I have a Spring Boot Application that has been set up with SSL handling. I was using iptables rerouting to route all port 80 traffic to the spring boot port 8080 and all 443 traffic to spring boot 8443.
Spring Boot was then redirecting any http traffic to https (443). Everything was working fine.
Now I want to run an Apache2 server and use it to redirect the traffic to Spring Boot instead of using straight up iptables rerouting.
I've creating the following conf file for the site:
<VirtualHost *:80>
ServerAdmin mail#gmail.com
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ErrorLog ${APACHE_LOG_DIR}/site/error.log
CustomLog ${APACHE_LOG_DIR}/site/access.log combined
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin mail#gmail.com
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
ErrorLog ${APACHE_LOG_DIR}/site/error.log
CustomLog ${APACHE_LOG_DIR}/site/access.log combined
</VirtualHost>
But it doesn't seem to be working. I get "This site can’t provide a secure connection". Although redirection from http to https (set up in spring boot) does seem to be working.
Most of the things I found on google show how to configure spring boot behind Apache2, with Apache2 handling ssl. How do I set it up so that it's spring boot that handles the ssl, and Apache just basically does the port mapping. Or would it be less pain to set up Apache to handle ssl?
Looks like what I want is "Pass through SSL proxying" which Apache2 doesn't support.
From looking around Nginx does support something like this: https://serversforhackers.com/c/tcp-load-balancing-with-nginx-ssl-pass-thru
But even then there are extra complications because this makes it difficult for the server to figure out which host the request is being sent to, as it can't decrypt the encrypted requests
The point of setting up a web server in front of Spring Boot, was to host multiple sites on this server, so I think I'll just set up Apache2 to termnate SSL.
Related
I had Apache configuration which was using a ProxyPass/ProxyPassReverse with the following example syntax:
ProxyPass /myprog http://localhost:8080/myprog
ProxyPassReverse /myprog http://localhost:8080/myprog
Then, I moved Apache from port 80, to 8880, and put another web server on port 80. I can access some things correctly now on port 8880 - those files which are hosted directly on Apache. But my proxy pass (to Tomcat) now fails when I try to access it at: http://some.domain:8880/myprog.
How do I correct the ProxyPass/Reseverse to account for the port change? (I assumed, perhaps natively, the port spec was implicit...).
You need to put your configuration on a VirtualHost tag.
<VirtualHost *:8880>
ProxyPreserveHost On
ProxyRequests Off
ProxyPass /myprog http://localhost:8080/myprog
ProxyPassReverse /myprog http://localhost:8080/myprog
</VirtualHost>
I've read a lot of questions and answers which seem exactly the same as mine, but I can't seem to get my setup to work. I have a VM running Apache with only HTTP support at 192.168.2.101:32773. I can access it on my local network as such just fine. I now am ready to expose it through my Apache web server that has Lets Encrypt setup to generate SSL certificates. So I added this to my server conf file:
<VirtualHost *:32773>
ServerName server.com
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://192.168.2.101:32773/
ProxyPassReverse / http://192.168.2.101:32773/
</VirtualHost>
However, I get an ERR_SSL_PROTOCOL_ERROR when I try to load it up as https://server.com:32773. If I however change my address to http://server.com:32773, it loads just fine. Anything look wrong in this snippet? Thanks!
HTTP and HTTPS need to be on different ports. Typically HTTPS is served on port 443.
This is embarrassing... At some point I changed my port forward rules to point 32773 directly to 192.168.2.101 so I could validate that the rules were working at all. The above config worked as soon as I realized I wasn't even sending traffic to my Apache SSL enabled server.
I have some problems with Ratchet websoket server when I'm trying to use it with web application when I turn SSL on.
I tried to use Apache mod_proxy_wstunnel.so and stunnel both, but it has no result.
Maybe I did something wrong, but my Ratchet still doesn't work with JavaScript client over SSL. When I turn SSL off, everything works perfectly.
Due to my task, I must use SSL in my project.
Apache 2.4.12
Red Hat Linux Server 6.5
Here is Apache my mod_proxy_wstunnel.so configs:
<VirtualHost *:443>
SSLEngine on
ServerName mydomain.com
SSLProxyEngine on
ProxyRequests Off
ProxyPass "/ws/" "ws://mydomain.com:8098"
ProxyPass "/wss/" "wss://mydomain.com:8098"
...
</VirtualHost>
Here is my stunnel configs (I used it separately with mod_proxy_wstunnel.so):
[websockets]
accept = 443
connect = 8098
I'm trying to develop a Node.js web application, but my production environment-to-be is already hosting Apache/2.2.22. So I can't have Node use port 80, and I don't want my users to have to go to http://myapp.com:4000/.
Is there an apache module that does this, perhaps like mod_jk does this for Tomcat?
The same question goes for nginx.
mod_proxy can do that (for apache)
<VirtualHost nodejs.host.com>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:4000
ProxyPassReverse / http://localhost:4000
</VirtualHost>
will forward everything on that virtualhost to Node.js
I am trying to setup a server with multiple web applications which will all be served through apache VirtualHost (apache running on the same server). My main constrain is that each web application must use SSL encryption. After googling for a while and looking other questions on stackoverflow, I wrote the following configuration for the VirtualHost:
<VirtualHost 1.2.3.4:443>
ServerName host.domain.org
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
</VirtualHost>
Even though https://host.domain.org:8443 is accessible, https://host.domain.org is not, which defeats the purpose of my virtual host configuration. Firefox complains that even though it successfully connected to the server, the connection was interrupted. Chrome return an error 107: net::ERR_SSL_PROTOCOL_ERROR.
Finally I should also mention that the virtual host works perfectly fine when I do not use SSL.
How can I make this work ?
Thanks
You don't need to configure SSL in both Apache and Tomcat.
The easiest way to accomplish that is configure SSL just on Apache and proxy to tomcat using http.