I'm using ec2 instance to server my Go apis. When I'm building my APIs then it will simply access by http://Ip:8080/api. After that I'm working on frontend part to integrate my APIs I used react for it. In local everything is fine and running. But when I deploy my frontend on the server then it will show me error of fetching result from APIs http://Ip:8080/api need to use https://ip:8080/api then I created a sub domain and apply SSL on it and I successfully bind my IP with that subdomain and I'm able to access images which are on server folder path /var/www/html/images/a.png for that I'm using Apache server. But now when I run my Go services and run it with the subdomain name like https://subdomain:8080/api then it will not accessible. I'm pasting my ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 8080
<IfModule ssl_module>
Listen 443
Listen 8080
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Please let me know if any this is needed and also if I'm skipping something.
Related
For my project i configured the postgresql and pgadmin4 .. but now i want to make the website secure with proper DNS name and run over port 443. DNS is also done but how to make it run over 443 from 80. ie., from http to https. i made changes in httpd.conf file and added certificates required too. but website is not loading ,still the website is opening on http:// ip address but not on https://
I tried making changes in configuration file too
LL be Much thankful.
how to configure pgadmi4 on port 443 https
I have an application that has a React frontend and a Python Flask backend. The frontend communicates with the server to perform specific operations and the server api should only be used by the client.
I have deployed the whole application (Client and Server) to an Ubuntu virtual machine. The machine only has specific ports open to the public (5000, 443, 22). I have setup Nginx configuration and the frontend can be access from my browser via http://<ip:address>:5000. The server is running locally on a different port, 4000, which is not accessible to the public as designed.
The problem is when I access the client app and I navigate to the pages that communicate with the server via http://127.0.0.1:4000 from the react app, I get an error saying connection was refused.
GET http://127.0.0.1:4000/ net::ERR_CONNECTION_REFUSED on my browser.
When I ssh into the vm and run the same command through curl curl http://127.0.0.1:4000/, I get a response and everything works fine.
Is there a way I can deploy the server in the same vm such that when I access the client React App from my browser, the React App can access the server without problems?
So after tinkering with this, I found a solution using Nginx. Summary is you run the server locally and use a different port say 4000 (not exposed to public), then expose your react app on the exposed port in this case 5000.
Then use a proxy in your Nginx config that redirects any call starting with api to the local host server running. See config below
server {
#Exposed port and servername ipaddress
listen 5000;
server_name 1.2.3.4 mydomain.com;
#SSL
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1.2;
#Link to the react build
root /var/www/html/build;
index index.html index.htm;
#Error and access logs for debugging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
try_files $uri /index.html =404;
}
#Redirect any traffic beginning with /api to the flask server
location /api {
include proxy_params;
proxy_pass http://localhost:4000;
}
}
Now this means you need to have all your server endpoints begin with /api/... and the user can also access the endpoint from the browser via http://<ip:address>:5000/api/endpoint
You can mitigate this by having your client send a token the server and the server will not run any commands without that token/authorization.
I found the solution here and modified it to fit my specific need here
Part two of solution
Other series in the solution can be found Part one of solution and Part three of solution
Picking up a test system with apache + tomcat. It was supposed to work but has been not working for a while.
If I start Tomcat first, then when starting apache it will show the following error:
[warn] NameVirtualHost *:8081 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:8081
no listening sockets available, shutting down
If I start Apache first, then start Tomcat, I will see the java exception saying port 8081 has been used already and Tomcat won't start.
What's the correct way to integrate apache2 and tomcat7? Where do I may be missing in the current setup? thanks.
Since port 8081 is not the standard port for Apache to listen to, it must be configured somewhere explicitly. Go through the configuration, find it, and fix it.
Alternatively, you can go though the tomcat configuration, find the port and fix it.
What the fix may be depends on your server setup: Moving it to another port number, disabling it completly, or something different.
A common configuration hides apache tomcat completly behind apache httpd and connects to it via the AJP connector.
