i have a single payara instance. have been able to configure request forwarding from my apache web server to my payara. however upon every reload of a page using the actual domain url i have, the session gets recreated hence losing any attributes stored in the session from the previous request. However, same does not occur when i access my application via the ipaddress instead of the domain name
i am using a centos8 vps. didnt find mod_session as part of the modules in the /etc/httpd/modules folders so i installed using
yum install mod_sessions
and after running successfully checked and they were now in the modules folder. so i then edited the /etc/httpd/conf.modules.d/01-session.conf with the following lines
**LoadModule session_module modules/mod_session.so
LoadModule request_module modules/mod_request.so
LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule auth_form_module modules/mod_auth_form.so
LoadModule session_crypto_module modules/mod_session_crypto.so**
and then restarted the apache httpd server.
however, still doesn't work. visiting the webpage via the domain name recreates a new session at every request.
this is my current virtual host file setting
<VirtualHost *:80>
ServerName www.someapp.com
ServerAlias someapp.com
Session On
SessionEnv On
SessionCookieName session path=/
ProxyPreserveHost On
ProxyPass / http://localhost:8080/someapp/
ProxyPassReverse / http://localhost:8080/someapp/
RewriteEngine On
RewriteRule "^/someapp/?$" "home.jsp" [NC]
#RewriteRule ^/someapp/(.*)$ /$1 [NC]
</VirtualHost>
NOTE: someapp is not the name of the real app. just using that name in this example but u get the idea
i really need help. am unable to make login pages on my website work because once i enter the login details and after validation the user is set in the session, upon redirecting or making another request, new session gets created and i lose the user and am back to the login screen again of my application. please i need help
So for anyone facing this same problem as i did, the answer was to introduce the ProxyPassReverseCookiePath in the VirtualHost config file in the apache httpd conf files such that now your VirtualHost looks something like this:
<VirtualHost *:80>
ServerName www.someapp.com
ServerAlias someapp.com
Session On
SessionEnv On
SessionCookieName session path=/
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/someapp/
ProxyPassReverse / http://localhost:8080/someapp/
ProxyPassReverseCookiePath / http://localhost:8080/someapp/
</VirtualHost>
Also, major thank you to the similar issue solved on How to configure apache-vhost.conf file for getting Session value from Java
Related
I'm trying to use these instructions to setup a websockets connection on my localhost apache webserver and it's not working.
I have the mod_proxy_wstunnel and mod_proxy modules turned on so I should have the capability of running websockets on localhost. Nowadays Apache webserver has websockets support built in. Gone of the days of installing third party websockets apache modules like Rachet.
I get this error after following the instructions in the above question.
Uncaught DOMException: Failed to execute 'send' on 'WebSocket': Still in CONNECTING state.
WebSocket connection to 'ws://socket.localhost/' failed:
I'm using apache webserver, not litespeed, lighttpd, nginx or IIS.
By the way I'm using Uniform Server.
My first attempt (in case someone comments for me to show my work)
Make sure that the following apache modules are turned on
mod_proxy_wstunnel
mod_proxy_modules
Edit the already existing file called httpd.conf to then insert this into it. Make sure you edit the correct file if you have duplicate file names for different apache versions
<VirtualHost *:80>
ServerName socket.localhost
ProxyRequests Off
ProxyPass "/ws2/" "ws://localhost:8546/"
ProxyPass "/wss2/" "wss://localhost:8546/"
</VirtualHost>
Test the websocket using this HTML page with inline javascript
<script type="text/javascript">
var socket = new WebSocket('ws://socket.localhost');
socket.send('Test');
</script>
Below is an example that I use for GraphQL subscription via websocket.
IP & Port are meant to be replaced by your configuration.
Make sure you have these modules installed:
proxy_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
rewrite_module (shared)
Site Config:
<VirtualHost *:443>
ServerName something.com
ServerAdmin web#localhost
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/subscription [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://ip:port/$1 [P,L]
ProxyPass "/subscriptions" "ws://ip:port/subscriptions"
ProxyPassReverse "/subscriptions" "ws://ip:port/subscriptions"
ProxyPass "/" "http://ip:port/"
ProxyPassReverse "/" "http://ip:port/"
</VirtualHost>
/Subscription
Is my websocket endpoint. Yours might differ.
I'm struggling tremendously with the concept of webservers. I will describe my desired solution and current situation as clear as possible.
