I used docker-compose to build my Streamlit up in a Digitalocean droplet. I can access the app using the http://<droplet_ip>:8501.
I followed the Digitalocean guide on how to download Apache2 on Ubuntu and created a Virtual Host. I also downloaded a SSL certificate from Lets Encrypt as instructed.
I also created the A and CNAME records as instructed on the Digitalocean dashboard and updated the Name Servers in domain registrar's dashboard.
In the /etc/apache2/sites-available/ directory, the virtual host setup is as follows:
VirtualHost *:80>
ServerAdmin: webhost email
ServerName <my_domain>
ServerAlias www.<my_domain>
DocumentRoot /var/www/my_domain
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combine
RewriteEngine on
RewriteCond %{SERVER_NAME} =my_domain [OR]
RewriteCond %{SERVER_NAME} =my_domain
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent
</VirtualHost>
In the /var/www/my_domain directory is the index.html file.
Currently, when I type the my_domain it takes me to the index.html file and not my Streamlit app.
Any insights would be appreciated.
I have tried several suggestions from the Digitalocean tutorial to no avail.
Related
For forwarding an internal website (i.e. normally not available on internet) to internet I use ProxyPass in Apache.
I have the following setup:
Backend server: An internal laptop or Raspberry PI or virtual machine running an Apache web server on macOS or Linux, accessible in my home wifi. From that machine the following reverse SSH tunnel is run.
Frontend server: A VPS rented running Ubuntu running Apache web server.
When I perform a reverse SSH tunnel to the VPS :
ssh -N -p 22 -R 1081:127.0.0.1:80 root#myVPS
I can access my internal localhost site on https://forward.example.com, just like it behaves internally.
But the glitch is that the $_SERVER["HTTP_HOST"] now returns "localhost:1081" as specified in the ssl.conf.
In PHP I get the remote IP address by $_SERVER['HTTP_X_FORWARDED_FOR'] rather than $_SERVER['REMOTE_ADDR'], so that works fine.
There is also a $_SERVER['HTTP_X_FORWARDED_HOST'] which shows 'forward.example.com'.
Some posts on the internet advised me to specify ProxyPreserveHost on, but enabling that makes things worse: I get a redirect loop.
Is there a way to let Apache force $_SERVER['HTTP_X_FORWARDED_HOST'] ('forward.example.com' in my example) into $_SERVER"HTTP_HOST"]?
Virtual host section in ssl.conf:
<VirtualHost *:443>
SSLEngine on
DocumentRoot /var/www/html/test/
ServerName forward.example.com
LogLevel Debug
ErrorLog ${APACHE_LOG_DIR}/forward-error.log
CustomLog ${APACHE_LOG_DIR}/forward.log combined
SSLCertificateFile /root/.acme.sh/forward.example.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/forward.example.com/forward.example.com.key
# SSLCertificateChainFile /root/.acme.sh/forward.example.com/fullchain.cer
SSLProxyEngine On
ProxyRequests Off
# This causes a redirect loop !!!
# ProxyPreserveHost on
# https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
ProxyPass / http://localhost:1081/
ProxyPassReverse / http://localhost:1081/
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://localhost:1081/$1" [P,L]
</VirtualHost>
I am using the latest GitLab Omnibus package successfully. Now I am trying to use it with Apache as a subpage so I can run other webpages next to Gitlab.
I successfully managed to use Apache but I am an unable to call any other websites ( 403 ).
Setup Gitlab:
external_url 'http://server/gitlab'
nginx = false
nginx user = www-data
port 8181
Apache vhost:
<VirtualHost *:80>
ServerName server
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
RewriteEngine on
<Location /gitlab>
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://server/gitlab
</Location>
RewriteEngine on
#Forward all requests to gitlab-workhorse except existing files like error documents
#RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
#RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} ^/uploads/.*
RewriteRule ^(.*)gitlab(.*)$ http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
ErrorLog /var/log/apache2/oldgit_error.log
CustomLog /var/log/apache2/oldgit_forwarded.log common_forwarded
CustomLog /var/log/apache2/oldgit_access.log combined env=!dontlog
</VirtualHost>
As you might recognize , this is the basically the configuration file provided by Gitlab CE.
Gitlab does work as expected but I am not able to call any other web sides from apache ( /var/www/html/{subsite} ).
Error is 403
tried vhost file to give all the needed permissions ( granted all ), but the error persists.
Any experience with this scenario ?
Debain 8
Gitlab CE ( latest version )
Apache 2.4
mod_rewrite
mod_proxy
mod_proxy_http
Goal:
server/gitlab -> should pass all to Gitlab CE
server/{subsite} -> should just be handled by apache as usual
I guess it has something to do with the ReWrite rules, but not sure anymore .
After installing the SSL Cert for my domain, I can no longer stay logged in to PhpMyAdmin remotely via SSH.
Before SSL:
PHP-based migrated to a fresh Bitnami LAMP Stack deployed and hosted with Google Cloud Platform.
I updated to PMA 4.6.5.1
I successfully used Putty to tunnel from http://127.0.0.1:8888/phpmyadmin to http://localhost:80/phpmyadmin on the server using local 127.0.0.1:8888 --> remote localhost:80
After SSL:
SSL installed via Comodo's generic Linux Apache directions here. (bitnami.conf changes shown below)
Web app is publicly accessible via https://EPHEMERAL_IP_ADDRESS/ (and redirect from http://EPHEMERAL_IP_ADDRESS/ to http://EPHEMERAL_IP_ADDRESS/)
Previously accessible on live server https://my.domain/ (and redirects from http://my.domain/ to https://my.domain), but I haven't swapped IPs yet so ServerName might be an issue?
