This is getting frustrating to say the least haha.
I have setup a proxypass and proxypassreverse in apache under virtual host 443 to proxy to nginx running in a container on port 8443.
This is all I have set up to do this
CustomLog /srv/apps/ktech-connect/log/apache/custom.log combined
ErrorLog /srv/apps/ktech-connect/log/apache/errors.log
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://127.0.0.1:8443/
ProxyPassReverse / https://127.0.0.1:8443/
When I hit any url such as example.com/page it works like it should
But when I go to example.com or even example.com/ it will show a redirect from apache to example.com:8443 in the url.
I have tried adding ProxyPreserveHost but it does nothing, and a whole host of other options. I just don't understand where the redirect is coming from and the fact that it only happens when hitting the base url.
Any thoughts?
Thanks to ServerFault, It was an old rewrite directive still in my browser cache lol. Cleared it and now it works as expected.
Related
I have set up a Virtuoso server that serves Linked Data using content negotiation. The server is served through a reverse proxy Apache server and may be queried using http or https.
http://public.server.org/myapp --> http://private.local.domain:1234/
https://public.server.org/myapp --> http://private.local.domain:1234/
The Virtuoso server then performs content negotiation and redirects to /describe?...
I have no problem when accessing the public server through http. The redirection takes place and content is retrieved.
However, when I access the public server though https, the redirection sends me to http://public.server.org/describe?... (that is HTTP, not HTTPS).
I'm expecting to be redirected to https://public.server.org/describe?... (with the same protocol as the original query).
My configuration is:
<VirtualHost xxx.yyy.zzz.ttt:80>
ServerName public.server.org
ProxyPass /myapp http://localhost:8890/myapp
ProxyPassReverse /myapp http://localhost:8890/myapp
ProxyRequests Off
<Location /describe>
ProxyPass http://localhost:8890/describe
ProxyPassReverse /describe
</Location>
</VirtualHost>
<VirtualHost xxx.yyy.zzz.ttt:443>
ServerName public.server.org
ProxyPass /myapp http://localhost:8890/myapp
ProxyPassReverse /myapp http://localhost:8890/myapp
ProxyRequests Off
<Location /describe>
ProxyPass http://localhost:8890/describe
ProxyPassReverse /describe
</Location>
</VirtualHost>
Is it possible for apache to correctly reverse the proxy in order to maintain the original query protocol while redirecting?
After debugging with dumpio and Apache error logs, I think I found the problem.
What happened?
First, my configuration was incorrect. At another place I did not transcribe here, I had a ProxyPreserveHost On directive that was active. Hence, the configuration worked but for wrong reasons.
Apache was keeping the Host and Virtuoso used this host. Hence, when sending a redirect to /describe..., Virtuoso was redirecting to http://public.server.org/describe... instead of my expected http://localhost:8890/describe...
Hence, the redirection was not captured by the ProxyPassReverse directives and passed unchanged to the client (and it worked). The problem being that the redirection was always done through http, regardless of the original query scheme.
Solution
I decided to drop the ProxyPreserveHost On directive and rely on a correct ProxyPassReverse directive.
For an unknown reason, I could not figure out the correct setting inside the Location, hence I used the settings:
<VirtualHost xxx.yyy.zzz.ttt:443>
ServerName public.server.org
ProxyPass /myapp http://localhost:8890/myapp
ProxyPassReverse /myapp http://localhost:8890/myapp
ProxyRequests Off
ProxyPreserveHost Off # To avoid problems if it is set On elsewhere.
ProxyPass /describe http://localhost:8890/describe
ProxyPassReverse /describe http://localhost:8890/describe
</VirtualHost>
Note: I only changed the https settings as the http ones were functioning somehow (hence the http virtualhost still uses ProxyPreserveHost On and no ProxyPassReverse
I have a URL, http://example.com, that I would like to use to serve content from my GitHub Pages site at https://myusername.github.io/mysite/ via a reverse proxy in Apache. This is both as a temporary workaround until I update example.com's DNS setting to point to GitHub Pages, as well as to teach myself how reverse proxies work.
I have my Apache config like so:
<VirtualHost *:80>
ServerName example.com
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
ProxyPass "/" "https://myusername.github.io/mysite/"
</VirtualHost>
When I try to go to "example.com", I get "The proxy server could not handle the request GET /.
Reason: Error during SSL Handshake with remote server."
Is what I'm trying to do possible, and if so, what should I be changing?
I'm using Apache 2.2.
You should probably remove the line:
SSLEngine On
It enables HTTPS on your port 80... but you don't provide an SSL certificate (...and HTTPS uses port 443).
