First, I apologize for yet another ProxyPass question, I have been reading through many of them, and answers provided, and I still cannot identify what I am doing wrong.
I have 3 sudomains: cloud.example.com wiki.example.com other.example.com.
other.example.com has been running fine on host A with https
cloud.example.com has been running fine on host B with https after forwarding with ProxyPass
wiki.example.com is just added on host A as an application listening on other port, and is currently only http until I resolve this issue and get SSL configured with Lets Encrypt and certbot
Currently when browsing to other and cloud subdomains they redirect to the https page automatically as desired.
When browsing to the wiki subdomain, it also gets redirected to https where it is not listening, and then displays wiki.example.com in the address bar while serving up the domain/other.subdomain content. I have verified using the IP and port that it is running and listening on http. Message in the apache access log shows apache is receiving request for https and cannot find the https://wiki.example.com.
x.x.x.x - - [29/Jan/2022:14:05:16 -0700] "GET /favicon.ico HTTP/1.1" 404 513 "https://wiki.example.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
I have been using firefox primarily and after disabling all features forcing https, and deleting all entries related to my site from the Library the issue remained. I then tried chromium which I have never used for the site, and the issue remained.
I am having trouble identifying why the wiki subdomain is being redirected to https. Below is the example.com.conf section where the cloud subdomain is working, and where the wiki subdomain is attempted. I have tried without the extra rewrite rules, with other rules listed on other answers, and nothing has changed.
I am guessing I have a configuration somewhere for apache that is forcing all connections to https, but I cannot locate where it is.
<VirtualHost *:80>
ServerName cloud.example.com
ServerAlias cloud.example.com
ProxyPreserveHost On
ProxyPass / http://host B IP/
ProxyPassReverse / http://Host B IP/
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ServerName wiki.example.com
ServerAlias wiki.example.com
ProxyPreserveHost On
ProxyPass / http://Host A IP:3000/
ProxyPassReverse / http://Host A IP:3000/
RewriteEngine on
RewriteCond %{SERVER_NAME} =wiki.example.com
RewriteRule ^ http://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Not 100% sure why, but after connecting from another source with private mode it loaded fine, then began loading fine from everywhere. Strange, but resolved.
Related
I have sucessfully set up an Apache HTTPD web server and ShinyProxy instance so that I can access a set of shiny apps over https (on server runing amazon linux).
When I visit
https://www.example.com
I (as expected) get the login page provided by the web applicaiton (shiny proxy). For now this is set up to use simple authentication.
However when I log in (which is sucessful) the page i am viewing redirects me to http://example.com . I need it to stay on https especially because google auth will not allow you to redirect to an http page.
I think the problem is probably with my apache config file. The relevant part is
<VirtualHost *:80>
ServerName example.com
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
DocumentRoot /var/www/
SSLEngine on
SSLProxyEngine On
SSLCertificateFile <path to crt>
SSLCertificateKeyFile <path to key>
SSLCertificateChainFile <path to bundle>
# This block is needed for the interal workings off the app
<Proxy *>
Allow from localhost
</Proxy>
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket
RewriteRule /(.*) ws://localhost:3600/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket
RewriteRule /(.*) http://localhost:3600/$1 [P,L]
ProxyPass / http://localhost:3600/
ProxyPassReverse / http://localhost:3600/
ProxyRequests Off
ProxyPreserveHost On
</VirtualHost>
Does anyone have any thoughts about how I might fix this?
I have found a solution, and so am providing the answer in case anyone else is still stuck.
If you are still having this problem for me the issue was the home page image that I was including in my ShinyProxy application.yml file was served over http, so Apache was forcing the whole website back to http. Exchanging the default image for one served over https fixed the problem.
Additionally in the latest version of ShinyProxy (2.4+) you need to include in application.yml under the server block the line
forward-headers-strategy: native
Apache shows default page and doesn't load site configuration. OS: Debian 10.
Site is enabled but somehow it doesn't show files from public_html folder. Any help is appreciated.
