Using multiple ServerPath directives inside a Named VirtualHost - apache2

I'm trying to create a virtual host, dev.company.com, that routes to different applications depending on what comes after the domain. Specifically, I want:
/jenkins - to route to a Jenkins server
/apps - to route to a landing page with links to various applications
/clover - to route to a particular Jenkins build report - http://dev.company.com/jenkins/job/proj-master-clover/clover/
/ - everything else should route to a Tomcat server
I'm using the following config:
<VirtualHost *:80>
ServerName dev.company.com
ServerPath /jenkins
ProxyPass /jenkins http://easyrider:8080/jenkins
ProxyPassReverse /jenkins http://easyrider:8080/jenkins
ServerPath /clover
Redirect /clover http://dev.company.com/jenkins/job/proj-master-clover/clover/
ServerPath /apps
DocumentRoot "/usr/local/sites/developers"
<Directory "/usr/local/sites/developers">
DirectoryIndex index.html
Options Indexes MultiViews
</Directory>
ServerPath /
ProxyPass / http://tomcat_server:8080/
ProxyPassReverse / http://tomcat_server:8080/
</VirtualHost>
http://dev.company.com/jenkins works fine, but /apps and /clover always redirect to the Tomcat server. Is the right way to do this?

So using ServerPath's is mostly for legacy browsers. The trick, however, to getting an Alias and a Redirect working in a VirtualHost where you're using the catch-all:
ProxyPass / <url>
is tell ProxyPass to ignore certain paths: ProxyPass /path ! notation
So my final VirtualHost looks like this:
<VirtualHost>
ServerName dev.company.com
ProxyPass /jenkins http://easyrider:8080/jenkins
ProxyPassReverse /jenkins http://easyrider:8080/jenkins
# Tells ProxyPass to ignore these paths as they'll be handled by Alias and Redirect
ProxyPass /clover !
ProxyPass /apps !
Redirect /clover http://dev.company.com/jenkins/job/proj-master-clover/clover/
Alias /apps "/usr/local/sites/developers"
<Directory "/usr/local/sites/developers">
DirectoryIndex index.html
Options Indexes MultiViews
</Directory>
ProxyPass / http://tomcat_server:8080/
ProxyPassReverse / http://tomcat_server:8080/
</VirtualHost>
and the urls are:
http://dev.company.com/jenkins* - will proxy to jenkins http://dev.company.com/jenkins
http://dev.company.com/apps - will proxy to http://dev.company.com/apps/
http://dev.company.com/clover - will redirect to http://dev.company.com/jenkins/job/proj-master-clover/clover/
and everything else will go to tomcat at tomcat_server:8080

Related

application configured to with keycloak sso ,keycloak is behind apache proxy server gives too many redirects

I have a wildfly application configured to work with keycloak sso , this application works fine,
now we have to have a apache server acting as proxy before the keycloak and wildflyserver.this is the configuration file for apache , when hit in browser it gives too many redirects , do I need to configure anything in keycloak side or apache side ?
#NameVirtualHost *:443
<VirtualHost *:443>
ServerAdmin postmaster#xxx.yyy.icg
DocumentRoot "c:\xampp\htdocs\xxx.yyy.com"
ServerName xxx.yyy.com
ServerAlias www.xxx.yyy.com
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLEngine on
SSLCertificateFile "conf/ssl.crt/app.pem"
SSLCertificateKeyFile "conf/ssl.key/cert.key"
ErrorLog "logs/xxx.yyy.com-error.log"
CustomLog "logs/xxx.yyy.com-error.log" combined
ProxyPass "/" "http://10.0.144.246:8060/app1"
ProxyPassReverse "/" "http://10.0.144.246:8060/app1"
<Location /app1>
ProxyPass http://http://10.0.144.246:8060/app1
ProxyPassReverse http://10.0.144.246:8060/app1
Order Allow,Deny
Allow from all
</Location>
</VirtualHost>
We experienced the exact same issue with the similar setup of Keycloak and NGINX and we managed to fix it by enabling the sticky session on NGINX.

