I tried to configure Apache's reverse proxy on a running CKAN instance; most pages work, with a few exceptions (notably data preview and user login).
What I did: I’ve set up a CKAN instance using docker, at http://my.intranetwebsite.fr:8082
I’ve deployed it into : http://cybis.univ-grenoble-alpes.fr:8082
(port 80 is already used).
Tests shows that everything worked well on port 8082.
I now want to have this web page accessible on port 80. We use apache’s reverse proxy for several services on this website, so I’ve added this to /etc/apache2/apache2.conf
<Location /data>
ProxyPass http://localhost:8082 retry=0
ProxyPassReverse http://localhost:8082
SetOutputFilter proxy-html
ProxyHTMLURLMap http://localhost:8082
</Location>
RewriteRule ^/data$ /data/ [R]
And I've changed the parameters in production.ini:
ckan.root_path = /data/{{LANG}}
ckan.site_url = http://cybis.univ-grenoble-alpes.fr
And restarted apache on the host, and restarted the container.
Everything works fine on :80/data except the login, and a strange behaviour for the data explorer: it gets an iframe with the home page of the ckan in place of the explorer.
Thank you for any help
If you use ckan.root_path then think you may well have to change the paths in who.ini too, e.g. login_form_url = /data/user/login.
For the Data Explorer, maybe someone else can suggest. One of his example URLs is here: http://cybis.univ-grenoble-alpes.fr/data/dataset/militarized-interstate-disputes-v4-3/resource/55ed7ecb-841b-47c0-80cd-65fa80a04401 and shows a 404 error in the iframe where the preview should be.
Related
I was not able any suitable solution on the web and all my trials result in failure.
My goal is to set up Tomcat9(TC9) while Tomcat7 (TC7) is still running, so I can configure and test the applications without any interference for the users. After I finished the configuration I want to switch to TC9 so the URLs of the webapps do not change and the Users won't notice the change.
I set up successfully TC9 with an AJP Connector Port on 8010 and I used the existing config file of the httpd and copied the /etc/httpd/conf.modules.d/00-tomcat7.conf to /etc/httpd/conf.modules.d/00-tomcat9.conf and edited accordingly
ProxyPass / ajp://localhost:8010/
However the old pass does not work anymore
ProxyPass / ajp://localhost:8009/
There might be a problem with the URL as I implemented it like so:
https:////
I had several attempts with configuration of the ProxPass like
ProxyPass /<webappgroup1> ajp://localhost:8009/<webappgroup1>
ProxyPass /<webappgroup2> ajp://localhost:8010/<webappgroup2>
But how does the actual endpoint URL look like and do I need to deploy my webapps still as #.war?
however like this I always get the Browser Error This site could not be found.
I don't know in which logs i could find more Information what is going wrong.
An example for the ProxyPass config or input of any kind is very much appreciated.
Thanks in advance!
I'm starting from the bitnami jenkins stack. Everything is working perfectly with jenkins.
http://sample:8080/jenkins (works fine)
I'm trying to add additional directories to apache to proxy to nginx:
http://sample:8080/other_tool
I can get to the other_tool homepage, but references to that other tool break down because they are looking for http://sample:8080/relative_url rather than http://sample:8080/other_tool/relative_url
I can pull config settings from the necessary files as needed, but it is on an air-gapped network so wholesale posting would be a challenge
The apache conf looks like:
<Directory /other_tool>
ProxyPass http://localhost:9999
ProxyPassReverse http://localhost:9999
</Directory>
The nginx configuration is a standard "/" with root directory. I'm not as familiar with nginx so I can't recall the exact information off the top of my head. If needed I will provide it.
I could try to switch the jenkins hosting over to nginx, but I'm not sure that simplifies anything.
I can't open more ports on the machine. I can't use a subdomain as that would require additional DNS entries that I do not control.
Ideas or suggestions?
I have 3 machines.
One (loadbalance.lan) is used as a load balancer, the other two (172.16.30.5 and 172.16.30.6) are tomcat's servers. Main page of the tomcat is listening on port 8080
Im typing in the browser loadbalance.lan/tomcat and I am able to see one of the tomcat content (default tomcat page)
The problem is page isn't displayed correctly. There's no images and when I click on any link it displays 404 Not found error.
Lets say I want to access one of the sub pages on the tomcat website. Tomcat website address: 172.16.30.5:8080
Now I can choose, lets say "status" link which redirects me to: 172.16.30.5:8080/manager/status (and works fine)
When I access the same page but via reverse proxy server (loadbalance.net) and click that link on the loadbalance.lan page, links redirect me to loadbalance.lan/manager/status and I get 404 error.
Of course when I type in the browser loadbalance.lan/tomcat/manager/status it displays correct.
Problem with the images is also weird. When I use url: loadbalance.lan/tomcat I can't see images (Tomcat logo)
When I use this one: loadbalance.lan/tomcat/ (slash at the end) it's ok. At least images because links still redirect in wrong place.
Here is my loadbalance.lan apache config:
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<VirtualHost *:80>
ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
<Proxy balancer://cluster>
Order Deny,Allow
Allow from all
</Proxy>
<Proxy balancer://cluster>
BalancerMember http://172.16.30.5:8080
BalancerMember http://172.16.30.6:8080
<Proxy balancer://cluster>
</Proxy>
<Location /tomcat>
ProxyPass balancer://cluster
ProxyPassReverse balancer://cluster
</Location>
</VirtualHost>
Could someone help me with this?
Obviously there is something wrong with that proxy but I have no idea how to fix that :(
From ProxyPassReverse documentation (strong added):
This directive lets Apache adjust the URL in the Location, Content-Location and URI headers on HTTP redirect responses. This is essential when Apache is used as a reverse proxy (or gateway) to avoid by-passing the reverse proxy because of HTTP redirects on the backend servers which stay behind the reverse proxy.
