If Nginx works as reverse proxy between Apache and the web, where should i add X-Robots-Tag (to add some additional headers) - in the htaccess of Apache or in the Nginx configuration file?
You can do it in either place. Although, for a header like X-Robots-Tag, which is very much page specific then it would probably be easier to set this at the application server (in your application/CMS). Devs may not have access to the proxy server in order to apply specific headers.
Alternatively, you might choose to do this in the front-end proxy if you wanted to apply this to every request, or to a specific pattern.
But you should not apply the same header in both places, as that becomes hard to maintain (and debug).
Related
I'm trying to setup Traefik to replace my Nginx reverse proxy setup.
I have my domain setup like this:
- I can access different services using http://example.com and detecting which service I should proxy to, by using subpath.
I tried to recreate same setup with Traefik. First by using ReplacePathRegex and then StripPrefix. My api requests work fine, but when I try to use Portainer, requests made from web browser omit /portainer part which causes web ui to break.
For example:
I make request to http://example.com/portainer.
I get response and then consecutive requests should be made like this: http://example.com/portainer/vendor1.css
and instead it makes request like this:
http://example.com/vendor1.css
Is there any way to setup Traefik behavior to exactly match Nginx proxy_pass?
I found this post that gives me a partial solution: Is there an equivalent to ReverseProxyPass for Apache in Traefik?. Portainer seems to be working when I make request to http://example.com/portainer/ by adding "/" to the end.
I tried to fix it with forceSlash, but it did not make any change
Is it possible to make it work with or without trailing "/"?
This is how requests look like in /portainer and /portainer/:
This is my current Traefik configuration (I'm only using Docker):
Stripprefix middleware is for removing prefixes from the path before forwarding the request. According to your configuration, everything after /portainer and /portainer itself will be stripped.
In your case, it will also remove the trailing slash. If you need to forward / to the Portainer, then you need to use portainer (without slash) as to configure the prefix of stripprefix middleware.
I found a solution: https://community.containo.us/t/middleware-to-add-the-if-needed/1895
This is what I had to add to labels in my portainer container to make it work:
- traefik.http.middlewares.strip-prefix.chain.middlewares=strip-prefix-1,strip-prefix-2
- traefik.http.middlewares.strip-prefix-1.redirectregex.regex=^(https?://[^/]+/[a-z0-9_]+)$$
- traefik.http.middlewares.strip-prefix-1.redirectregex.replacement=$${1}/
- traefik.http.middlewares.strip-prefix-1.redirectregex.permanent=true
- traefik.http.middlewares.strip-prefix-2.stripprefixregex.regex=/[a-z0-9_]+
It is not ideal solution as I think there should be an easier way to achieve it, but for the time being it satisfies my needs.
I have a site (ex: a.domain.com) with multiple applications inside (ex: a.domain.com/App1, a.domain.com/AppX).
I need to figure out how to do a reverse proxy on the top site, only when the people try to access a.domain.com. If someone wants to access a.domain.com/App1 the reverse proxy will have no effect.
Thanks in advance!
May I know how did you set the reverse proxy?
In IIS, we usually use URL rewrite rule to build the reverse proxy.
If you only require reverse proxy rule only take effect on the root www.doamin.com. Then you should add an <add input="{URL}" pattern="^(/)?$" />condition pattern in your rule or include all folder/URL under the top site. Otherwise you have to use regex expression to exclude all 288 applications manually. IIS won't be able to detect sub-application collection and add them to URL rewrite rule automatically.
We are trying to incorporate ClickTale for our site which is hosted on Acquia. But there seems to be a problem and we would like to hear from people over here if they have come across a similar situation.
We already have HTTPS enabled.
Because of HTTPS, we had to change
our DNS setting from an A record to a CNAME record.
Now based on
this ClickTale Wiki -
http://wiki.clicktale.com/Article/Help_talk:Drupal_integration_module_v1...
whenever we have a reverse proxy, we need to make sure that the IP
address of the proxy is allowed which would mean ClickTale servers
be able to identify the IP address of the end user.
Because we have a CNAME record, we have a canonical URL but we dont have an IP.
How do we deal with this situation? If we do not do anything, will Acquia servers ensure that the right headers are in place such that ClickTale servers could read end users IP?
As per Acquia documentation they use the X-forwarded-for header to forward you the client IP, see https://docs.acquia.com/articles/logging-client-ip-apache-behind-reverse-proxy
So from the doc you quote yourself, i would enable the following:
If your proxy includes the original IP address in the HTTP headers, you could add a module setting in your config.php file to instruct the module to use that header. If your proxy uses a header field called "X-Forwarded-For" (this is common), then add $config['IPAddressHeaderFieldName'] = "X-Forwarded-For"; to your config.php file to utilize this field.
I'm trying to use Liferay for http and https
if I include in portal-ext.properties:
company.security.auth.requires.https=true
web.server.protocol=https
Will be working ok with https but in http is showing incorrect themes due is trying to load https://domain.com/theme
If I remove this two lines is working ok for http but not for https.
What can I do?
IMHO mixed mode, e.g. offering http as well as https never gives you what you expect: You expect security from https, but you always risk leaking session information, e.g. being vulnerable to session-hijacking attacks (ala Firesheep). My actual advice would be to go https only if you do https for security. Read on if that's not an option for you, but don't complain when you find information leaking (this is not dependent on Liferay, but for any web-based environment)
What is the exact problem that you have with the themes? (images/css through http?) Which version of Liferay are you using?
Before you specify more, you might want to configure your theme's "virtual path", this will rewrite all the URLs referring to your theme. It's typically used to serve static resources through a webserver or cdn, but it works with any kind of URL. Simply using a protocol-relative URL should work (I love this mostly unknown http feature):
Add this to your theme's liferay-look-and-feel.xml:
<look-and-feel>
<theme id="my" name="My Theme">
<virtual-path>//domain.com/myTheme</virtual-path>
</theme>
</look-and-feel>
note that the URL omits the protocol part, http: or https:, thus the browser will use the same protocol that the whole page is loaded with.
Edit: corrected the xml. Will investigate if there's a problem with protocol-relative URLs in themes.
Edit 2: Something is weird. It seems, virtual-path does not work like this, but I recall it did earlier. Do you add domain.com as cdn.host.http or cdn.host.https? (this would be concatenated)
On related stuff, please check if you're running Apache in front of your appserver. In this case you might forward some traffic for the portal (e.g. in the virtual host for http) but not forward the traffic in the https virtual host.
Using Weblogic 11g and want to be able to add headers to all files served up by weblogic. There is no seperate web server sitting in front of weblogic. Cannot find a way to configure weblogic to add header to the HTTP response. In IIS you can easily do this by choosing the server and clicking to add headers. Looking for the equivalent way to do this in weblogic.
I dont think this is configurable. You would have to write a Filter to manipulate the headers as you need.
As a hint, you could try something along the lines of this package http://flavio.tordini.org/http-headers-filter. I have not tried this myself
If you have the option of putting Apache server in front of your Weblogic server, then you can configure Apache to do that using this. As an additional benefit, you can configure the Apache server to serve static content.
PS: Not just Apache but Lighttpd and Nginx also allow you to do that.
<url-rewriting-enabled></url-rewriting-enabled>
Can occur zero or one time.
When this flag is set to false, WebLogic will add the following header with the response Cache-control: no-cache=set-cookie so that the proxy caches do not cache the cookies.
defaults to true
http://w3processing.com/Setups.php?freepageId=19