I need to forward all traffic from specified port to a Unix Domain Socket in Apache:
In sites-enabled/000-default.conf I have defined a VirtualHost:
<VirtualHost *:8091>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / unix:/var/lib/jenkins/workspace/myproject/mysocket.sock|http://127.0.0.1/
ProxyPassReverse / unix:/var/lib/jenkins/workspace/myproject/mysocket.sock|http://127.0.0.1/
</VirtualHost>
In ports.conf I have:
Listen 80
Listen 8091
I have both proxy and proxy_http mods enabled:
krzysiek:/etc/apache2$ a2enmod proxy
Module proxy already enabled
krzysiek:/etc/apache2$ a2enmod proxy_http
Module proxy already enabled
I am using Apache 2.4.7 and offical documentation states that:
In 2.4.7 and later, support for using a Unix Domain Socket is available by using a target which prepends unix:/path/lis.sock|
When I reload Apache I get error:
krzysiek:/etc/apache2$ sudo service apache2 restart
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
AH00526: Syntax error on line 64 of /etc/apache2/sites-enabled/000-default.conf:
ProxyPass URL must be absolute!
I tried changing:
ProxyPass / unix:/var/(...)
To:
ProxyPass / unix:///var/(...)
Then Apache reloads correctly but forwarding DOES NOT work, error.log says:
[proxy:warn] [pid 22436] [client 10.0.4.19:47662] AH01144: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
Could you explain me what I'm doing wrong? Or how do I forward traffic from port to unix socket on Apache correctly?
Might be a bit late 🙂, but the following apache config works for me:
ProxyRequests off
Define SOCKET_NAME /path/to/my.sock
ProxyPass / unix:${SOCKET_NAME}|uwsgi://%{HTTP_HOST}/
ProxyPassReverse / unix:${SOCKET_NAME}|uwsgi://%{HTTP_HOST}/
with modules proxy and proxy_uwsgi loaded.
Important do not place your socket in /tmp (I think systemd prevents the apache process to directly access it for security reasons).
Also, watch out for the file permissions.
Related
I've got a somewhat unique (maybe not, but unique to me) architecture here for some home apps that variously require PHP 5.6 and PHP 7.1. This is the architecture recommended to me by /r/docker:
One container acting as Apache Reverse Proxy that will ingest a DNS request on port 80 and then pass it to one of the below containers' ports.
One container running Apache with PHP 5.6, listening on port 8081.
One container running Apache with PHP 7.1, listening on port 8080.
I've been able to get domainname.com to work this way, by setting up the following domainname.com.conf in /etc/apache2/sites-available:
<VirtualHost *:80>
ServerName domainname.com
<Proxy *>
Allow from localhost
</Proxy>
ProxyPass "/" "http://public.ip.address:8080/" retry=0
ProxyPreserveHost On
</VirtualHost>
However, one of my subdomains needs to push to an application on the PHP 5.6 side. So I've set up this subdomain.domainname.com.conf:
<VirtualHost *:80>
ServerName subdomain.domainname.com
<Proxy *>
Allow from localhost
</Proxy>
ProxyPass "/" "http://public.ip.address:8081/subdomain/" retry=0
ProxyPreserveHost On
</VirtualHost>
Indeed, going directly to http://public.ip.address:8081/subdomain/ loads the application just fine, but for whatever reason, going to http://subdomain.domain.com gives a 503. Originally it was just showing the Apache on Ubuntu page, which is when I realized I needed to a2ensite and reload Apache, which has since been done.
The logs show this:
[Wed Jul 10 21:36:59.049131 2019] [proxy:error] [pid 2298:tid 139882856969984] (113)No route to host: AH00957: HTTP: attempt to connect to public.ip.address:8081 (3.220.176.240) failed
[Wed Jul 10 21:36:59.049182 2019] [proxy_http:error] [pid 2298:tid 139882856969984] [client 128.229.4.2:58611] AH01114: HTTP: failed to make connection to backend: public.ip.address
We know that the system can access 8080 just fine, so I'm not sure why it's struggling with this traffic. As mentioned above, hitting the ProxyPass URL directly from the outside loads the page fine, so traffic inbound to that container is fine. SELinux is disabled. This is in AWS and Security Groups are configured properly as far as I can tell (see: traffic works from outside).
