Good evening,
I am trying to set up my apache2 reverse proxy
(following https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy)
for etherpad lite
(following https://www.howtoforge.com/tutorial/ubuntu-etherpad-editor-server-installation/, except for the nginx part).
I use http->ssl redirection. Since I use letsencrypt I can only access domain.com and not etherpad.domain.com (at least firefox won't let me and I want to avoid changing that certificate each time I add a new site). So I would like to access my etherpad just as I do access my other sites: domain.com/etherpad. However I always get a 404 trying to get to the site. Looking at a working example, in my nextcloud.conf file I have a line saying:
Alias /nextcloud /local/path/to/nextcloud
However the etherpad reverse proxy virtual host file looks entirely different, the key difference is etherpad not having a local folder but only a mysql database. (Please correct me if this is wrong)
So I tried changing the ssl example from the second link to the following, but it does not work. Please understand that I changed domain name and some internal paths, but "apache2ctl configtest" succeeds and the service is running without error.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName randomisedDomain.com/etherpad
# SSL configuration
SSLEngine on
# If you hold wildcard certificates for your domain the next two lines are not necessary.
SSLCertificateFile "/working/path/to/fullchain.pem"
SSLCertificateKeyFile "/working/path/to/privkey.pem"
ProxyVia On
ProxyRequests Off
ProxyPreserveHost on
<Location />
AuthType Basic
AuthName "Welcome to the randomisedDomain.com Etherpad"
AuthUserFile /working/path/to/etherpad.passwd
#AuthGroupFile /path/to/svn.group
Require user etherpad
ProxyPass http://localhost:9001/ retry=0 timeout=30
ProxyPassReverse http://localhost:9001/
</Location>
<Location /socket.io>
# This is needed to handle the websocket transport through the proxy, since
# etherpad does not use a specific sub-folder, such as /ws/ to handle this kind of traffic.
# Taken from https://github.com/ether/etherpad-lite/issues/2318#issuecomment-63548542
# Thanks to beaugunderson for the semantics
RewriteEngine On
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:9001/socket.io/$1 [P,L]
ProxyPass http://localhost:9001/socket.io retry=0 timeout=30
ProxyPassReverse http://localhost:9001/socket.io
</Location>
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Proxy>
</VirtualHost>
Any help for rerouting the localhost domain to randomisedDomain.com/etherpad is greatly appreciated !
Best regards
MAPster
Related
I would like to reroute my apache to a different system folder.
Currently I have this setting
<VirtualHost *:443>
ServerName blaah.com
SSLCertificateFile /etc/ssl/certs/blaah.crt
SSLCertificateKeyFile /etc/ssl/private/blaah.key
SSLCertificateChainFile /etc/ssl/certs/DigiCertCA.crt
DocumentRoot /var/www/blaah
Alias /webalizer /var/www/webalizer
<Directory /var/www/webalizer>
Allow from 192.168.0.0/16
Deny from all
AuthType Basic
AuthName webalizer
AuthUserFile /var/www/webalizer/.htpasswd
Require valid-user
</Directory>
ProxyPass /gogs http://127.0.0.1:3000
<LocationMatch "^/blaah/blaah/">
Deny from all
</LocationMatch>
<LocationMatch "^/maintenance">
Allow from IP
Deny from all
</LocationMatch>
</VirtualHost>
So basically when going to servername blaah.com you get directed to a service.
Now I want to do a maintenance on that service, that means I have to reroute them.
But I want to test out that endpoint, so when you write blaah.com/maintenance (the last Location Match should cover that) you get directed to /var/www/maintenance. That folder holds a single index.html that tells you that an maintenance is underway. How can I accomplish that?
In nginx I would do multiple locations and then change document root and tryfiles.
Figured it out.
Used
Alias /maintenance /var/www/maintenance
<Directory /var/www/maintenance">
Allow from IP
</Directory>
I have the following apache configuration file for a reverse proxy :
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
ErrorLog /var/log/apache2/NewPC-error.log
CustomLog /var/log/apache2/NewPC-access.log common
SSLEngine on
SSLProtocol all -SSLv2
SSLCertificateFile /etc/ssl/private/localhost.crt
SSLCertificateKeyFile /etc/ssl/private/localhost.key
</VirtualHost>
The reverse proxy works properly bu I always have the port number (5000) in the URL.
Is there any way to remove if please ?
Regards,
The configuration looks good and what you described shouldn't happen unless it's the application running behind the proxyPass that is sending a redirect/location to the client including the port.
You can test it simulating requests to the application running on port 5000 with curl (-v option) or the tool you prefer.
I have a container mapped by Nginx on example.org/portia/test, structured as follow:
Container exposes only port 9001, where an Apache instance as proxy is listening.
A Django server is running on 8000, all traffic for /api and /server_capabilities is sent to him.
Another Django server is running on 9002, which handles websockets on /ws path.
a scheme of my network
I'm trying to add OpenIdConnect authentication using the mod_auth_openidc plugin for Apache, I want to protect the entire virtual host.
So far I reach the correct login page on auth-example.org, I login with my credentials and the auth server redirects me with the correct URI. Ngnix answers me with a 400 error.
request sent with a lot of cookies
The auth server is used by several application inside mydomain.org, so I guess something is wrong with my Apache configuration file.
