How to disable http to https re-direct in Jenkins? - apache

I currently have Jenkins running behind SSL with http re-driecting to https. For a custom integration which doesn't support SSL yet, I need to disable the http to https re-direct. I am unable to do so by commenting the re-direct in apache conf.
Following is my apache config.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyVia On
Redirect permanent / https://jenkins-tb.myorg.com/
# RewriteEngine On
# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?login/(.*) https://%{SERVER_NAME}/login/$1 [R,L]
</Virtualhost>
<VirtualHost *:443>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/crt/jenkins-asd.myorg.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/key/server_jenkins-asd.myorg.com.key
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# ProxyPassReverse /login http://jenkins-thunderbolt.myorg.com/login
# ProxyPassReverse /login https://jenkins-thunderbolt.myorg.com/login
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "https"
RequestHeader set X-Forwarded-Port "443"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
# AllowEncodedSlashes NoDecode
</VirtualHost>
How do i re-enable http without disabling https? Basically need to stop re-direction from http to https.

Based on you configuration, replace the <VirtualHost *:80> block with the following. But please note, passwords are now transfered in clear text.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "http"
RequestHeader set X-Forwarded-Port "80"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
</Virtualhost>
This also includes that /sonar is also available over http.

Related

Try to setup jitsi behind a apache2 reverse proxy

Iam using a ubuntu 18.04 linux VM as a reverse proxy to forward https subdomains to intern targets f.e. guacamole.mydomain.com and jitsi.mydomain.com.
Each system is a seperate linux VM.
public ip --> web reverse proxy 192.168.2.10 --> guacamole.mydomain.com 192.168.2.20 and jitsi.mydomain.com 192.168.2.30
guacamole is working as expected but iam facing some issues with fowarding https to jitsi.mydomain.com.
All other ports are directly forwarded to jitsi without a proxy.
i created two conf files in /etc/apache2/sites-enabled one for jitsi and one for guacamole and generated a lets encrypt cert with certbot --apache.
When i try to open jits.mydomain.com from outside, i get the following Error: ERR_TOO_MANY_REDIRECTS.
Within the network jitsi is reachable via https, so what did i miss?
unfortunately iam not very familiar with proxy and apache.
thanks in advance guys.
jitsi.conf
<VirtualHost *:80>
ServerName jitsi.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.2.30:80/
ProxyPassReverse / http://192.168.2.30:80/
RewriteEngine on
RewriteCond %{SERVER_NAME} =jitsi.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
jitsi-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName jitsi.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.2.30:80/
ProxyPassReverse / http://192.168.2.30:80/
SSLCertificateFile /etc/letsencrypt/live/jitsi.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jitsi.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
guacamole.conf
<VirtualHost *:80>
ServerName guacamole.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
<Location />
Order allow,deny
Allow from all
ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
ProxyPassReverse http://192.168.2.20:8080/guacamole/
ProxyPassReverseCookiePath /guacamole /
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
</Location>
SetEnvIf Request_URI "^/tunnel" dontlog
CustomLog /var/log/apache2/guac.log common env=!dontlog
RewriteEngine on
RewriteCond %{SERVER_NAME} =guacamole.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
guacamole-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName guacamole.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
<Location />
Order allow,deny
Allow from all
ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
ProxyPassReverse http://192.168.2.20:8080/guacamole/
ProxyPassReverseCookiePath /guacamole /
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
</Location>
SetEnvIf Request_URI "^/tunnel" dontlog
CustomLog /var/log/apache2/guac.log common env=!dontlog
SSLCertificateFile /etc/letsencrypt/live/guacamole.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/guacamole.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Just stumbled upon your question while looking for a solution of a different problem on Jitsi but I think you'll find a useful solution in this page:
https://debamax.com/blog/2020/03/18/installing-jitsi-behind-a-reverse-proxy/
It's not my solution. I'm just trying to help.
Cheers

