I'm stuck with my Apache config
Situation
I have a Node chat web app and a phpmyadmin running on the same debian VPS server. Node runs on :3000 and phpmyadmin on :443.
The server base url on :443 is currently displaying phpmyadmin login page and the chat app can be accessed on IP:3000 (https)
Each have their own SSL cert and https is working without issues on both of them separately
Goal
What I'm trying to do is setup an Apache reverse proxy to forward requests from a a clean url (like chat.domain.com) to my Node app while keeping phpmyadmin on it's own dedicated subdomain (vps.domain.com).
like so :
internet (chat.domain.com on :443) -> reverse proxy -> node app running on :3000
internet (vps.domain.com on :443) -> reverse proxy -> phpmyadmin
Issue
Redirection does not work at all.
Firefox shows an error page with SSL_ERROR_RX_RECORD_TOO_LONG (ERR_SSL_PROTOCOL_ERROR on Chrome). As far as I understand it is telling me that I can't redirect to a service running on a different port than :443
I need secure https for both of my services (phpmadmin and chat) but can only run one of them on :443 since one is Apache and the other is Node. They each have their own routing system.
What I've considered
I'm not sure if what I'm trying to do is possible with Apache and this setup. I'd like to run my main app on :443 but then PMA would have to be moved to another port and. Alternatively I could run several servers for cleaner separation of services. I could also use Docker containers, but I don't think this should be necessary here.
Not sure which solution is the most appropriate. I just wanted to do some basic redirections.
Setup config :
Including relevant information about my config in this section.
Apache version : Apache/2.4.53 (Debian)
rewrite and proxy mods are enabled
apachectl configtest -> Syntax OK
vHosts :
default http -> https redirection
# 000-default.conf
VirtualHost *:80>
ServerName default.domain.me
Redirect / https://localhost:443
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
reverse proxy vhost
# reverse_proxy.conf
<VirtualHost chat.domain.me:443>
ServerName rproxy.domain.me
# ProxyPreserveHost On
ProxyRequests Off
# chat
ProxyPass / https://localhost:3000/
ProxyPassReverse / https://localhost:3000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
PMA vhost
# phpmyadmin.conf
<VirtualHost _default_:443>
ServerName phpmyadmin.domain.me
DocumentRoot /usr/share/phpmyadmin
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/vps.domain.me/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vps.domain.me/privkey.pem
Protocols h2 http/1.1
Header always set Strict-Transport-Security "max-age=63072000"
# Alias /phpmyadmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
Require all granted
# limit libapache2-mod-php to files and directories necessary by pma
<IfModule mod_php7.c>
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/usr/share/doc/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/:/usr/share/javascript/
</IfModule>
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/templates>
Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/libraries>
Require all denied
</Directory>
ErrorLog ${APACHE_LOG_DIR}/phpmyadmin/error.log
CustomLog ${APACHE_LOG_DIR}/phpmyadmin/access.log combined
</VirtualHost>
# intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite # don't know if secret. didn't include.
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
Let me give you some possible solutions.
1)Changing the virtual host tag, ie, from <VirtualHost chat.domain.me:443> to <VirtualHost _default_:443>
2)setting the ports.conf file as follows
Listen 80
Listen 443 https
execute a2ensite default-ssl
Finally let me give you one of example that I have
ServerName abc.com
ServerAdmin webmaster#abc.com
<Proxy *>
Require all granted
</Proxy>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8181/
ProxyPassReverse / http://127.0.0.1:8181/
ErrorLog ${APACHE_LOG_DIR}/abc.com.error.log
CustomLog ${APACHE_LOG_DIR}/abc.com.access.log combined
SSLCertificateFile /etc/letsencrypt/live/abc.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/abc.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I have a web service which I access by typing the following URL exactly as is (character for character):
http://10.115.252.127:8980/opennms/login.jsp
The website files are served from /opt/opennms/jetty-webapps/opennms/
My objective is to use Apache (httpd.conf) to force any traffic to this URL to use SSL and no longer HTTP.
I have successfully installed the SSL certificates with no issues.
I have configured a VirtualHost directive to redirect port 80 to 443
Only sites under /var/www/html/* are being successfully redirected.