<VirtualHost *:443>
SSLEngine On
ServerAdmin admin#abc.com
ServerName abc.com
ServerAlias *.abc.com
DocumentRoot /home/xx/public_html
SSLEngine on
SSLCertificateFile /home/xx/ssl.cert
SSLCertificateKeyFile /home/xx/ssl.key
<Directory /home/xx/public_html>
Require all granted
</Directory>
ErrorLog /home/xx/logs/error.log
CustomLog /home/xx/logs/access.log common
LogLevel debug
</VirtualHost>
No enough reputation to comment, so I’m trying with an answer and will clean it up if useful.
No mention of what you’re finding, if anything, in your logs. I assume you’re accessing using HTTPS to be sure your requests are going to port 443, but if per chance you were not I would try that first by specifying the protocol when entering the URL in your browser - otherwise you are probably making your request to the server on port 80 and not 443 where your VirtualHost is listening.
http://example.com ====> browser sends request to port 80, default port for http
https://example.com ====> browser sends request to port 443, default port for https
Is there also a VirtualHost entry for port 80 to redirect those requests to 443? If your browser is trying to load it as http using port 80 first then perhaps that’s why you’re seeing the Apache default page as I believe the server will be attempting to serve from /var/www/html/ for requests on port 80 unless you have already pointed these elsewhere with another VirtualHost, etc.
An example of what I mean that I have in use; either the ReWriteEngine or the Redirect permanent may be redundant, but I can confirm it functions fine for me as follows:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect permanent / https://www.example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
For my setup, I preferred that the www subdomain be default and set up DNS intentionally to treat it as such, so the bare domain is ServerAlias in my instance.
I have just installed SSL certs on a variety of sites. They work fine if I go directly to the https version of the site, but when I go to the http version, I get: "Reason: You're speaking plain HTTP to an SSL-enabled server port."
This is what SHOULD work but does NOT...
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Nor does any version of it
!=on =80 !=443, etc.
I even tried putting this in the vhost.conf file on the server.
My developers and I are out of ideas and we, shockingly, cannot find anything with the almighty Google to help us. Anyone have any thoughts?
Have you tried these from the Apache HTTPD wiki?
https://wiki.apache.org/httpd/RedirectSSL
https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
Ok, so in case others come across this issue, I wanted to update now that I've finally fixed. For us, we had some other stuff in our vhost.conf file that was interfering. Once I wiped it out and took some of this other advice, this is the code that ended up working in vhost.conf. The .htaccess file now has nothing in it as it is not needed.
## -- VIRTUAL HOSTS -- ##
NameVirtualHost *:80
<VirtualHost *:80>
ServerName dev.example.net
Redirect permanent / https://dev.example.net/
</VirtualHost>
<VirtualHost *:443>
#-SERVER CONFIG-#
ServerAdmin webmaster#example.net
ServerName dev.example.net
ServerAlias dev.example.net
DocumentRoot /var/www/html/example
#-SSL-#
SSLEngine On
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/httpd/conf/ssl.crt/...
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/...
SSLCACertificateFile /etc/httpd/conf/ssl.crt/...
SSLCertificateChainFile /etc/pki/tls/certs/...
SSLCACertificateFile /etc/pki/tls/certs/...
#-LOGGING-#
ErrorLog /var/www/html/example/error_log
</VirtualHost>
I am using these rewrite rules to redirect my http request to https on my application with SSL certs.
RewriteEngine Off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
I think your problem comes very early, even before mod_rewrite is applied on the request.
Your VirtualHost listening on port 80 is an https virtualhost, but browsers are trying to speak plain http on port 80, and that does not work.
On Apache SSL is activated with :
SSLEngine on
This instruction should only be activated for your Virtualhost listening on *:443 (or any variations of something:443).
You should add some Virtualhost listening on port 80, supporting a bunch of ServerName and ServerAlias that could be used on that server (or maybe all the names, by ensuring this Virtualhost is the default one for port 80), and whose only job is to redirect on port 443.
here you can use links provided by #Anand Bhat to perform this task (and mod_rewrite is not needed).
But all theses 'redirect to https' tasks assume that you already have a working Virtualhost where https is not activated. Because if https is activated everywhere you cannot even start a discussion with the server to receive a redirection, there're no 'plain http' canal to receive this response or even to start asking for something.
