Example website is www.domainA.com.
I want to re-direct one of DomainA subdirectories to DomainB root. For example http://www.DomainA.com/Folder would re-direct to http://www.domainB.com/ to serve the content.
I tried Apache ProxyPass where I am doing the following:
ProxyPass /folder/ http://domainB.com
ProxyPassReverse /folder/ http://domainB.com
However that does not seem to be working as I only get a page not found.
I also tried simply doing
ProxyPass /Folder/ http://domainA.com
ProxyPassReverse /Folder/ http://domainA.com
Just to see if I can redirect /Folder with just an index file back to root of domainA and that did not work either
Try adding this to your domainA.com VirtualHost:
Redirect 302 /folder/ http://domainB.com/
(it is case sensitive)
Related
I have an app deployed to Elastic Beanstalk whose Tomcat container uses Google OpenID Connect for authentication. I want to redirect all http requests to https, for which I have the following mod_rewrite configuration in a file in .ebextensions -
files:
"/etc/httpd/conf.d/ssl_rewrite.conf":
mode: "000644"
owner: root
group: root
content: |
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
Google OAuth2 credentials console has https://example.com/j_security_check as an authorized redirect URL. The configuration works fine when either example.com or https://example.com is requested, whereupon the app is redirected to the mentioned authorized URL.
However, when http is explicitly requested - http://example.com - the app is being redirected to https but port 80 is still being used. The authorized redirect URL then becomes https://example.com:80/j_security_check and I get Error: redirect_uri_mismatch.
How can I redirect explicit http requests to https with the port changed to 443? The main goal is to match the mentioned authorized redirect URL. If possible, I'd like to implement this with the .ebextensions configuration file or a similar solution.
Can you something like this. If it got worked I will give you the explanation.
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
The problem was not with the rewrite rule. The file had to be placed in a specific path within .ebextensions for it to work in Tomcat 8. The configuration files had to be setup differently too. Most examples provided were not for Tomcat so I ended up putting them in the wrong location.
What worked -
In /.ebextensions/httpd/conf.d/myconf.conf, place -
LoadModule rewrite_module modules/mod_rewrite.so
and in /.ebextensions/httpd/conf.d/elasticbeanstalk/00_application.conf, place -
<VirtualHost *:80>
<Proxy *:80>
Order Allow,Deny
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>
Take note of the use of .conf files instead of .config. This is important!
Also, the redirection that I was getting was not genuine. I was not paying close attention, because when I requested example.com, the browser cache was serving me https://example.com. It was not actually redirecting an http request to https.
I'm pulling my hair out because it must be something simple.
I've setup Grafana to run through a subdomain via proxy which works fine. I'm doing basic authentication as well to login to Grafana, this is my apache config:
<VirtualHost *:80>
ServerAdmin webmaster#example.co
ServerName example.co
ServerAlias www.example.co
DocumentRoot /var/www/example.co/public_html/
ErrorLog /var/www/example.co/logs/error.log
CustomLog /var/www/example.co/logs/access.log combined
<Location "/application">
AuthType Basic
AuthName "Graphs Login"
AuthUserFile /var/www/example.co/members/.htpasswd
Require valid-user
ProxyPass http://localhost:3000/
</Location>
ProxyPassReverse /application http://example.co:3000/
</VirtualHost>
And my config in grafana.ini
# The public facing domain name used to access grafana from a browser
domain = example.co
# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
;enforce_domain = false
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
root_url = %(protocol)s://%(domain)s:%(http_port)s/application/
I've also tried to do this with a 301 redirect:
Redirect 301 /application http://example.co/application/
<Location "/application/">
AuthType Basic
AuthName "Graphs Login"
AuthUserFile /var/www/example.co/members/.htpasswd
Require valid-user
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
</Location>
The ProxyPass to the domain works fine, however if I use the IP address it doesn't go to the domain, but rather it tries to load it as IP:3000/application which then gives a Grafana error (Blank page with {{alert.title}})
Any idea what I am doing wrong and how I can redirect the IP:3000 to DOMAIN:3000 such as the ProxyPass is doing with Reverse Proxy?
I'm using Ubuntu 12.04
I've done all sorts of things such as adding trailing slashes, removing them from both apache and from grafana configs, i've been using incognito everytime to ensure there is no caching and I just can't get it to work in Reverse Proxy where I'm trying to redirect the IP to the domain that I've set in Grafana and ProxyPass.
Please help!
I am not 100% sure if this may be the issue. However let's give it a try: Try removing the slashes after the ProxyPass directives:
ProxyPass /application http://localhost:3000
ProxyPassReverse /application http://localhost:3000
Grafana seems to be very picky with regard to those slashes. I had several issues with those little buggers :) I will explain the details further below. A very simple working setup (without specific authentication though) looks like this:
Apache
<VirtualHost *:443>
ServerName example.co
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# grafana
ProxyPass /grafana http://thorin:3000
ProxyPassReverse /grafana http://thorin:3000
</VirtualHost>
Grafana
domain = example.co
root_url = %(protocol)s://%(domain)s/grafana
Explanation: Slashes
Next I explain the reason for the unexpected behavior as far as I understood it. For completeness sake I am also adding an issue I had with certain rewrite rules in addition to the proxy setup.
