I am trying to do some basic testing of Apache reverse proxy in GCP. I have an Apache2.4 service running on a Debian10 VM.
The Apache VM has a public Internet interface and a 10.x.x.x interface in my GCP VPC.
Via GCP app engine, I have (2) services running (simple Go web apps), and I have added the "VPC connector" configuration so that the services are available from the VMs/VPC.
Both app engine services can be curled successfully from the Apache machine:
curl https://service1-dot-myProject-cloudapp.uk.r.appspot.com
curl https://service2-dot-mProject-cloudapp.uk.r.appspot.com
I am trying connect to these services from the Internet with the Apache doing reverse proxy.
I have a basic configuration in sites-enabled:
<VirtualHost *:443>
ServerName my-test.my-domain.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# service1 reverse proxy
<Proxy balancer://service1>
Order deny,allow
Deny from all
Allow from all
BalancerMember https://service1-dot-myProject-cloudapp.uk.r.appspot.com/
ProxySet lbmethod=bytraffic
</Proxy>
ProxyPass "/service1/" "balancer://service1/"
ProxyPassReverse "/service1/" "balancer://service1/"
# service2 reverse proxy
<Proxy balancer://service2>
Order deny,allow
Deny from all
Allow from all
BalancerMember https://service2-dot-mProject-cloudapp.uk.r.appspot.com/
ProxySet lbmethod=bytraffic
</Proxy>
ProxyPass "/service2/" "balancer://service2/"
ProxyPassReverse "/service2/" "balancer://service2/"
</VirtualHost>
When I test with https://<externalIP>/ , I get my default Apache splash page, with the usual warning that I dont have a legitimate cert --that's fine for now, I just want to get the mechanics of reverse proxy/Balancers working.
When I try to go to https://<externalIP>/service1 or https://<externalIP>/service2, I am getting 404 errors.
For right now, I am not able to setup DNS for this external IP. Is that what is preventing me connecting all the way to my "backend" services via reverse proxy?
Related
I have a problem with apache2 proxy in TLS using port forwarding.
I manage to make it work correctly in HTTP, but as soon as I try to make it work in HTTPS, Apache shows the message
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Here is my .conf file:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName service-test.mydomain.com
ServerAlias service-test.mydomain.com
ServerAdmin localhost#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / https://192.168.1.34:1010/
ProxyPassReverse / https://192.168.1.34:1010/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/service-test.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/service-test.mydomain.com/privkey.pem
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
My NAT is well configured, and it's only with HTTPS that the issue occur.
I use Debian 11 on Proxmox.
Did the server behind the proxy have to get an SSL certificate too?
I've tried but it's seem doesn't work too...
How can I fixe this?
I'm using 2 VMs configured with Apache2 as a Proxy for the Tomcat server, but I have a very strange behavior I have sometimes HTTP 403 error on my front end, I tried different configurations but I can see that depending on the requests coming from my Load Balancer (plugged with my 2 VMs Apache) it returns HTTP 403 randomly (and not for the same requests as well).
Here is the flow:
Front end -> Load Balancer (443)
-> Apache2 Reverse Proxy (443) -> Tomcat (8080)
-> Apache2 Reverse Proxy (443) -> Tomcat (8080)
I run this Apache2 Reverse Proxy on Ubuntu, here is the configuration for my Apache2 Proxies:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
Header add Access-Control-Allow-Origin "https://myfrontend.com"
SSLEngine on
SSLCertificateFile /etc/ssl/myfrontend.key
SSLCertificateKeyFile /etc/ssl/privatemyfrontend.key
SSLCertificateChainFile /etc/ssl/ca_bundle
SSLProxyEngine on
ProxyRequests off
SSLProxyVerify require
SSLProxyVerifyDepth 1
SSLProxyCACertificateFile "/etc/ssl/myfrontend.key"
SSLProxyCheckPeerName on
ProxyPreserveHost On
ProxyPass / http://localhost:8080/back/
ProxyPassReverse / http://localhost:8080/back/
</VirtualHost>
any idea why I'm getting such 403 errors?
I had a similar problem with two applications (Gitlab and SonarQube) deployed behind an Apache server configured as a reverse proxy. I solved it by uninstalling the mod_evasive module of Apache.
I am trying to publish, behind a proxy, a Spring app (also with Spring Security) which has /x/services as entry point. It is running in Tomcat in 8080 in Google Engine (Debian). I configure Apache 2 as a reverse proxy with next configuration
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ProxyRequests off
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
# Servers to proxy the connection, or
# List of application servers Usage
ProxyPass / http://127.0.0.1:8080/x/services/
ProxyPassReverse / http://127.0.0.1:8080/x/services
ServerName localizator.org
ServerAlias *.localizator.org
</VirtualHost>
I checked it against a lot of examples and seems it is OK, but the only response I am getting is the "Index of /" page. And Apache logs are not helping at all.
Any help will be very appreciated.
For those with a similar problem don't forget to do :
sudo a2ensite proxy-host
(lets suppose your .conf file name is proxy-host)
My web app runs and listens on port 8080 using its on mini server. The Apache VirtualHost redirects all :80 traffic to :8080. What I would like to do is block requests directly to localhost (e.g. 127.0.0.1). Is there a way to force all requests on the server thru the Apache instance on that server? Or do I need to do this in .htaccess at the application level.
<VirtualHost *:80>
ServerName mydomain.com
#ServerAlias anothercooldomain.org
ProxyPreserveHost On
ProxyRequests Off
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ErrorLog /var/log/apache2/myapp-error.log
CustomLog /var/log/apache2/myapp-access.log combined
</VirtualHost>
I have this problem where my apache forward http request to tomcat using proxy (see my apache virtual host config below).It works fine, but the web http request http://subdomain.example.com/xyz/images/background2.jpg arrive at tomcat as /xyz/xyz/images/background2.jpg. context name "xyz" appear twice which cause missing resource at tomcat end.
How do you resolve this problem ?
Apache Virtual Host config file
<VirtualHost *:80>
ServerName subdomain.example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://www.example.com:8080/xyz/
ProxyPassReverse / http://www.example.com:8080/xyz/
</VirtualHost>
Tomcat project setup: ../tomcat7/webapps/xyz/...
You need to update ProxyPass settings as below.
ProxyPass /xyz/ http://www.example.com:8080/xyz/
ProxyPassReverse /xyz/ http://www.example.com:8080/xyz/