Apache - exposing webapp on port using subdomain / route with SSL

I'm trying to expose web app via subdomain with SSL or via route.
Subdomain Method:
The webapp I'm running is on port: http://localhost:4567/
With the following configuration, the web browser tells me the app is "not secure" (non-https).
The app is generally working fine, but is non-https.
What am I doing wrong?
Are there alternative configurations?
<IfModule mod_ssl.c>
Listen 443
NameVirtualHost *:443
</IfModule>
<VirtualHost *:80>
ServerName blast.example.com
Redirect permanent / https://blast.example.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin me#gmail.com
ServerName blast.example.com
# ProxyPreserveHost On
ProxyRequests off
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
# ProxyPass / http://localhost:4567/
# ProxyPassReverse / http://localhost:4567/
<Location />
ProxyPass http://localhost:4567/
ProxyPassReverse http://localhost:4567/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile ...
SSLCertificateKeyFile ...
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
I had been following the prescription given at How to configure multiple subdomain with SSL in Apache?
Path/Route Method
I had also tried exposing the app as a route path (ie https://example.com/blast)
<Location /blast/ >
ProxyPass http://localhost:4567/
ProxyPassReverse http://localhost:4567/
</Location>
but the reverse proxy didn't see to work in that, if I started with:
https://example.com/blast
And clicked whatever on the start page.
The app would generate a internal URL without the /blast part, resulting in 404:
https://example.com/blah-blah-generated-url
(should be https://example.com/blast/blah-blah-generated-url)
In general, the subdomain path seems to work better except for the non-https problem.
Setting up a path/route:
Making the application accessible with https://example.com/blast. If the application generates new routes, ProxyPassReverse is needed; otherwise; only ProxyPass is needed.
<VirtualHost *:443>
...
ProxyPass "/blast/" "http://localhost:4567/"
ProxyPassReverse "/blast/" "/"
...
Found in Example 1, here: ProxyPassReverse doesn't rewrite Location (http header)

Obtain part of url in proxy balancer from one balancer member

I have cluster setup of Apache server . Behind this I have 2 Jboss instances which is load balanced by apache.
The configuration look somewhat like the below
<VirtualHost *:1111>
ServerAdmin admin#example.com
ServerName www.example.com
DocumentRoot "/apps"
ErrorLog "logs/https.www.example.com.-error_log"
TransferLog "logs/https.www.example.com-access_log"
LogLevel warn
<Directory "/apps">
Options -Indexes +FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
SSLProxyEngine On
SSLProxyVerify On
SSLProxyMachineCertificateFile "/apps/apache/conf/ssl/int/proxy.pem"
SSLProxyCACertificateFile "/apps/apache/conf/ssl/int/cert.pem"
RewriteEngine On
Header set Cache-Control "max-age=60, public"
<Proxy balancer://2node-aa>
BalancerMember https://app01:8089 route=node1
BalancerMember https://app02:8089 route=node2
ProxyPreserveHost On
ProxyPass /aa balancer://2node/aa stickysession=JSESSIONID|jsessionid
ProxyPass /static balancer://2node/static stickysession=JSESSIONID|jsessionid
ProxyPassReverse /aa balancer://2node/aa
ProxyPassReverse /static balancer://2node/static
ProxyPass /1/aa https://app01:8089/aa
ProxyPass /2/aa https://app02:8089/aa
ProxyPassReverse /1/aa https://app01:8089/aa
ProxyPassReverse /2/aa https://app02:8089/aa
ProxyPass /bb balancer://2node/rest stickysession=JSESSIONID|jsessionid
ProxyPassReverse /bb balancer://2node/bb
</VirtualHost>
In the url access certain part of the url i want it to be routed from second node i.e node2 of jboss.
e.g. if i am accessing http://www.example.com/aa/login/login.jsp i need this request to be process by node2 app02 only.
Rest of the request should load balance as normal access.
How do i set the apache to do it ?
I have tried lot of rewrite,<Location> and ProxyPassMatch none has worked so far.
Please Help. Thanks in advance.
I used the below statement in the configuration file which resolved the issue.
<Proxy balancer://2node-aa>
BalancerMember https://app02:8080 route=node2
</Proxy>
RewriteRule ^/aa/login/(.*)$ balancer://2node-aa%{REQUEST_URI} [P,QSA,L]
This link help me.
apache httpd mod_proxy load balancing with multiple virtual hosts url redirection
-Thanks