I have an on-premise server, where Debian is running. I have installed several pieces of software on the server, including a full LAMP stack, Kibana, ThingsBoard etc. We got a public IP and recently acquired a domain, let's say apachenoob.com.
I can access my applications via a web browser at <ip>:<port> or apachenoob.com:<port>. However, I want those application to run over HTTPS, so I acquired a free SSL certificate with Certbot. Now https://apachenoob.com is working and showing the default Apache homepage.
What I want are a few things:
Instead of apachenoob.com:9090 I want users and myself to go to
thingsboard.apachenoob.com, or other URLS for other applications than ThingsBoard.
MY SOLUTION:
Add the following line to /etc/apache2/apache2.conf:
LoadModule rewrite_module modules/mod_rewrite.so
Add the following thingsboard.conf to /etc/apache2/sites-enabled/ (Debian):
<VirtualHost *:443>
ServerName thingsboard.apachenoob.com
ProxyPreserveHost On
SSLEngine on
ProxyPass / http://localhost:9090/
ProxyPassReverse / http://localhost:9090/
SSLCertificateFile /path/to/cert/file
SSLCertificateKeyFile /path/to/key
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:80>
ServerName thingsboard.apachenoob.com
Redirect / https://thingsboard.apachenoob.com/
</VirtualHost>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://thingsboard.apachenoob.com/$1 [R,L]
</IfModule>
I want to disable traffic to the IP (and optionally port number) or redirect everything to https://apachenoob.com
Less important: I developed an API using Python and Flask and got it to run over the MOD_WSGI module. But, it is also running over HTTP, where HTTPS is the goal.
For the first, I tried adding VirtualHosts, in seperate files and in the main apache2.conf, no result (as described in several posts). Someone even told me the application might have an own internal web server (HELP?!).
For the second, I tried redirecting rules (described here), both in the main config and in seperate files, no result.
For the third, I haven't even begun trying things as I'm feeling lost in a swamp of apache.
By all means, if this makes no sense please tell me and I will try to clarify.
For point 1. you need something like this (put it in file named thingsboard.conf in folder sites-enabled/ (add correct path to certificate/key):
<VirtualHost *:443>
ServerName thingsboard.apachenoob.com
ProxyPreserveHost On
SSLEngine on
SSLCertificateFile ...
SSLCertificateKeyFile ...
ProxyPass / http://localhost:9090/
ProxyPassReverse / http://localhost:9090/
</VirtualHost>
<VirtualHost *:80>
ServerName thingsboard.apachenoob.com
Redirect / https://thingsboard.apachenoob.com/
</VirtualHost>
Well, I looked everywhere I could, but if some know where I could find a solution, sorry for asking once again the question.
We are looking to implement this solution :
HTTP client -> Apache 2.4 Reverse Proxy -> HTTP Server => Works OK
HTTPS client -> Apache 2.4 Reverse Proxy -> HTTPS Server => Works OK
But, when the HTTPS server replies with a "302" redirection header, the server name in the header is not translated to the client-side known server name. So, the client fail to connect, due to a DNS error.
We can't add the backend server name in the DNS, so we need that solution to work.
Important notice: the same works in HTTP. It means that when the server reply is a "302" redirection header in HTTP, there's no problem. It works even if the target of the redirection is a HTTPS link. So what is not working is redirecting from HTTPS to HTTPS.
The backend webserver is Tomcat.
The problem is: in HTTPS header, the redirection URL is "https://[backendname]/something.html" but we expect it to be "https://[servername]/something.html"
We've checked that we have no error in log file (error level set to "debug").
Here is our virtual site configuration:
<VirtualHost [reverse proxy IP]:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile D:/Apache24/ssl/certs/servername.cer
SSLCertificateKeyFile D:/Apache24/ssl/private/servername.key
ServerName [servername]
ProxyPass / https://[backendname]:443/
ProxyPassReverseCookiePath / https://[backendname]:443/
ProxyPassReverse / https://[backendname]:443/
SetOutputFilter proxy-html
ProxyHTMLEnable On
ProxyHTMLURLMap https://[backendname] https://[servername]
ErrorLog D:/Apache24/logs/custom/[servername]_error.log
CustomLog D:/Apache24/logs/custom/[servername]_access.log combined
SetEnv nokeepalive ssl-unclean-shutdown
</VirtualHost>
Problem related Apache activated modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule xml2enc_module modules/mod_xml2enc.so
So, any help to make this work will be greatly appreciated.
