I am using mountebank to mock a number of REST APIs, each one is accessible through a random port. Users are able to create new mocks or remove old ones whenever they need to.
So I want to setup an apache server such that it maps the suffix of the server url to the associated port, for example: myserver.com/8000 gets automatically proxied to myserver.com:8000
I could regenerate apache config while adding a new reverse proxy, but I would need to restart the server each time and I don't think that's a good idea.
I tried using mod_proxy_express which dynamically generate a proxy map but it seems to only map servers names and not individual paths.
Is this technically possible in apache, or any other web server for that matter ?
Related
I have application foo deployed on Tomcat. What I want to achieve is to separate root application and one part foo/context in a following way:
https://example.com/internal -> https://example.com/foo
https://example.com/public -> https://example.com/foo/context
I know how to proxy this, but the problem is that internal part needs to be visible only for certain IP addresses, and public part to all users.
If I restrict access to /foo, than it is not possible to access https://example.com/foo/context.
Is this even possible to achieve?
I have moqui running on system1 which is accessible using URL http://localhost:8080/Login.
Trying to access it from other system2 (in network) with URL replacing 'localhost' with the IP of first system; it shows the first (log-in) page, but afterwards, when submitting the pages from system2, the IP in URL automatically gets changed to 'localhost'. I have looked in to the book and also searched in framework code but couldn't find something related to this.
What could be the cause of this, is there any setting in app to fix this?
There are two parts to configuring hosts and ports for a webapp. One is is for the servlet container so it knows what to listen to and the other is in Moqui Framework itself so it knows what to use when generating URLs. It sounds like the issue you are having is with the second, with URL generation.
In your runtime Moqui XML Conf file there should be a webapp element somewhat like this one from the MoquiProductionConf.xml file:
<webapp name="webroot" http-port="" http-host=""
https-port="" https-host="" https-enabled="false"
content-prefix-secure="" content-prefix-standard="" cookie-domain="">
<root-screen host=".*" location="component://webroot/screen/webroot.xml"/>
</webapp>
When no #http-host/etc attribute is specified the values from the HttpServletRequest object will be used. These will vary depending on the settings of the servlet container you are using to deploy Moqui Framework.
To set it to something explicit you can use the http-host and if needed the https-host, http-port, and https-port attributes. For virtual host support the http-host and https-host attributes should be empty and the servlet container (and any proxy/etc in front of it) should be configured to pass through the hostname requested.
I'm using Composer with Toran Proxy hosted on a personal server to manage my package dependencies for Symfony2, today I encountered a problem, one of the URLs that Composer needs to download ends with dependecy-injection.json, every other URL downloads OK, but having those words it's something the proxy doesn't like, so it blocks it.
I have full access to the server, is there a way to mask o change that certain URL to make it look like another one and so "bypassing" the proxy?
This is the URL:
http://domainexample/toran/web/app.php/repo/packagist/p/symfony/dependency-injection.json
I'm using Apache2 as web server.
I have set up an Apache Web Server 2.4 to act as a proxy for Apache Tomcat 7, communicating via the AJP protocol (mod_proxy_ajp on the Apache side and an AJP connector on the Tomcat side). Everything works great for basic functionality.
Now, I am looking to set some specific AJP attributes, but can't quite get it to work...
Looking at the mod_proxy_ajp page (http://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html), under the Request Packet Structure section, I see a listing of attributes. These attributes include the likes of remote_user, and ssl_cert (code values 0x03 and 0x07, respectively). There is also an "everything else" attribute called req_attribute with code value 0x0A that can be used to set any arbitrary attribute in an AJP request.
Further, on the same page, under the Environment Variables section, it states the following:
Environment variables whose names have the prefix AJP_ are forwarded to the origin server as AJP request attributes (with the AJP_ prefix removed from the name of the key).