I added local 127.0.0.1:8383 --> remote localhost:443 to my Putty configuration.
I can access https://127.0.0.1:8383/phpmyadmin and log in. But as soon as click anything (e.g. a database name) within PMA, I am booted out to the PMA login screen.
Changes made to /opt/bitnami/apache2/conf/bitnami/bitnami.conf:
<VirtualHost _default_:80>
DocumentRoot "/opt/bitnami/apache2/htdocs"
RewriteEngine On #added
RewriteCond %{HTTPS} !=on #added
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L] #added
<Directory "/opt/bitnami/apache2/htdocs">
...
</VirtualHost>
...
<VirtualHost _default_:443>
DocumentRoot "/opt/bitnami/apache2/htdocs"
ServerName mydomain.com:443 #added
ServerAdmin my#email.address #added
SSLEngine on
SSLCertificateFile "/path/to/my_domain.crt" #changed
SSLCertificateKeyFile "/path/to/myserver.key" #changed
SSLCACertificateFile "/path/tof/my_domain.ca-bundle" #added
...
</VirtualHost>
Essentially: I turned on SSL per client specification, but this has broken my PMA access. Any help is greatly appreciated!
SO's suggestion Installing SSL certificate breaks phpmyadmin with 403 error came through for the win:
While I simply accessed PMA from a different browser, the more commonly applicable solution is deleting the specific PMA cookies. (HT Isaac Bennetch)
See here for specifics on how to delete specific cookies in various browsers.
I'm trying to install Phabricator on an AWS web instance, but I'm having trouble configuring apache to get anything other than the Apache2 Ubuntu default page to show up.
I create
<Directory "/home/ubuntu/phabricator/phabricator/webroot">
Require all granted
</Directory>
<VirtualHost *:8080>
# Change this to the domain which points to your host.
ServerName -##-##-###-###.us-west-2.compute.amazonaws.com
# Change this to the path where you put 'phabricator' when you checked it
# out from GitHub when following the Installation Guide.
#
# Make sure you include "/webroot" at the end!
DocumentRoot /home/ubuntu/phabricator/phabricator/webroot
RewriteEngine on
RewriteRule ^/rsrc/(.*) - [L,QSA]
RewriteRule ^/favicon.ico - [L,QSA]
RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA]
</VirtualHost>
In /etc/apache2/sites-available
I then run
sudo a2dissite 000-default.conf
sudo a2ensite phabricator.conf
service apache2 reload
But when I load http://ec2-##-##-###-###.us-west-2.compute.amazonaws.com/ the default apache configuration page still shows up. How comes its not disabled?
I have a Plone site called example.com located at /var/www/Plone (I think). I have the following settings for the site located in sites-available for vhosts (excerpt):
<VirtualHost 10.0.1.4:8082>
ServerAdmin webmaster#localhost
ServerName wiedhas.noip.me
DocumentRoot /var/www/Plone
When I try to reach my site wiedhas.noip.me, apache loads the Plone directory tree and not my Plone site. I can browse through the file system of /var/www/Plone but it is not loading the site. I must not have set the documentroot to the correct directory of my site? Any help much appreciated.
This an excellent docu about running plone behind apache and more.
http://docs.plone.org/manage/deploying/front-end/apache.html
A simple example with ssl, how a vhost could look like:
<VirtualHost $IP:80>
ServerName my.domain.com
Redirect / https://my.domain.com
</VirtualHost>
<VirtualHost $IP:443>
ServerName my.domain.com
ErrorLog logs/my.domain.com-http-error.log
CustomLog logs/my.domain.com-http-access.log combined
Include vhosts.d/....ssl.inc
RewriteEngine On
RewriteRule ^/(.*) http://127.0.0.1:$PORT_OF_PLONE/VirtualHostBase/https/%{SERVER_NAME}:%{SERVER_PORT}/zodb/path/top/plone/VirtualHostRoot/$1 [P,L]
</VirtualHost>
The most important part is the rewrite rule:
RewriteRule ^/(.*) http://127.0.0.1:$PORT_OF_PLONE/VirtualHostBase/https/%{SERVER_NAME}:%{SERVER_PORT}/zodb/path/top/plone/VirtualHostRoot/$1 [P,L]
$PORT_OF_PLONE = Port of your running plone instance
/zodb/path/top/plone = That's where you added the plone site in zope.
Took me a while to get mine going so maybe this helps:
My vhosts looks like this (where my plone site is called 'mywebsite'):
#---------------------------------
# www.mywebsite.com
#---------------------------------
<VirtualHost *:80>
ServerName www.mywebsite.com
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/(.*)$ http://127.0.0.1:8081/VirtualHostBase/http/%{SERVER_NAME}:80/mywebsite/VirtualHostRoot/$1 [L,P]
</IfModule>
</VirtualHost>
Hope that helps :)
As you see in the first and correct answer you do not need DocumentRoot. DocumentRoot points to a directory with files to render by Apache. But Plone brings it's own server, the Zope application server, which runs on a different port than Apache. The RewriteRule redirects the incoming request to the application server and modifies the response in a way that the redirection is hidden for the client.