Thanks.
Here is the working solution, as suggested by Michael Akerman
disable caching
write new instruction: ProxyPassReverse https://[backend]/
Thanks for your help
I have installed the apache httpd service and tried to set up load balancing.
I want to rewrite requests on a specific condition - when the Host header is "images.server.com", I want to rewrite the request, adding "/images/" to the URI and then proxy it to my upstream server.
The mod_proxy module comes perfectly for the task: https://httpd.apache.org/docs/current/rewrite/proxy.html
Well, not so great - my setup is the following:
<Proxy balancer://mycluster>
BalancerMember http://xxx.xx.xx.xx:8080
</Proxy>
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{HTTP_HOST} ="images.server.com"
RewriteRule "/(.*)" "/images/%1" [P]
ProxyPass /images balancer://mycluster/images
and it is not working :(
Please help me figure out where is the flaw in this configuration.
P.S. I have loaded the modules:
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
Don't use both the 'P' flag and ProxyPass. If you're going to use the 'P' flag, use balancer://... in the substitution and drop ProxyPass entirely.
Note: Updated config and added trailing slash to websocket path. Still same problem
Is it possible to use go-websocket behind a Apache reverse proxy with mod_proxy_wstunnel?
I tried and failed to get things working.
I tried to use the Chat example behind an Apache reverse proxy (with mod_proxy_wstunnel enabled). And it doesn't work. The proxy is a success, while the websocket part does not work at all.
My Apache config looks similar to this:
<VirtualHost *:80>
DocumentRoot /var/www/foobar
ServerName foobar.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /ws/ ws://localhost:8080/ws/
ProxyPassReverse /ws/ ws://localhost:8080/ws/
ErrorLog logs/error_log-foobar
CustomLog logs/access_log-foobar common
LogLevel debug
</VirtualHost>
And of course I'm running the chat server on port 8080. I've tested it with SSH tunnel, and things work perfectly. Then I moved on to Apache.
The first time I tried, the javascript console complains this:
NetworkError: 403 Forbidden - http://foobar.com/ws/
The request seems to be stucked at the origin check.
Then I tried again after comment out the origin check, it get this:
NetworkError: 400 Bad Request - http://foobar.com/ws/
It seems the chat server do not get the upgrade request at all.
How should I debug this?
Where should I start looking?
Thanks everyone! After taking several advices above, I found the solution.
And for someone who might have similar issue, here is the solution to my question:
As Aralo suggested, trailing slash must be added to the WebSocket path (in my case: "/ws/"). It looks Apache will only handle WebSocket with a valid GET request.
James Henstridge was right. The order of ProxyPass relevant. ProxyPass of /ws/ must be put before the / line.
After consulting the Chat example code, I found an origin check in the function ServeWs() and removed.
Everything works now.
And thanks covener, reading logs does help.
I am using Go secure WebSocket (wss://) server behind Apache 2.4.18 on CentOS 7. Here are the settings:
Make sure the system has mod_proxy_wstunnel:
# find /usr/lib64/httpd/modules/ | grep ws
/usr/lib64/httpd/modules/mod_proxy_wstunnel.so
Add the following line in 00-proxy.conf:
# vim /etc/httpd/conf.modules.d/00-proxy.conf
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
Restart Apache:
# systemctl restart httpd
Check the setting:
# httpd -M | grep -iE 'proxy'
proxy_module (shared)
proxy_fcgi_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
Edit httpd-vhosts.conf:
# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:443>
ServerName go.mydomain.com:443
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine On
SSLCertificateFile "/etc/pki/tls/certs/mydomain.com/mydomain.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/mydomain.com/mydomain.key"
### The configured ProxyPass and ProxyPassMatch rules are checked
### in the order of configuration. The first rule that matches wins.
ProxyPassMatch ^/(ws(/.*)?)$ wss://192.168.0.1:443/$1
ProxyPass / https://192.168.0.1:443/
ProxyPassReverse / https://192.168.0.1:443/
ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerName go.mydomain.com:80
ProxyPreserveHost On
ProxyRequests off
###
ProxyPassMatch ^/(ws(/.*)?)$ ws://192.168.0.1:80/$1
ProxyPass / http://192.168.0.1:80/
ProxyPassReverse / http://192.168.0.1:80/
ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>