/fullchain.cer
SSLCertificateKeyFile /etc/apache2/ssl/mywebsite.com/mywebsite.com.key
SSLCertificateChainFile /etc/apache2/ssl/mywebsite.com/ca.cer
ProxyRequests on
ProxyPreserveHost On
<Location / >
ProxyPass "ajp://localhost:9090/"
ProxyPassReverse "ajp://localhost:9090/"
</Location>
</VirtualHost>
With this config I will navigate to the default apache2 homepage, https://mywebpage.com works fine.
What is wrong in this config in order to redirect from http://mywebsite.com to https://mywebsite.com automatically?
To handle this situation, I have my http vhost as follows. I don’t think it requires enabling any new modules either, just add the redirect statement like the last line :)
Since you are using Ubuntu with Apache. LetsEncrypt automatically installs and does the configuration for apache for SSL. If you want to do a manual configuration follow the below.
File name-xy.conf should look like this:
<VirtualHost *:80>
ServerName mywebsite.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ProxyRequests off
ProxyPreserveHost On
<Location / >
ProxyPass "ajp://localhost:9090/"
ProxyPassReverse "ajp://localhost:9090/"
</Location>
#Add the below Lines
RewriteEngine on
RewriteCond %{SERVER_NAME} =mywebsite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
File name-xy-ssl.conf should look like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mywebsite.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# SSL certificates settings
#Include /etc/apache2/conf-enabled/options-ssl-apache.conf
SSLCertificateFile /etc/apache2/ssl/mywebsite.com/fullchain.cer
SSLCertificateKeyFile /etc/apache2/ssl/mywebsite.com/mywebsite.com.key
SSLCertificateChainFile /etc/apache2/ssl/mywebsite.com/ca.cer
ProxyRequests on
ProxyPreserveHost On
<Location / >
ProxyPass "ajp://localhost:9090/"
ProxyPassReverse "ajp://localhost:9090/"
</Location>
</VirtualHost>
</IfModule>
Restart your apache server sudo service apache2 restart and clear your browser cache and history to take effect.
Good evening,
I am trying to set up my apache2 reverse proxy
(following https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy)
for etherpad lite
(following https://www.howtoforge.com/tutorial/ubuntu-etherpad-editor-server-installation/, except for the nginx part).
I use http->ssl redirection. Since I use letsencrypt I can only access domain.com and not etherpad.domain.com (at least firefox won't let me and I want to avoid changing that certificate each time I add a new site). So I would like to access my etherpad just as I do access my other sites: domain.com/etherpad. However I always get a 404 trying to get to the site. Looking at a working example, in my nextcloud.conf file I have a line saying:
Alias /nextcloud /local/path/to/nextcloud
However the etherpad reverse proxy virtual host file looks entirely different, the key difference is etherpad not having a local folder but only a mysql database. (Please correct me if this is wrong)
So I tried changing the ssl example from the second link to the following, but it does not work. Please understand that I changed domain name and some internal paths, but "apache2ctl configtest" succeeds and the service is running without error.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName randomisedDomain.com/etherpad
# SSL configuration
SSLEngine on
# If you hold wildcard certificates for your domain the next two lines are not necessary.
SSLCertificateFile "/working/path/to/fullchain.pem"
SSLCertificateKeyFile "/working/path/to/privkey.pem"
ProxyVia On
ProxyRequests Off
ProxyPreserveHost on
<Location />
AuthType Basic
AuthName "Welcome to the randomisedDomain.com Etherpad"
AuthUserFile /working/path/to/etherpad.passwd
#AuthGroupFile /path/to/svn.group
Require user etherpad
ProxyPass http://localhost:9001/ retry=0 timeout=30
ProxyPassReverse http://localhost:9001/
</Location>
<Location /socket.io>
# This is needed to handle the websocket transport through the proxy, since
# etherpad does not use a specific sub-folder, such as /ws/ to handle this kind of traffic.
# Taken from https://github.com/ether/etherpad-lite/issues/2318#issuecomment-63548542
# Thanks to beaugunderson for the semantics
RewriteEngine On
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:9001/socket.io/$1 [P,L]
ProxyPass http://localhost:9001/socket.io retry=0 timeout=30
ProxyPassReverse http://localhost:9001/socket.io
</Location>
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Proxy>
</VirtualHost>
Any help for rerouting the localhost domain to randomisedDomain.com/etherpad is greatly appreciated !
Best regards
MAPster
I have cluster setup of Apache server . Behind this I have 2 Jboss instances which is load balanced by apache.
The configuration look somewhat like the below
<VirtualHost *:1111>
ServerAdmin admin#example.com
ServerName www.example.com
DocumentRoot "/apps"
ErrorLog "logs/https.www.example.com.-error_log"
TransferLog "logs/https.www.example.com-access_log"
LogLevel warn
<Directory "/apps">
Options -Indexes +FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
SSLProxyEngine On
SSLProxyVerify On
SSLProxyMachineCertificateFile "/apps/apache/conf/ssl/int/proxy.pem"
SSLProxyCACertificateFile "/apps/apache/conf/ssl/int/cert.pem"
RewriteEngine On
Header set Cache-Control "max-age=60, public"
<Proxy balancer://2node-aa>
BalancerMember https://app01:8089 route=node1
BalancerMember https://app02:8089 route=node2
ProxyPreserveHost On
ProxyPass /aa balancer://2node/aa stickysession=JSESSIONID|jsessionid
ProxyPass /static balancer://2node/static stickysession=JSESSIONID|jsessionid
ProxyPassReverse /aa balancer://2node/aa
ProxyPassReverse /static balancer://2node/static
ProxyPass /1/aa https://app01:8089/aa
ProxyPass /2/aa https://app02:8089/aa
ProxyPassReverse /1/aa https://app01:8089/aa
ProxyPassReverse /2/aa https://app02:8089/aa
ProxyPass /bb balancer://2node/rest stickysession=JSESSIONID|jsessionid
ProxyPassReverse /bb balancer://2node/bb
</VirtualHost>
In the url access certain part of the url i want it to be routed from second node i.e node2 of jboss.
e.g. if i am accessing http://www.example.com/aa/login/login.jsp i need this request to be process by node2 app02 only.
Rest of the request should load balance as normal access.
How do i set the apache to do it ?
I have tried lot of rewrite,<Location> and ProxyPassMatch none has worked so far.
Please Help. Thanks in advance.
I used the below statement in the configuration file which resolved the issue.
<Proxy balancer://2node-aa>
BalancerMember https://app02:8080 route=node2
</Proxy>
RewriteRule ^/aa/login/(.*)$ balancer://2node-aa%{REQUEST_URI} [P,QSA,L]
This link help me.
apache httpd mod_proxy load balancing with multiple virtual hosts url redirection
-Thanks