I'm listening on to port 80 and 443 using the TCPListener in my .net application. This is windows service and not a web application therefore not hosted in the IIS as well.
I know there are many ways to redirect the request from http to https using the URL Rewrite in the IIS.
BUT, it there any clean way of redirecting all the incoming requests on port 80 to port 443. Basically I want to enforce a secure connection with the server.
Any help in this regard will be great.
Thanks
Related
I'm creating an Middleware/Webapp for a REST API in Erlang with cowboy framework and Apache HTTP with ModProxy, to redirect requests from port 80 to port 80xx, since i don't wanna use custom ports to listen requests and i don't wanna run the code in root to be able to listen in port 80.
Now i wanna encrypt the connections, with SSL, using HTTPS and my question is: where is the best practice to configure SSL with certificates, keys etc, in Apache HTTP (before redirect with ModProxy) or in Cowboy framework in Erlang app, since both support SSL configuration.
Thanks in advance!
I'd put it in Apache:
If you want to add more services later, they'd automatically benefit with SSL protection.
If you need to debug something, you can tcpdump the data between Apache and your Erlang VM, which will be decrypted at that point.
I have an old site (oldsite.com) running via World Wide Web Publishing Service on a Windows Server 2003 server. I've just create a new site (newsite.com) using the same server but running through Apache. The old site with its service running on port 80 already so I had to config Apache using port 8080. The problem is now when I publish my new site, the url has to be newsite.com:8080. How can I config Apache so that it can contain no port, just newsite.com?
As far as I know from personal experience and research:
Due to the nature of DNS Records you cannot specify the domain to redirect to an IP address and a port.
If both servers are listening on the same port a request would not know which site to direct to.
As the default port the domain specifies is port 80, any other port must be specified for the request to go to the correct location.
Therefor you cannot have newsite.com redirect to the server IP on port 8080, as it can only be directed to the server IP with DNS records. The port must be specified in the URL if it is on a port other than 80.
Edit: I just found this post about using a reverse proxy to do something similar to what you have described. Take a look and see if it helps you.
You cannot have two services listening on the same port. You can change the old site to listen to another port, set apache to port 80, then use mod_proxy to enable the old site to be accessed from apache using virtualhost
I have just make it work. Although in IIS Manager, there was no website listening on 0.0.0.0:80 but I still had to delete this entry by httpcfg tool. After that Apache can start normally.
I have installed an SSL on ELB. I have one EC2 instance in the ELB and can access the website via the SSL fine (IIS Windows 2008 server).
The confusion is when I am in NON HTTPS and I perform a redirect in my app to the HTTPS area, I get an error.
Doing some digging in the listeners area, I can see Port 443 on the ELB forwards to port 80 on the instances which makes sense, but then how do I handle this scenario?
For now, I have 'hacked' it by adding a self signed cert on my instance and then forwarding 443 from ELB to 443 on the instance, but this kind of defies the point?!
Any advice on how this should be structured would be great!
You have both port 80 and 443 on you load balancer forwarding to port 80 on your instance, so you need to figure out how to tell them apart.
The ELB sets a header value so you can tell these two types of requests apart.
Take a look at http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-headers but the value you want to check is X-Forwarded-Proto - this should have http or https, and obviously if it's http you would then redirect to https.
I've used both Apache and nginx as a reverse proxy performing HTTPS termination (listening on port 443) and forwarding the unencrypted HTTP traffic to Tomcat on port 8080 before.
However, what I need to do now is do the opposite. I have some client applications running on localhost that are (for simplicity) just talking plain HTTP. I want to be able to tell these client apps to use a forward proxy (on localhost) that will convert them to HTTPS and use a client-side certificate for the communication to the origin. Ie, the client will think it is communicating plain HTTP on port 80, but the traffic will actually leave the host as HTTPS on port 443.
Does anyone know how to configure mod_proxy to do this (or even if it is possible)?
At a further stage, I may need to configure the proxy to use different client certificates based on headers set by the client and also have mod_proxy use RFC 5077 (quick session resumption).
It doesn't have to be Apache (so if nginx or squid can do the function I'm happy with that) as long as it's not a resource hog. We already have Apache running as a reverse proxy anyway so it would be handy if Apache can do it.
I am running IIS and Apache HTTP Server side-by-side on my localhost machine, and Apache is listening on a different port (port 81). IIS is listening to port 80. However, I can only get to my virtual domains for Apache if I type in that port number. So for instance:
http://virtual.myvirtualdomain.com:81
http://virtual.myvirtualdomain2.com:81
How can I make it so Apache automatically knows it is port 81, and does not force me to type in the port number?
EDIT:
The answer appears to be that I need to redirect IIS to Apache. Can anyone provide clarification on how that is done with IIS 5.1?
It's not a matter of telling Apache, it's a matter of the browser knowing what to connect to. You're either going to have to have IIS redirect to Apache, or give up.
You have to type in the port number so your client knows where to connect to. This has nothing to do with the server.
On Unix systems you might be able to modify your /etc/services to list 81 as port for http. But that would effectively disable access to all websites that are located on port 80.
Alternatively you can configure your IIS on port 80 to locally proxy requests for the sites which are on apache. Then all clients would ask the IIS for a page, which would make a local connection to port 81.
I did some more research and it turns out that you can't redirect IIS 5.1 to Apache because that would require multiple Web sites (setup as redirects to the virtual hosts on Apache on port 81). This is because IIS 5.1 on Windows XP Pro can't do multiple Web sites (running at the same time without the scripting hack). Oh well.
How about you swap it? Make Apache listen on port 80, IIS on port 81 for whatever you need and have Apache redirect? Apache shouldn't be restricted to the same one-website per machine that IIS 5.1 is.
You can't. The 81 is telling your browser where to look for Apache.
You can't.
It's the job of your web client to specify the port, and until you do specify that port it won't even reach Apache.
What you could potentially do is have IIS also listen for the same HTTP/1.1 virtual hosts, and then arrange for it to issue a 302 Moved redirect to send your browser to the right port number.
Alternatively, run a second IP address on your machine, and bind IIS to the original IP address and Apache to the second. That way you don't need to use different ports at all.
There is no way to do exactly what you ask. About the only way would be to configure IIS -- for the virtual domains being served by IIS -- to forward to Apache on port 81. With this configuration, the client would not be aware that their requests were passing through IIS on their way to Apache. A little less efficient, but it would solve your needs.
When an url is typed, there is a certain port that the browser has to use to connect to the site. 80 is the default port that the server checks. If you need to connect to any other port via a browser, you would need to have the port number in the url. It is not apache that is forcing you to type 81, but rather your browser because it is set to use 80 as the port when a port number is not specified.
If you were to change apache's port to 80 and IIS port to 81, then you be able to connect to apache without the port number but you will need to use the port number when using the IIS webserver.
Not sure what the others idea is behind using apache to redirect to IIS. It sounds like to me that if you make an entry in httpd.conf of apache for IIS directory, then you be using apache to connect to the directory, not IIS.
You could set up a domain and have it connect to apache via port 81. That is one way to hide the port number (might be not true. I have never tried apache on port other than 80).