Using the public IP address is the only way I've been able to get inter-container traffic to work, because using Docker's bridge IPs didn't work previously.
On the old system, when all my apps were just PHP 5.6, I had a standard VirtualHost statement that just took in the subdomain.domain.com and pointed it to a specific DocumentRoot. I can't do that here since the reverse proxy container needs to hand off the traffic to the container with the right PHP version.
Many thanks for any tips or tricks here.
I read several documentations "how to make it possible" like these
confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html
httpd.apache.org/docs/2.4/vhosts/examples.html
I not even try to use https for the moment. First I wanna a small success, access bitbucket via my subdomain...
Running:
Ubuntu 16.04.2 LTS
Bitbucket 5.0.0
Apache/2.4.18
/var/atlassian/application-data/bitbucket/shared/bitbucket.properties:
server.port=7990
server.secure=false
server.scheme=http
server.proxy-port=80
server.redirect-port=80
server.proxy-name=mysub.mydomain.mytld
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName mysub.mydomain.mytld
ProxyRequests Off
ProxyVia Off
ProxyPass "/" "http://mydomain.mytld:7990/"
ProxyPassReverse "/" "http://mydomain.mytld:7990/"
</VirtualHost>
bitbucket base url (bitbucket settings administration)
http://mysub.mydomain.mytld
restart commands
/etc/init.d/apache2 restart
within /opt/atlassian/bitbucket/5.0.0/bin/
./stop-bitbucket.sh
./start-bitbucket.sh
With the default bitbucket.properties bitbucket works, when I call http://mydomain:mytld:7990/
With my custom bitbucket.properties, when I call http://mysub.mydomain.mytld/ shows 500 internal error. In the apache logs:
"No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule."
Finally the problem was wrong virtualHost configuration
<VirtualHost subdomain.domain.tld:80>
ProxyPass "/" "http://localhost:7990/"
ProxyPassReverse "/" "http://localhost:7990/"
localhost... instead the public domain
I'm trying to run an Apache Solr Service (on its emdedded jetty server) on a remote server. The admin has provided me following information:
DNS: my.server.com
IP: xxx.xxx.xxx
Server OS: 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux
Only Port 80 is accessible. On the server we want to deploy Apache Solr and a microservice which uses Solr as search engine. I want to use Apache Webserver to forward the HTTP-Request to the Solr Admin UI and to the microservice UI, but it doesn't seem to work, I use Apache Server version: Apache/2.4.10 (Debian)
Server built: Sep 15 2016 20:44:43.
I installed Apache and started the server, so far everything works as expected. I can access the admin view from Apache entering the DNS in my browser.
I enabled a few modules following this articel https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension:
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_ajp
a2enmod rewrite
a2enmod deflate
a2enmod headers
a2enmod proxy_balancer
a2enmod proxy_connect
a2enmod proxy_html
Then I tried to configure a virtual host under /etc/apache2/sites-available/myconf.conf:
<VirtualHost *:80>
DocumentRoot /var/www/html
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ProxyPass /solr http://my.server.com:8983 retry=0 timeout=5
ProxyPassReverse /solr http://my.server.com:8983
ProxyPass /microservice http://my.server.com:6868 retry=0 timeout=5
ProxyPassReverse /microservice http://my.server.com:6868
LogLevel debug
</VirtualHost>
Solr uses its standard port 8983 and the microservice will be on port 6868. When I try to acces solr with http://my.server.com/solr I get an HTTP 503 Service unavailable.
