I have a setup for an apache reverse proxy for multiple applications as below:
https://serverxx:8000 -> http://localhost:9000
https://serverxx:8001 -> http://localhost:9001
https://serverxx:8002 -> http://localhost:9002
There are 3 virtual hosts files under /etc/httpd/conf.d/ which accomplishes this setup, and they look like the following:
Listen 8000 https
<VirtualHost *:8000>
ProxyPreserveHost On
SSLProxyEngine on
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPass / http://localhost:9000/
ProxyPassReverse / http://localhost:9000/
</VirtualHost>
Due to new requirements, there needs to be some overhaul. The 3 applications which are accessible via https://serverxx:800[0,1,2] should now look like this:
https://serverxx/app1 -> http://localhost:9000
https://serverxx/app2 -> http://localhost:9001
https://serverxx/app3 -> http://localhost:9002
In other words, serverxx will only be listening on 1 port (443) and have 3 different context paths for 3 different proxied services.
Is this possible at all? I have been reading on https://httpd.apache.org/docs/2.4/vhosts/examples.html but couldn't get a definite answer.
Thanks in advance.
I have finally figured this out.
For those who are interested with an answer, the key is to add multiple ProxyPass and ProxyPassReverse values for each context path pointing to multiple backend servers.
Listen 8000 https
<VirtualHost *:8000>
ProxyPreserveHost On
SSLProxyEngine on
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPass /app1 -> http://localhost:9000
ProxyPassReverse /app1 -> http://localhost:9000
ProxyPass /app2 -> http://localhost:9001
ProxyPassReverse /app2 -> http://localhost:9001
ProxyPass /app3 -> http://localhost:9002
ProxyPassReverse /app3 -> http://localhost:9002
</VirtualHost>
Related
I have a small envirnment where I have 3 services on one server and I want to put all three behind a reverse proxy.
Prometheus server running on port 9090
Prometheus Alert manager running on port 9093
Grafana running on port 3000
My current configuration is below
<VirtualHost *:80>
ServerName metrics.example.com
Redirect permanent / https://metrics.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName metrics.example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/apache2/ssl.crt/example.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/example.key
ErrorLog /var/log/apache2/metrics.example.com-error_log
CustomLog /var/log/apache2/metrics.example.com-access_log combined
<Location "/">
ProxyPreserveHost On
ProxyPass http://localhost:9090/
ProxyPassReverse http://localhost:9090/
</Location>
<Location "/alertmanager/">
ProxyPreserveHost On
ProxyPass http://localhost:9093/
ProxyPassReverse http://localhost:9093/
</Location>
<Location "/grafana/">
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
</Location>
# <Proxy *>
# AuthType Basic
# AuthName "Restricted Content"
# AuthUserFile /etc/apache2/.htpasswd
# Require valid-user
# </Proxy>
</VirtualHost>
For now everything works, but Prometheus and Alertmanager don't have own auth, Grafana does. If I uncomment section Grafana stops working. The goal is to protect both Prometheus and Alertmanager with basic auth but not the Grafana instance.
Is it possible (and how) to protect root ("/") directory and /alertmanager subdirectory but with omitting /grafana subdirectory in single vhost?
I have a virtual host in Apache that is giving me the fits. I am trying to point a secure external URL to a Maximo Java Virtual machine within our network via Apache.
Here is my virtual host from the conf file.
<VirtualHost 5.5.5.5:443>
ServerName maximolink.mydomain.com
SSLProxyEngine On
SSLEngine on
# Turn on SSL
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
# Path to DigiCert Certificate
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/certs/DigiCertCA.crt
# Path to gafoc certificate
SSLCertificateFile /etc/httpd/conf/ssl.crt/certs/star_gafoc_com.crt
# Path to SSL key generated during creation of CSR
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/maximolink.mydomain.com.key
ProxyRequests Off
ProxyPreserveHost On
ProxyVia full
EnableSendFile On
EnableMMAP On
RewriteEngine On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Turn on the proxy
ProxyPass / https://internalmaximoserver.mydomain.com:9451/
ProxyPassReverse / https://internalmaximoserver.mydomain.com:9451/
CustomLog /var/log/httpd/ssl-access.log combined
ErrorLog /var/log/httpd/ssl-error.log
<Location />
#ProxyPassReverse /
Order allow,deny
allow from all
</Location>
</VirtualHost>
The results are, I can go to When I go to :
https://maximolink.mydomain.com/maximo/
Some traffic begins to pass between the servers (images, html), but eventually the file paths begin to request and pass as
https://maximolink.mydomain.com:9451/maximo/-- I am not sure how to stop the 9451 from being attached to the URL during the passing of the traffic.
