Caddy 2 is a powerful, open source web server with automatic HTTPS written in Go. I have a web app where users can point their custom domains. So caddy can easily generate ssl with tls on demand. https://caddyserver.com/docs/automatic-https
So I want to set caddy as a reverse-proxy for apache, so I edited my ports.conf file and set it to
Listen 8080
<IfModule ssl_module>
Listen 8443
</IfModule>
<IfModule mod_gnutls.c>
Listen 8443
</IfModule>
And my caddy file is set to:
mydomain:80 {
reverse_proxy localhost:8080
}
mydomain:443{
reverse_proxy localhost:8443
However http works fine with it, but https doesn't work at all. I even tried checking if the port 8443 is free even, changed it to 44301. But it doesnt work.
My questions:
1) How to properly configure caddy as reverse proxy for apache?
2) Should I also change the ports from VirtualHost file? (Tried changing to 8080, but apache wont start)
3) Is there anything I am missing setting it up as a reverse proxy with apache?
Appreciate your help!!
Related
I have currently setup Apache Tomcat 7 in port 8080 and I am using NGINX with a Let's Encrypt SSL in front of it as a reverse proxy. The current configuration is working like a charm, but I need one be able to pass to Tomcat when the page been view is using SSL or not.
I found on the documentation the use of SSLValve in the server.xml file should do the trick, but the examples I have found are for apache as the reverse proxy and not for NGINX.
Has anyone done this setup?
Assuming you're using :8080 as the backend for both http and https:
server {
listen :80;
listen :443 defaultserver ssl;
...ssl directives....
location ~ / {
proxy_pass http://apache:8080;
}
NGINX configuration can fill in the ssl directive parts for your particular case
http://nginx.org/en/docs/http/configuring_https_servers.html
I'm trying to configure SSL on apache2 with geotrust SSL. I have the private key file, the certificate and the bundle sertificate.
This is the virtualhost config:
http://pastebin.com/38ygh8W1
The apache gives me error:
AH02235: Unable to configure server certificate for stapling
The https gives time out for the 443 port.
I read a lot of info for this topic but im not sure what to do anymore.
Any suggestions?
This seems to be bug that where the fix still hasn't made its way to the latest environments. I have the same problem. Here's my environment:
Server version: Apache/2.4.41
OS: Ubuntu 18.04
As a workaround, you can edit ports.conf so that the last listen directive is for a non-SSL port, i.e. Listen 80. Here's the whole file:
<IfModule ssl_module>
Listen 443 https
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
Listen 80
And the problem is gone.
It seems that it is possible to get Apache server to Proxy and Manage SSL handshake on https requests and service them as 'http' thru another server behind it.
I have configured an apache server for ProxyPass using following configuration
SSLProxyEngine On
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/
I am able to get all all traffic to the apache server that is listening to port 8080 direct and serve by the localhost:8081 server so
http://localhost:8080/hi is being correctly served by http://localhost:8081/hi
However the following does not work :
http**s**://localhost:8080/hi to be served by http://localhost:8081/hi
Apache is trying to pass the https:// traffic to the 8081 server, without managing the SSL handshake.
Your Apache listener on port 8080 is an http listener, not an https listener. You can't handle both types of traffic on the same port. If you want to handle SSL traffic, you'll need to set up a new context on another port with SSLEngine On and all the other normal SSL configuration (certificate, key, etc).
This question has one version of this configuration.
Also this post.
I have a need to run Apache httpd in front of my JBoss so I can leave the JBoss ports in place (8080/8443) but have Apache/80 forward to Jboss/8080 and Apache/443 forward to Jboss/8443.
I have the HTTP forwarding working but I can't get HTTPS forwarding to work.
To get HTTP forwarding to work I simply loaded the correct proxy modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
Then added these new directives:
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
If all I want to do is forward port 443 to 8443 to I have to enable SSL? I don't need Apache to load and process a certificate.
You're confusing two things.
If you want port forwarding from port 443 to 8443, don't go via Apache Httpd, just forward the port (for example, via iptables). In this case your JBoss container must be configured to handle the SSL/TLS connection (all the certificate settings).
If you want a reverse proxy from Apache Httpd (listening on port 443) to your JBoss container, you don't need to enable SSL/TLS on your JBoss container (especially on localhost), just proxy the request to Apache Httpd in plain HTTP (or via AJP). For this, you'll need to configure Apache Httpd to handle the SSL/TLS connection.
I have this configuration:
HTTPS load balancer / SSL offloader on port 443
Apache httpd on port 80 (different IP), using ProxyPass, ProxyPassReverse to forward to...
multiple Glassfish domains listening on different ports
Problem: Neither Glassfish nor Apache is aware that the request is HTTPS. Redirects to URLs like "/index.jsp" are being rewritten in Glassfish as http://internal_ip/index.jsp, then ProxyPassReverse rewrites to http://public_ip/index.jsp. Problem is, I need that URL to be http*s*://public_ip/...
How do I fix that - is there some Glassfish configuration I can change, or Apache httpd.conf?
I see two solutions to that:
1) use your loadbalancer to manipulate apaches response (iRule in F5, flex for A10 loadbalancers etc.)
2) set up something on the loadbalancer to send another redirect to requests coming in via HTTP to use HTTPS