I'm using Caddy as a reverse proxy server that points to a docker container that runs web service at port 8181. The domain abc.com works, but www.abc.com does not work. I wonder where might be wrong:
Caddyfile:
abc.com {
proxy / localhost:8181
}
I have an A record for www.abc.com that points to the IP address of the server.
Caddy file should be
www.abc.com {
proxy / localhost:8181
}
Related
I have currently setup Apache Tomcat 7 in port 8080 and I am using NGINX with a Let's Encrypt SSL in front of it as a reverse proxy. The current configuration is working like a charm, but I need one be able to pass to Tomcat when the page been view is using SSL or not.
I found on the documentation the use of SSLValve in the server.xml file should do the trick, but the examples I have found are for apache as the reverse proxy and not for NGINX.
Has anyone done this setup?
Assuming you're using :8080 as the backend for both http and https:
server {
listen :80;
listen :443 defaultserver ssl;
...ssl directives....
location ~ / {
proxy_pass http://apache:8080;
}
NGINX configuration can fill in the ssl directive parts for your particular case
http://nginx.org/en/docs/http/configuring_https_servers.html
I have the following setup:
one public IP
2 different domain names pointing to the same IP above: domain1.com and domain2.com
2 different ssl certificates: one for domain1.com and one for domain2.com
2 physical machines on the same LAN (192.168.1.10 and 192.168.1.20) running Apache2 and debian 8.5
I tested both servers indipendently forwarding the 443 port traffic to either of the machines. They work nicely.
Now, I am forwarding all port 443 requests arriving to the public IP to the first server at 192.168.1.10 and I would like this server to act as a https server for https://domain1.com and redirect the requests for https://domain2.com to address 192.168.1.20
I have tried to configure a reverse proxy in the first machine. It does redirect the requests for domain2 to the machine at 192.168.1.20 BUT it serves the certificate for domain1.
How can I configure reverse proxy as to present the right certificate for each one of my servers?
thank you in advance.
julia
Easiest "solution" (well, workaround) would be to use a single certificate that contains both hostnames. If you cannot do that, then you need to configure Apache SNI, like so: SSL with Virtual Hosts Using SNI
As some suggested I tried to use the Apache2 reverse proxy.
This somehow works but you have to install all the certificates on the machine running Apache2. Thus the trafic on the lan is no longer https which does not satisfy my requirement.
The solution is to use haproxy. This package can be set up as a pass through for https. There are many examples of such applications on the internet. It does exactly what I am asking for: I can host many https servers on a lan behind a nat router with one single public IP. The trafic is sent by haproxy as https to the indicated server on the LAN. If anyone is interested, I will be glad to share my config file solving precisely the problem I set out in my question.
To Robert M:
here is my configuration to be added at the end of the default haproxy.cfg file:
frontend ft_https
mode tcp
option tcplog
bind *:443
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
acl domain1_com req.ssl_sni -m end domain1.com # all url ending with domain1.com
acl domain2_com req.ssl_sni -i www.domain2.com # exactly www.domain2.com
use_backend b_domain1_com if domain1_com
use_backend b_domain2_com if domain2_com
default_backend b_default
backend b_default
mode tcp
option tcplog
server srv_default 127.0.0.1:1443
backend b_domain1_com
mode tcp
option tcplog
server srv_domain1 192.168.1.10:1443
backend b_domain2_com
mode tcp
option tcplog
server srv_domain2 192.168.1.20:443
I had to change the https port for apache on the first server to 1443 because both haproxy and apache cannot bind to the same 443 port as they reside on the same machine, but it is transparent to the user.
Sorry if the question is not that clear.
To illustrate what I want to do, I will give an example:
Application Link:
http://123.123.123.123:8080/KagodPaMore/
Domain:
http://www.iyotbihagay.com/
I wanted my application to be accessed using the link:
http://www.iyotbihagay.com:8080/KagodPaMore/
Also, I wanted it to redirect to the link above whenever the user will enter the following links:
http://www.iyotbihagay.com:8080/
http://www.iyotbihagay.com/
I have no idea on how to implement this.
- My application is served in Amazon EC2
- My domain service is on only-domains (but I cannot see any port options there where I could set the port)
- My server is JBoss Wildfly utilizing port 8080
- I have apache web server installed using port 80 (but not used)
- My amazon server (virtual) is configured on Ubuntu 14.04
hope someone could guide me in the right direction since I do not know how I could set this.