Proxy pass an application from a different machine to an apache web server

I have three applications running, 2 on local machine/server where Apache is installed and 1 on a different machine/server.
I am using Apache2.4 on Ubuntu 18.04
application 1(yii) = 127.0.0.1:80
application 2(mantis bt) = 127.0.0.1:8080
application 3(yii) = 192.168.X.X:80
I want to configure my apache web server to host the three applications on https. I proxy pass both app2 and app3.
app2 = /app2 http://127.0.0.1:8080
app3 = /app3 http://192.168.X.X
app1 can be accessed successfully without error,
app2 and app3 can be accessed but .css, .js and other files cannot be found and error 404.
Note: I can access all three apps when not on proxy pass.
also it is possible to host the three apps and have a url like the following:
https://app1.example
https://app2.example
https://app2.example
I am new to apache. Please help me.
Configure apache virtual host as a below configuration
For app2
<Virtualhost *:80>
ServerName app2.domain.com
ServerAdmin youremail#email.com
ProxyPass http://127.0.0.1:8080/
ProxyPassReverse http://127.0.0.1:8080/
</Virtualhost *:80>
For app3
<Virtualhost *:80>
ServerName app3.domain.com
ServerAdmin youremail#email.com
ProxyPass http://192.168.X.X/
ProxyPassReverse http://192.168.X.X/
</Virtualhost *:80>
Create a separate virtual host for both domains.
After creating virtual host restart apache
service apache2 restart
It's working for me, I hope it will be worked for you and load .css, .js and other files.
If you want to redirect aap3 to https, then your final virtual host file will be like below configuration:
<Virtualhost *:80>
ServerName app2.domain.com
ServerAdmin youremail#email.com
ProxyPass http://127.0.0.1:8080/
ProxyPassReverse http://127.0.0.1:8080/
</Virtualhost *:80>
<Virtualhost *:80>
ServerName app3.domain.com
Redirect / https://app3.domain.com/
</Virtualhost *:80>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName app3.domain.com
ServerAdmin youremail#email.com
ProxyPass http://192.168.X.X/
ProxyPassReverse http://192.168.X.X/
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias app3.domain.com
SSLCertificateFile /etc/letsencrypt/live/app3.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/app3.domain.com/privkey.pem
</VirtualHost>
</IfModule>
Please check my config below:
DocumentRoot /var/www/html/app1
ErrorLog /var/log/httpd/app1_log
LogLevel debug
<Directory /var/www/html/app1>
AllowOverride none
Order allow,deny
Allow from all
RewriteCond %{ENV:REDIRECT_STATUS} ^$
# use mod_rewrite for pretty URL support
RewriteEngine on
# If a directory or a file exists, use the request directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Otherwise forward the request to index.php
RewriteRule . index.php
</Directory>
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
<Location /app2>
ProxyPass http://127.0.0.1:8080/login_page.php
ProxyPassReverse http://1127.0.0.1:8080/login_page.php
SetEnv proxy-sendchunks 1
</Location>
<Location /app3>
ProxyPass http://192.168.X.X/
ProxyPassReverse http://192.168.X.X/
SetEnv proxy-sendchunks 1
</Location>
<Location /static/>
ProxyPass !
</Location>
</VirtualHost>
<VirtualHost *:443>
SSL Configuration
</VirtualHost>

