Currently we have Apache2 and Tomcat8 running on the same server, with MySQL backend. We want to go from 2 tier to 3 tier, that is putting a Apache server in front of Tomcat. Right now we don't need a load-balancer nor reverse proxy. Nor is there a firewall between Apache2 server and Tomcat8 server. Nor is Apache2 serving any static content.
Simply need to log onto the Apache2 server and in the browser type localhost and have it pull up the webapp running on the backend Tomcat8. I have done telnet tests and confirmed that port 8009 is up and running. I've tried to update the workers.properties file, but getting a 503 error.
Let's say our set up is:
Apache2 server is 111.111.11.132
Tomcat8 server is 111.111.11.122
I have probe up at running by:
http://111.111.11.122/probe
In the Apache2 httpd.conf file I have added:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyPass /probe http://111.111.11.122:8080/probe
ProxyPassReverse /probe http://111.111.11.122:8080/probe
I then go to internet explorer on the apache2 server and put in:
http://localhost/probe/*
It challenges me for the probe userid and password and then I get the following error:
The webpage cannot be found
Related
I have one server with 2 ip addresses.
I have multiples applications in .net (webapi, a console application, etc) and one specific using PHP which is running on apache (w/ xampp).
I configured IIS to run on default port 80 and xampp is using port 8080.
As I said before, I have two ip addresses and two domains (eg: domain1.com and domain2.com).
I need to pinpoint domain1.com.br to the IIS app (which is working) but my php app never get reached since all the requests are directed to port 80 (which iis takes control).
What can I do to solve this?
I know that I can point both ip's to port 80 but how to tell IIS whenever he gets a request from a specific domain/host (in this case, domain2.com.br) he redirects to the port 8080?
You may need to let the apache takes the control,due to apache's redirect features.The main idea is to setup the apache, use apache's redirect features(vhost,if you prefer to call it so) to direct the special requests to your IIS server.
Change your IIS listening to port 8080 (and set the domain to your domain,domain1.com for example).Leave your apache to listen on 80.
Enable the module below in your apache config file(http.conf):
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
And Enable:
Include conf/extra/httpd-vhosts.conf
3. The next step is to setup the virtual host. Edit the config fileconf\ extra\httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "x:\The\Dir\to\Your\Php\Site"
ServerName domain2.com.br
ErrorLog "logs/domain2-error.log"
CustomLog "logs/domain2-access.log" common
</VirtualHost>
And the setup to your domain2.com.br is Done.Restart your apache server,visit your site by domain name ,and your php site shall be working.
If the steps upon is working as expected,this shall be the last step.
<VirtualHost *:80>
ServerName your.net.site.domain.com
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:8080/"
ProxyPassReverse "/" "http://127.0.0.1:8080/"
ErrorLog "logs/domain1-error.log"
CustomLog "logs/domain1-access.log" common
</VirtualHost>
And now it should work as you expect it to.
Use
Reverse Proxy method
What is Reverse Proxy Method
A reverse proxy server is a type of proxy server that typically sits
behind the firewall in a private network and directs client requests
to the appropriate backend server. A reverse proxy provides an
additional level of abstraction and control to ensure the smooth flow
of network traffic between clients and servers.
Refer NGINX Documentation to know more about Reverse Proxy.
You can use reverse proxy either on your IIS or Apache(Xampp) Server. But since you have a Windows Server I recommend you to do reverse proxy on IIS server.
Example: Rewrite or Reverse proxy in IIS
I have couple of IBM HTTP Servers v8.5, IHS1 and IHS2 configured to two managed nodes on a WebSphere cluster that is running DefaultApplication.
I had setup SSL(on default port 443) on these two IHS1 and IHS2 servers and configured plug-in xml to access the applications like snoop. So now, I can access snoop application via the URLs
https://ihs1/snoop and
https://ihs2/snoop
I now want to setup another IBM HTTP server on a another machine, that would have a single URL, say https://loadbalancer , sitting in front of the above two machines, to act as a loadbalancer and distribute the client's requests to the above two URLs. All my application clients must only be able to access the snoop app via https://loadbalancer/snoop
I have started in this direction, through a reverse proxy configuration on this loadbalancer, but no luck.
In httpd.conf, I have uncommented the three lines
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
and the VirtualHost block looks as below:
Listen 0.0.0.0:443
<VirtualHost loadbalancer:443>
SSLEnable
SSLProtocolDisable SSLv2
SSLClientAuth 0
ProxyPass / https://ihs1/
ProxyPass / https://ihs2/
ProxyPreserveHost on
SSLProxyEngine on
</VirtualHost>
KeyFile C:/IBM/HTTPServer/ihsserverkey.kdb
SSLDisable
Any definitive httpd.conf configuration suggestions on the loadbalancer? or is this path completely different?
This is not really an IBM topology. IHS 7.0 through 8.5.5 contains mod_proxy_balancer (in the WebSphereCE/ subdirectory) that would allow you to load-balance two backends this way with mod_proxy, but it would not be supported by IBM.
If both tiers are really necessary, use something in the very front that is either an IP sprayer (layer 3/4) or a standalone HTTP proxy server.
It is also possible to rig a plugin-cfg.xml statically to use IHS+WAS Plugin at the front tier, but it's not so straightforward.
I have a local web socket server running on WSS:// port 9000. In the same server I have apache running as well.