TIA
Application Link:
http://123.123.123.123:8080/KagodPaMore/
Domain:
http://www.iyotbihagay.com/
Objective:
http://www.iyotbihagay.com/ OR http://www.iyotbihagay.com/KagodPaMore/
Processes or Steps done to solve the issue:
* Use Apache Virtual Host - Proxy for default port (80):
For ubuntu apache: You may edit the default site configuration (/etc/apache2/sites-available/000-default.conf).
Add Virtual Host for port 80 to serve as proxy for the port 8080 and KagodPaMore application.
<VirtualHost *:80>
ServerName localhost
ProxyPreserveHost On
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /KagodPaMore http://localhost:8080/KagodPaMore/
ProxyPassReverse /KagodPaMore http://localhost:8080/KagodPaMore/
ProxyPass / http://localhost:8080/KagodPaMore/
ProxyPassReverse / http://localhost:8080/KagodPaMore/
</VirtualHost>
Save changes on the site configuration.
Restart Apache 'sudo service apache2 restart'
Now, you may access the application using:
* http://localhost:8080/KagodPaMore/
* http://localhost:8080/
Note: Do this on the server (123.123.123.123).
With this, you access the server like
'http://123.123.123.123/' it will be pointed to 'http://123.123.123.123:8080/KagodPaMore/' Or Locally like 'http://localhost/' it will be pointed to 'http://localhost:8080/KagodPaMore/'
Set your Domain Server's Main Address (Example: OnlyDomains) to '123.123.123.123'.
This is if you will use the domain server's own NS Servers.
For OnlyDomains, edit 'iyotbihagay.com' zone records and set
'#' - A Record -> '123.123.123.123'
'www' - A Record -> '123.123.123.123'
If you will delegate your own NS Server, make sure that you set your NS servers to point to '123.123.123.123'.
This way, you can I can access my web application by:
http://www.iyotbihagay.com/ or http://www.iyotbihagay.com/KagodPaMore/
Good Luck!
You can do:
Map your domain name to IP address, i.e. create A record www.iyotbihagay.com to 123.123.123.123. No need to specify port in here.
If you use Elastic Load Balancer (ELB), you can create a CNAME record to your ELB endpoint.
Configure Apache to accept request from port 80 and redirect it to port 8080. You can use mod_alias or mod_rewrite.
For the same thing, you need to configure JBoss Wildfly to rewrite/redirect the URL. (disclaimer: I'm not familiar with JBoss Wildfly)
Ensure to allow ingress to port 80 and 8080 on your Security Group.
I am working on a project where I need SSL Certificate installed on a server for HTTPS protocol. I have main domain example.com and subdomain sub.example.com. Main domain is hosted on provider1, a subdomain is hosted on provider2. When accessing subdomain name, provider1 redirects to provider2 where subdomain is hosted. On that subdomain (sub.example.com) I need to setup SSL Certificate.
I managed to install certificate on a subdomain with instructions(RapidSSL) from provider, but HTTPS is not working.
In instructions there is IP address required for <VirtualHost [IP ADDRESS]:443> section.
Which IP address must be provided?
In similar solutions there is <VirtualHost *:443> tag with no specific IP address.
Also httpd.conf on my server is empty.
It seems that it is possible to get Apache server to Proxy and Manage SSL handshake on https requests and service them as 'http' thru another server behind it.
I have configured an apache server for ProxyPass using following configuration
SSLProxyEngine On
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/
I am able to get all all traffic to the apache server that is listening to port 8080 direct and serve by the localhost:8081 server so
http://localhost:8080/hi is being correctly served by http://localhost:8081/hi
However the following does not work :
http**s**://localhost:8080/hi to be served by http://localhost:8081/hi
Apache is trying to pass the https:// traffic to the 8081 server, without managing the SSL handshake.
Your Apache listener on port 8080 is an http listener, not an https listener. You can't handle both types of traffic on the same port. If you want to handle SSL traffic, you'll need to set up a new context on another port with SSLEngine On and all the other normal SSL configuration (certificate, key, etc).
This question has one version of this configuration.
Also this post.