Run Mercure on production : 404 no found - mercure

I am contacting you because I can't get mercure to work in production.
The binary prebuild runs fine, but when I try to connect to the hub, I get a 404 no found.
Here is the command I run :
sudo MERCURE_PUBLISHER_JWT_KEY='eyJhbGciOiJIUzI1NiIsInR5cCI6...' MERCURE_SUBSCRIBER_JWT_KEY='eyJhbGciOiJIUzI1NiIsInR5cCI6...' SERVER_NAME=:3000 ./mercure run
the server launches without any problem apparently:
2022/02/15 17:38:09.919 INFO using adjacent Caddyfile
2022/02/15 17:38:09.920 WARN input is not formatted with 'caddy fmt' {"adapter": "caddyfile", "file": "Caddyfile", "line": 3}
2022/02/15 17:38:09.921 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["[::1]:2019", "127.0.0.1:2019", "localhost:2019"]}
2022/02/15 17:38:09.922 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0000cb7a0"}
2022/02/15 17:38:09.935 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2022/02/15 17:38:09.935 INFO tls finished cleaning storage units
2022/02/15 17:38:09.935 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2022/02/15 17:38:09.935 INFO serving initial configuration
my .env is configured as such:
###> symfony/mercure-bundle ###
MERCURE_URL=https://monsite.com/.well-known/mercure
MERCURE_PUBLIC_URL=https://monsite.com/.well-known/mercure
MERCURE_JWT_SECRET="eyJhbGciOiJIUzI1NiIsInR5cCI6..."
###< symfony/mercure-bundle ###
My CaddyFile :
# Learn how to configure the Mercure.rocks Hub on https://mercure.rocks/docs/hub/config
{
{$GLOBAL_OPTIONS}
}
{$SERVER_NAME:monsite.com}
log
route {
encode zstd gzip
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt://mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Allow Subscribers
anonymous
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
respond /healthz 200
respond "Not Found" 404
}
When I try to access the hub with postman by typing the following command:
https://monsite.com/.well-known/mercure
I get a 404 no found.
I am under linux debian 10 with apache2. I don't understand what I did wrong. Thanks for your help.
EDIT 21/02/2022
Hi Mehmet, here is what I did:
In /etc/apache2/sites-available monsite.conf and monsite-le-ssl.conf :
ProxyPass /mercure-hub http://localhost:8080/
ProxyPassReverse /mercure-hub http://localhost:8080/
In Caddyfile and Caddyfile.dev :
{
{$GLOBAL_OPTIONS}
auto_https off }
{$SERVER_NAME::8080}
Apparently the hub launches well, I have no error in the console:
debian#vps-...:/var/www/monsite/mercure$ sudo MERCURE_PUBLISHER_JWT_KEY='eyJhbGciOiJIUzI1NiIsInR5cCI6I...' MERCURE_SUBSCRIBER_JWT_KEY='eyJhbGciOiJIUzI1NiIsInR5cCI6I...' ./mercure run -config Caddyfile.dev
2022/02/21 13:31:20.672 INFO using provided configuration {"config_file": "Caddyfile.dev", "config_adapter": ""}
2022/02/21 13:31:20.675 WARN input is not formatted with 'caddy fmt' {"adapter": "caddyfile", "file": "Caddyfile.dev", "line": 3}
2022/02/21 13:31:20.676 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2022/02/21 13:31:20.676 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0003fe700"}
2022/02/21 13:31:20.703 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2022/02/21 13:31:20.703 INFO tls finished cleaning storage units
2022/02/21 13:31:20.703 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2022/02/21 13:31:20.704 INFO serving initial configuration
Whether I run Caddyfile or Caddyfile.dev, when accessing https://monsite.com/mercure-hub, I get a 500 error.

