I want my ASP.NET Core app to be hosted through Apache, so that port 80 redirects to port 5000, or 5001 for https. (my local IP is 192.168.1.250 for context in results)
I have tried the following configs with varying results:
Proxy to http://127.0.0.1:5000/
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ErrorLog /var/log/apache2/myapp.log
CustomLog /var/log/apache2/myapp.log common
</VirtualHost>
Will redirect me to port 5001, but I get this in Chrome:
This site can’t be reached: 192.168.1.250 refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
Proxy to https://127.0.0.1:5001/
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:5001/
ProxyPassReverse / https://127.0.0.1:5001/
ErrorLog /var/log/apache2/myapp.log
CustomLog /var/log/apache2/myapp.log common
</VirtualHost>
This config gives me a 500 Internal Server Error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Apache/2.4.25 (Debian) Server at 192.168.1.250 Port 80
Proxy to http://127.0.0.1:5001/
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5001/
ProxyPassReverse / http://127.0.0.1:5001/
ErrorLog /var/log/apache2/myapp.log
CustomLog /var/log/apache2/myapp.log common
</VirtualHost>
This config gives me a 502 Proxy Error:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
Reason: Error reading from remote server
Apache/2.4.25 (Debian) Server at 192.168.1.250 Port 80
Any ideas on a config that could work?
Don't know if you resolved this yet but I have a similar problem with dotNet Core 5.0 on Ubuntu/Apache.
I resolved it (kinda) after reading this post: .NET Core 3.1 API - 307 Temporary Redirect
Basically remove the app.UseHttpsRedirection(); line in your app so it now runs only on http://localhost:5000/
Now Apache is not trying to proxy to your SSL site but your standard site on port 5000. Since it's on 127.0.0.1 (I believe) that should be secure enough (but happy to stand corrected on this...)
Share
Related
I have a VPS host that handles a subdomain (gate.domain.eu).
Right now I have a secondary machine in a private network connected to VPN running a gitlab instance. Using vpn,and port forwarding, i managed to bring that gitlab instance to https://gate.domain.eu:8443.
How can I configure the apache server that it will point another subdomain eg(gitlab.domain.eu) to https://gate.domain.eu:8443?
The ideea is that a user should access gitlab trough gitlab.domain.eu.
I configured DNS server for gitlab.domain.eu and configured apache virtual host as follows:
<VirtualHost *:80>
ServerAdmin me#mydomain.com
ServerName gitlab.domain.eu
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://gate.domain.eu:8443/
ProxyPassReverse / https://gate.domain.eu:8443/
</VirtualHost>
When accessing gitlab.domain.eu I get:
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request."
Hope someone can point me in the right direction. I've been trying to get this to work for many hours :(
Scenario - I have a DMZ where I've set up the Apache server. I need to securely talk to the internal server where I have set up another Apache server which is reverse proxied again to a localhost app within the server.. So, basically..
outside world > internet (https://app1.com) > dmz (apache reverse proxy) > internal server (apache reverse proxy - https://app1prod.com) > (http) > localhost:8080
Now, in dmz, I can directly access https://app1prod.com without issues. But, I can't for the life of me get https://app1.com to work from dmz. I get a '503 service unavailable' message :( Here is my apache config in dmz..
<VirtualHost *:443>
ServerName app1.com
ProxyRequests off
SSLProxyCheckPeerName off
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
LogLevel debug
SSLEngine on
SSLProxyEngine on
SSLCertificateFile "xxx/cert.crt"
SSLCertificateKeyFile "xxx/key.key"
SSLCertificateChainFile "xxx/certchain.crt"
ProxyPass / https://app1prod.com/
ProxyPassReverse / https://app1prod.com/
<Proxy *>
order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost on
ProxyTimeout 1200
</VirtualHost>
On my httpd.conf, I have the following modules loaded in addition to the defaults..
mod_proxy.so
mod_proxy_connect.so
mod_proxy_http.so
mod_ssl
mod_rewrite.so
mod_socache_shmcb.so
mod_ssl.so
What am I doing wrong? Please help! Thanks a lot..
Try removing ProxyPreserveHost on.
With that directive enabled, the proxied requests will be send to server defined in ProxyPass directive, but the HTTP Host: header will be preserved from initial request. In your case, the requests sent by Apache to app1prod.com will have Host: app1.com header, and app1prod.com i not configured (probably deliberately) to respond to such request.
In my use case i have to make an api gateway accessible by a reverse proxy.
something like this :
(users -> Httpd(EC2) -> api gateway -> lambda)
I was able to create a vpc-link between my api gateway and my virtual machine EC2( it's working perfectly).
but the second part is to create a server httpd which will redirecte the requests from other networks to my api gateway.
but my httpd server seems not working
here the error
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /myapi/.
