I want to check my logic with you experts to check if it is correct.
What do I want to do?
Requests to Location search of suggest are send to Proxypass.
Proxypass connection is passed through the proxy with the Proxy Remote directive
Will that eventually work?
How can see if the proxy is being used?
ProxyRemote "https://website.com/query/search/" "http://proxy.com:8080"
ProxyRemote "https://website.com/query/suggest/" "http://proxy.com:8080"
<Location "/search">
RequestHeader set Auth-Key "test"
ProxyPass https://website.com/query/search/
</Location>
<Location "/suggest">
RequestHeader set Auth-Key "test"
ProxyPass https://website/query/suggest/
</Location>
Try adding LogLevel proxy:trace5 above the ProxyRemote entries.
Then check the apache2 logs (usually /var/log/apache2/access_log) for [proxy:...] entries: specifically look for [...] connecting https://website.com/[...] to website.com:443.
Don't forget to remove the LogLevel entry again, proxy:trace5 is pretty verbose.
Related
I have installed Jenkins on Apache container and started it, but whenever I am trying to access it using the URL http://localhost:8080/jenkins/ I am being redirected to the URL http://localhost:8080/jenkins/login?from=%2Fjenkins%2F and then the pop up attached appears asking me for the password, I pasted the password from the file that is mentioned, to the textbox it is not getting disappeared, unsure what to do.
in my case the Jenkins was not unlocking with initial Admin password, then I thought of setting it up initially with Apache and then proceed with fixing the problem . The problem was in the number of slashes you put after ProxyPass and ProxyPassReverse entries.
Wrong entries
ProxyRequests Off
ProxyPreserveHost On
<Proxy http://localhost:8081/jenkins*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /jenkins http://localhost:8081/jenkins/ nocanon
AllowEncodedSlashes NoDecode
ProxyPassReverse /jenkins http://localhost:8081/jenkins/
ProxyPassReverse /jenkins http://your.hostname.domain/jenkins/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
Correct one which worked.
ProxyRequests Off
ProxyPreserveHost On
<Proxy http://localhost:8081/jenkins*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /jenkins http://localhost:8081/jenkins nocanon
AllowEncodedSlashes NoDecode
ProxyPassReverse /jenkins http://localhost:8081/jenkins
ProxyPassReverse /jenkins http://your.hostname.domain/jenkins
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
Let me know your thoughts.
use instructions from https://github.com/geerlingguy/ansible-role-jenkins/issues/50#issuecomment-214935354 and check an update below regarding locking access for anonymous users - worked for me today.
Shamelessly stolen from the link above:
Create the file /var/lib/jenkins/jenkins.install.UpgradeWizard.state
with one line 2.0
Create the file
/var/lib/jenkins/init.groovy.d/basic-security.groovy with the
contents:
#!groovy
import jenkins.model.*
import hudson.security.*
def instance = Jenkins.getInstance()
println "--> creating local user 'admin'"
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount('admin','admin')
instance.setSecurityRealm(hudsonRealm)
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
instance.setAuthorizationStrategy(strategy)
instance.save()
you should deploy your jenkins to ......./tomcat/webapps/root
then the jenkins url should like 'http://localhost:8080/login?from=%2F',
when it is done,just copy code in the file ..../initialAdminPassword
to Administrator password
Type your linux ipaddress:8080/jenkins/.So to unlock your jenkins type ifconfig and know your ip address
For example my ip address for centos is 192.168.2.4
I type 102.168.2.4:8080/jenkins/ in my web browser. Good luck
I want to have Apache proxy to different servers and also have a "catch everything else that doesn't fit" to a server.
I want the following cases where ProxyPass is configured in the proxy's Apache conf file:
ProxyPass / - The "catch-all" where everything else that doesn't fit will go here
ProxyPass /sub1 - going to /sub1 takes me to sub1.domain.com...
ProxyPass /sub2 - going to /sub2 takes me to sub2.domain.com...
I tried the following:
<Location /sub1>
ProxyPass http://sub1.domain.com/
</Location>
<Location /sub2>
ProxyPass http://sub2.domain.com/
</Location>
<Location />
ProxyPass http://sub1.domain.com/
</Location>
This doesn't seem to work as everything defaults to <Location />.
I tried using LocationMatch and wasn't successful in getting sub1 or sub2 to return content. Referred from here: https://serverfault.com/questions/591591/apache-locationmatch-regex-behaviour-does-not-seem-correct
With the above LocationMatch, the headers were working but no content was returned. Going to /A or /B resulted to "Not found".
Does anyone know how I can get this working for Apache or is it even possible?
Try proxypassmatch instead of location directive.
We have an Apache web server that receive user requests. It only allows https connections JkHTTPSIndicator HTTPS. But now we have a new requirement, which will allow a particular url pattern like /myurl on http via Apache. That is, we want Apache to only accept http if a particular url pattern is thrown at it.
You can use a Location block to restrict/allow access
http://httpd.apache.org/docs/2.2/sections.html
I'm not quite sure if this is what you want, but you could block the root location:
<Location />
Deny from all
</Location>
And then add a location to allow
<Location /myurl>
Allow from all
</Location>
The above suggestion did not work for me with Apache 2.2.15. I had to do something different although still along the lines suggested above:
<VirtualHost *:80>
...
<Location / >
Require all denied
</Location>
<Location /my-dir>
Require all granted
</Location>
</VirtualHost>
I have two ProxyPass directives:
ProxyPass /client/ http://10.0.0.8:8080/client/
<Location /client/>
RequestHeader edit X-GWT-Module-Base ^(.*)/client/(.*)$ $1/client/$2
</Location>
ProxyPass / http://10.0.0.8:8080/client/
<Location />
RequestHeader edit X-GWT-Module-Base ^(.*)/(.*)$ $1/client/$2
</Location>
10.0.0.8 is running Glassfish on port 8080 and http://10.0.0.8:8080/client/ is URL to a GWT based application.
Both proxy's work OK ,except when it comes to an error on the Glassfish side.
If I go via /cllient/ proxy then I see the actual error that was produced on the Glassfish side. If I go via / proxy then I only see "Error 500 The call failed on the server, please see server log". I've tried setting ProxyErrorOverride Off, but it didn't help.
Why don't I see the error via / proxy?
https://groups.google.com/d/msg/google-web-toolkit/2P15JslejXg/dldFRN_pIeEJ
is the approach I'm using now and it works:
ProxyPass / http://10.0.0.8:8080/myGWTApp/
<Location />
RequestHeader edit X-GWT-Module-Base ^(http)://([^/]+)/(.*)$ $1://$2/myGWTApp/$3
</Location>
(I must be dense - I just can't figure out the Apache documentation on how to do this.)
To speed up some swf development I'm doing, I want to have my local machine fetch my local swf when I browse to our studio's test website. Just the one local swf only - with the rest pulled from the test website.
So I set up apache on port 80 with mod_proxy and proxy_http_module, then added an entry for HOSTS to say the test server is 127.0.0.1. What I need are the magical incantations to put in httpd.conf to say "every call requesting http://test/blah goes to 10.1.1.whatever EXCEPT http://test/blah/foo.swf which goes to c:\proj\foo.swf".
Can someone help with this? Thank you.
There is a simple syntax for disallowing a particular URL from proxying:
ProxyPass /blah/foo.swf !
ProxyPass /blah http://10.1.1.whatever
For the record here's what I ended up with, roughly:
<VirtualHost *>
ServerName (testserver-dns)
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /path/to/swf !
ProxyPass / http://10.1.2.3/
ProxyPassReverse / http://10.1.2.3/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>