That is my apache settings. Maybe help to you.
open
nano /etc/apache2/sites-available/yourdomain.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html/yourdomain.com
DirectoryIndex /index.php
ServerName yourdomain.com
#Settings for mercure
ProxyPass /mercure-hub http://localhost:8080
ProxyPassReverse /mercure-hub http://localhost:8080
<Directory /var/www/html/yourdomain.com >
AllowOverride None
Order Allow,Deny
Allow from All
FallbackResource /index.php
Options FollowSymLinks MultiViews
</Directory>
<Directory /var/www/html/yourdomain.com >
DirectoryIndex disabled
FallbackResource disabled
</Directory>
RewriteEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
#YOUR SSL PEM FİLES
SSLCertificateFile /etc/letsencrypt/live …..
SSLCertificateKeyFile /etc/letsencrypt/live …..
</VirtualHost>
</IfModule>
Your caddyfile option should like that
{
{$GLOBAL_OPTIONS}
auto_https off
}
{$SERVER_NAME::8080}#this parameter will run http://localhost:8080
Mercure command
MERCURE_PUBLISHER_JWT_KEY='YOUR_KEY' MERCURE_SUBSCRIBER_JWT_KEY='YOUR_KEY' ./mercure run -config Caddyfile
you can try with Caddyfile.dev for test.
MERCURE_PUBLISHER_JWT_KEY='YOUR_KEY' MERCURE_SUBSCRIBER_JWT_KEY='YOUR_KEY' ./mercure run -config Caddyfile.dev
after this settings your mercure will run yourdomain.com/mercure-hub

After some digging, I tried to figure out why it was returning a 500 error. I went to the apache logs, I had this error message:
"No protocol handler was valid for the URL /. If you are using a DSO
version of mod_proxy, make sure the proxy submodules are included in
the configuration using LoadModule"
So I installed the missing components:
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
I also modified the proxy urls by adding a slash at the end of mercure-hub, otherwise I would get a 404 error:
ProxyPass /mercure-hub/ http://localhost:8080/
ProxyPassReverse /mercure-hub/ http://localhost:8080/
Restarted apache, and updated the Url in my .env :
MERCURE_URL=https://monsite.com/mercure-hub/.well-known/mercure
MERCURE_PUBLIC_URL=https://monsite.com/mercure-hub/.well-known/mercure
And it works, thanks a lot !

Related

https is not working with my installed ssl (apache 2.4.25 & letsencrypt)

I am trying to install ssl on my web-site for the first time and cannot get it running.
I installed certbot to my host and installed letsencrypt certificates for web sites
5: site3.ru
6: dav.site3.ru
7: www.site3.ru
And now site3.ru completely not working both http and https.
dav.site3.ru is working, but only with http.
apachectl -v
Server version: Apache/2.4.25 (Debian)
# uname -a
Linux debian 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux
# cat /etc/debian_version
9.5
root#debian:/home/schel4ok# apt-get install python-certbot-apache -t stretch-backports
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
python-certbot-apache
1 upgraded, 0 newly installed, 0 to remove and 97 not upgraded.
Need to get 3,810 B of archives.
After this operation, 3,072 B of additional disk space will be used.
Get:1 http://deb.debian.org/debian stretch-backports/main amd64 python-certbot-apache all 0.28.0-1~bpo9+1 [3,810 B]
Fetched 3,810 B in 0s (22.0 kB/s)
Reading changelogs... Done
(Reading database ... 67111 files and directories currently installed.)
Preparing to unpack .../python-certbot-apache_0.28.0-1~bpo9+1_all.deb ...
Unpacking python-certbot-apache (0.28.0-1~bpo9+1) over (0.25.0-2~bpo9+1) ...
Setting up python-certbot-apache (0.28.0-1~bpo9+1) ...
root#debian:/home/schel4ok# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: site1.lan
2: www.site1.lan
3: site2.ru
4: www.site2.ru
5: site3.ru
6: dav.site3.ru
7: www.site3.ru
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 5 6 7
-------------------------------------------------------------------------------
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/dav.site3.ru.conf)
It contains these names: dav.site3.ru
You requested these names for the new certificate: site3.ru,
dav.site3.ru, www.site3.ru.
Do you want to expand and replace this existing certificate with the new
certificate?
-------------------------------------------------------------------------------
(E)xpand/(C)ancel: e
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for site3.ru