Reason: Error reading from remote server
here my httpd configuration
<VirtualHost *:443>
# Use HTTP Strict Transport Security to force client to use secure connections only
Header always set Strict-Transport-Security "max-age=300; includeSubDomains; preload"
ServerAdmin administrator#test.net
ServerName www.test.net
ServerAlias test.net
DocumentRoot /var/www/html/test.net/public_html/
SSLEngine on
SSLCertificateFile /etc/httpd/selfsigned/server.crt
SSLCertificateKeyFile /etc/httpd/selfsigned/server.key
SSLProxyEngine On
ProxyPass /myapi/ https://apigateway.amazonaws.com/ retry=1 acquire=3000 timeout=24000 Keepalive=On
ProxyPassReverse /myapi/ https://apigateway.amazonaws.com/
ProxyPreserveHost On
</VirtualHost>
NB: the lambda function return a simple response.
do you have an idea ?
thank you in advance
I'm trying to configure apache server 2.4.6 the newest version that support websocket proxy.
I got non-secure websocket connection to work as expected and HTTPS proxy working as well[this to remove SSL config as the root cause] But my wss:// connection fails. While troubleshooting with wireshark i learned that on wss:// connection is made via plain text.
Here's my apache configuration:
<VirtualHost *:4043>
ServerName cbscclrd.ca.wm.com
LogLevel debug
ErrorLog "/apps/apache/httpd-2.4.6/logs/errorSSL_log"
TransferLog "/apps/apache/httpd-2.4.6/logs/access_log"
SSLCertificateFile "/apps/FXD1D2/SSLKeyStore/sdpssl_cert-dev.cer"
SSLCertificateKeyFile "/apps/FXD1D2/SSLKeyStore/sdp-private-key-no-password.pem"
SSLCACertificateFile "/tmp/Apache-PKG/CAchain.pem"
SSLEngine on
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / wss://cbscclrd.ca.wm.com:443 retry=0 keepalive=On
ProxyPassReverse / wss://cbscclrd.ca.wm.com:443 retry=0
</VirtualHost>
When the connection initiated to wss://cbscclrd.ca.wm.com:443 it's plaintext format hence the server listening on "cbscclrd.ca.wm.com:443" rejects the connection with the following error message;javax net ssl SSLException
Any help will be greatly appreciated.
This is a bug in mod_proxy_wstunnel. It will always send plaintext to the backend server regardless of the url scheme (ws:// or wss://).
The bug is reported here:
https://issues.apache.org/bugzilla/show_bug.cgi?id=55320
The bugfix is rather simple (and provided in the bug report). So if you really need the wss:// backend communication, you might want to apply it yourself & rebuild the module.
in Apache-2.4_server.conf
ProxyPass "/ws/" "ws://127.0.0.1:4002/"
ProxyPass "/wss/" "wss://127.0.0.1:4002/"
...
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
Heyas. I'm using mod_proxy with apache2 provide vhost ability to multiple servlet apps running on the local machine. It works fine, for the most part. Requests come into apache then are directed to the application bound on a port on localhost. The app receives the request and responds, which is delivered back to the client by apache.
The problem I'm having is that the application delivers 500's on errors, and mod_proxy stomps on them. Often these errors are caused in a ajax request and the error is handled in client side javascript. For example, a call to a server side createObject(name) might throw a NameNotUniqueException , which is delivered back as a 500. The client javascript might then display an appropriate error message.
When an error is thrown by the application (resulting in a 500 response to mod_proxy), then apache stomps the error message and returns
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
.. the stock apache server side error message.
I want mod_proxy to pass the original 500 back through to the client. Is there a directive I've missed which prevents clobbering of the 500?
TIA
Do you have
ProxyRequests Off
ProxyErrorOverride Off
ProxyPass /path/ http://backend.ip/path/
ProxyPassReverse / http://backend.domain/
Replace backend.ip and backend.domain with your values (i am using backend.ip here as it prevents apache from running dns queries on each request).
Usually errors are reported as is. Because ProxyErrorOverride defaults to off. If this doe not happen with my configuration, please check if the 500 is really from your backend server. Or just show us your complete proxy configuration.
I have the same problem, getting a blank 500 pages since changing from apache2/mod_wsgi to apache2 with reverse proxy to mod_wsgi-express.
My config (replaced actual domain with www.example.com):
<VirtualHost *:443>
ServerName www.example.com
ProxyRequests Off
ProxyErrorOverride Off
ProxyPass / http://localhost:8001/
ProxyPassReverse / https://www.example.com/
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ErrorLog /var/log/apache2/www.example.com.error.log
LogLevel warn
CustomLog /var/log/apache2/www.example.com.log combined
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/fullchain.pem
</VirtualHost>