Reverse Proxy with pgadmin and apache - apache

I would like to setup the local pgadmin in server mode behind the reverse proxy. The reverse proxy and the pgadmin could be on the same machine. I tried to set up but it always fails.
Here is mypgadmin conf:
Listen 8080
<VirtualHost *:8080>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/pgadmin.crt
SSLCertificateKeyFile /etc/pki/tls/private/pgadmin.key
LoadModule wsgi_module modules/mod_wsgi.so
LoadModule ssl_module modules/mod_ssl.so
WSGIDaemonProcess pgadmin processes=1 threads=25
WSGIScriptAlias /pgadmin /usr/lib/python2.7/site-packages/pgadmin4-web/pgAdmin4.wsgi
<Directory /usr/lib/python2.7/site-packages/pgadmin4-web/>
WSGIProcessGroup pgadmin
WSGIApplicationGroup %{GLOBAL}
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
</VirtualHost>
and my reverse proxy conf
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
ErrorLog /var/log/httpd/reverse_proxy_error.log
CustomLog /var/log/httpd/reverse_proxy_access.log combined
SSLProxyEngine on
SSLProxyVerify require
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCACertificateFile "/etc/pki/tls/certs/ca-bundle.crt"
ProxyPreserveHost On
ProxyPass / https://localhost:8080/pgadmin
ProxyPassReverse / https://localhost:8080/pgadmin
</VirtualHost>
The httpd start but when I want to test it with
wget --no-check-certificate https://localhost/
it give me error 400
but the
wget --no-check-certificate https://localhost:8080/pgadmin
is working. Where is the problem in my config?

this work for me. I make pgadmin proxy to sub directory (https://localhost/pgadmin)
<VirtualHost *:80>
ServerName localhost
DocumentRoot "/var/www"
<Directory "/var/www">
AllowOverride all
</Directory
ProxyPass /ws/ ws://0.0.0.0:8888/
ProxyPass /phpmyadmin/ http://phpmyadmin/
<Location /pgadmin/>
ProxyPass http://pgadmin:5050/
ProxyPassReverse http://pgadmin:5050/
RequestHeader set X-Script-Name /pgadmin
RequestHeader set Host $http_host
</Location>
</VirtualHost>

Have you tried with latest version, I think it is fixed this commit Ref: LINK
Online Docs: https://www.pgadmin.org/docs/pgadmin4/dev/server_deployment.html

This config works,
use 0.0.0.0 for pgadmin docker, else use your ip
change port 5050 with your pgadmin port
<VirtualHost *:80>
ServerName pgadmin.yourdomain.com
RedirectMatch permanent ^/pgadmin4$ /pgadmin4/
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:5050/
ProxyPassReverse / http://0.0.0.0:5050/
Header edit Location ^/ /pgadmin4/
Header always set X-Script-Name /pgadmin4
</VirtualHost>
Cofigure with SSL, replace yourdomain.com with valid SSL for your domain
<VirtualHost *:80>
ServerName pgadmin.yourdomain.com
RedirectMatch permanent ^/(.*)$ https://pgadmin.yourdomain.com/$1
</VirtualHost>
<VirtualHost *:443>
ServerName pgadmin.yourdomain.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
RedirectMatch permanent ^/pgadmin4$ /pgadmin4/
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:5050/
ProxyPassReverse / http://0.0.0.0:5050/
Header edit Location ^/ /pgadmin4/
Header always set X-Script-Name /pgadmin4
</VirtualHost>