You should also add the line:
ProxyPassReverse "/" "https://myusername.github.io/mysite/"
The following config works perfectly on reverse proxy github pages
<VirtualHost *:80>
ServerName custom-domain
ServerAdmin encycode#gmail.com
ProxyRequests Off
ProxyPreserveHost On
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
RequestHeader set Host "myusername.github.io"
RequestHeader set X-Forwarded-Proto https
RequestHeader set Origin "myusername.github.io"
ProxyPass / https://myusername.github.io/mysite/
ProxyPassReverse / https://myusername.github.io/mysite/
</VirtualHost>
Make sure you replace myusername with your github username, mysite with your github repo name and custom-domain with your custom url
You don't have to implement a reverse proxy yourself, since Github allows you to specify a custom domain
https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-
pages-site
I've been at this for two weeks now and still nothing. What's even odd is I've done this on a different server and it worked so I don't understand why this isn't working. Really frustrated here.
I'm trying to configure my apache web server on my RHEL so that HTTP requests are redirected to HTTPS when then points to my tomcat.
This is my configuration:
<VirtualHost *:80>
ServerName server.com
Redirect / https://server.com/
</VirtualHost>
<VirtualHost *:443>
ServerName server.com
ServerAlias www.server.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/pki/tls/certs/cert.cert.pem
SSLCertificateKeyFile /etc/pki/tls/private/key.key.pem
#SSLCACertificateFile /etc/pki/tls/certs/ca-chain.cert.pem
</VirtualHost>
Believe me when I say I have tried so many different combinations yet nothing. I have commented and un-commented the Include conf.d/ssl.conf, still no effect.
Please, what am I doing wrong here?
First of all: "isn't working" is quite a weak description. I might or might not hit what your problem is, but I see several options:
First: Test if the forward works
Second: What's the result when you're connecting to the https server? You can try this without the forward - just type the https protocol yourself and figure out if you can rule out the forward configuration completely.
I've done this on a different server and it worked
You're forwarding to localhost:8080. If that other server had tomcat installed (and running) on port 8080, but the one that you're trying now doesn't - well, here's your solution. localhost is always "the same" computer.
As Ortomala Lokni mentions in a comment: Your ProxyPassReverse directive is lacking a /:
ProxyPassReverse / http://localhost:8080/
Note that with this configuration, tomcat will not know that the original request has been sent through https - thus any CONFIDENTIAL declaration on tomcat assumes that the request has been sent in the clear - and it will try to redirect to https. As the ProxyPass still forwards through http, Tomcat will never know that the request actually was encrypted. There are hacks to work around this (e.g. secure="true" on the connector configuration) or more proper solution (like forwarding through AJP instead of http)
ProxyPass / ajp://localhost:8009/
(notice the changed port)
There's potential for more going wrong - in case these hints don't help, please specify "isn't working" more.
thanks ever so much! Especially you, Olaf Kock. Your suggestion was golden! Just like you suggested, I decided to forget about the forwarding and focus on what happens when I try connecting to the HTTPS directly, and that's when I came across this error:
proxy: HTTP: disabled connection for (localhost)
I did a little search and found out that I had to run this command to get things rolling: /usr/sbin/setsebool -P httpd_can_network_connect 1
(Note, there are other variations of this command, like: setsebool -P httpd_can_network_connect on or sudo setsebool -P httpd_can_network_connect on)
Then I had to setup these in the ssl.conf file under the <VirtualHost _default_:443> tag:
ServerName server.com
ServerAlias www.server.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
And it worked!
However, I didn't want to have to reference the ssl.conf file. I wanted everything in the httpd.conf file, and so after tinkering a bit, this is what worked for me, and I believe should work for anyone with a similar problem.
So, after commenting out the include conf.d/ssl.conf line
LoadModule ssl_module modules/mod_ssl.so
Listen 443
#For HTTP requests, redirecting to HTTPS
<VirtualHost *:80>
ServerName server.com
Redirect / https://server.com/
</VirtualHost>
#For HTTPS requests
<VirtualHost *:443>
ServerName server.com
ServerAlias www.server.com
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/cert.cert.pem
SSLCertificateKeyFile /etc/pki/tls/private/key.key.pem
#SSLCACertificateFile /etc/pki/tls/certs/ca-chain.cert.pem
</VirtualHost>
Obviously, you should have installed your mod_ssl in the first place.
Thanks everyone!
I am trying to configure an Apache server to have 2 subdomains making use of a reverse proxy. I am able to redirect traffic to the first subdomain (first.example.com) and retrieve content from the https site successfully. However, whenever I try to access the second subdomain I end up getting content from the first, and since routes don't match my local website, I get a not found page.
