I should be able to intercept the request using apache modules and after that I should be able to forward that request to application server.
I wrote one module in apache web server, that module will intercept the requests and sending the response.
When I try only with apache module using following configuration it is working fine.
<Location "/test.html">
SetHandler my_module
</Location>
When I try only with ProxyPass configuration as below in that case also it is working fine.
<Location "/test.html">
ProxyPass "http://192.168.124.1:8080/test/myservlet"
</Location>
But, if I want both functionalities in that case it is not working. i.e initially I should be able to intercept the request and after that I should be able to forward that request to application server.
Can someone please suggest me the approach for this?.
You should return DECLINED from your ap_hook_handler() function, or use a different "hook" such as "ap_hook_fixups" which allows more than 1 module to take action.
Related
I have an existing apache web server (2.2.15), configured with various security details (https only / authentication / authorization / etc.). I can rely on this server to handle the access requirements to my solr installation.
I have a basic 'example' solr instance up and running on a separate machine. (Solr 4.8.0 )
I want to be able to redirect the url https://myserver/department/team/search/.... to the Solr instance running on another (private) machine http://solrserver:8983/
I have configured the apache server with:
ProxyPass /department/team/search/ http://solserver:8983/
ProxyPassReverse /department/team/search/ http://solserver:8983/
I have some success with this, the https is being handled, the authentication/access is handled, and so on.
When I browse to the the url it is even loading up the basic solr page, but the page, internally, has the following:
<script type="text/javascript">
var app_config = {};
app_config.solr_path = '\/solr';
app_config.core_admin_path = '\/admin\/cores';
</script>
And that (I believe) is causing the JavaScript code to try to call:
https://myserver/solr/admin/cores?wt=json&indexInfo=false&_=1399485239437
Instead of
https://myserver/department/team/search/solr/admin/cores?wt=json&indexInfo=false&_=1399485239437
I believe these two values are configurable ( app_config.solr_path and app_config.core_admin_path ) but I cannot find out how/where to do it......
Questions:
How do I change the values set for the app_config.solr_path and app_config.core_admin_path?
Alternatively, this may be the wrong way to do this entirely, is there a better way to do it? (though the authentication/security provided by the apache webserver is perfect right now....)
This works for me.
<VirtualHost *:8080>
ServerName solr.xyz.com.br
ProxyPreserveHost on
ProxyRequests off
RewriteEngine On
RewriteRule ^\/solr(.*)$ $1 [L,R]
ProxyPass / ajp://localhost:8009/solr/
ProxyPassReverse / ajp://localhost:8009/solr/
</VirtualHost>
I know this might be out of context, but I would recommend replacing Apache with NGINX, much much simpler configuraiton. All you need is the following in nginx.conf:
location /solr/select {
proxy_pass http://YourSolrServer:8983/solr/select;
proxy_buffering on;
}
You can change the first /solr/select with whatever path you want (eg. /department/team/search/). So simple, so elegant.
Reference: https://groups.google.com/forum/#!topic/ajax-solr/pLtYfm83I98
I am trying to setup a front-end (reverse proxy) for several Nexus and Jenkins CI servers using Apache httpd and need some help. We have URLs like-
abc.internal.net:8080/
def.internal.net:9000/jenkins/
ghi.internal.net:8080/jenkins/
jkl.internal.net:8081/nexus/
foo.internal.net/nexus/
I would like each of these to be setup behind the FE reverse proxy so as to have something like-
scm.internal.net/abc-jenkins/
scm.internal.net/def-jenkins/
scm.internal.net/ghi-jenkins/
scm.internal.net/jkl-nexus/
scm.internal.net/foo-nexus/
Some of the services use root context. Could these be forced into arbitrary web context?
I have very limited knowledge of Apache httpd so some real configs would help immensely. Most of these services need URL, content and CSS fixing in the response. If this could be done without changing the existing web context on the severs that these services are running, that would be awesome.
Also, I need soft landing on these changes so legacy URL continue to work for few weeks as developers and automation transition to the new scheme. Is this asking for too much?
Thanks in advance.
Using ProxyPassMatch, you can try:
ProxyPassMatch /([^-]+)-(.*)$ http://$1.internal.net:9000/$2
But that only accounts for ones running not as root and on port 9000. Since the root and the port seem to be completely arbitrary, you'll probably just need to enumerate through each one:
ProxyPass /abc-jenkins/ http://abc.internal.net:8080/
ProxyPassReverse /abc-jenkins/ http://abc.internal.net:8080/
ProxyPass /def-jenkins/ http://def.internal.net:9000/jenkins/
ProxyPassReverse /def-jenkins/ http://def.internal.net:9000/jenkins/
ProxyPass /ghi-jenkins/ http://ghi.internal.net:8080/jenkins/
ProxyPassReverse /ghi-jenkins/ http://ghi.internal.net:8080/jenkins/
ProxyPass /jkl-nexus/ http://jkl.internal.net:8081/nexus/
ProxyPassReverse /jkl-nexus/ http://jkl.internal.net:8081/nexus/
etc.
