I have an existing apache web server (2.2.15), configured with various security details (https only / authentication / authorization / etc.). I can rely on this server to handle the access requirements to my solr installation.
I have a basic 'example' solr instance up and running on a separate machine. (Solr 4.8.0 )
I want to be able to redirect the url https://myserver/department/team/search/.... to the Solr instance running on another (private) machine http://solrserver:8983/
I have configured the apache server with:
ProxyPass /department/team/search/ http://solserver:8983/
ProxyPassReverse /department/team/search/ http://solserver:8983/
I have some success with this, the https is being handled, the authentication/access is handled, and so on.
When I browse to the the url it is even loading up the basic solr page, but the page, internally, has the following:
<script type="text/javascript">
var app_config = {};
app_config.solr_path = '\/solr';
app_config.core_admin_path = '\/admin\/cores';
</script>
And that (I believe) is causing the JavaScript code to try to call:
https://myserver/solr/admin/cores?wt=json&indexInfo=false&_=1399485239437
Instead of
https://myserver/department/team/search/solr/admin/cores?wt=json&indexInfo=false&_=1399485239437
I believe these two values are configurable ( app_config.solr_path and app_config.core_admin_path ) but I cannot find out how/where to do it......
Questions:
How do I change the values set for the app_config.solr_path and app_config.core_admin_path?
Alternatively, this may be the wrong way to do this entirely, is there a better way to do it? (though the authentication/security provided by the apache webserver is perfect right now....)
This works for me.
<VirtualHost *:8080>
ServerName solr.xyz.com.br
ProxyPreserveHost on
ProxyRequests off
RewriteEngine On
RewriteRule ^\/solr(.*)$ $1 [L,R]
ProxyPass / ajp://localhost:8009/solr/
ProxyPassReverse / ajp://localhost:8009/solr/
</VirtualHost>
I know this might be out of context, but I would recommend replacing Apache with NGINX, much much simpler configuraiton. All you need is the following in nginx.conf:
location /solr/select {
proxy_pass http://YourSolrServer:8983/solr/select;
proxy_buffering on;
}
You can change the first /solr/select with whatever path you want (eg. /department/team/search/). So simple, so elegant.
Reference: https://groups.google.com/forum/#!topic/ajax-solr/pLtYfm83I98
Related
I have a website (http://www.goodfoodwaiheke.org) configured as a virtual host on Apache2. The virtual hosting configuration redirects traffic from apache2 to tomcat8 via these conf parameters:
<VirtualHost *:80>
ServerName www.goodfoodwaiheke.org
ServerAlias goodfoodwaiheke.org
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/coop/
ProxyPassReverse / http://localhost:8080/coop/
</VirtualHost>
On tomcat, the /coop/ part of the address invokes the JSF application in coop.war. This seems to work. The correct welcome page is served except for one problem. The url for static resources are being served incorrectly. For example, the url of the background image on the welcome page, which is actually in http://www.goodfoodwaiheke.org/coop/resources/images/GoodFoodWaiheke4.png is served to the browser as http://www.goodfoodwaiheke.org/coop/coop/resources/images/GoodFoodWaiheke4.png (i.e. the coop app name is duplicated in the url). This is causing static resources to not work. Although I can sort of understand why this may be happening I am unsure of how to fix it. I know I could offload the static resources onto the Apache2 server but for various reasons I would like the war file to be self-contained and for tomcat to be responsible for serving the whole site.
I'd be very grateful for any suggestions as to what I need to change.
I am trying to setup a front-end (reverse proxy) for several Nexus and Jenkins CI servers using Apache httpd and need some help. We have URLs like-
abc.internal.net:8080/
def.internal.net:9000/jenkins/
ghi.internal.net:8080/jenkins/
jkl.internal.net:8081/nexus/
foo.internal.net/nexus/
I would like each of these to be setup behind the FE reverse proxy so as to have something like-
scm.internal.net/abc-jenkins/
scm.internal.net/def-jenkins/
scm.internal.net/ghi-jenkins/
scm.internal.net/jkl-nexus/
scm.internal.net/foo-nexus/
Some of the services use root context. Could these be forced into arbitrary web context?
I have very limited knowledge of Apache httpd so some real configs would help immensely. Most of these services need URL, content and CSS fixing in the response. If this could be done without changing the existing web context on the severs that these services are running, that would be awesome.
Also, I need soft landing on these changes so legacy URL continue to work for few weeks as developers and automation transition to the new scheme. Is this asking for too much?
Thanks in advance.
Using ProxyPassMatch, you can try:
ProxyPassMatch /([^-]+)-(.*)$ http://$1.internal.net:9000/$2
But that only accounts for ones running not as root and on port 9000. Since the root and the port seem to be completely arbitrary, you'll probably just need to enumerate through each one:
ProxyPass /abc-jenkins/ http://abc.internal.net:8080/
ProxyPassReverse /abc-jenkins/ http://abc.internal.net:8080/
ProxyPass /def-jenkins/ http://def.internal.net:9000/jenkins/
ProxyPassReverse /def-jenkins/ http://def.internal.net:9000/jenkins/
ProxyPass /ghi-jenkins/ http://ghi.internal.net:8080/jenkins/
ProxyPassReverse /ghi-jenkins/ http://ghi.internal.net:8080/jenkins/
ProxyPass /jkl-nexus/ http://jkl.internal.net:8081/nexus/
ProxyPassReverse /jkl-nexus/ http://jkl.internal.net:8081/nexus/
etc.
