Directory listing behind a reverse proxy in apache - apache

I am trying to run a directory listing through a reverse proxy in apache. Current OS is Ubuntu. My issue is I can get to my directory listing just fine but opening any listed folder throws a 404. Here is my current configuration
ProxyRequests Off
ProxyPreserveHost on
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass /opendir http://192.168.1.7
ProxyPassReverse /opendir http://192.168.1.7
Header always unset X-Frame-Options
So an example of what's happening. If I got to www.myserver.com/opendir I see the folders as expected. If I click on one of the folders it redirects me to www.myserver.com/folder_name and throws a 404. Not sure how to over come this.

Simply adding a / to the directory names solved my issue
ProxyRequests Off
ProxyPreserveHost on
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass /opendir/ http://192.168.1.7/
ProxyPassReverse /opendir/ http://192.168.1.7/
Header always unset X-Frame-Options

Related

allow-origin not working for multiple domains on apache2

I am trying to allow only certain domains to access the source. When I am inserting
Header Set Access-Control-Allow-Origin "domain.tld" it works perfectly.
When I try it for multiple domains, it does the opposite. It allows any domain but not cors.domain.tld:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:9090/
ProxyPassReverse / http://localhost:9090/
ServerName map.domain.tld
ServerAlias map.domain.tld
<Proxy *>
SetEnvIf Origin "http(s)?://(www\.)?(cors.domain.tld|staging.google.com)$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header merge Vary Origin
Order allow,deny
Allow from all
</Proxy>
</VirtualHost>
What do I do wrong?
Thanks!
I figured it out, I had to set --no-cors on the my docker image, where I proxy the domain to. Now it works fine.

Tableau Reverse Proxy Issue

I want to make Tableau (which is on an internal network) accessible on the public network. One of the ways recommended by Tableau Support is a Reverse Proxy.
I have set up the required modules and have the reverse proxy functioning. The login page is available through these settings in httpd given below. However, once I log in and want to open Projects, Views etc. It routes to
http://actualsite.com/#/vieworproject
which should actually be http://actualsite.com/tableauaccess/#/vieworproject.
Here is the httpd configuration:
ProxyPass /tableauaccess/ http://tableauserverexample.com/
ProxyPassReverse /tableauaccess/ http://tableauserverexample.com/
<Location /tableauaccess/>
Order deny,allow
Allow from all
ProxyHTMLURLMap / /tableauaccess/
</Location>
This doesnt solve the main issue with #. I tried
ProxyPass /#/ http://tableauserverexample.com/#/
ProxyPassReverse /#/ http://tableauserverexample.com/#
But it doesnt help. Any suggestions?? Thanks!
We had this same issue recently. Your httpd.conf file is technically correct for mod_proxy, however the url you are attempting to use is not supported by Tableau. You cannot use:
http://actualsite.com/tableauaccess
But rather you must use the format:
http://tableauaccess.actualsite.com
We ended up setting up that sub-domain name and then using a VirtualHost block such as:
Listen 80
NameVirtualHost *:80
<VirtualHost *:80>
ServerName actualsite.com
DocumentRoot "/path/path2/pathx"
</VirtualHost>
<VirtualHost *:80>
ServerName tableauaccess.actualsite.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://tableauaccess.actualsite.com/
ProxyPassReverse / http://tableauaccess.actualsite.com/
<IfModule mod_cache.c>
CacheDisable *
</IfModule>
RequestHeader set X-Forwarded-Proto "http" #or "https", depending on preference
</VirtualHost>
Be sure to double-check your Tableau server to update the URL format.
Sources:
https://community.tableau.com/thread/198095
https://community.tableau.com/thread/218678
(I don't have enough reputation points to post all of my sources, but thanks to Tableau community, shanemadden at ServerFault, and the Apache documentation.)
edit: forgot trailing slashes