I first tried this:
/usr/sbin/setsebool -P httpd_can_network_connect 1
But it changed nothing. I also had to install first:
apt-get install policycoreutils
to make this option available. The solr service seems to be ok:
solr status
Found 1 Solr nodes:
Solr process 14082 running on port 8983
{
"solr_home":"/etc/apache-solr/solr-6.2.0/server/solr",
"version":"6.2.0 764d0f19151dbff6f5fcd9fc4b2682cf934590c5 - mike - 2016-08-20 05:41:37",
"startTime":"2016-10-07T12:02:05.300Z",
"uptime":"0 days, 1 hours, 29 minutes, 55 seconds",
"memory":"29.7 MB (%6.1) of 490.7 MB"}
The Apache log keeps saying:
The timeout specified has expired: AH00957: HTTP: attempt to connect to xxx.xxx.xxx:8983 (my.server.com) failed
AH00959: ap_proxy_connect_backend disabling worker for (my.server.com) for 0s
AH01114: HTTP: failed to make connection to backend: my.server.com
Without my timeout setting everthing keeps the same but it takes ages before I get the 503 Error.
Any hints? After one day struggeling I'm depressed ... all I want is to finish the task.
Thanks in advance!
It turns out that I needed to append a slash to the urls:
ProxyPass /solr/ http://my.server.com:8983/ retry=0 timeout=5
ProxyPassReverse /solr/ http://my.server.com:8983/
ProxyPass /microservice/ http://my.server.com:6868/ retry=0 timeout=5
ProxyPassReverse /microservice/ http://my.server.com:6868/
I have been using Gateone behind an Apache proxy for a long time. All of a sudden, probably after the last apt-get update/upgrade of my Debian Jessie install, this no longer works.
The error I get in the error.log is this :
[Sat Sep 12 16:20:47.992400 2015] [proxy:warn] [pid 1870] [client 192.168.0.2:5022] AH01144: No protocol handler was valid for the URL /gateone/. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
All answers I could find were pointing to a missing proxy (sub)module that needed to be loaded. This is the list of proxy modules I have loaded :
proxy.conf proxy_connect.load proxy_html.conf proxy_http.load
proxy.load proxy_html.load proxy_wstunnel.load
And the (unchanged) section in my http conf file looks like this :
ProxyPass /gateone/ ws://localhost:8888/gateone/
ProxyPassReverse /gateone/ ws://localhost:8888/gateone/
ProxyPass /gateone/ wss://localhost:8888/gateone/
ProxyPassReverse /gateone/ wss://localhost:8888/gateone/
ProxyPass /gateone/ http://localhost:8888/gateone/
ProxyPassReverse /gateone/ http://localhost:8888/gateone/
This configuration used to work. Can anyone please tell me if something has changed lately in Debian Jessie, especially regarding proxying (websockets proxying) ?
Thanks,
Hans
2.4.17 has this exact same problem but 2.4.12 was fine.
Interestingly this ALSO occurs on the 2.4.16 and 2.4.17 Windows x64 release using VC14 or VC11 so this is entirely something internal to the proxy modules.
The only resolution appears to be downgrading to 2.4.12 because there exists no combination of proxy modules to make it work and you can use your config in 2.4.12 without issue. Definite websocket proxy break 2.4.16+
*Update: Workaround allows http: fallback from ws: when you use ProxyPass with a very specific URL.
Eg.
#Works 2.4.12 but fails 2.4.16+
ProxyPass /ws/ ws://localhost:8080/ws/
#2.4.16+ seems to want full and exact path and ws: fails but http: failover works
ProxyPass /ws/stomp/ http://localhost:8080/ws/stomp/
So I have an application the is bound to localhost:3080. When I locally visit "localhost:3080" the application displays in the browser.
I also have an apache server setup listening to the publicIP:8080.
When I visit the publicIP from the outside world, publicIP:8080 loads up.
How can I have it so that when I visit publicIP:8080, the contents of localhost:3080 are displayed onto it?
Is there a way to forward the contents of localhost:3080 to publicIP:8080?
You can create an apache proxy.For example :
<VirtualHost *:8080>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:3080/
ProxyPassReverse / http://127.0.0.1:3080/
</VirtualHost>
You will also need to do :
a2enmod proxy
a2enmod proxy_http
service apache2 restart
See more informations there : https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension
I assume your application at localhost:3080 acts as a http server.
Then you would simply
ProxyPass "/" "http://localhost:3080/"
Generally its better to use ProxyPass to handle only special locations
<Location "/myCoolApp/">
ProxyPass "http://localhost:3080/"
</Location>
Then if you request http://publicIP:8080/myCoolApp/XYZ your application #3080 will receive the request on URL /XYZ.