I got a web application running inside a Tomcat at http://<server>:8080/app/portal/.
I want the world to see this application through the URL http://<server>/portal/.
To do this, I set up a Reverse Proxy with Apache 2.2. According to the documentation for ProxyPass I expect the reverse proxy to pass all requests through transparently. My browser should never know about the Tomcat URL.
Here is my configuration:
No virtual hosts, I added these lines to my httpd.conf
<Location /portal/>
AllowOverride All
RewriteEngine On
ProxyPass http://server:8080/app/portal/
ProxyPassReverse http://server:8080/app/portal/
</Location>
When I use Firefox to open http://<server>/portal/, I get a 302 Moved Temporarily, and all follow-up calls go from my browser directly to http://<server>:8080/app/portal/. My browser points to this URL.
This is not what I expected of a Reverse Proxy. Did I do the configuration wrong or did I misunderstand the purpose of Reverse Proxies? What should I do to get my desired behavior?
You forgot to add the following option in your reverse proxy configuration:
ProxyPreserveHost On
You can achieve the same behavior with Url Rewriting but it's not recommended in the documentation.
I tried to comment the answer from davidethell, but could not get the lines correctly formatted, so here is what I found out:
The problem was that the reverse proxy seems only to work to the URL where the War is deployed in my Tomcat, and NOT to the servlet inside the Tomcat. This leads to 2 rewrites, one of them the reverse proxy and one just rewriting everything behind that.
RewriteEngine On
RewriteRule ^/portal/$ /portal/portal
RewriteRule ^/portal(.+) http://<server>:8080/app$1 [P]
Have you tried using the mod_rewrite Proxy option instead of ProxyPass? Something like:
RewriteRule ^$ http://server:8080/app/portal/ [P]
For my https server, I used:
SSLProxyEngine on
ProxyPass / https://server:7000/
ProxyPassReverse / https://server:7000/
ProxyPreserveHost On
The SSLProxyEngine manage the https behavior from the real serrver (with port 7000 in my case). Others are just managing the redirection without changing url.
Now, In navigator I can access to https://server/ which is in reality https://server:7000/
I have 2 applications hosted on a single apache tomcat on port 8080
>
http://mydomain.com:8080/application1
http://mydomain.com:8080/application2
I would like to run an apache proxy in front of BOTH of them with the following behaviour
>
http://mydomain.com/* (apache2) -> http://mydomain.com:8080/application1/* (tomcat)
http://subdomain.mydomain.com/* (apache2) -> http://mydomain.com:8080/application2/* (tomcat)
The best I have got right now is 2 machines with different IPs and routing the domain and subdomains correspondingly.
Ideally I want the apache proxy and the 2 apps to be on the SAME machine...
Can anyone with kick arse DEVOps skills assist?
In addition to #Jon Lin answer, consider using ProxyPassReverse also, just in case your app do any redirects. It makes Apache correct URL's on responses (More about ProxyPassReverse). It will look like that:
<VirtualHost subdomain.mydomain.com:80>
ProxyPass / http://localhost:8080/application1/
ProxyPassReverse / http://localhost:8080/application1/
</VirtualHost>
<VirtualHost mydomain.com:80>
ProxyPass / http://localhost:8080/application1/
ProxyPassReverse / http://localhost:8080/application1/
</VirtualHost>
I hope it helps.
In the virtualhost config for mydomain.com (apache), you need
ProxyPassMatch ^/(.*)$ http://mydomain.com:8080/application1/$1
In the virtualhost config for subdomain.mydomain.com (apache), you nede
ProxyPassMatch ^/(.*)$ http://mydomain.com:8080/application2/$1
Both config files should be on the same machine, and even the same file. See VirtualHost Examples for some examples on how this is setup.
We have an environment with Apache 2.2.11 acting as front end to incoming connections to a Tomcat backend server. We are using the following directives in the http-ssl.conf, which works great when not trying to catch 403 errors:
SetEnvIf COMPANY EDLP 4.0.1 NLEDLPKEY=true
General setup for the virtual host
DocumentRoot "C:/xampp/htdocs/"
ServerName localhost:443
ServerAdmin admin#localhost
ProxyRequests Off
ProxyPassMatch / htp://tomcat.company.com**<-- been having issues with this directive (using only one "t" in http to bypass this sites new user can only post one URL per question limitation**
ProxyPassReverse / htp://tomcat.company.com
As you can see we are using the mod_access (now called mod_authz_host in Apache 2.2) module to pass a variable called NLEDLPKEY so that only (Internet Explorer) clients with this variable could access Tomcat via SSL. Also, I am trying to not only reverse proxy SSL connections, but also to redirect the 403 errors (for people without the variable) to a specified page (error_page.html). I have tried:
ProxyPassMatch "^[^(/error_page.html)]" htp://tomcat.company.com and also tried
ProxyPassMatch “^(?!/error_page.html)” htp://tomcat.company.com
to see if it is possible to redirect to the error page and not get the below message:
Forbidden
You don't have permission to access /RDS on this server. <--RDS is just a directory-->
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 Server at apache-company Port 443
Any help would be appreciated
R.
I ran into this issue recently - it took a bit of hunting but here's how I fixed it:
In /etc/apache2/mods-available/proxy.conf (Ubuntu - YMMV) change it to look like the following:
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
Allow from all
</Proxy>
It's also important to note that for reverse proxies, it is not necessary to have ProxyRequests On configured and doing so in conjunction with Allow from all is hazardous. (Can be used by spammers to send mail via your proxy.)