I am trying to return content with a web service. Behind an apache proxy if fails with "Operation insecure".
I read about adding an apache hook but it won't work for me. Setting the environment variable neither.
This is what I tried: how to make Mojolicious's url_for()->to_abs() return correct scheme (http or https) behind nginx
Maybe or webservice I have to do something else ? Also I use mojolicious lite.
Also the url_for is done in the template file .html.ep. I use it to call the web service from javascript.
I run Mojolicious 7.59 on Ubuntu 18.04. Thank you for you help
I solved it this way: the apache proxy must have some specific settings and also the mojo app must be in reverse proxy mode.
Apache Settings
Apache must know how to proxy the web services and it must tell mojo about the forwarding protocol.
I put all my webservices under the /ws/ and I added it to ProxyPass
My mojo app is at the same host at port 8080 so I proxy to localhost:8080.
It is very important to set the X-Forwarded-Proto
At /etc/apache2/sites-enabled/default-ssl.conf I changed this way:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /ws/ ws://localhost:8080/ws/ keepalive=On
ProxyPass / http://localhost:8080/ keepalive=On
ProxyPassReverse / http://localhost:8081/
RequestHeader set X-Forwarded-Proto "https"
Mojo Proxy
The mojolicious app must know it is in reverse proxy. If you are using hypnotoad it may not be necessary. When I did some tests with morbo I had to run it this way:
MOJO_REVERSE_PROXY=1 morbo script.pl
There is more documentation at https://mojolicious.org/perldoc/Mojolicious/Guides/Cookbook#Reverse-proxy
Related
I'm setting up the WAF with feature of reverse proxy, and have the config in /etc/apache2/sites-available/000-default.conf. then i have to setting the WAF as reverse proxy. Can i use redirect in exchange for proxy_pass? what is the difference between them?
I already setup the reverse proxy but always end up with my web application functional problem, but when i use redirect everything just work fine.
This is my 000-default.conf for reverse proxy:
<VirtualHost *:80>
ServerName https://mywebsite.com/
ProxyPass / https://10.10.123.32:443/
ProxyPassReverse / https://10.10.123.32:443/
ProxyPreserveHost on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSL ProxyCheckPeerExpire off
</VirtualHost>
-is that anything wrong with my reverse proxy config?
-and it's okay to use redirect as the replacement for proxy_pass setting?
-if that okay, whether the waf function will still run?
Thank you :)
ProxyPass instructs Apache to forward the request to the named backend server and forward the response to the client.
Redirect instructs Apache to respond directly to the client with a substitute URL.
It would rarely be effective for a WAF to send a redirect instead of acting as a proxy/gateway/middleman as the WAF would not really be in the loop for the traffic. Further, usually your client can't do anything with the direct address of what is likely an internal server.
I have apache tomcat application which is configured to apache webserver, now I want to add another apache tomcat application to same Apache web server,all these servers (apache tomcat and apache web server (rhel)) are on same network, kindly provide me some ways for configuring it.
is there any other way without using mod_jk?
Apache can talk to Tomcat using either mod_jk or by using the standard proxy module, mod_proxy. Using the standard proxy module, it's very easy to put multiple instances of Tomcat behind a single Apache instance.
Assuming that you have a Tomcat instance listening on port 8080 and another on port 8081, you can do something as simple as this:
<Location /app1/>
ProxyPass http://localhost:8080/
ProxyPassReverse http://localhost:8080/
</Location>
<Location /app2/>
ProxyPass http://localhost:8081/
ProxyPassReverse http://localhost:8081/
</Location>
This places the first instance at /app1/ and the second instance at
/app2/.
The mod_proxy documentation is a good place to start, and the tomcat documentation covers this topic briefly.
What I'm basically trying to accomplish is having my main website running a CMS written in Go. This will be located at www.example.com.
I also have applications written in PHP located in directories, such as www.example.com/clients/
How can I serve example.com/clients using Apache/PHP while serving example.com using Go built-in web server?