tls-sni-01 challenge for dav.site3.ru
http-01 challenge for www.site3.ru
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dav.site3.ru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout during connect (likely firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: dav.site3.ru
Type: connection
Detail: Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
root#debian:/home/schel4ok# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: site1.lan
2: www.site1.lan
3: site2.ru
4: www.site2.ru
5: site3.ru
6: dav.site3.ru
7: www.site3.ru
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 7
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.site3.ru
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/site3-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/site3-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/site3-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/site3.conf to ssl vhost in /etc/apache2/sites-available/site3-le-ssl.conf
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://www.site3.ru
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.site3.ru
-------------------------------------------------------------------------------
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.site3.ru/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.site3.ru/privkey.pem
Your cert will expire on 2019-03-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root#debian:/home/schel4ok# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/dav.site3.ru.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for dav.site3.ru
Waiting for verification...
Cleaning up challenges
-------------------------------------------------------------------------------
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/dav.site3.ru/fullchain.pem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.site3.ru.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.site3.ru
Waiting for verification...
Cleaning up challenges
-------------------------------------------------------------------------------
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/www.site3.ru/fullchain.pem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/dav.site3.ru/fullchain.pem (success)
/etc/letsencrypt/live/www.site3.ru/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
-------------------------------------------------------------------------------
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
root#debian:/home/schel4ok#
At this point I checked that https not working and I noticed that my conf files, which were created by certbot doesn't contain string 'SSLEngine on'.
Then I add this line, but https still not working.
Here is how my conf looks like.
/etc/apache2/sites-enabled/site3.conf
<VirtualHost *:80>
ServerName site3.ru
ServerAlias www.site3.ru
ServerAdmin admin#site3.ru
DocumentRoot /var/www/site3
DirectoryIndex index.html index.htm index.php
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.site3.ru [OR]
RewriteCond %{SERVER_NAME} =site3.ru
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
/etc/apache2/sites-enabled/site3-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName site3.ru
ServerAlias www.site3.ru
ServerAdmin admin#site3.ru
DocumentRoot /var/www/site3
DirectoryIndex index.html index.htm index.php
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.site3.ru/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.site3.ru/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
/etc/apache2/sites-enabled/dav.conf
<VirtualHost *:80>
ServerName dav.site3.ru
ServerAlias dav.site3.ru
DocumentRoot /var/www/dav/html
DirectoryIndex index.html index.htm index.php
<Directory "/var/www/dav/html">
Options None
Options +FollowSymlinks
AllowOverride All
# Confiugration for apache-2.4:
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
/etc/apache2/sites-enabled/dav-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName dav.site3.ru
ServerAlias dav.site3.ru
DocumentRoot /var/www/dav/html
DirectoryIndex index.html index.htm index.php
<Directory "/var/www/dav/html">
Options None
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/dav.site3.ru/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dav.site3.ru/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Gitlab on Apache2 with SSL