Only the HTTP response headers specifically mentioned above will be rewritten. Apache will not rewrite other response headers, nor will it rewrite URL references inside HTML pages. This means that if the proxied content contains absolute URL references, they will by-pass the proxy. A third-party module that will look inside the HTML and rewrite URL references is Nick Kew's mod_proxy_html.
So, the proxy job is not to rewrite the html content of the pages, if the proxyied content does not know that the final url should contain /tomcat extension and the proxy does not alter the pages... you're stuck.
This is usually something you do not see because the 172.16.30.5:8080 part is well rewritten in localhost.lan, but this rewrite is not made by the proxy, quite certainly because urls are in fact only relative (<img src="/foo/bar.png">). Check the source code of the page to see if the domain name is really rewritten in urls).
There's several ways of handling that:
- You could avoid altering relative urls paths in, the proxy (so not using a tomcat/ prefix, but instead a dedicated virtualhost with a name, like tomcat.lodabalncer.lan).
- You could also use some dedicated tools, like mod_proxy_html to rewrite the content of the pages, but that's a slow and complex thing.
- The third way is to manage the final full url on the application side (here tomcat) and detect the proxy chain elements in X-Forwareded-for Header to rebuild the right domain.
- Some applications provides tools for that, like the VirtualHostMonster in Zope
For tomcat the preferred tool is mod_proxy_ajp and not mod_proxy. But for a load balancer proxy I do not think you can use mod_proxy_ajp. And, it's been a long time since I made this, but in my memory I think mod_jk was the solution to that.
Read this full documentation on tomcat proxying for details. At least you should get some hints for the solution.
We're running Sonatype's Nexus to store all of our builds, cache our dependencies, etc. etc. However, I'd like to move away from the default install's port 8081 URL and instead host it over SSL via an Apache proxy. I've setup Apache's mod_proxy to proxy to it such that https://myserver.com/nexus brings up Nexus. I used the following configuration directives inside of my virtual host config:
# Configure mod_proxy to be used for proxying URLs on this site to other URLs/ports on this server.
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
# Proxy the Sonatype Nexus OSS web application running at http://localhost:8081/nexus
<Location /nexus>
ProxyPass http://localhost:8081/nexus
ProxyPassReverse http://localhost:8081/nexus
</Location>
This seems to match the instructions at Running Nexus Behind a Proxy. However, I was unable to clear the "Base URL" setting in Nexus: it wouldn't let me leave it blank.
And everything mostly works: I can access Nexus at the HTTPS URL, log in, and perform most GUI functions.
However, when logging in I get the following warning message:
WARNING: Base URL setting of http://myserver.com/nexus does not match your actual URL! If you're running Apache mod_proxy, here's more information on configuring Nexus with it.
And not everything in the GUI actually works. So far I've noticed the following:
System Feeds: Gives the following error:
Problem accessing /nexus/service/local/feeds. Reason:
The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request
Nexus returned an error: ERROR 406: The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request
Deleting Hosted Repositories: I went through and deleted several empty & unneeded repositories. However, after confirming the deletions, only the first was removed. I had to login to the 8081 site to delete any of the others.
Per the documentation, it looks like a better solution may be to add a RequestHeader to the Apache configuration:
RequestHeader set X-Forwarded-Proto "https"
I tried the accepted answer, which appears to work, but once I added the RequestHeader, I was able to uncheck Force URL and the warning was cleared. I have not tested the other behavior the OP is describing, though.
You just need to adjust the baseUrl setting in the Administration->Server configuration screen. Set the url you are using and click the Force Base Url option.
our IT is trying to configure a new apache/jboss/apj setup.
When I browse to http://domain.com/jboss/test.jsp
and System.out.println request.getRequestURL()
I get http://domain.com/test.jsp
(without jboss)
My app encounteres a lot of 404's because of this.
The IT department said Jboss has no concept of the /jboss/ part of the url because of the proxy. Are they configuring things properly or do I need to change my code. To me my code is not portable if I have to hard code url paths.
Edit-
Here is what they told me:
<Location /jboss>
ProxyPass balancer://cluster stickysession=JSESSIONID
ProxyPassReverse https://domain.com/jboss/
</Location>
This article supports my question
https://sosiouxme.wordpress.com/2010/08/18/fixing-apache-httpd-reverse-proxy-redirect-rewrites/
Edit2
On our old server in a my login framework servlet used by a few apps I had
response.sendRedirect("login.jsp?message=You have successfully logged off.");
to get things to work with the new proxy I have to recode as
response.sendRedirect("/jboss/AppName/login.jsp?message=You have successfully logged off.");
I lose portablity and reuseabilty with the latter syntax.
The error (in Apache, not jboss) for
response.sendRedirect("login.jsp?message=You have successfully logged off.");
File does not exist: /WEB/wwwssl/AppNamelogin.jsp
Note there is no "/" between my appname and login.jsp
The error (in Apache, not jboss) for
response.sendRedirect("/login.jsp?message=You have successfully logged off.");
File does not exist: /WEB/wwwssl/login.jsp
Note the AppName is missing
Note that the article you mention uses mod_proxy_html (ProxyHTMLURLMap ProxyHTMLURLMap / /ajp/nocluster/), which will fix links to use the right path prefix. This is not part of the default mod_proxy modules provided with Apache Httpd.
Instead of putting these directives in a <Location> block, using a single line syntax might forward the path correctly:
ProxyPass /jboss balancer://cluster stickysession=JSESSIONID