Example: http://10.115.252.127/numbers successfully redirects to https://10.115.252.127/numbers
http://10.115.252.127/charts successfully redirects to https://10.115.252.127/charts
But, when I type in the URL http://10.115.252.127:8980/opennms/login.jsp it is always served as HTTP...how do I make it served as HTTPS like the others? I have checked the forums and all the posts assume you will always be redirecting port 80 and dont say anything about how to use SSL in the scenario I explained. I have the same issue with another service running on port 3000 http://10.115.252.127:3000/login
===extract from my httpd.conf===
<VirtualHost *:80>
ServerName 10.115.252.127
Redirect permanent / https://10.115.252.127/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
ServerName 10.115.252.127
#Documentroot /var/www/html
</VirtualHost>
Based on your confirmation of my understanding, here is what you can do:
############################################################################
Listen 80
# All connections on port 80 are redirected to port 443
<VirtualHost *:80>
ServerName www.example.com
CustomLog "logs/80_access.log" combined
ErrorLog "logs/80_error.log"
Redirect permanent / https://www.example.com
# No documentRoot, no content
</VirtualHost>
############################################################################
Listen 443
# All URI are answered from the documentRoot directory
# EXCEPT /openms, which is proxied to :8980
<VirtualHost *:443>
ServerName www.example.com
# temporary, remove when tests done
LogLevel debug
CustomLog "logs/443_access.log" combined
Errorlog "logs/443_error.log"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
# For your redirection to 8980
ProxyPass /opennms "https://www.example.com:8980/"
ProxyPassReverse /opennms "https://www.example.com:8980/"
documentRoot "/yourdir/apache/htdocs"
DirectoryIndex index.html
</VirtualHost>
Prerequisites
you must load proxy modules
you must load rewrite module
port 8980 is linked to some other software. Apache does not handle 8980.
I would like to make the TURN server accessible behind a reverse proxy in order to use port 443 to avoid problems with blocked ports on public wifi networks, etc.
coturn is configured this way:
listening-port=8443
listening-ip=127.0.0.1
relay-ip=<public-ip-of-the-turn-server>
lt-cred-mech
use-auth-secret
static-auth-secret="secret"
realm=myturnserver.org
total-quota=0
bps-capacity=0
log-file=/var/log/turn.log
and the apache server config looks like this:
<VirtualHost *:443>
ServerName myturnserver.org
ServerAdmin root#myturnserver.org
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/myturnserver.org.error.log
CustomLog ${APACHE_LOG_DIR}/myturnserver.org.access.log combined
SSLCertificateFile /etc/letsencrypt/live/myturnserver.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myturnserver.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</VirtualHost>
but I can't connect to the turn server. Any ideas what is wrong here?
I am trying to publish, behind a proxy, a Spring app (also with Spring Security) which has /x/services as entry point. It is running in Tomcat in 8080 in Google Engine (Debian). I configure Apache 2 as a reverse proxy with next configuration
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ProxyRequests off
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
# Servers to proxy the connection, or
# List of application servers Usage
ProxyPass / http://127.0.0.1:8080/x/services/
ProxyPassReverse / http://127.0.0.1:8080/x/services
ServerName localizator.org
ServerAlias *.localizator.org
</VirtualHost>
I checked it against a lot of examples and seems it is OK, but the only response I am getting is the "Index of /" page. And Apache logs are not helping at all.
Any help will be very appreciated.
For those with a similar problem don't forget to do :
sudo a2ensite proxy-host
(lets suppose your .conf file name is proxy-host)
I've struggled with this for some time and am definitely doing something wrong.
I have Apache server and a JBoss server on the same machine. I'd like to redirect traffic for mydomain.example to JBoss localhost:8080/example. The DNS is currently setup for mydomain.example and it will go straight to port 80 when entered into the browser.
My question is how do I redirect to a different port when a certain domain name comes to Apache (in this case, mydomain.example)?
<VirtualHost ip.addr.is.here>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ProxyPass http://mydomain.example http://localhost:8080/example
ProxyPassReverse http://mydomain.example http://localhost:8080/example
</VirtualHost>
After implementing some suggestions:
Still not forwarding to port 8080
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ServerAlias www.mydomain.example
ProxyPass http://mydomain.example http://localhost:8080/example
ProxyPassReverse http://mydomain.example http://localhost:8080/example
</VirtualHost>
You should leave out the domain http://example.com in ProxyPass and ProxyPassReverse and leave it as /. Additionally, you need to leave the / at the end of example/ to where it is redirecting. Also, I had some trouble with http://example.com vs. http://www.example.com - only the www worked until I made the ServerName www.example.com, and the ServerAlias example.com. Give the following a go.
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.example.com
ServerAlias example.com
ProxyPass / http://localhost:8080/example/
ProxyPassReverse / http://localhost:8080/example/
</VirtualHost>
After you make these changes, add the needed modules and restart apache
sudo a2enmod proxy && sudo a2enmod proxy_http && sudo service apache2 restart
I solved this issue with the following code:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName myhost.example
ServerAlias www.myhost.example
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
I also used:
a2enmod proxy_http
I wanted to do exactly this so I could access Jenkins from the root domain.
