I was trying to add cloudflare SSL certification to the website I host locally, and force HTTPS for all users.
Connecting to IP:80 works fine (from inside my network). IP:443 fails as it expects a SSL certificate. Accessing domainname.com tells me the site is secure, so the SSL certificate works. But whenever I access it this way, the proxy website doesn't, displaying the 'Apache2 Default Page'. Same with connecting to IP:80 outside the network, it fails to proxy pass.
This is the config file I have setup, and by running apachectl -S I checked that no other rules exist.
<VirtualHost *:80>
ServerName name.com:80
ProxyPreserveHost On
ProxyPass / http://localhost:7000/
ProxyPassReverse / http://localhost:7000/
</VirtualHost>
<VirtualHost *:443>
ServerName name.com:443
SSLEngine on
SSLCertificateFile /etc/cloudflare/name.com.pem
SSLCertificateKeyFile /etc/cloudflare/name.com.key
ProxyPreserveHost On
ProxyPass / http://localhost:7000/
ProxyPassReverse / http://localhost:7000/
</VirtualHost>
Is this because I am trying to load an http website, even though it is local? And if this is true, how else can I solve this problem? I feel so close, thanks for the help.
I solved it, by switching to the default-ssl config file provided with Apache2, and removing my version the issue resolved itself. Not sure why it worked the second time I tried it but oh well.
Related
I would like to make https requests to my postgREST webserver, which by design doesn't support https. I spend several days now I don't know any further...
My setup
My server is running on CentOS 7.9.2009
I have a website domain that uses Wordpress to serve my content in home/myuser/public_html
I setup PostgREST 7.0.1 on my server which runs on port 3000
I am running Apache/2.4.51 (cPanel)
My Problem
The following request works just fine: http://my-domain.com:3000/my_db_table
I would like to run the same request like: https://my-domain.com/api/my_db_table
My Apache configuration is in an "includes" file, seems to be loaded (as errors occur when I put wrong syntax intentionally in this file) and it looks like this:
<VirtualHost *:443>
DocumentRoot /
ServerName my-domain.com
ServerAlias my-domain
ErrorLog /home/myuser/public_html/api/error.log
CustomLog /home/myuser/public_html/api/access.log combined
SSLEngine on
SSLUseStapling off
SSLCertificateFile /etc/ssl/certs/server.my-domain.com.crt
SSLCertificateKeyFile /etc/ssl/private/server.my-domain.com.key
<Location /api/ >
ProxyPreserveHost On
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-Proto "https"
</Location>
</VirtualHost>
running httpd -t returns Syntax OK
after my changes I run sudo systemctl restart httpd
when I then try to do a request like curl -i https://my-domain.com/api/my_db_table I am redirected to the 404 page of my Wordpress website
the error.log file of my apache config does not include any errors (it included errors for stapling which I resolved by adding the line SSLUseStapling off in my config)
I don't know what to do anymore. And because I don't have any error logs I even don't know how to start debugging it. I would be happy for any hint somebody could provide me.
I have successfully use https with postgrest and the following settings in the virtuahost section but I didn't use the tag.
ProxyHTMLEnable On
ProxyPreserveHost On
SSLEngine on
SSLProxyEngine On
RewriteEngine on
#Proxy for postgrest api
ProxyPassMatch "/api/(.*)" "http://localhost:3000/$1"
ProxyPassReverse "/api/" "http://localhost:3000/"
In brief, I can access my site using example.com:3000 but I want to access it using sub.example.com.
I am using WHM to manage my server using the example.com domain. I have added a DNS Zone using the WHM control panel for sub.example.com. It works fine and redirects to sub.example.com/cgi-sys/defaultwebpage.cgi.
I also tried to make a reverse proxy using VirtualHost by adding the following lines to the /etc/apache2/conf/httpd.conf file as mentioned in here:
<VirtualHost *:80>
ServerName sub.example.com
ProxyPreserveHost on
ProxyPass / http://localhost:3000/
</VirtualHost>
Then I restarted the Apache server using sudo systemctl restart httpd. However the subdomain still redirects to the sub.example.com/cgi-sys/defaultwebpage.cgi path rather than forwarding to the port:3000. Could you please help me resolve this problem?
It is worth mentioning that the server is using WHM and CPanel (version 84.0.21) on CentOS (version 7.7) as well as Apache (version 2.4.41) and the port:3000 is connected to a docker image (gitea) via docker-compose.
I had the same issue with the same setup and was able to solve it by using this configuration:
<VirtualHost sub.example.com:80>
ServerName sub.example.com
ServerAlias sub.example.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
Adding it to Apache's include directive in WHM:
https://docs.cpanel.net/whm/service-configuration/include-editor/
For SSL port 443 you have to use the IP instead of domain:
<VirtualHost 1.1.1.1:443>
I'm trying to run Gogs.io on an apache webserver along with a standard website, and I'm trying to have Gogs.io used on a subdomain rather than using my standard domain with a port.
Gogs.io runs on port 3000, and I want the url to be
http://gogs.example.net/
Rather than
http://example.net:3000/
Both my public IP with port and example.net:3000 work, but when trying to use gogs.example.net, I always get an AT&T DNS Error Assist page. I'm not sure what I'm doing wrong, as I had it working earlier until I tried to change the name of the subdomain in my apache config, but I changed it back when I started having issues, to no luck.