Related

Try to setup jitsi behind a apache2 reverse proxy

Iam using a ubuntu 18.04 linux VM as a reverse proxy to forward https subdomains to intern targets f.e. guacamole.mydomain.com and jitsi.mydomain.com.
Each system is a seperate linux VM.
public ip --> web reverse proxy 192.168.2.10 --> guacamole.mydomain.com 192.168.2.20 and jitsi.mydomain.com 192.168.2.30
guacamole is working as expected but iam facing some issues with fowarding https to jitsi.mydomain.com.
All other ports are directly forwarded to jitsi without a proxy.
i created two conf files in /etc/apache2/sites-enabled one for jitsi and one for guacamole and generated a lets encrypt cert with certbot --apache.
When i try to open jits.mydomain.com from outside, i get the following Error: ERR_TOO_MANY_REDIRECTS.
Within the network jitsi is reachable via https, so what did i miss?
unfortunately iam not very familiar with proxy and apache.
thanks in advance guys.
jitsi.conf
<VirtualHost *:80>
ServerName jitsi.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.2.30:80/
ProxyPassReverse / http://192.168.2.30:80/
RewriteEngine on
RewriteCond %{SERVER_NAME} =jitsi.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
jitsi-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName jitsi.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.2.30:80/
ProxyPassReverse / http://192.168.2.30:80/
SSLCertificateFile /etc/letsencrypt/live/jitsi.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jitsi.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
guacamole.conf
<VirtualHost *:80>
ServerName guacamole.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
<Location />
Order allow,deny
Allow from all
ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
ProxyPassReverse http://192.168.2.20:8080/guacamole/
ProxyPassReverseCookiePath /guacamole /
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
</Location>
SetEnvIf Request_URI "^/tunnel" dontlog
CustomLog /var/log/apache2/guac.log common env=!dontlog
RewriteEngine on
RewriteCond %{SERVER_NAME} =guacamole.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
guacamole-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName guacamole.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
<Location />
Order allow,deny
Allow from all
ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
ProxyPassReverse http://192.168.2.20:8080/guacamole/
ProxyPassReverseCookiePath /guacamole /
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
</Location>
SetEnvIf Request_URI "^/tunnel" dontlog
CustomLog /var/log/apache2/guac.log common env=!dontlog
SSLCertificateFile /etc/letsencrypt/live/guacamole.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/guacamole.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Just stumbled upon your question while looking for a solution of a different problem on Jitsi but I think you'll find a useful solution in this page:
https://debamax.com/blog/2020/03/18/installing-jitsi-behind-a-reverse-proxy/
It's not my solution. I'm just trying to help.
Cheers

running jenkins behind apache2 on subdomain and different port

I am attempting to get a jenkins instance (running on http://localhost:8080/) to be visible at http://ci.domain.com:80/.
Current status:
* Browsing to ci.domain.com gives me the content of domain.com
* Browsing to ci.domain.com:8080 shows jenkins
* Browsing to domain.com:8080 shows jenkins
Ideal status:
* Browsing to ci.domain.com shows jenkins
* Browsing to ci.domain.com:8080 redirects to ci.domain.com
* Browsing to domain.com:8080 does whatever the server would do if there were nothing running on port 8080
My current apache site config (working as expected for shifting traffic to HTTPS) is as follows:
<VirtualHost *:8080>
ServerName ci.domain.com
ServerAlias ci
Redirect temp / http://ci.domain.com/
</VirtualHost>
<VirtualHost *:80>
ServerName ci.domain.com
ServerAlias ci
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Proxy http://localhost:8080/*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/domain.com
Redirect permanent / https://domain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/domain.com
<Directory /var/www/domain.com/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml $
</IfModule>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/fullchain.pem
<FilesMatch "\.(cgi|shtml|phtml_php)$">
SSLOptions +StdEnvVars
</FilesMatch>
</VirtualHost>
Any help is appreciated.

Redirect domain.com/path to another Apache Server

I have 3 Apache VM's running currently:
A) ProxyPass (Hosts Nothing)
B) Main Website
C) ZoneMinder Website
If you access example.com you get to the website, and can navigate around, but...
If I manually type http://example.com/zm trying to access zoneminder
It redirects http://example.com/zm in my remote browser to http://192.168.1.255:443/foo*
I can't seem to get my redirect working correctly, can anybody see what I am doing wrong?
Configs:
A) ProxyPass Server:
<VirtualHost *:80>
ServerName www.example.com
RedirectPermanent / http://example.com
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://192.168.1.255:80/
ProxyPassReverse / http://192.168.1.255:80/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
B) Main Website
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/html
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/example.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
</VirtualHost>
Got it working!
The setup:
Server A) Apache server that only serves proxypass and doesn't host anything
Server B) Apache server that hosts main domain.com
Server C) Apache server that hosts ZoneMinder # domain.com/zm
Server A Config:
<VirtualHost *:80>
ServerName domain.com
Redirect / https://www.domain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.domain.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On
SSLProxyCheckPeerCN on
SSLProxyCheckPeerExpire on
SSLEngine on
SSLCertificateFile /location of .crt
SSLCertificateKeyFile /location of .key
SSLCACertificateFile /location of .crt
ProxyPreserveHost on
ProxyPass /zm https://192.168.1.43:443/zm
ProxyPassReverse /zm https://192.168.1.43:443/zm
ProxyPass / https://192.168.1.42:443/
ProxyPassReverse / https://192.168.1.42:443/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
Notes: It is important to have the /zm come before the "/" catch all. I also noticed it FAILED if i used /zm/.
Server B Config:
<VirtualHost *:443>
ServerName www.domain.com
DocumentRoot /var/www/html
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/domain.log
CustomLog ${APACHE_LOG_DIR}/domain.log combined
SSLEngine on
SSLCertificateFile /location of .crt
SSLCertificateKeyFile /location of .key
SSLCACertificateFile /location of .crt
</VirtualHost>
Note: it is not necessary to have *:80 redirects or Server Alias as only correctly formatted requests are sent to this server via ProxyPass filtering beforehand.
Server C Config: (domain.com/zm)
<VirtualHost *:443>
ServerName www.domain.com
DocumentRoot /var/www/html
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/domain.log
CustomLog ${APACHE_LOG_DIR}/domain.log combined
SSLEngine on
SSLCertificateFile /location of .crt
SSLCertificateKeyFile /location of .key
SSLCACertificateFile /location of .crt
</VirtualHost>
Yes it is the same. It works so I am happy!
Note: All 3 servers have my SSL certs installed, but I did not touch default-ssl.conf.