I have successfully installed Gitlab on Ubuntu 14.04 using https://about.gitlab.com/downloads/#ubuntu1404 but I am struggling to make redirect and access it through web (https://my.example.com/gitlab).
I have modified /etc/gitlab/gitlab.rbto:
external_url 'https://my.example.com/gitlab'
nginx['enable'] = false
And reconfigured with sudo gitlab-ctl reconfigure
If I uncomment:
web_server['external_users'] = ['www-data']
I get:
Recipe Compile Error in
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/recipes/default
NoMethodError
------------- undefined method `-' for nil:NilClass
Cookbook Trace:
--------------- /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/config.rb:21:in
from_file'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/default.rb:26:in
from_file'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/recipes/default.rb:18:in
`from_file'
Relevant File Content:
---------------------- /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/config.rb:
14: # See the License for the specific language governing
permissions and 15: # limitations under the License. 16: # 17:
18: Gitlab[:node] = node 19: 20: if
File.exists?('/etc/gitlab/gitlab.rb') 21>>
Gitlab.from_file('/etc/gitlab/gitlab.rb') 22: end 23: 24:
node.consume_attributes(Gitlab.generate_config(node['fqdn'])) 25:
I have tried adding various gitlab.conf to /etc/apache2/sites-available/ but https://my.example.com/gitlab does not redirect to Gitlab login page, I get 'Page not found' from Redmine service which runs on home page. Current default-ssl.conf uses DocumentRoot /var/www while Gitlab DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public. Apache2 is configured to use SSL.
UPDATE 1
I have made symlink:
sudo ln -s /opt/gitlab/embedded/service/gitlab-rails/public /var/www/gitlab
So now it can be configured in default-ssl.conf.
Alias /gitlab "/var/www/gitlab"
Does not forward to Gitlab homepage, while
Alias /gitlab "/var/www/gitlab/deploy.html"
works well. What is Gitlab home page directory? Where is index.html file?
UPDATE 2
If I add
RackBaseURI /gitlab
RailsBaseURI /gitlab
<Directory /var/www/gitlab>
Allow from all
Options -MultiViews
</Directory>
I get error after entering https://my.example.com/gitlab/
Web application could not be started
It looks like Bundler could not find a gem. Maybe you didn't install all the gems that this application needs. To install your gems, please run:
bundle install
If that didn't work, then the problem is probably caused by your application > being run under a different environment than it's supposed to. Please check > the following:
Is this app supposed to be run as the www-data user?
Is this app being run on the correct Ruby interpreter? Below you will see which Ruby interpreter Phusion Passenger attempted to use.
-------- The exception is as follows: -------
Could not find rake-10.5.0 in any of the sources (Bundler::GemNotFound)
/var/lib/gems/1.9.1/gems/bundler-1.12.5/lib/bundler/spec_set.rb:95:in block in materialize'
/var/lib/gems/1.9.1/gems/bundler-1.12.5/lib/bundler/spec_set.rb:88:inmap!'
/var/lib/gems/1.9.1/gems/bundler-1.12.5/lib/bundler/spec_set.rb:88:in materialize'
/var/lib/gems/1.9.1/gems/bundler-1.12.5/lib/bundler/definition.rb:140:inspecs'
/var/lib/gems/1.9.1/gems/bundler-1.12.5/lib/bundler/definition.rb:185:in specs_for'
/var/lib/gems/1.9.1/gems/bundler-1.12.5/lib/bundler/definition.rb:174:inrequested_specs'
The exception above was solved after updating Ruby.
UPDATE 3
Now I get
with
Alias /gitlab "/var/www/gitlab"
AllowEncodedSlashes NoDecode
<Directory /var/www/gitlab>
Options Indexes FollowSymLinks MultiViews
PassengerAppRoot "/var/www/gitlab"
RailsBaseURI /var/www/gitlab
AllowOverride None
Order allow,deny
allow from all
</Directory>
How to configure Gitlab and Apache2 to get Gitlab first page when entering https://my.example.com/gitlab?
It sounds like your Apache configuration is not proxying to the GitLab server on port 8080 (unicorn). There are example Apache configuration files available at https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/apache.
There's also a good post explaining the steps to use Apache with GitLab Omnibus at http://ryansechrest.com/2015/08/use-apache-instead-of-built-in-nginx-in-gitlab-ce/. It's a little over a year old, so the Apache configuration may be a little outdated. Use the guide, but substitute the Apache configuration from the gitlab-recipes link above and it should work.
I had other service working on 8080 so I have changed Unicorn port to 9099.
Modified Gitlab configuration sudo nano /etc/gitlab/gitlab.rb:
external_url 'https://subdomain.example.com/gitlab'
web_server['username'] = 'apache' #'gitlab-www'
web_server['group'] = 'apache' #'gitlab-www'
nginx['enable'] = false
unicorn['listen'] = '127.0.0.1'
unicorn['port'] = 9099
Reconfigured Gitlab: sudo gitlab-ctl reconfigure
Modified Apache configuration sudo nano /etc/apache2/apache2.conf with adding:
ProxyPass /gitlab http://127.0.0.1:9099/gitlab
ProxyPassReverse /gitlab http://127.0.0.1:9099/gitlab
RequestHeader add X-Forwarded-Proto https
Reloaded it:
sudo service apache2 reload

