TURN server behind reverse proxy - apache

I would like to make the TURN server accessible behind a reverse proxy in order to use port 443 to avoid problems with blocked ports on public wifi networks, etc.
coturn is configured this way:
listening-port=8443
listening-ip=127.0.0.1
relay-ip=<public-ip-of-the-turn-server>
lt-cred-mech
use-auth-secret
static-auth-secret="secret"
realm=myturnserver.org
total-quota=0
bps-capacity=0
log-file=/var/log/turn.log
and the apache server config looks like this:
<VirtualHost *:443>
ServerName myturnserver.org
ServerAdmin root#myturnserver.org
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/myturnserver.org.error.log
CustomLog ${APACHE_LOG_DIR}/myturnserver.org.access.log combined
SSLCertificateFile /etc/letsencrypt/live/myturnserver.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myturnserver.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</VirtualHost>
but I can't connect to the turn server. Any ideas what is wrong here?

Related

About apache websocket issue, web page is not working properly

I installed a NAS in my home host, and I also used apache reverse proxy for a project named V2rayA. Now on the public network, the webpage can be accessed normally. But there is a bug. The bug picture is shown here.
I know this is the reason why websocket is not set, but I'm newbie and I can't fix it. How can I setup my websocket?
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/nextcloud
</VirtualHost>
<VirtualHost *:443>
SSLProxyEngine on
ServerAdmin webmaster#localhost
DocumentRoot /var/www/nextcloud
SSLEngine on
SSLCertificateFile /home/exploit/Apache/1.pem
SSLCertificateKeyFile /home/exploit/Apache/2.key
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /v2ray/ http://127.0.0.1:2017/
ProxyPassReverse /v2ray/ http://127.0.0.1:2017/
</VirtualHost>
How can I add and if possible please give me an example?
After I mapped this to the public network, it was still inaccessible, and then I knew that .websocket runs on port 443 by default, but the home network cannot use port 443, so this happens. You can use other methods to forward websockets

two webservers on two different machines on the same domain

let's say i have a website
example.com
i have 2 servers, both running apache2.
on server1 i have a an apache2 web server configured with port 443 accessible through
https://example.com
i have another web server running on port 3456 with configured with reverse proxy and alias that is accessible through https://site1.example.com
configuration for this next site is as follows
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName site1.example.com
ProxyPass / http://localhost:3456/
ProxyPassReverse / http://localhost:3456/
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias site1.example.com
SSLCertificateFile /etc/letsencrypt/live/site1.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site1.example.com/privkey.pem
</VirtualHost>
site1 works fine.
Finally i have a third web server running on server2 port 80. I want to access it with https://site2.example.com What is the correct way to do this?

Using Apache Haus for Reverse Proxy in Windows 10

I install Apache Haus in my Windows 10 PC, that should work as Reverse Proxy.
my setting in httpd-vhosts.conf is like below:
<VirtualHost _default_:80>
DocumentRoot "$(SRVROOT)/htdocs"
ProxyRequests off
ProxyPreserveHost On
ProxyPass / http://172.17.3.177/
ProxyPassReverse / http://172.17.3.177/
</VirtualHost>
<VirtualHost _default_:80>
DocumentRoot "${SRVROOT}/htdocs"
ProxyRequests off
ProxyPreserveHost On
ProxyPass / http://172.17.3.177/
ProxyPassReverse / http://172.17.3.177/
SSLEngine on
SSLCertificateFile "${SRVROOT}/conf/ssl/server.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/server.key"
</VirtualHost>
When I open http://localhost in browser the website from 172.17.3.177, successfully rendered (see below pic)
But when I try https://localhost my browser shows failure.
Can anybody help? I already disable windows firewall.
I have never implemented HTTPS on Apache.
However, your configuration seems to miss the listening to port 443 which is the default port for HTTPS.
You should add
Listen 443 // instruction at global server configuration
<VirtualHost _default_:443> // in your VirtualHost definition