Issue returning https url when returning response from a docker container

I am using docker which has an apache container and a lamp container. Lamp container contains the application code and Apache container has virtual host config info which is as follows.
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost on
ProxyPass / http://172.18.0.25/
ProxyPassReverse / http://172.18.0.25/
SSLProxyEngine on
SSLEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile /etc/ssl/certs/STAR_example_com.crt
SSLCertificateKeyFile /etc/ssl/certs/example_wildcard_private.key
SSLCertificateChainFile /etc/ssl/certs/STAR_example_com.ca-bundle
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
</VirtualHost>
Issue: When i am making a request to https://example.com then in response the apache container is returning response from http://example.com instead of https://example.com.
How to achieve this?
Lamp is receiving an http request from Apache, so you have to tell Lamp that the initial request, from the client, was through https.
Try adding this in the https virtual host definition:
RequestHeader set X-Forwarded-Proto "https"
With this header, Lamp should understand that the client did the request through https, so it will answer from https as well.
So, your virtual host definition should look like:
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost on
ProxyPass / http://172.18.0.25/
ProxyPassReverse / http://172.18.0.25/
SSLProxyEngine on
SSLEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile /etc/ssl/certs/STAR_example_com.crt
SSLCertificateKeyFile /etc/ssl/certs/example_wildcard_private.key
SSLCertificateChainFile /etc/ssl/certs/STAR_example_com.ca-bundle
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>

Apache and tomcat in the same Virtualhost

I have a virtualhost that looks like :
<VirtualHost *:80>
ServerName www.mysite.com
SetOutputFilter DEFLATE
RedirectMatch ^/manager$ http://www.fna.fi/manager/
DocumentRoot /build/vhosts/mysite.com
ErrorLog /build/logs/site.com-error.log
CustomLog /build/logs/site.com-access.log combined
ProxyRequests Off
RewriteEngine on
ProxyPass /manager http://127.0.0.1:8060/manager/ retry=0
ProxyPassReverse /manager http://127.0.0.1:8060/manager
ProxyPass / http://127.0.0.1:8060/app/ retry=0
ProxyPassReverse / http://127.0.0.1:8060/app/
</VirtualHost>
Now I want to add a blog in /build/vhosts/mysite.com. So it will be : http://www.mysite.com/blog but when I access this site it looks like its being forwarded to Tomcat (most likely due to the "ProxyPass /...".
Is there a way to make it work for the scenario I have?
Thanks!
Currently anything will be forwarded to the tomcat:
ProxyPass / http://127.0.0.1:8060/app/ retry=0
ProxyPassReverse / http://127.0.0.1:8060/app/
You have to add a alias before your proxy directives to your config:
Alias /blog /build/vhosts/mysite.com
<Location /blog>
# make some configs for this location like...
Options FollowSymLinks
AllowOverride None
</Location>

Issues Setting up a reverse proxy in Apache

My roommate and I each have a separate webserver we are trying to set up. We are trying to use mod_proxy so that his server will forward requests to my machine (we have two seperate machines behind one router) based on the server name. I've given the basics of what we have in our apache config currently but we are getting a 403 Forbidden error when trying to access the second domain (the first, www domain, works fine).
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /var/www
ServerName www.<domain1>.com
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://<IP addr of other box>:80
ProxyPassReverse / http://<IP addr of other box>:80
ServerName <dummydomain>.gotdns.com
</VirtualHost>
Your mods-enabled/proxy.conf might be blocking any proxy requests (it's deny all by default). It should include the following instead:
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
EDIT: Also make sure that the mod_proxy submodules are sym linked into mods-enabled (in this case, the http sub module which is mods-available/proxy_http.load)
Just put both routes:
<VirtualHost *:80>
DocumentRoot "/app/"
ProxyPreserveHost On
ProxyRequests Off
ServerName app.yourdomain.com
ProxyPass /app http://yourIP:yourPort/app/
ProxyPassReverse /app http://yourIP:yourPort/app/
ProxyPass / http://yourIP:yourPort/app/
ProxyPassReverse / http://yourIP:yourPort/app/
</VirtualHost>
<Location "/app/" >
ProxyPass "http://yourIP:yourPort/app/"
ProxyPassReverse "http://yourIP:yourPort/app/"
ProxyPassReverseCookiePath "/app/" "/app/"
ProxyHTMLEnable Off
ProxyHTMLExtended On
ProxyHTMLURLMap "/app/" "/app/"
Order allow,deny
Allow from all
</Location>
This worked form me