Reverse proxy with websocket mod_proxy_wstunnel

I have a problem with the web sockets and my reverse proxy Apache, I have upgraded in latest release 2.4.5 and loaded the module mod_proxy_wstunnel.
The httpd.conf :
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName www.toto.fr
ServerAlias toto.fr
ProxyPass /my_app http://1X.X.X.1:8080/my_app
ProxyPassReverse /web_pmr http://1X.X.X.1:8080/my_app
ProxyPassReverseCookiePath /my_app /
ProxyPassReverseCookieDomain localhost my_app
ProxyRequests off
ProxyTimeout 15
#WEBSOCKETS
ProxyPass /my_app/BasicWebsocketServlet ws://1X.X.X.1:8080/my_app/BasicWebsocketServlet retry=0
ProxyPassReverse /my_app/BasicWebsocketServlet ws://1X.X.X.1:8080/web_pmr/BasicWebsocketServlet retry=0
ErrorLog "logs/my_app_error.log"
LogLevel debug
CustomLog "logs/my_app_access.log" combined
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
When I test in my local URL, websockets are working but with the reverse proxy Apache, there is no trace in Tomcat logs.
This line:
ProxyPass /my_app/BasicWebsocketServlet ws://1X.X.X.1:8080/my_app/BasicWebsocketServlet retry=0
needs to come before this one:
ProxyPass /my_app http://1X.X.X.1:8080/my_app
Explanation (from https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass):
Ordering ProxyPass Directives
The configured ProxyPass and ProxyPassMatch rules are checked in the order of configuration. The first rule that matches wins. So usually you should sort conflicting ProxyPass rules starting with the longest URLs first. Otherwise later rules for longer URLS will be hidden by any earlier rule which uses a leading substring of the URL. Note that there is some relation with worker sharing. In contrast, only one ProxyPass directive can be placed in a Location block, and the most specific location will take precedence.
For the same reasons exclusions must come before the general ProxyPass directives.

How Can I Proxy To Multiple Application Running in Tomcat via mod_proxy

I have 2 web applications running under Tomcat6. Currently, I can access one of them via mod_proxy with the following config...
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerAdmin email#email.com
ServerName staging.domain.com
ProxyPass /app1 http://localhost:8080/app1
ProxyPassReverse /app1 http://localhost:8080/app1
</VirtualHost>
Now, I can access app1 via http://staging.domain.com/app1. I also want to be able to access app2 the same way: http://staging.domain.com/app2. I configured a second VirtualHost however, only the first one works. Is this even possible, to proxy 2 web apps under a single domain? If so, any hints, tips, tricks would be greatly appreciated.
Ah, you're already pretty much doing it: just add extra ProxyPass/ProxyPassReverse statements.
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerAdmin email#email.com
ServerName staging.domain.com
ProxyPass /app1 http://localhost:8080/app1
ProxyPassReverse /app1 http://localhost:8080/app1
ProxyPass /app2 http://localhost:8080/app2
ProxyPassReverse /app2 http://localhost:8080/app2
ProxyPass /app3 http://localhost:8080/app3
ProxyPassReverse /app3 http://localhost:8080/app3
</VirtualHost>

Resources