Okay I had to adjust the conf file by having it listen on 9451 and set a named virtual host. Here is the updated code:
`
Listen 9451
NameVirtualHost 5.5.5.5:9451
<VirtualHost 5.5.5.5:443 5.5.5.5:9451>
ServerName maximolink.mydomain.com
SSLProxyEngine On
SSLEngine on
# Turn on SSL
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
# Path to DigiCert Certificate
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/certs/DigiCertCA.crt
# Path to gafoc certificate
SSLCertificateFile /etc/httpd/conf/ssl.crt/certs/star_gafoc_com.crt
# Path to SSL key generated during creation of CSR
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/maximolink.mydomain.com.key
ProxyRequests Off
ProxyPreserveHost On
ProxyVia full
EnableSendFile On
EnableMMAP On
RewriteEngine On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Turn on the proxy
ProxyPass / https://internalmaximoserver.mydomain.com:9451/
CustomLog /var/log/httpd/ssl-access.log combined
ErrorLog /var/log/httpd/ssl-error.log
<Location />
ProxyPassReverse /
Order allow,deny
allow from all
</Location>
</VirtualHost>
`
This seems to work. Good Luck!
I need to define two virtual host that should forward my requests to different web applications.
IP of PC where appache is installed is: 192.168.100.208.
IP of application server where application are installed is: 192.168.100.50
<VirtualHost *:7778>
ServerName 192.168.100.208
ProxyRequests On
ProxyPreserveHost Off
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyErrorOverride On
ProxyPass / http://192.168.100.50:9081/app1/
ProxyPassReverse / http://192.168.100.50:9081/app1/
<Location>
Order allow,deny
Allow from all
</Location>
and I need to have:
<VirtualHost *:7777>
ServerName 192.168.100.208
ProxyRequests On
ProxyPreserveHost Off
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyErrorOverride On
ProxyPass / http://192.168.100.50:9081/app2/
ProxyPassReverse / http://192.168.100.50:9081/app2/
<Location>
Order allow,deny
Allow from all
</Location>
So when I type in browser:
192.168.100.208:7778 i should get page from 192.168.100.50:9081/app1
and
192.168.100.208:7777 i should get page from 192.168.100.50:9081/app2
But above is not working. Where is mistake?
Make sure to have the following configured also:
#
# Use name-based virtual hosting.
#
NameVirtualHost *:7778
NameVirtualHost *:7777
I have already tried using ws:// over https in firefox using some flag configuration. Is there any way to enable this configuration in IE 10 . May be by adding some reg entry it can be done but i don't know exactly which key vale to edit?
I have configured my https using apache httpd service. Which routes to my play portal URL. Is there any setting/config extra i am missing. Here is my httpd configuration:
<VirtualHost *:80>
ServerName myhost
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/my.crt
SSLCertificateKeyFile /etc/ssl/private/my.key
ProxyRequests on
ProxyPreserveHost off
<Location />
SetHandler balancer-manager
Order allow,deny
Allow from all
</Location>
#ProxyPass /excluded !
ProxyPass / http://host-to-route:9701/
ProxyPassReverse / http://host-to-route:9701/
</VirtualHost>
Please suggest.
Thanks,
Sohan
My roommate and I each have a separate webserver we are trying to set up. We are trying to use mod_proxy so that his server will forward requests to my machine (we have two seperate machines behind one router) based on the server name. I've given the basics of what we have in our apache config currently but we are getting a 403 Forbidden error when trying to access the second domain (the first, www domain, works fine).
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /var/www
ServerName www.<domain1>.com
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://<IP addr of other box>:80
ProxyPassReverse / http://<IP addr of other box>:80
ServerName <dummydomain>.gotdns.com
</VirtualHost>
Your mods-enabled/proxy.conf might be blocking any proxy requests (it's deny all by default). It should include the following instead:
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
EDIT: Also make sure that the mod_proxy submodules are sym linked into mods-enabled (in this case, the http sub module which is mods-available/proxy_http.load)
Just put both routes:
<VirtualHost *:80>
DocumentRoot "/app/"
ProxyPreserveHost On
ProxyRequests Off
ServerName app.yourdomain.com
ProxyPass /app http://yourIP:yourPort/app/
ProxyPassReverse /app http://yourIP:yourPort/app/
ProxyPass / http://yourIP:yourPort/app/
ProxyPassReverse / http://yourIP:yourPort/app/
</VirtualHost>
<Location "/app/" >
ProxyPass "http://yourIP:yourPort/app/"
ProxyPassReverse "http://yourIP:yourPort/app/"
ProxyPassReverseCookiePath "/app/" "/app/"
ProxyHTMLEnable Off
ProxyHTMLExtended On
ProxyHTMLURLMap "/app/" "/app/"
Order allow,deny
Allow from all
</Location>
This worked form me