Apache Webserver ReverseProxy to serve Apache Solr Admin Panel

I'm trying to run an Apache Solr Service (on its emdedded jetty server) on a remote server. The admin has provided me following information:
DNS: my.server.com
IP: xxx.xxx.xxx
Server OS: 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux
Only Port 80 is accessible. On the server we want to deploy Apache Solr and a microservice which uses Solr as search engine. I want to use Apache Webserver to forward the HTTP-Request to the Solr Admin UI and to the microservice UI, but it doesn't seem to work, I use Apache Server version: Apache/2.4.10 (Debian)
Server built: Sep 15 2016 20:44:43.
I installed Apache and started the server, so far everything works as expected. I can access the admin view from Apache entering the DNS in my browser.
I enabled a few modules following this articel https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension:
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_ajp
a2enmod rewrite
a2enmod deflate
a2enmod headers
a2enmod proxy_balancer
a2enmod proxy_connect
a2enmod proxy_html
Then I tried to configure a virtual host under /etc/apache2/sites-available/myconf.conf:
<VirtualHost *:80>
DocumentRoot /var/www/html
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ProxyPass /solr http://my.server.com:8983 retry=0 timeout=5
ProxyPassReverse /solr http://my.server.com:8983
ProxyPass /microservice http://my.server.com:6868 retry=0 timeout=5
ProxyPassReverse /microservice http://my.server.com:6868
LogLevel debug
</VirtualHost>
Solr uses its standard port 8983 and the microservice will be on port 6868. When I try to acces solr with http://my.server.com/solr I get an HTTP 503 Service unavailable.
I first tried this:
/usr/sbin/setsebool -P httpd_can_network_connect 1
But it changed nothing. I also had to install first:
apt-get install policycoreutils
to make this option available. The solr service seems to be ok:
solr status
Found 1 Solr nodes:
Solr process 14082 running on port 8983
{
"solr_home":"/etc/apache-solr/solr-6.2.0/server/solr",
"version":"6.2.0 764d0f19151dbff6f5fcd9fc4b2682cf934590c5 - mike - 2016-08-20 05:41:37",
"startTime":"2016-10-07T12:02:05.300Z",
"uptime":"0 days, 1 hours, 29 minutes, 55 seconds",
"memory":"29.7 MB (%6.1) of 490.7 MB"}
The Apache log keeps saying:
The timeout specified has expired: AH00957: HTTP: attempt to connect to xxx.xxx.xxx:8983 (my.server.com) failed
AH00959: ap_proxy_connect_backend disabling worker for (my.server.com) for 0s
AH01114: HTTP: failed to make connection to backend: my.server.com
Without my timeout setting everthing keeps the same but it takes ages before I get the 503 Error.
Any hints? After one day struggeling I'm depressed ... all I want is to finish the task.
Thanks in advance!
It turns out that I needed to append a slash to the urls:
ProxyPass /solr/ http://my.server.com:8983/ retry=0 timeout=5
ProxyPassReverse /solr/ http://my.server.com:8983/
ProxyPass /microservice/ http://my.server.com:6868/ retry=0 timeout=5
ProxyPassReverse /microservice/ http://my.server.com:6868/