I would like to know what can I adjust from my current configuration so I can get content from my localhost site to.
Here is my current configuration:
<Proxy *>
Require all granted
</Proxy>
SSLProxyEngine On
ProxyRequests Off
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLInsecureRenegotiation on
SSLProxyVerify none
SSLVerifyClient none
SSLProxyCheckPeerName off
<VirtualHost first.example.com:80>
ServerName first.example.com
ProxyPass /first https://stackoverflow.com
ProxyPassReverse /first https://stackoverflow.com
ProxyPassMatch ^/(.*)$ https://stackoverflow.com/$1
</VirtualHost>
<VirtualHost second.example.com:80>
ServerName second.example.com
ProxyPass /site http://localhost/site
ProxyPassReverse /site http://localhost/site
ProxyPassMatch ^/(.*)$ http://localhost/site/$1
</VirtualHost>
Thank you very much in advance!
Best Regards!
Edgar MartÃnez.
Your current configuration is conflicting with itself. ProxyPass and ProxyPassMatch does the same thing (in regex) but you declared it both with different rules.
ProxyPass /site http://localhost/site
Rule says: anyone that visits http://second.example.com/site will be fed content from http://localhost/site. If you visit http://second.example.com/foo, you get nothing.
The match line
ProxyPassMatch ^/(.*)$ http://localhost/site/$1
Rule says: Anyone that visits http://second.example.com/site will be fed content from http://localhost/site/site. If you visit http://second.example.com/foo, you get http://localhost/site/foo.
If you use the Match version (regex), you're also out of luck for the reverse rule which doesn't have a regex version. Though, I'm not certain you actually need the reverse rule.
As to why your second request got result from the first... I have no idea.
I have been trying to setup a reverse proxy using apache 2 mod_proxy and the proxypass & proxypassreverse directives.
I am installing WSO2 Identity Server and wish to access that app using a url such as the following .
hxxp://myserver.domain.com/wso2/
The myserver.domain.com is accessible on the internet
Internally on my network I have set up a virtualhost running in my apache2 configuration with the following parameters:
For various reasons, port 80 is unavailable and the virtualhost must stay as :8080.
Finally, here is my virtual host configuration
<VirtualHost *:8080>
<Location /wso2/>
ProxyPass hxxps://internal.wso2.node:9443/
ProxyPassReverse hxxs://internal.wso2.node:9443/
</Location>
ProxyVia On
ProxyPreserveHost Off
ProxyAddHeaders Off
ProxyRequests Off
SSLProxyEngine On
SSLProxyCheckPeerCN Off
</VirtualHost>
The issue:
I can use my web browser ( Firefox/Chrome) to request the http://myserver.domain.com/wso2/ resource. In my log files I see that the request does hit the apache server and the virtualhost catches the /wso2/ location.
It passes through the proxy and lands on the internal.wso2.node server. however, the product WSO2 IS preforms several redirects which, in the log files I see it requesting the resource with the port appended.
Here is the request flow
hxxp://myserver.domain.com/wso2/ -> hxxps://internal.wso2.node:9443/
REDIRECT x3
hxxps://internal.wso2.node:8080/carbon ->
hxxps://internal.wso2.node:8080/carbon/admin/login.jsp
Back to my web browser
hxxp://myserver.domain.com:8080/wso2/carbon/admin/login.jsp
For some reason the apache response back appends its virtual host to the url I am requesting.
If I remove the port:8080 and request again the full url it will access the resource fine. However any attempt to access using only http://myserver.domain.com/wso2/ will result in redirects and the port appended.
As per covener's suggestion the culprit in this case proved to be the following directives:
UseCanonicalName Off
UseCanonicalPhysicalPort Off
Additionally, the web app I am trying to access makes use of sessions and cookies, therefore we must also proxy those, see the added directives under the ProxyPass & ProxyPassReverse.
Therefore the updated virtualhost configuration file should now look like this
<VirtualHost *:8080>
ServerName: myServer.domain.com
UseCanonicalName Off
UseCanonicalPhysicalPort Off
<Location /wso2/>
ProxyPass hxxps://internal.wso2.node:9443/
ProxyPassReverse hxxs://internal.wso2.node:9443/
ProxyPassReverseCookiePath / /wso2/
ProxyPassReverseCookieDomain internal.wso2.node myserver.domain.com
</Location>
ProxyVia On
ProxyPreserveHost Off
ProxyAddHeaders Off
ProxyRequests Off
SSLProxyEngine On
SSLProxyCheckPeerCN Off
</VirtualHost>