You have the apache configure these listening on port 80 and integrate the Tomcat (default ajp port 8009 or default http port 8080) via mod_jk (AJP) or proxypass (AJP or HTTP) to Apache.
Apache (proxypass)
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
or
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
I am planning on getting a VPS soon and have two sites I want to host. I have my local vhosts setup for my development environment using host file to port it correctly.
My question is hopefully simple: When setting up with two separate domains that point to the one VPS server is Apache smart enough, like on the local environment, to automatically filter any requests for domain.com to the correct VHOST like it does locally? I would just like to be sure :)
Thanks!
Example of what I am asking:
Say Domain1.com and Domain2.com are both on my VPS.
When someone requests www.Domain1.com apache sees this and passes it through to the domain1.com vhost file.
When someone requests www.Domain2.com apache sees this and passes it through to the domain2.com vhost file.
Repasting my answer from Hosting two domains using only one VPS? as here it is even more relevant.
As complete beginner, I have been trying to host multiple domains on one Apache VPS. Tutorials had too much information that lead me to confusion.
Below I describe, for complete beginners, how to host multiple domains on one VPS server with Ubuntu and Apache.
IMPORTANT! You need to use root account to execute most operations.
IMPORTANT! If you have been trying to make some changes to apache configuration before, undo them.
Creating VirtualHosts
Create folders for your domains on server.
For example:
/home/apache/domain1
/home/apache/domain2
Put index.html file in each folder with any text.
This is domain1
This is domain2
Go to /etc/apache2/sites-available folder.
Create file domain1.conf
sudo nano domain1.conf
<VirtualHost *:80>
DocumentRoot /home/apache/domain1
ServerName domain1.com
ServerAlias www.domain1.com
</VirtualHost>
Create file domain2.conf
sudo nano domain2.conf
<VirtualHost *:80>
DocumentRoot /home/apache/domain2
ServerName domain2.com
ServerAlias www.domain2.com
</VirtualHost>
You can create subdomains same way.
sudo nano blog.conf
<VirtualHost *:80>
DocumentRoot /home/apache/blog
ServerName blog.domain.com
ServerAlias www.blog.domain.com
</VirtualHost>
Enable created sites
sudo a2ensite domain1.conf
sudo a2ensite domain2.conf
Restart apache
sudo service apache2 reload
Redirecting domain to server
Created VirtualHosts will work only if you redirect your domain name to server IP. Domains are just names that can be translated to IP numbers.
Local computer
To test your configuration on local machine, you need to edit hosts file.
sudo nano /etc/hosts
It should look like this.
127.0.0.1 localhost domain1.com domain2.com
Hosts file tells your computer that domain needs to be redirected to local machine.
IMPORTANT! If you create entry in hosts file for existing domain, for example
127.0.0.1 stackoverflow.com
you will loose access to this website.
Server
In order to redirect domain to you web server, you need to create or modify "A"-type DNS record for given domain to IP address of your server. You can do it by panel control provided by your domain registrar.
If you do not know IP address of your server, log in to that server and type in command line:
ifconfig
The simple answer is 'yes', Apache is that clever. If you are used to using a local vhost file in conjunction with your hosts file to simulate local domains, the exact same technique can be applied on a VPS. The part you are doing with the hosts file is essentially creating a local name server, other than that Apache doesn't know the difference. Simply set the ServerName directive for each named vhost and you should find it working the same as it does locally.
I have a server serverA running a weblogic application App1, with base url /app1/ on port 7001, and another server serverB, running a weblogic application App2, with base url /app2/ on port 8001. Both servers run Solaris, Apache2 and Weblogic 9.2
(details changed, but these are representantive)
In other words, app1 could be accessed on
http://serverA:7001/app1/
and app2 on
http://serverB:8001/app2/
However, the customer requires that all access to the applications use https on port 443 to server1.
If there was only one application, I could use a virtual host and set the handler for URLS beginning with /app1/ to the Weblogic proxy, which would forward them on to server 1 on port 7001.