Proxy websocket wss:// to ws:// apache

i searched alot but i couldnt connect my websocket to wss:// ,
i found that there is a way to proxy wss://domain.com:9090 and apache apply the proxy on it and redirect request to where the normal ws://domain.com:9090 server is running
ProxyPass /websocket ws://domain.com:9090
ProxyPassReverse /websocket ws://domain.com:9090
this code in apache config will send request from any address ended with /websocket to ws://domain.com:9090
ex : ws://websocket will be ws://domain.com:9090
i want to do it for wss:// also
ex wss://websocket must point to ws://domain.com:9090
it dosnt work and i get this error in browser console :
failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED
is there any mistake here ?
thanks you .
i worked 24 hours for find this and searched a lot of forum but no one write about success.
here is my server configuration :
CentOS release 6.7 , Apache 4.2.18
here is what i did finally :
first i found that modules/mod_proxy_wstunnel.so must be enable in apache config file , but my apache didn't have that module and after a lot of search i found that module is Available in apache 2.4.5 and later.
https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
i downloaded https://archive.apache.org/dist/httpd/httpd-2.4.18.tar.gz
extracted httpd-2.4.18\modules\proxy\mod_proxy_wstunnel.c and uploaded to my server root
then from terminal could compile it again with these commonds :
chmod 755 mod_proxy_wstunnel.c #set permission
pxs -i -a -c mod_proxy_tunnel.c #compile module
pxs command did compile the module and wrote in apache config file to load it
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
after that i added these lines to end of apache config file :
RewriteEngine on
ProxyRequests Off
ProxyPreserveHost on
ProxyPass /myws ws://mysite.com:8091
ProxyPassReverse /myws ws://mysite.com:8091
AND NOW : it works !
in client side js you can set ws url like this :
var protocol = 'ws://';
if (window.location.protocol === 'https:') {
protocol = 'wss://';
}
var wsUri =protocol+ "mysite.com/myws";
var ws = new WebSocket(wsUri);
and it will forward request to ws://mysite.com:8091
doesnt matter the page loaded with https or http , it will direct all request ended with /myws to ws://mysite.com:8091
You need to enable some Apache2 modules:
$ a2enmod proxy proxy_wstunnel proxy_http rewrite
Then you can use this configuration to solve your problem.
ProxyRequests off
ProxyVia on
RewriteEngine On
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://example.com:9090/$1 [P,L]
ProxyPass /websocket http://example.com:9090/websocket
ProxyPassReverse /websocket http://example.com:9090/websocket
Apache2 automatically upgrades the connection to websocket with ws://, you don't need to set the ws:// manually. I tried dozens of configurations and this is the only one that worked for me.
the problem I was trying to solve was similar to this one. I have a reverse proxy running under Apache 2.4 on CentOs 7 which has to work with both https and wss requests.
Behind the reverse proxy I have my app server running on an internal network. the virtual host configuration in the /etc/httpd/httpd.conf config file is as follows:
<VirtualHost *:443>
ServerName example.com
RewriteCond %(HTTP:Upgrade) websocket [NC] # Required to handle the websocket connection
RewriteCond %(HTTP:Connection) upgrade [NC]
RewriteRule /(.*) ws://192.160.0.1/$1 [P,L]
SSLEngine on # SSL Certificates handling
SSLCertificateFile ssl/cert.pem # Public Certificate
SSLCertificateKeyFile ssl/key.pem # Private certificate
SSLCertificateChainFile ssl/ca.pem # CA or chain certificate
ProxyPreserveHost On
ProxyPass /websocket ws://192.168.0.1 # First you need to write the specific rules
ProxyPassReverse /websocket ws://102.168.0.1
ProxyPass / http://192.168.0.1 # Then the generic rules for the proxy.
ProxyPassReverse / http://192.168.0.1
</VirtualHost>
In your case, you will have to replace the ServerName, the SSL certificates location, and the destination of the proxy.
wss needs following module
Uncomment line at the httpd.conf of apache conf
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
The /websocket path is missing in your ProxyPass configuration path.
Use:
ProxyPass /websocket ws://example.com:9090/websocket
ProxyPassReverse /websocket ws://example.com:9090/websocket
Additional information:
Like others mentioned, you have to uncomment the line:
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
If you are also using a http ProxyPass thats relative path is "/" (forwarding everything directly), the specific "/websocket" path configuration must be configured first, otherwise "/" grabs first.
ProxyPass /websocket ws://example.com:9090/websocket
ProxyPassReverse /websocket ws://example.com:9090/websocket
ProxyPass balancer://ac-cluster/
ProxyPassReverse / http://example.com:9090
I did it for aria 2. I just enabled some modules and added a single line to config. (env: debian buster/apache 2.4).
enabling modes:
sudo a2enmod proxy proxy_balancer proxy_wstunnel proxy_http
and add this line to ssl site config file inside the virtual host directive :
ProxyPass /jsonrpc ws://127.0.0.1:6888/jsonrpc
I want to share this in case it helps somebody else avoid days of wasted time and effort.
I was giving up after researching everything. I was ready to start following the code of the different proxy modules, yes I know, a spiderweb..., but I was desperate. As a last resource I installed wireshark to follow exactly what was going on in my network. After installing wireshark, the instructions asked me to restart my server through a power off/on cycle. So, I did. When I started tracing it, to my complete surprise, the server was proxying perfectly the wss requests to ws, no problems! So I had the correct setup to start with but something got messed up in Ubuntu 20.4 / Apache 2.4.41 / node 14.17.2 that required a complete restart of the machine where the server operates. Crazy! But that was it...

apache proxying subdir to rails app

I would like to run a rails application (redmine, actually) in a subdirectory off my domain. SOmething like http://foobar.com/redmine. Redmine is running as a stand-alone passenger instance that I would like to proxy requests to.
passenger start -a 127.0.0.1 -p 8000 -e production
I can confirm that the app is running if I access it locally from the server.
lynx http://127.0.0.1:8000/
Now I can't figure out how to get Apache to serve the app properly. This is what I have, but it doesn't work quite right:
Alias /redmine /home/redmine/www/redmine-1.2/public
<Directory /home/redmine/www/redmine-1.2/public>
allow from all
ProxyPass http://127.0.0.1:8000
ProxyPassReverse http://127.0.0.1:8000
</Directory>
It serves static assets fine from the public folder but doesn't seem to proxy requests properly. Everything returns 403. Apache log:
client denied by server configuration: proxy:http://127.0.0.1:8000
Figured it out. Apache config:
<Location /redmine>
Order deny,allow
Allow from all
ProxyPass http://127.0.0.1:8000
ProxyPassReverse http://127.0.0.1:8000
</Location>
Then add this line to config/environment.rb:
config.action_controller.relative_url_root = "/redmine"