Apache redirect to another port

I've struggled with this for some time and am definitely doing something wrong.
I have Apache server and a JBoss server on the same machine. I'd like to redirect traffic for mydomain.example to JBoss localhost:8080/example. The DNS is currently setup for mydomain.example and it will go straight to port 80 when entered into the browser.
My question is how do I redirect to a different port when a certain domain name comes to Apache (in this case, mydomain.example)?
<VirtualHost ip.addr.is.here>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ProxyPass http://mydomain.example http://localhost:8080/example
ProxyPassReverse http://mydomain.example http://localhost:8080/example
</VirtualHost>
After implementing some suggestions:
Still not forwarding to port 8080
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ServerAlias www.mydomain.example
ProxyPass http://mydomain.example http://localhost:8080/example
ProxyPassReverse http://mydomain.example http://localhost:8080/example
</VirtualHost>
You should leave out the domain http://example.com in ProxyPass and ProxyPassReverse and leave it as /. Additionally, you need to leave the / at the end of example/ to where it is redirecting. Also, I had some trouble with http://example.com vs. http://www.example.com - only the www worked until I made the ServerName www.example.com, and the ServerAlias example.com. Give the following a go.
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.example.com
ServerAlias example.com
ProxyPass / http://localhost:8080/example/
ProxyPassReverse / http://localhost:8080/example/
</VirtualHost>
After you make these changes, add the needed modules and restart apache
sudo a2enmod proxy && sudo a2enmod proxy_http && sudo service apache2 restart
I solved this issue with the following code:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName myhost.example
ServerAlias www.myhost.example
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
I also used:
a2enmod proxy_http
I wanted to do exactly this so I could access Jenkins from the root domain.
I found I had to disable the default site to get this to work. Here's exactly what I did.
$ sudo vi /etc/apache2/sites-available/jenkins
And insert this into file:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ServerAlias mydomain
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
Next you need to enable/disable the appropriate sites:
$ sudo a2ensite jenkins
$ sudo a2dissite default
$ sudo service apache2 reload
Found this out by trial and error. If your configuration specifies a ServerName, then your VirtualHost directive will need to do the same. In the following example, awesome.example.com and amazing.example.com would both be forwarded to some local service running on port 4567.
ServerName example.com:80
<VirtualHost example.com:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName awesome.example.com
ServerAlias amazing.example.com
ProxyPass / http://localhost:4567/
ProxyPassReverse / http://localhost:4567/
</VirtualHost>
I know this doesn't exactly answer the question, but I'm putting it here because this is the top search result for Apache port forwarding. So I figure it'll help somebody someday.
This might be an old question, but here's what I did:
In a .conf file loaded by Apache:
<VirtualHost *:80>
ServerName something.com
ProxyPass / http://localhost:8080/
</VirtualHost>
Explanation: Listen on all requests to the local machine's port 80. If I requested "http://something.com/somethingorother", forward that request to "http://localhost:8080/somethingorother". This should work for an external visitor because, according to the docs, it maps the remote request to the local server's space.
I'm running Apache 2.4.6-2ubuntu2.2, so I'm not sure how the "-2ubuntu2.2" affects the wider applicability of this answer.
You have to make sure that the proxy is enabled on the server. You can do so by using the following commands:
a2enmod proxy
a2enmod proxy_http
service apache2 restart
If you don't have to use a proxy to JBoss and mydomain.example:8080 can be "exposed" to the world, then I would do this.
<VirtualHost *:80>
ServerName mydomain.example
Redirect 301 / http://mydomain.example:8080/
</VirtualHost>
Just use a Reverse Proxy in your apache configuration (directly):
ProxyPass /foo http://foo.example.com/bar
ProxyPassReverse /foo http://foo.example.com/bar
Look here for apache documentation of how to use the mod
My apache listens to 2 different ports,
Listen 8080
Listen 80
I use the 80 when i want a transparent URL and do not put the port after the URL
useful for google services that wont allow local url?
But i use the 8080 for internal developing where i use the port as a reference for a "dev environment"
You need 2 things:
Add a ServerAlias www.mydomain.example to your config
change your proxypass to ProxyPassMatch ^(.*)$ http://localhost:8080/example$1, to possibly keep mod_dir and trailing slashes from interfering.
Apache supports name based and IP based virtual hosts. It looks like you are using both, which is probably not what you need.
I think you're actually trying to set up name-based virtual hosting, and for that you don't need to specify the IP address.
Try < VirtualHost *:80> to bind to all IP addresses, unless you really want ip based virtual hosting. This may be the case if the server has several IP addresses, and you want to serve different sites on different addresses. The most common setup is (I would guess) name based virtual hosts.
This is working in ISPConfig too. In website list get inside a domain, click to Options tab, add these lines: ;
ProxyPass / http://localhost:8181/
ProxyPassReverse / http://localhost:8181/
Then go to website and wolaa :) This is working HTTPS protocol too.
Try this one-
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.adminbackend.example.com
ServerAlias adminbackend.example.com
ProxyPass / http://localhost:6000/
ProxyPassReverse / http://localhost:6000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
This is how I redirected part of the requests to one url and rest to another url:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName localhost
ProxyPass /context/static/content http://localhost:80/web/
ProxyPassReverse /context/static/content http://localhost:80/web/
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
All are excellent insights to accessing ports via domain names on virtual servers. Do not forget, however, to enable virtual servers; this may be commented out:
NameVirtualHost *:80
<Directory "/home/dawba/www/">
allow from all
</Directory>
We run WSGI with an Apache server at the domain sxxxx.com and a golang server running on port 6800. Some firewalls seem to block domain names with ports. This was our solution:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName wsgi.sxxxx.example
DocumentRoot "/home/dxxxx/www"
<Directory "/home/dxxx/www">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /py/ "/home/dxxxx/www/py/"
WSGIScriptAlias /wsgiprog /home/dxxxx/www/wsgiprog/Form/Start.wsgi
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName sxxxx.com
ServerAlias www.sxxxx.com
ProxyPass / http://localhost:6800/
ProxyPassReverse / http://localhost:6800/
</VirtualHost>