With two apps, I would need another virtual host with another Location statement matching /app2/ and forwarding to the current server on port 8001 ... but I don't see how this could work as the first virtual host will have done the SSL negotiation to determine the URL, and Apache presumably can't do that over when things fall through to the second virtual server.
So how do I handle this?
My current idea is to proxy all SSL requests arrving at server1 to the same server server1, on port 80 (so essentially just doing SSL termination), then adding two virtual hosts for the /app1/ and /app2/ URLs in the way described above.
Is this going to work? Have I missed something obvious about other ways of doing this?
EDIT: I think I may have missed that the Weblogic plugin can have several blocks each directing the page to different places. In which case this becomes easy.
I will test tomorrow when back at work and update the question
First, the must read resource for this is of course the official documentation : Installing and Configuring the Apache HTTP Server Plug-In (see also this previous answer for more links about the WLS 9 plugin).
As detailed in the section Configuring the Apache HTTP Server Plug-In, I'd define several IfModule, one for each application (clustered or not), and, indeed, several VirtualHost (which can include IfModule). There is an example in the documentation:
# VirtualHost1 = localhost:80
<VirtualHost 127.0.0.1:80>
DocumentRoot "C:/test/VirtualHost1"
ServerName localhost:80 <IfModule mod_weblogic.c>
#... WLS parameter ...
WebLogicCluster localhost:7101,localhost:7201
# Example: MatchExpression *.jsp <some additional parameter>
MatchExpression *.jsp PathPrepend=/test2
</IfModule>
</VirtualHost>
# VirtualHost2 = 127.0.0.2:80
<VirtualHost 127.0.0.2:80>
DocumentRoot "C:/test/VirtualHost1"
ServerName 127.0.0.2:80
<IfModule mod_weblogic.c>
#... WLS parameter ...
WebLogicCluster localhost:7101,localhost:7201
# Example: MatchExpression *.jsp <some additional parameter>
MatchExpression *.jsp PathPrepend=/test2
#... WLS parameter ...
</IfModule>
</VirtualHost> <IfModule mod_weblogic.c>
Note that this is a Multiple IP-Based Virtual Hosts configuration (and not Name-Based as stated in the documentation). But this is actually good because this is exactly what you need when using SSL as you can't use name-based virtual hosts. Quoting Why can't I use SSL with name-based/non-IP-based virtual hosts? from Apache's SSL/TLS Strong Encryption: FAQ
The reason is very technical, and a somewhat "chicken and egg" problem. The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this, mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to go to the correct virtual server Apache has to know the Host HTTP header field. To do this, the HTTP request header has to be read. This cannot be done before the SSL handshake is finished, but the information is needed in order to complete the SSL handshake phase. Bingo!
So, in the sampel above, modify the virtual hosts IP addresses and ports, the ServerName, adapt the IfModule to suit your needs (and set up DNS entries to point on the IPs) and there you go.
I don't have any experience with weblogic, so maybe I'm missing something important. But this sounds like a straightforward application for apache's reverse proxy capability. Set up an apache instance serving https, and configure two locations as follows:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<Location /app1>
ProxyPass http://serverA:7001/app1
ProxyPassReverse http://serverA:7001/app1
</Location>
<Location /app2>
ProxyPass http://serverB:8001/app2
ProxyPassReverse http://serverB:8001/app2
</Location>
The example config from the WebLogic 10.3.x documentation is a perfect fit for your question. Here it is with some other details added:
<VirtualHost _default_:443>
SSLEngine on
# other SSL options here...
LoadModule weblogic_module /home/Oracle/Middleware/wlserver_10.3/server/plugin/linux/x86_64/mod_wl_22.so
<IfModule mod_weblogic.c>
<Location /app1>
WebLogicHost serverA
WebLogicPort 7001
SetHandler weblogic-handler
</Location>
<Location /app2>
WebLogicHost serverB
WebLogicPort 8001
SetHandler weblogic-handler
</Location>
</IfModule>
</VirtualHost>
I use this and works fine.