When I try and connect from my remote client directly to port 9000 via WSS like this:
wss://myserver:9000
it works fine. However, I blocked port 9000 on my router and am trying to access it via apache (which is running on SSL).
When I try and access
wss://myserver/
I can see the logs in Apache that it issued a GET but my web socket server does not receive the connection.
I've read through various SO threads and I think I have my ordering correct.
Details:
Apache Version:
Server version: Apache/2.4.7 (Ubuntu)
sudo apache2ctl -M shows proxy_* modules running
proxy_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
Apache configuration: (relevant lines inside VirtualHost)
ProxyPass / wss://localhost:9000/
ProxyPassReverse / wss://localhost:9000/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
Note that both my local web socket server and Apache are configured to use the same certificates
(I'm not sure if I need the Proxy * part, but I saw it in one SO thread)
And here are debug logs:
http://pastebin.com/gqVp3Pz5
Thanks
It seems by default Apache wstunnel does not work when the need is to tunnel SSL end to end. What works is if Apache terminates WSS and then does a WS with the local server.
I found this thread tunneling secure websocket connections with apache that describes how to recompile Apache to allow for end to end WSS tunneling.
I've currently decided to not do apache tunneling and open a firewall port for my event server directly as I don't expect my users to have the inclination to recompile Apache for this.
I have a need to run Apache httpd in front of my JBoss so I can leave the JBoss ports in place (8080/8443) but have Apache/80 forward to Jboss/8080 and Apache/443 forward to Jboss/8443.
I have the HTTP forwarding working but I can't get HTTPS forwarding to work.
To get HTTP forwarding to work I simply loaded the correct proxy modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
Then added these new directives:
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
If all I want to do is forward port 443 to 8443 to I have to enable SSL? I don't need Apache to load and process a certificate.
You're confusing two things.
If you want port forwarding from port 443 to 8443, don't go via Apache Httpd, just forward the port (for example, via iptables). In this case your JBoss container must be configured to handle the SSL/TLS connection (all the certificate settings).
If you want a reverse proxy from Apache Httpd (listening on port 443) to your JBoss container, you don't need to enable SSL/TLS on your JBoss container (especially on localhost), just proxy the request to Apache Httpd in plain HTTP (or via AJP). For this, you'll need to configure Apache Httpd to handle the SSL/TLS connection.
Ok
So I installed Apache httpd a while ago and have recently come back to it to try setup SSL and get it serving several different tomcat servers.
At the moment I have two completely separate Tomcat instances serving up to slightly different versions (one for dev and one for demo say) my web app to two different ports:
example.com:8081
example.com:8082
I've successfully (back in Jan) used mod_jk to get httpd to serve those same Tomcat instances to http://www.example.com:8090/dev and http://www.example.com:8090/demo (8090 cos I've got another app running on 8080 via Jetty at this stage) using the following code in httpd.conf:
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JkLogLevel debug
<VirtualHost *:8090>
JkMount /devd* tomcatDev
JkMount /demo* tomcatDemo
</VirtualHost>
What I'm not trying to do is enable SSL.
I've added the following to httpd.conf:
Listen 443
<VirtualHost _default_:443>
JkMount /dev* tomcatDev
JkMount /demo* tomcatDemo
SSLEngine on
SSLCertificateFile "/opt/httpd/conf/localhost.crt"
SSLCertificateKeyFile "/opt/httpd/conf/keystore.key"
</VirtualHost>
But when I try to restart Apache with apachectl restart (yes after shutting down that other app I mentioned so it doesn't toy with https connections) I continuously get the error:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration. httpd not running, trying to start
I've looked in the httpd/modules dir and indeed there is no mod_ssl, only mod_jk.so and httpd.exp.
I've tried using yum to install mod_ssl, it says its already installed. Indeed I can locate mod_ssl.so in /usr/lib/httpd/modules but this is NOT the path to where I've installed httpd which is /opt/httpd and in fact /usr/lib/httpd contains nothing but the modules dir.
Can anyone tell me how to install mod_ssl properly for my installed location of httpd so I can get past this error?
I found I needed to enable the SSL module in Apache (obviously prefix commands with sudo if you are not running as root):
a2enmod ssl
then restart Apache:
/etc/init.d/apache2 restart
More details of SSL in Apache for Ubuntu / Debian here.
Are any other LoadModule commands referencing modules in the /usr/lib/httpd/modules folder? If so, you should be fine just adding LoadModule ssl_module /usr/lib/httpd/modules/mod_ssl.so to your conf file.
Otherwise, you'll want to copy the mod_ssl.so file to whatever directory the other modules are being loaded from and reference it there.
Try installing mod_ssl using following command:
yum install mod_ssl
and then reload and restart your Apache server using following commands:
systemctl reload httpd.service
systemctl restart httpd.service
This should work for most of the cases.
I used:
sudo yum install mod24_ssl
and it worked in my Amazon Linux AMI.
I don't know if it is still of interest and if things have changed ever since the thread has been posted, but the /etc/apache2/apache2.conf on my system says:
Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
directories contain particular configuration snippets which manage modules,
global configuration fragments, or virtual host configurations,
respectively.
They are activated by symlinking available configuration files from their
respective *-available/ counterparts. These should be managed by using our
helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
their respective man pages for detailed information.
And on my system the modules are installed in /usr/lib/apache2/modules.
I am running Ubuntu 20.04.2 LTS.