On my home network, I have a web server and a DNS server. I have various other application servers that I have added redirects for so I can simply visit sites like myapplication.domain.com or www.domain.com/application to get to my various services. I have a Subsonic server running on another server, and my goal is to be able to visit https://subsonic.domain.com and get my Subsonic traffic served over SSL on my web server. Eventually I hope to access this from outside the home, which is why it's important to proxy the non-secured HTTP traffic over HTTPS, but for right now, I'm just trying to get it working at home.
When I visit https://subsonic.domain.com, I end up getting an "unable to connect" error. The address I appear to be redirected to is subsonic.domain.com/login.view. If I tack HTTPS onto the front of that URL, I get the login page I'm looking for. Once I log in again, however, the URL changes, I'm redirected, and I end up losing the HTTPS again an have to keep re-adding it. Obviously I am doing something wrong.
I have set up a VirtualHost for subsonic.domain.com and am trying to use ProxyPass and ProxyPassReverse to get the traffic redirected in the way I want. Here is my VirtualHost for this site:
<VirtualHost subsonic.domain.com:443>
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*[^/])$ /$1/ [L,R=301]
ProxyRequests Off
ProxyErrorOverride Off
ProxyPreserveHost On
ServerAdmin webmaster#localhost
ProxyPass / http://192.168.1.5:4040/
ProxyPassReverse / http://192.168.1.5:4040/
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
</VirtualHost>
SSL is definitely up and running with no problem. I have another identical virtualhost for another directory that works fine (redirects on https://www.domain.com/directory), so I'm not sure what the problem is here. After the ProxyPassReverse, the URL just seems to be losing the https:// part. If I add it in, the site works fine until I visit another page and https:// is lost again. If I visit the application server directly at http://192.168.1.5:4040, I have no issues whatsoever.
Any advice would be most welcome.
EDIT
A little clarification on what I'm trying to do. I want to have my Apache server doing all of my redirecting and handling all of my SSL requests. Basically, from the browser to the Apache server is HTTPS, the ProxyPass from the Apache server to the application server us unencrypted HTTP (which is fine, this is my internal network), the ProxyPassReverse from the application server to the Apache server is plain HTTP, then the Apache server sends out the traffic as HTTPS.
Here's another VirtualHost that does what I want for a different subdomain. This is tested and works 100%. I connect to my Apache server via HTTPS, the Apache server contacts my ownCloud server in plain old HTTP, the response to my Apache server is plain HTTP, then the Apache server returns the request in HTTPS to the browser:
<VirtualHost www.domain.com:443>
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*[^/])$ /$1/ [L,R=301]
ProxyRequests Off
ProxyErrorOverride Off
ProxyPreserveHost On
ServerAdmin webmaster#localhost
ProxyPass /owncloud/ http://192.168.1.251/owncloud/
ProxyPassReverse /owncloud/ http://192.168.1.251/owncloud/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
</VirtualHost>
So I ran into this problem as well and while commenting out ProxyPreserveHost fixes the problem with the configuration above, there is a better way.
The ProxyPass1 statement tells Apache to take an incoming request on the URI and pass it through to the specified host. With ProxyPreserveHost On, Apache does not change the Host: HTTP header and passes the request unmodified. (By default it changes it to match the backend host specified in the ProxyPass statement).
The ProxyPassReverse2 statement tells Apache to match the host specified with the Host: header on the outgoing response and if it matches to adjust the Location:, Content-Location:, and URI: headers to match the VirtualHost or more specifically what Apache thinks is the canonical name.