I found I had to disable the default site to get this to work. Here's exactly what I did.
$ sudo vi /etc/apache2/sites-available/jenkins
And insert this into file:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ServerAlias mydomain
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
Next you need to enable/disable the appropriate sites:
$ sudo a2ensite jenkins
$ sudo a2dissite default
$ sudo service apache2 reload
Found this out by trial and error. If your configuration specifies a ServerName, then your VirtualHost directive will need to do the same. In the following example, awesome.example.com and amazing.example.com would both be forwarded to some local service running on port 4567.
ServerName example.com:80
<VirtualHost example.com:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName awesome.example.com
ServerAlias amazing.example.com
ProxyPass / http://localhost:4567/
ProxyPassReverse / http://localhost:4567/
</VirtualHost>
I know this doesn't exactly answer the question, but I'm putting it here because this is the top search result for Apache port forwarding. So I figure it'll help somebody someday.
This might be an old question, but here's what I did:
In a .conf file loaded by Apache:
<VirtualHost *:80>
ServerName something.com
ProxyPass / http://localhost:8080/
</VirtualHost>
Explanation: Listen on all requests to the local machine's port 80. If I requested "http://something.com/somethingorother", forward that request to "http://localhost:8080/somethingorother". This should work for an external visitor because, according to the docs, it maps the remote request to the local server's space.
I'm running Apache 2.4.6-2ubuntu2.2, so I'm not sure how the "-2ubuntu2.2" affects the wider applicability of this answer.
You have to make sure that the proxy is enabled on the server. You can do so by using the following commands:
a2enmod proxy
a2enmod proxy_http
service apache2 restart
If you don't have to use a proxy to JBoss and mydomain.example:8080 can be "exposed" to the world, then I would do this.
<VirtualHost *:80>
ServerName mydomain.example
Redirect 301 / http://mydomain.example:8080/
</VirtualHost>
Just use a Reverse Proxy in your apache configuration (directly):
ProxyPass /foo http://foo.example.com/bar
ProxyPassReverse /foo http://foo.example.com/bar
Look here for apache documentation of how to use the mod
My apache listens to 2 different ports,
Listen 8080
Listen 80
I use the 80 when i want a transparent URL and do not put the port after the URL
useful for google services that wont allow local url?
But i use the 8080 for internal developing where i use the port as a reference for a "dev environment"
You need 2 things:
Add a ServerAlias www.mydomain.example to your config
change your proxypass to ProxyPassMatch ^(.*)$ http://localhost:8080/example$1, to possibly keep mod_dir and trailing slashes from interfering.
Apache supports name based and IP based virtual hosts. It looks like you are using both, which is probably not what you need.
I think you're actually trying to set up name-based virtual hosting, and for that you don't need to specify the IP address.
Try < VirtualHost *:80> to bind to all IP addresses, unless you really want ip based virtual hosting. This may be the case if the server has several IP addresses, and you want to serve different sites on different addresses. The most common setup is (I would guess) name based virtual hosts.
This is working in ISPConfig too. In website list get inside a domain, click to Options tab, add these lines: ;
ProxyPass / http://localhost:8181/
ProxyPassReverse / http://localhost:8181/
Then go to website and wolaa :) This is working HTTPS protocol too.
Try this one-
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.adminbackend.example.com
ServerAlias adminbackend.example.com
ProxyPass / http://localhost:6000/
ProxyPassReverse / http://localhost:6000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
This is how I redirected part of the requests to one url and rest to another url:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName localhost
ProxyPass /context/static/content http://localhost:80/web/
ProxyPassReverse /context/static/content http://localhost:80/web/
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
All are excellent insights to accessing ports via domain names on virtual servers. Do not forget, however, to enable virtual servers; this may be commented out:
NameVirtualHost *:80
<Directory "/home/dawba/www/">
allow from all
</Directory>
We run WSGI with an Apache server at the domain sxxxx.com and a golang server running on port 6800. Some firewalls seem to block domain names with ports. This was our solution:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName wsgi.sxxxx.example
DocumentRoot "/home/dxxxx/www"
<Directory "/home/dxxx/www">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /py/ "/home/dxxxx/www/py/"
WSGIScriptAlias /wsgiprog /home/dxxxx/www/wsgiprog/Form/Start.wsgi
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName sxxxx.com
ServerAlias www.sxxxx.com
ProxyPass / http://localhost:6800/
ProxyPassReverse / http://localhost:6800/
</VirtualHost>