Apache ProxyPass for URLS inconsistently failing

This one's driving me nuts. I have an active and in-use Apache proxy server serving content up on EC2. It's working great, and has a variety of vhosts that are configured like this:
<VirtualHost *:80>
ServerName m.FOO.com
ServerAlias customer.FOO.com
ProxyPreserveHost On
ProxyPass / ajp://10.211.42.48:8009/
ProxyPassReverse / ajp://10.211.42.48:8009/
<Proxy ajp://10.211.42.48:8009/*>
Order allow,deny
Allow from all
</Proxy>
</VirtualHost>
These all work great, and I'm having no problems. Now what I'd like to do is move it so instead of a single vhost for each app, I want to have a sub-url on the main site that proxies back to the appserver. So instead of a customer having 'customer.FOO.com', they'll have 'FOO.com/customer/'
Great, sounds easy, right? Yeah, not so much. I edit the vhost entry for 'root' of the server (currently showing the landing page), and add the proxy entries to directories within that. That should do it,right? Yeah, it ain't:
<VirtualHost *:80>
ServerName web01.aws.FOO.com
DocumentRoot /var/www/html
ErrorLog logs/www.FOO.com-error_log
CustomLog logs/www.FOO.com-access_log common
<Location /a>
ProxyPass ajp://10.211.42.48:8009
ProxyPassReverse ajp://10.211.42.48:8009
</Location>
<Location /t>
ProxyPass http://adm01
ProxyPassReverse http://adm01
</Location>
<Proxy ajp://10.211.42.48:8009/*>
Order allow,deny
Allow from all
</Proxy>
</VirtualHost>
If i hit http://www.FOO.com/t/ - I get the internal webserver - it proxies forward correctly, and all is well. If I hit http://www.FOO.com/a/ I get a 404 error. The access log even shows a 404 error.
Note that the ProxyPass AJP entries are identical to what's in the other vhost entry. So why does it work on the root on the other vhost entry, and not as a subdir here on the main vhost?
Halp!
I ended up solving this with one particular hint I found out on a mailing list somewhere. The ProxyPassReverse directive is very touchy, and has one basic function. Anything it matches on the second argument (assuming using the ProxyPassReverse A B form) will be applied to the first argument. So it's critical to make sure the second argument is exactly the redirect that is coming from your application, or else the ProxyPassReverse directive will be ignored.
In my case, what I ended up doing was changing the Location entry to:
ProxyPass /a/ ajp://10.211.42.48:8009
ProxyPassReverse /a/ http://my.apphost.com/
And all started working just fine.

Infinite redirect when using mod_proxy_ajp ?

I'm trying to configure access from the root context of port 80 to redirect to my tomcat app. My config is set up like
<VirtualHost *:80>
ServerName localhost
ErrorLog /var/log/apache2/ajp.error.log
CustomLog /var/log/apache2/ajp.log combined
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://localhost:8009/testApp
ProxyPassReverse / http://localhost/testApp
</VirtualHost>
Is this the correct way to do this ? It currently results in an infinite redirect loop.
Your ProxyPassReverse configuration is wrong. You want:
ProxyPass / ajp://localhost:8009/testApp
ProxyPassReverse / ajp://localhost:8009/testApp
The ProxyPass and ProxyPassReverse lines should have identical arguments.
Since you are changing the application path you may run into all sorts of additional issues including but not limited to:
cookies having the wrong path
embedded links using the wrong path
some libraries that place paths in custom HTTP headers using the wrong paths
Generally, life is a lot easier if you rename testApp to ROOT.

Apache mod-proxy load balancer maintenance

I have mod-proxy and mod-proxy-balancer setup as a load balancing reverse proxy. Something like this:
<Proxy balancer://example>
BalancerMember http://hostname:8000 keepalive=on
BalancerMember http://hostname:8001 keepalive=on
</Proxy>
ProxyPass / balancer://example/
ProxyPassReverse / balancer://example/
ProxyPreserveHost on
ProxyRequests Off
Is there a simple way to set this up to show a static maintenance page when all members of the balancer group are down? I've done that with a hardware load balancer previously and it was very useful.
Maybe you can use a hot standby. The example below is from the ProxyPass Directive section where it says "Setting up a hot-standby, that will only be used if no other members are available"
ProxyPass / balancer://hotcluster/
<Proxy balancer://hotcluster>
BalancerMember http://1.2.3.4:8009 loadfactor=1
BalancerMember http://1.2.3.5:8009 loadfactor=2
# The below is the hot standby
BalancerMember http://1.2.3.6:8009 status=+H
ProxySet lbmethod=bytraffic </Proxy>
As an alternative to RewriteRule you can do the same thing with appropriate ErrorDocument directives. We do something like this in which the proxy server itself hosts static error pages and the "hot-standby" host is http://localhost/some-app/.
Since your proxy seems to be the only page (probably in a VirtualHost), you can simply override error pages. Apache produces a 503 error, so this would look like:
# Document root is required because error documents use relative paths
DocumentRoot /var/www/html/
# Allow access to document root directory
<Directory /var/www/html/>
Order allow,deny
allow from all
</Directory>
# Actual change: If service is unavailable (no member available), show this page
ErrorDocument 503 /maintenance.html
If you want to use images inside the maintenance html, please not that you have to use absolute paths (e.g. /image.jpg) will load /var/www/html/image.jpg.