Via mod_proxy in Apache2, you can proxy different paths into different destinations at localhost or anywhere else accessible by your server, including within your local network (if your server can access it).
For this you would use ProxyPass (Apache2 Docs for ProxyPass, which is very useful reading) like the example below:
<VirtualHost *:80>
ServerName some.example.host.xyz
DocumentRoot /var/www/your-document-root
Alias /clients/ /var/www/clients/
ProxyPass /clients/ !
ScriptAlias /something-using-cgi/ /var/www/cgi-stuff/
ProxyPass /something-using-cgi/ !
ProxyPreserveHost On
ProxyPass / http://localhost:9876/
ProxyPassReverse / http://localhost:9876/
ProxyPass /elsewhere/ http://elsewhere.example.host.xyz:1234/
ProxyPassReverse /elsewhere/ http://elsewhere.example.host.xyz:1234/
</VirtualHost>
You'll want to be sure that you set your proxy security such that external users can't use your reverse proxy as a forward proxy, too. You can do that via ProxyRequests as described in the official Apache2 docs. The way I did this on a server is to put this in your server-wide config (you should verify on your own that this is secure enough):
# disables forward proxy
ProxyRequests Off
Andrew Gerrand has a good blog post about this for nginx but the principle is the same for Apache.
You want to set up Apache as a reverse proxy for requests coming in for the Go application.
For Apache you want to look at mod_proxy
I have 3 tomcat instances running on Windows Server 2008 machine. Each one with one app:
http://host:8080/app0
http://host:8081/app1
http://host:8082/app2
How I can configure my server to map an address without the port number?
http://host/app0
http://host/app1
http://host/app2
Is it a tomcat configuration or something with DNS?
Thanks.
Ok, I tried the following:
Set up the Apache 2.2
Configure httpd.conf loading proxy modules
And add a proxy module configuration:
ProxyRequests Off
ProxyPass /app1 http://machine:8081/app
ProxyPassReverse /app1 http://machine:8081/app
<Location "/app">
Order allow,deny
Allow from all
</Location>
Now the redirect works well local in the machine. But it doesn't works when I try access from another machine in the same network. (this another machine can ping 'machine' host. And I tried putting the ip number too).
You can use nginx (http://nginx.org/en/docs/) as proxy for example.
Try simply (no load balancing etc.):
server {
listen here.your.ip:80/YourApp;
location / {
root /path/to/your/webapp;
proxy_pass http://host:8080/YourApp;
}
}
Same way for other ports
It is quite common to use multiple Tomcats behind Apache to do load balancing. While this is not load balancing the principle is the same. Instead of having one application with 3 load-balanced Tomcat workers, you would have 3 applications with 1 tomcat worker each.
You can find the tomcat documentation here: http://tomcat.apache.org/connectors-doc/
Try mod proxy configuration on below code in httpd:
ProxyPass /app0 http://localhost:8080/app0/
ProxyPassReverse /app0 http://localhost:8080/app0/
ProxyPass /app1 http://localhost:8081/app1/
ProxyPassReverse /app1 http://localhost:8081/app1/
ProxyPass /app2 http://localhost:8082/app2/
ProxyPassReverse /app2 http://localhost:8082/app2/
I am trying to setup a server with multiple web applications which will all be served through apache VirtualHost (apache running on the same server). My main constrain is that each web application must use SSL encryption. After googling for a while and looking other questions on stackoverflow, I wrote the following configuration for the VirtualHost:
<VirtualHost 1.2.3.4:443>
ServerName host.domain.org
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
</VirtualHost>
Even though https://host.domain.org:8443 is accessible, https://host.domain.org is not, which defeats the purpose of my virtual host configuration. Firefox complains that even though it successfully connected to the server, the connection was interrupted. Chrome return an error 107: net::ERR_SSL_PROTOCOL_ERROR.
Finally I should also mention that the virtual host works perfectly fine when I do not use SSL.
How can I make this work ?
Thanks
You don't need to configure SSL in both Apache and Tomcat.
The easiest way to accomplish that is configure SSL just on Apache and proxy to tomcat using http.