This seems straightforward enough, and indeed, I am easily able to set an arbitrary AJP attribute such as "doug-attribute" by setting an Apache environment variable called "AJP_doug-attribute", and assigning a relevant value. After doing such, I can analyze the traffic using Wireshark, and see the "doug-attribute" field show up in the dissected AJP block, prefixed with a hex value of 0x0A (the "req_attribute" type listed above). So far so good.
Now I want to try to set the ssl_cert attribute. In the same fashion, I set an environment variable called "AJP_ssl_cert". Doing so, it does show up in Wireshark, but with prefix code "0x0A". Further, my Java application that wants to read the "javax.servlet.request.x509certificate" does not find the certificate.
However, I also notice some other attributes in the Wireshark capture that are listed on the website, like ssl_cipher and ssl_key_size. But in the capture, they show up as "SSL-Cipher" and "SSL-Key-Size" (and have the appropriate "0x08" and "0x0B" prefix codes). So, I try setting the cert attribute again, this time as "SSL-Cert", but I get the same results as before.
To compare, I altered the Apache configuration to require client certificates, and then provided one in the browser when visiting the associated web page. At this point, I look at the Wireshark capture, and sure enough, there is now an attribute named "SSL-Cert", with code "0x07", and my web application in Tomcat is successfully able to find the certificate.
Is there any way that I can manually set the attributes listed on the mod_proxy_ajp page, or does the module handle them differently from other arbitrary request attributes (like "doug-attribute")? I feel like there must be something I am missing here.
As some background, the reason that I am trying to do this is that I have a configuration with multiple Apache web servers proxying each other, and then at the end, an Apache web server proxying to a Tomcat instance via AJP. All the Apache web servers use SSL and require client certificates. With just one Apache server, Tomcat can receive the user's certificate just fine without any special configuration on my part. However, with multiple, it ultimately receives the server certificate of the previous Apache proxy (set on that machine using the SSLProxyMachineCertificateFile directive).
What I am hoping to do is place the original user's certificate into the headers of the intermediate proxied requests, and then manually set that certificate in the AJP attributes at the back end so that the web application in Tomcat can read the certificate and use it to perform its authorization stuff (this part is already set in stone, otherwise I would just add the certificate as a header and make the Java app read the header).
EDIT: of course, if there is an easier way to accomplish passing the user's certificate through the proxy chain, I'd be more than happy to hear it! :)
I am trying to integrate the liferay tomcat with apache web server.I successfully integrate the liferay with web server.
Condition:
Life ray deployed on ip say : 10.10.10.70
Apache web server on ip say: 10.10.10.80
I provided all the requirement virtual host requirement in httpd.conf file..and provided the web.server.host in portal-ext.properties file.
Problem: When i run liferay portal i can open it on ip: 10.10.10.70
but when i click on any page link (let say /home)that is present in my portal it moved the request to
10.10.10.80:8080/home instead of 10.10.10.70:8080/home
I want to know how to handle this condition.
Because i dont have any page resource on web server doc folder only contain static css..
You might be a bit more precise what "all the required virtual host settings" are, e.g. what did you configure?
Note that by explicitly configuring hostnames/IP-addresses, you're explicitly overriding the autodetected settings from the request - no matter how you get to your portal, Liferay will generate URLs based on the explicitly configured hostname/port.
What's the point in having an Apache in front and then trying to reach tomcat through the non-apache IP/Port? Typically you might have static resources, rewrites, caches on Apache, so that you'll get different results when you alternatively access tomcat through both URLs.
If you configure Apache to "properly" handle the requests before tomcat sees them, you'll typically not need to configure Liferay at all, because Apache will make the actual hostname that it's requested under available to Tomcat. I'm typically using mod_jk for this and it beautifully handles all the configuration with almost no need to explicitly configure tomcat/liferay. If you don't like this, keep in mind that you're explicitly configuring Liferay for the virtual host setup - naturally this explicitly configured name is what Liferay uses. It would be weird if the explicit value would not be used, right?