Apache proxypass https to https

here is what I tired to do:
browser -internet-> https(Apache proxypass)-intranet->(Apache https)
both Apaches are installed the ssl certs.(startssl wide card,not self-signed)
Apache error log:
[client 192.168.2.157] SSL Proxy requested for test.xxx.com:443 but not enabled [Hint: SSLProxyEngine]
[error] proxy: HTTPS: failed to enable ssl support for 192.168.2.157:443 (test.xxx.com)
Then I tried use apache(on the internet) proxy to https://google.com
and the error log is the same.
However,https to http works.
browser -internet-> https(Apache proxypass)-intranet->(Apache http)
My config:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/xxx_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/xxx_com.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem
ProxyPreserveHost On
ProxyRequests Off
ProxyVia Off
AllowEncodedSlashes NoDecode
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / https://2w.xxx.com/
ProxyPassReverse / https://2w.xxx.com/
ServerName test.xxx.com
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ErrorLog "/var/log/apache2/error-ssl.log"
</VirtualHost>
OR:
<VirtualHost *:443>
ProxyPass / https://google.com/
ProxyPassReverse / https://google.com/
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/xxx_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/xxx_com.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem
ServerName test.xxx.com
</VirtualHost>
Seems like it's not possible for apache to handle https to https?
if apache does not support this how about nginx?
You should set "SSLProxyEngine On". The following is my example that may give you any idea.
<VirtualHost *:443>
SSLEngine On
SSLProxyEngine On
ServerName my.example.com:443
SSLCertificateFile "${SRVROOT}/conf/ssl/example.pem"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/example.key"
ErrorLog "|bin/rotatelogs.exe -l /var/logs/apache/example/error.%Y-%m-%d.log 86400"
CustomLog "|bin/rotatelogs.exe -l /var/logs/apache/example/ssl_request.%Y-%m-%d.log 86400" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ProxyRequests Off
ProxyPass / https://www.google.com/
<Location />
ProxyPassReverse /
Options FollowSymLinks
Require all granted
</Location>
</VirtualHost>

Apache - Proxy all subdomains from one IP

I'm trying to handle subdomains on a specific server and the normal URL from all servers. They're behind a load balancer. This works for http://test.com and it load balances.
For subdomains I can't tell if the proxy is working or why I'm getting a 404 error. Is there anything wrong with my config?
DNS: example.com 111.111.111.111
Load Balancer: 111.111.111.111
Master, write server: 222.222.222.222
httpd.conf, mirrored to all servers:
<Directory />
Header add myServerName "anglefish" # add a string for testing which server
Header add myServerTimes "D%D t%t"
</Directory>
000-default mirrored to each server except master
#Proxy subdomains from one server
<VirtualHost *:80>
ServerName *.example.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://222.222.222.222/
ProxyPassReverse / http://222.222.222.222/
</VirtualHost>
<VirtualHost *:443>
ServerName *.example.com
SSLEngine on
SSLProxyEngine On
SSLEngine on
SSLCertificateFile /etc/apache2/.ssh/example.com.crt
SSLCertificateKeyFile /etc/apache2/.ssh/example.com.key
SSLCertificateChainFile /etc/apache2/.ssh/example.com_bundle.crt
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://222.222.222.222/
ProxyPassReverse / http://222.222.222.222/
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/vhosts/example.com/public_html
<Directory /var/www/vhosts/example.com/public_html>
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias example.com
DocumentRoot /var/www/vhosts/example.com/public_html
SSLEngine on
SSLCertificateFile /etc/apache2/.ssh/example.com.crt
SSLCertificateKeyFile /etc/apache2/.ssh/example.com.key
SSLCertificateChainFile /etc/apache2/.ssh/example.com_bundle.crt
</VirtualHost>