So with the following configuration:
<VirtualHost subsonic.domain.com:443>
ProxyPreserveHost On
ProxyPass / http://192.168.1.5:4040/
ProxyPassReverse / http://192.168.1.5:4040/
</VirtualHost>
This is taking a request:
https://subsonic.domain.com/ -> http://192.168.1.5:4040/
but since ProxyPreserveHost is on, it is leaving the Host: header in the request intact as subsonic.domain.com
Your web application is most likely sending a response from subsonic.domain.com but that does not match the ProxyPassReverse rule you have specified:
http://subsonic.domain.com/ <- http://subsonic.domain.com/
So the configuration:
<VirtualHost subsonic.domain.com:443>
ProxyPreserveHost On
ProxyPass / http://192.168.1.5:4040/
ProxyPassReverse / http://subsonic.domain.com/ # Changed to match canonical host
</VirtualHost>
This rule should match the replies coming from the proxy host.
In my VirtualHost for Subsonic, I had to disable the ProxyPreserveHost On directive. I can now access the site externally and internally.
For some reason, this worked fine for my other VirtualHost, but for this one it did not. I'm assuming it's because in my one VirtualHost, the ProxyPass is working on a directory and not a hostname. In my VirtualHost for Subsonic, I don't specify a directory.
To anyone that actually knows what they're talking about in regards to Apache, VirtualHosts, redirects, etc, please feel free to clarify if I'm not describing accurately what's going on.
Here is my VirtualHost for anyone else that is experiencing this same issue.
<VirtualHost subsonic.domain.com:443>
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteRule ^(.*[^/])$ /$1/ [L,R=301]
ProxyRequests Off
ProxyErrorOverride Off
#ProxyPreserveHost On - This line now commented out
ServerAdmin webmaster#localhost
ProxyPass / http://192.168.1.5:4040/
ProxyPassReverse / http://192.168.1.5:4040/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
</VirtualHost>
I have an issue using mod_rewrite to force redirection of HTTP requests to HTTPS using Apache 2.2.22 on Ubuntu Server 12.04.
My /etc/apache2/sites-available/default file is as follows:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
The HTTPS host is defined in default-ssl in the same directory.
Visiting the server's local IP address, the redirect appears to work fine. However, accessing it via the FQDN, it doesn't. Using the FQDN, the site is available at port 5443, which is mapped in the firewall to 443 on the server, so perhaps that has something to do with the problem. I cannot just use port 443 directly, as it is in use on this IP address by another server.
To further clarify, the following are valid links:
https://website:5443
https://192.168.200.80:443
The redirect works here:
http://192.168.200.80
But the following gives a 400 Bad Request, and this is where the redirect is needed:
http://website:5443/
"Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please."
This is totally possible. The following redirects all http to the https url.
<VirtualHost *:80>
ServerName mydomainname.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
make sure you load the rewrite module mod_rewrite and enable it.
Your problem here is the initial HTTP request: This won't work as the server won't understand it receiving the request on port 443 (as the response code suggests).
If no port is given, the protocol http defaults to port 80, https to port 443.
This is also the reason why your local redirect works. I bet, if you access the page through http://website/ (with proper port forwarding of port 80), it will work as well. Also note that your VirtualHost is only defined for port 80 anyway, so it won't be valid for requests sent to website:5443 (or website:443).
In general, you'd need a server accepting both HTTP and HTTPS requests on a single port. Not sure any popular server actually supports something like that, because (I think) it essentially violates the specs.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
if u want to redirect your site from http:// anything.example.com to https: //anything.example.com ... Just create a dedicated hosting .conf file as /etc/httpd/conf.d/dedicated.conf and other conf file as virtual.conf ... entries for dedicated.conf are as follows....
this is dedicated server hosting conf file for redirecting it to https...
<virtualhost *:80>
servername host.example.com
documentroot /var/www/html
rewriteengine on
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
sslcertificatefile /etc/pki/tls/certs/name.crt
sslcertificatekeyfile /etc/pki/tls/private/name.key
</virtualhost>
<directory /var/www/html>
allowoverride all
require all granted
</directory>
Alternatively as mentioned in comment below, we can use redirect also:
<virtualhost *:80>
servername host.example.com
documentroot /var/www/html
RedirectMatch / https://host.example.com:ANY_PORT/ #if there is specific port
sslcertificatefile /etc/pki/tls/certs/name.crt
sslcertificatekeyfile /etc/pki/tls/private/name.key
</virtualhost>
<directory /var/www/html>
allowoverride all
require all granted
</directory>