I have Apache2 SSL which is fronting Spring webapp as follows:
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
All works fine... i mean all links ... are correct, and in general webapp works, so the problem is not a matter of an application or SSL..
Except starting/cancelling webflows: they produce http URLs instead of https://
I found one topic here:
forum.springsource.org/showthread.php?70730-Webflow-2-0-and-reverse-proxy
They say it is not a problem of Spring WebFlow...
What is a workaround in this situation?
Providing that all requests to the Tomcat connector are received via SSL terminated at httpd then you can add the following to your connector:
scheme="https" secure="true"
This tells Tomcat to treat the connection as if it was received over an SSL connection direct to Tomcat. This is required when proxying over http since there is no mechanism within http to pass the SSL info to Tomcat. There are ways to pass some of this info via http headers. Look at the SSLValve docs in Tomcat.
Alternatively, using AJP will work since AJP passes SSL information from httpd to Tomcat.
Has anyone cracked how to get HTTPS working on the dev_appserver.py? I need it for Facebook canvas app testing. I've had a search of the docs and nothing suggests there's a way to do it (sticking 'secure' in the app.yaml doesn't nothing locally).
I was think there may be a way to proxy it, but has anyone got any experience of this?
The dev_appserver doesn't support HTTPS. The only practical way to do this is to set up a reverse proxy in front of your app - such as with nginx or Apache - and have it proxy SSL traffic to your app.
I know this is late, in case anybody else finds this question:
ngrok is quiet easy to setup for a custom reverse HTTPS proxy..
The only downside is that my webapp2 application still believes it's being served over HTTP, so using redirect() doesn't work well because it resolves relative URLs to absolute URLs using request.url.
My workaround was to overwrite RequestHandler.redirect as follows:
class BaseRequestHandler(RequestHandler):
def redirect(self, uri, permanent = False, abort = False, code = None, body = None):
if uri.startswith(('.', '/')):
base_url = self.request.url
if base_url.startswith('http://'):
base_url = 'https://' + base_url[7:]
uri = str(urlparse.urljoin(base_url, uri))
super(RequestHandler, self).redirect(uri, permanent, abort, code, body)
I needed a BaseRequestHandler class anyways for implementing other utility functions.
I put this in my Appache httpd.conf to proxy the connection:
<Location /myproject/>
ProxyPass http://localhost:8080/
</Location>
Now going to https://localhost/myproject/ in my browser worked.
Note: SSL needs to be enabled on your Apache server. On my OS X machine I uncommented out the line Include /private/etc/apache2/extra/httpd-ssl.conf in /etc/apache2/httpd.conf and ran sudo apachectl restart
We have an environment with Apache 2.2.11 acting as front end to incoming connections to a Tomcat backend server. We are using the following directives in the http-ssl.conf, which works great when not trying to catch 403 errors:
SetEnvIf COMPANY EDLP 4.0.1 NLEDLPKEY=true
General setup for the virtual host
DocumentRoot "C:/xampp/htdocs/"
ServerName localhost:443
ServerAdmin admin#localhost
ProxyRequests Off
ProxyPassMatch / htp://tomcat.company.com**<-- been having issues with this directive (using only one "t" in http to bypass this sites new user can only post one URL per question limitation**
ProxyPassReverse / htp://tomcat.company.com
As you can see we are using the mod_access (now called mod_authz_host in Apache 2.2) module to pass a variable called NLEDLPKEY so that only (Internet Explorer) clients with this variable could access Tomcat via SSL. Also, I am trying to not only reverse proxy SSL connections, but also to redirect the 403 errors (for people without the variable) to a specified page (error_page.html). I have tried:
ProxyPassMatch "^[^(/error_page.html)]" htp://tomcat.company.com and also tried
ProxyPassMatch “^(?!/error_page.html)” htp://tomcat.company.com
to see if it is possible to redirect to the error page and not get the below message:
Forbidden
You don't have permission to access /RDS on this server. <--RDS is just a directory-->
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 Server at apache-company Port 443
Any help would be appreciated
R.
I ran into this issue recently - it took a bit of hunting but here's how I fixed it:
In /etc/apache2/mods-available/proxy.conf (Ubuntu - YMMV) change it to look like the following:
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
Allow from all
</Proxy>
It's also important to note that for reverse proxies, it is not necessary to have ProxyRequests On configured and doing so in conjunction with Allow from all is hazardous. (Can be used by spammers to send mail via your proxy.)