Proxy
So what happens if you keep the slashes?
# WRONG!
ProxyPass /application http://localhost:3000/
ProxyPassReverse /application http://localhost:3000/
In this case, the response you get from Grafana is a ugly page showing {{alert.title} and a bunch of other unformated HTML. The reason for this is that Grafana can not load certain resources:
http://example.co/application/public/build/grafana.dark.css?v5.2.4
http://example.co/application/public/build/vendor.4f5454f867a0cc2fe8dd.js
However, you proxy settings work correctly, right? Well, partially. They have that tiny slash / resulting in the following lookups on your Grafana installation:
http://localhost:3000//public/build/grafana.dark.css?v5.2.4
http://localhost:3000//application/public/build/vendor.4f5454f867a0cc2fe8dd.js
Notice the extra slash / after http://localhost:3000. Try calling those URLs. They do not work. This is Grafana being very picky about URLs :) Thus, removing the extra slashes from your Apache config will do the trick.
At least that is what I came up with so far:)
Rewrite
No, rewrite rules. In our setup we have Jekyll setup in another subpath, say http://example.co/jekyll where we use relative URLs to access resources. This requires a slash at the end of each URL. We solved this by adding following rewrite rule in Apache (there may be better solutions for this; if you have suggestions please let me know):
# add trailing slashes to support relative URLs
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !(.*)\.[a-zA-Z0-9]+$
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ $1/ [R=301,L]
This resulted in some funny effects on Grafana:
we could not log in
the admin/admin account worked however it got stuck at changing the default password
all data sources were gone
Turns out that Grafana did not like the redirects and slash policy we introduced here. The solution was to only enable this rewrite rule for applications that needed it:
# add trailing slashes to support relative URLs
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !(.*)\.[a-zA-Z0-9]+$
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteCond %{REQUEST_URI} ^jekyll.*$
RewriteRule ^(.*)$ $1/ [R=301,L]
Let me know if this helps :)
I have a redirect setup on my Apache server within the httpd.conf file that redirects all traffic to "server.mydomain.com" to https://server.mydomain.com/uri. Unfortunately, some users will enter https before the URL and it does not redirect, instead they get Apache error page. I want to know how can I get users who input https before the URL to be redirect to https://server.mydomain.com/uri. I believe I may have to do a rewrite but I'm not sure or know how to go about doing it. I've research about rewrite and found it should be done in the .htaccess file but when I read Apache best practice they state it should not be done within .htaccess file for security and performance. Instead, it should be done within the config file. Since the redirection is working within the httpd.conf file, I would like to incorporate the rewrite there as well. I presume that is the correct according to Apache website. My issue is how do I go about doing this within that file. I've included the file information below. Any assistance is greatly appreciated. The server is using Tomcat 7 with Apache 2.2.15.
httpd.conf file:
</IfModule>
#
ProxyPass /uri/fbs-ws ws://server.mydomain.com:8081/uri/fbs-ws
ProxyPassReverse /uri/fbs-ws ws://server.mydomain.com:8081/uri/fbs-ws
</IfModule>
<VirtualHost *:80>
ProxyPass /uri http://server.mydomain.com:8080/uri
ProxyPassReverse /uri http://server.mydomain.com:8080/uri
Redirect permanent / https://server.mydomain.com/uri
</VirtualHost>
Did you try creating a vhost for 443 and switching to http there via Rewrite?
<VirtualHost *:443>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
This is what I need to achieve
I need to proxy all requests to /public/ route to another server, except that requests to /public/forms/ must not be proxied and should be served by this apache server.
I have added these directives to my httpd.conf
ProxyPass /public/ http://localhost:3002/public/ retry=10
ProxyPassReverse /public/ http://localhost:3002/public/
It proxies all requests to /public/ to this localhost:3002 but is there any way to exclude /public/forms/ from this proxying?
On top of those because most specific requests should be defined first with ProxyPass add this:
ProxyPass /public/forms/ !
That tells mod_proxy to "not proxy" for that path.
I've never set up a proxy before. I'm using shared hosting, so to set Apache directives, I need to use .htaccess. Can I use .htaccess to do something like below? Any limitations?
ProxyRequests Off
ProxyPass /img/ http://internal.example.com/img/
ProxyPass /app/ http://internal.example.com/app/
ProxyPassReverse / http://internal.example.com/
You cannot use a ProxyPass in an htaccess file. The documentation says it is only applicable in the context:
Context: server config, virtual host, directory
which excludes htaccess (you can't have a <Directory> block in htaccess). However, you can use a ProxyPassReverse to internally rewrite the Location field of proxied requests that cause a redirect. You'll just need to use mod_rewrite's P flag to proxy instead of ProxyPass. So something like:
RewriteEngine On
RewriteRule ^/?img/(.*)$ http://internal.example.com/img/$1 [L,P]
RewriteRule ^/?app/(.*)$ http://internal.example.com/app/$1 [L,P]
ProxyPassReverse / http://internal.example.com/
Just to be clear, you cannot use ProxyPass or ProxyPassReverse in the htaccess file, but you can use ProxyPassReverse with mod_rewrite rules that utilize the P flag.
You can't use ProxyPassReverse, but you can mimic it if you have the ability to rewrite the HTML as it comes back from the origin server.
See my writeup here.