Here is my Apache config for the page:
<VirtualHost *:80>
ServerName gogs.example.net
ProxyPreserveHost On
ProxyPass / http://example.net:3000/
ProxyPassReverse / http://example.net:3000/
</VirtualHost>
This may be impossible, but any help would be greatly appreciated!
Fixed the issue by adding an A record to my domain
A Record: git -> 111.222.333.444
As well as modified the VirtualHost settings to include the subdomain in the ProxyPass and ProxyPassReverse
<VirtualHost *:80>
ServerName gogs.example.net
ProxyPreserveHost On
ProxyPass / http://git.example.net:3000/
ProxyPassReverse / http://git.example.net:3000/
</VirtualHost>
I have an OnlyOffice Document Server running on my server bound to port 8888 via Docker. Now I want to use a Let's Encrypt certificate to ensure a safe connection (self signed certificates won't work). I use the following config in Apache to rewrite office.example.org to office.example.org:8888 but it throws me an error 500
<VirtualHost *:443>
ServerName office.example.org
ProxyPreserveHost On
ProxyPass / https://localhost:8888/
ProxyPassReverse / https://localhost:8888/
</VirtualHost>
All necessary modules are enabled.
Has anyone any idea on how to solve this problem or a different idea to solve the Let's Encrypt problem?
Adding the following lines to the Apache config file
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
and enabling the with Proxy HTTP module with
sudo a2enmod proxy_http
did the trick!
I've been at this for two weeks now and still nothing. What's even odd is I've done this on a different server and it worked so I don't understand why this isn't working. Really frustrated here.
I'm trying to configure my apache web server on my RHEL so that HTTP requests are redirected to HTTPS when then points to my tomcat.
This is my configuration:
<VirtualHost *:80>
ServerName server.com
Redirect / https://server.com/
</VirtualHost>
<VirtualHost *:443>
ServerName server.com
ServerAlias www.server.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/pki/tls/certs/cert.cert.pem
SSLCertificateKeyFile /etc/pki/tls/private/key.key.pem
#SSLCACertificateFile /etc/pki/tls/certs/ca-chain.cert.pem
</VirtualHost>
Believe me when I say I have tried so many different combinations yet nothing. I have commented and un-commented the Include conf.d/ssl.conf, still no effect.
Please, what am I doing wrong here?
First of all: "isn't working" is quite a weak description. I might or might not hit what your problem is, but I see several options:
First: Test if the forward works
Second: What's the result when you're connecting to the https server? You can try this without the forward - just type the https protocol yourself and figure out if you can rule out the forward configuration completely.
I've done this on a different server and it worked
You're forwarding to localhost:8080. If that other server had tomcat installed (and running) on port 8080, but the one that you're trying now doesn't - well, here's your solution. localhost is always "the same" computer.
As Ortomala Lokni mentions in a comment: Your ProxyPassReverse directive is lacking a /:
ProxyPassReverse / http://localhost:8080/
Note that with this configuration, tomcat will not know that the original request has been sent through https - thus any CONFIDENTIAL declaration on tomcat assumes that the request has been sent in the clear - and it will try to redirect to https. As the ProxyPass still forwards through http, Tomcat will never know that the request actually was encrypted. There are hacks to work around this (e.g. secure="true" on the connector configuration) or more proper solution (like forwarding through AJP instead of http)
ProxyPass / ajp://localhost:8009/
(notice the changed port)
There's potential for more going wrong - in case these hints don't help, please specify "isn't working" more.
thanks ever so much! Especially you, Olaf Kock. Your suggestion was golden! Just like you suggested, I decided to forget about the forwarding and focus on what happens when I try connecting to the HTTPS directly, and that's when I came across this error:
proxy: HTTP: disabled connection for (localhost)
I did a little search and found out that I had to run this command to get things rolling: /usr/sbin/setsebool -P httpd_can_network_connect 1
(Note, there are other variations of this command, like: setsebool -P httpd_can_network_connect on or sudo setsebool -P httpd_can_network_connect on)
Then I had to setup these in the ssl.conf file under the <VirtualHost _default_:443> tag:
ServerName server.com
ServerAlias www.server.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
And it worked!
However, I didn't want to have to reference the ssl.conf file. I wanted everything in the httpd.conf file, and so after tinkering a bit, this is what worked for me, and I believe should work for anyone with a similar problem.
So, after commenting out the include conf.d/ssl.conf line
LoadModule ssl_module modules/mod_ssl.so
Listen 443
#For HTTP requests, redirecting to HTTPS
<VirtualHost *:80>
ServerName server.com
Redirect / https://server.com/
</VirtualHost>
#For HTTPS requests
<VirtualHost *:443>
ServerName server.com
ServerAlias www.server.com
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/cert.cert.pem
SSLCertificateKeyFile /etc/pki/tls/private/key.key.pem
#SSLCACertificateFile /etc/pki/tls/certs/ca-chain.cert.pem
</VirtualHost>
Obviously, you should have installed your mod_ssl in the first place.
Thanks everyone!