For clarity's sake, I can't touch Nginx or the auth server confs.
apache_site.conf
<VirtualHost *:9001>
ServerAdmin webmaster#localhost
DocumentRoot /app/portiaui/dist
ServerName www.example.org
ServerAlias example.org
#ProxyRequests On
Alias /static /app/portiaui/dist
OIDCProviderMetadataURL https://www.auth-example.org/auth/realms/master/.wel$
OIDCRedirectURI https://example.org/portia/test/callback
OIDCCryptoPassphrase <much secret>
OIDCClientID portia
OIDCClientSecret <much private>
OIDCCookiePath example.org/portia/test/
OIDCCookieDomain example.org
<Location /static>
Require all granted
</Location>
<Location /api>
Require all granted
ProxyPass http://127.0.0.1:8000/api
ProxyPassReverse http://127.0.0.1:8000/api
ProxyPreserveHost On
</Location>
<Location /server_capabilities>
Require all granted
ProxyPass http://127.0.0.1:8000/server_capabilities
ProxyPassReverse http://127.0.0.1:8000/server_capabilities
ProxyPreserveHost On
</Location>
<Location /ws> # mod_proxy_wstunnel is enabled
RequestHeader set Host "127.0.0.1:9002"
ProxyPreserveHost On
ProxyPass http://127.0.0.1:9002/ws
ProxyPassReverse http://127.0.0.1:9002/ws
</Location>
<Location />
AuthType openid-connect
Require valid-user
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
The cookie path setting in OIDCCookiePath only needs to contain the actual path, not the host. In fact I'd start without using any of OIDCCookiePath or OIDCCookieDomain.
The answer of Hans Z. suggests me to change also OIDCRedirectURI in a relative path.
Setting OIDCRedirectURI /callbacksolved the issue: my Apache instance doesn't receives the entire URL www.example.org/portia/test/callback but only the last part of the path. This is due to the front side Nginx instance.
I have cluster setup of Apache server . Behind this I have 2 Jboss instances which is load balanced by apache.
The configuration look somewhat like the below
<VirtualHost *:1111>
ServerAdmin admin#example.com
ServerName www.example.com
DocumentRoot "/apps"
ErrorLog "logs/https.www.example.com.-error_log"
TransferLog "logs/https.www.example.com-access_log"
LogLevel warn
<Directory "/apps">
Options -Indexes +FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
SSLProxyEngine On
SSLProxyVerify On
SSLProxyMachineCertificateFile "/apps/apache/conf/ssl/int/proxy.pem"
SSLProxyCACertificateFile "/apps/apache/conf/ssl/int/cert.pem"
RewriteEngine On
Header set Cache-Control "max-age=60, public"
<Proxy balancer://2node-aa>
BalancerMember https://app01:8089 route=node1
BalancerMember https://app02:8089 route=node2
ProxyPreserveHost On
ProxyPass /aa balancer://2node/aa stickysession=JSESSIONID|jsessionid
ProxyPass /static balancer://2node/static stickysession=JSESSIONID|jsessionid
ProxyPassReverse /aa balancer://2node/aa
ProxyPassReverse /static balancer://2node/static
ProxyPass /1/aa https://app01:8089/aa
ProxyPass /2/aa https://app02:8089/aa
ProxyPassReverse /1/aa https://app01:8089/aa
ProxyPassReverse /2/aa https://app02:8089/aa
ProxyPass /bb balancer://2node/rest stickysession=JSESSIONID|jsessionid
ProxyPassReverse /bb balancer://2node/bb
</VirtualHost>
In the url access certain part of the url i want it to be routed from second node i.e node2 of jboss.
e.g. if i am accessing http://www.example.com/aa/login/login.jsp i need this request to be process by node2 app02 only.
Rest of the request should load balance as normal access.
How do i set the apache to do it ?
I have tried lot of rewrite,<Location> and ProxyPassMatch none has worked so far.
Please Help. Thanks in advance.
I used the below statement in the configuration file which resolved the issue.
<Proxy balancer://2node-aa>
BalancerMember https://app02:8080 route=node2
</Proxy>
RewriteRule ^/aa/login/(.*)$ balancer://2node-aa%{REQUEST_URI} [P,QSA,L]
This link help me.
apache httpd mod_proxy load balancing with multiple virtual hosts url redirection
-Thanks
Whenever I try to access /balancer-manager in the browser, I get a 404 from the connected Tomcat cluster. Any idea what is wrong here?
Environment: Apache/2.2.10 (Linux/SUSE)
<VirtualHost *:443>
ProxyPass /balancer-manager !
ProxyPass / balancer://myalfresco-cluster/ nocanon
ProxyPassReverse / balancer://myalfresco-cluster/
<Proxy balancer://myalfresco-cluster>
BalancerMember ajp://server1:8009 route=jvm1
BalancerMember ajp://server2:8009 route=jvm2
ProxySet stickysession=JSESSIONID
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
Order Deny,Allow
Allow from all
</Location>
<Location />
[cluster config]
</Location>
</VirtualHost>
There can be two issue.
You are somehow blocked by your .htaccess.
Check your Document Root .htaccess file.
Add this line "RewriteCond %{REQUEST_URI} !=/balancer-manager" without quote if the rewrite engine is on.
Another problem that I did not face but people has reported is your wild card virtual host tag.
Replace the wildcard with actual ip.
I felt obliged to answer this question since I wasted much time trying to find a solution to the problem and I landed on your question quite often through google but without answer.