Route two domains to same JBoss instance

I have two public websites (foo.com and bar.com) that are pointed to a hardware load balancer. This hardware forwards the traffic to my server as follows:
http://foo.com ==> port 7700
https://foo.com ==> port 7701
http://bar.com ==> port 7800
https://bar.com ==> port 7801
My server is currently an old iPlanet box that defines two virtual servers (foo.com for 7700, 7701 and bar.com for 7800, 7801). Since the load balancer forwards directly to these ports, everything works fine.
I now need to port these website to an Apache 2.2 + JBoss 6.0 configuration, and I'm currently at a loss as to what the best practice is to accomplish this.
I've already set up Apache to listen on my four ports (7700,7701,7800, 7801) and configured SSL for 7701,7801. I'm assuming it is preferred to let Apache handle the SSL handshakes and connections. I have set up 4 Virtual Host entries in Apache, as follows:
<VirtualHost *:7700>
DocumentRoot "/htdocs/foo.com"
ServerName foo.com
</VirtualHost>
<VirtualHost *:7701>
DocumentRoot "/htdocs/foo.com"
ServerName foo.com
SSLEngine on
SSLCipherSuite ALL:...
SSLCertificateFile "/cert/foo.com.crt"
SSLCertificateKeyFile "/cert/foo.com.key"
</VirtualHost>
<VirtualHost *:7800>
DocumentRoot "/htdocs/bar.com"
ServerName bar.com
</VirtualHost>
<VirtualHost *:7801>
DocumentRoot "/htdocs/bar.com"
ServerName bar.com
SSLEngine on
SSLCipherSuite ALL:...
SSLCertificateFile "/cert/bar.com.crt"
SSLCertificateKeyFile "/cert/bar.com.key"
</VirtualHost>
I've tested this with static content, and both the HTTP and HTTPS connections are working correctly.
For my JBoss configuration, I currently have my applications deployed as /foo and /bar, although I don't know if that should be the final configuration. What I want to accomplish is this:
Forward all traffic from 7700/7701 to http://localhost:8080/foo, and from 7800/7801 to http://localhost:8080/bar. I don't want to see the /foo and /bar in the public URL, though - the user should just see http://www.foo.com and http://www.bar.com.
Is there a way to configure mod_jk to forward requests to a specific URL? Or should I be looking at ways to have JBoss host foo.com on port A and bar.com on port B -- and just have mod_jk forward to each port separately?
I think mod_jk combined with URL rewriting should handle what you need. The mod_jk information on workers indicates that you should be able to use mod_jk to forward requests based on URL using the uriworkermap. It's also mentioned that you can have a separate uriworkermap for each virtual host.
I'd also like to suggest that you take a look at mod_cluster - it might have additional capabilities that would help with this.
EDIT
Argh. After your clarification (and some better digging), I think there may be a different answer. I am currently using ProxyPass/ProxyPassReverse to redirect top-level URLs to individual servlets. I've reviewed the Apache VirtualHost docs again, and I think that if you combine that with mod_proxy, you'll be able to get what you want.
Here's a proposed configuration example that builds on what I have and could meet your specifications:
Listen 7700
Listen 7701
Listen 7800
Listen 7801
<VirtualHost *:7700>
ProxyPreserveHost On
ProxyPass / http://localhost:8080/foo
ProxyPassReverse / http://localhost:8080/foo
ServerName foo.com
</VirtualHost>
<VirtualHost *:7701>
ProxyPreserveHost On
ProxyPass / http://localhost:8080/foo
ProxyPassReverse / http://localhost:8080/foo
ServerName foo.com
SSLEngine on
SSLCipherSuite ALL:...
SSLCertificateFile "/cert/foo.com.crt"
SSLCertificateKeyFile "/cert/foo.com.key"
</VirtualHost>
<VirtualHost *:7800>
ProxyPreserveHost On
ProxyPass / http://localhost:8080/foo
ProxyPassReverse / http://localhost:8080/foo
ServerName bar.com
</VirtualHost>
<VirtualHost *:7801>
ProxyPreserveHost On
ProxyPass / http://localhost:8080/foo
ProxyPassReverse / http://localhost:8080/foo
ServerName bar.com
SSLEngine on
SSLCipherSuite ALL:...
SSLCertificateFile "/cert/bar.com.crt"
SSLCertificateKeyFile "/cert/bar.com.key"
</VirtualHost>
I apologize for missing this the first time. The only thing you'll want to test is to make sure that the URLs for servlet access are correct. The pattern I have in use is http://{host}:{port}/{WARName}/{ServletPath}. If you've already tested the configuration with static content, only the proxy setup should need to be added/tuned. I'm not sure if you'll need the Listen statements or not; I think you will, as your ports are non-standard.