I have a problem to redirect some request to an other port. Here's my configuration:
I have a public domain like XXXX.ddns.net
I have a Rapsbian server with apache and files in my /var/www folders are correctly served (angular website)
On the same Raspbian server there is a REST server running on the 3000 port
This is running on HTTPS with SSL(letsencrypt)
I would like that all requests to XXXX.ddns.net/api/* to be redirected to the 3000 port.
I change the .htaccess file and the rewrite rule seems to works on local but I can't make it working from my internet site. API requests achieve with a error 500.
Here is my current .htaccess file:
RewriteEngine On
RewriteRule ^api/(.*) https://localhost:3000/api/$1 [QSA]
# not sure if it should be http or https in the rule but nothing works
#RewriteRule ^api/(.*) http://localhost:3000/api/$1 [QSA]
# If an existing asset or directory is requested go to it as it is
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteRule ^ - [L]
# If the requested pattern is file and file doesn't exist, send 404
RewriteCond %{REQUEST_URI} ^(\/[a-z_\-\s0-9\.]+)+\.[a-zA-Z]{2,4}$
RewriteRule ^ - [L,R=404]
Here is my current 000-default-le-ssl.conf file (in /etc/apache2/sites-available):
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ServerName XXXX.ddns.net
SSLCertificateFile /etc/letsencrypt/live/XXXX.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXX.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<Location /api>
ProxyPass http://127.0.0.1:3000/api
ProxyPassReverse http://127.0.0.1:3000/api
</Location>
</VirtualHost>
</IfModule>
If someone could help me to achieve it...
Thanks!
Your self-found solution looks strange to me. You switch on the SSLProxyEngine and than disable all security measures. Is the backend API running under HTTPS and HTTP at port 3000 at the same time? This is not possible.
I use this setup (apache as proxy to backend application) pretty often and would suggest the following configuration:
As I did not understand the purpose of the rewrite directives I left them out. The VirtualHost at port 80 always redirects HTTP requests to HTTPS. If this works add permanent to the directive (permanent is cached by some browsers, see comment in VirtualHost *:80).
The VirtualHost for HTTPS serves content from your DocumentRoot at /var/www/html. The Directory directive takes care that only correctly addressed files are served (no lookups possible). The VirtualHost also provides the proxy for the /api on the same server on port 3000.
It should work for apache 2.4 if your letsencrypt configuration is correct (fill-in the XXXX). Both VirtualHost configurations can be written into a single file, usually located in /etc/apache2/sites-available with a symlink to /etc/apache2/sites-enabled. Please remove/rename your .htaccess file and other configurations before testing this configuration. If you need access control through apache this could also be configured directly in the VirtualHost configuration.
<VirtualHost *:80>
ServerName XXXX.ddns.net
# Always https
Redirect / https://XXXX.ddns.net/
# Redirect permanent / https://XXXX.ddns.net/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName XXXX.ddns.net
# These are your SSL settings; your responsibility
SSLCertificateFile /etc/letsencrypt/live/XXXX.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXX.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# Your document root; where the JavaScript application lives
DocumentRoot /var/www/html
<Directory /var/www/html/ >
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride None
Order Allow,Deny
Allow From All
</Directory>
# Reverse proxy settings for api
ProxyRequests Off
ProxyPreserveHost On
<Location /api >
ProxyPass http://127.0.0.1:3000/api
ProxyPassReverse http://127.0.0.1:3000/api
</Location>
</VirtualHost>
Thanks for your help. I don't really know how but it works now!
I dont rember exactly what i did, but the last one was to modify my 000-default-le-ssl.conf file like this:
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<Location /api>
ProxyPass http://127.0.0.1:3000/api/
ProxyPassReverse http://127.0.0.1:3000/api/
ProxyPass https://127.0.0.1:3000/api/
ProxyPassReverse https://127.0.0.1:3000/api/
</Location>
Related
To allow the access to a specific server not publicly available, we've structured an architecture with a Apache webserver exposed on internet, and we would like to configure it as Reverse Proxy to redirect only some requests to the private server.
This is the piece of httpd.conf file:
Listen 5000
<VirtualHost *:5000>
ServerAdmin webmaster#localhost
ServerName servername
ErrorLog /etc/httpd/conf/error.log
#<Location />
# ProxyPass "http://...:5000/"
# ProxyPassReverse "http://...:5000"
# Order allow,deny
# Allow from all
#</Location>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass "/" "http://...:5000/" interpolate connectiontimeout=30 timeout=12000
#RewriteRule ^(.*) "http://...:5000/$1"
#ProxyPassMatch ^(.*) "http://...:5000/$1"
ProxyPassReverse "/" "http://...:5000/"
</VirtualHost>
Whenever we put Listen 5000 a lot of undesired traffic pass through the server to other servers on Internet.
In the code above the commented lines are some of attempts I've done.
What is wrong in the configuration that is not blocking the server to works as proxy for everything?
Thank you in advance for the help
IF you want to deny some paths from being proxied you have to use the "!": here is a link to the documentation explaining how to do it http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
I am in the process of setting up a jira server and will use apache to be a proxy to the tomcat service. I have my apache setup 90% completed but can't workout the final configuration. The goal is to have users be able to access the FQDN, the alias or the fully qualified alias but the URL is always rewritten to the DNS alias. e.g user browses to:
http://jira.domian.com rewrite to https://jira
http://nbsrvjira-07v rewrite to https://jira
http://nbsrvjira-07v.diasemi.com rewrite to https://jira
All the above work however the below fail:
https://jira.domian.com rewrite to https://jira
https://nbsrvjira-07v rewrite to https://jira
https://nbsrvjira-07v.diasemi.com rewrite to https://jira
Unless a specific URL is used it will cause issue within the application, the apache configuration is below:
The http to https redirect:
<VirtualHost *:80>
ServerName nbsrvjira-07v.domain.com
ServerAlias jira-test jira-test.domain.com
ErrorLog "/var/log/httpd/nbsrvjira-07v.domain.com_error.log"
ServerSignature Off
CustomLog "/var/log/httpd/nbsrvjira-07v.domain.com_access.log" combined
RewriteEngine On
RewriteRule ^/(.*) https://jira-test/ [noescape,last,redirect=302]
</VirtualHost>
The https to proxy pass:
VirtualHost *:443>
ServerName nbsrvjira-07v.domain.com
ServerAlias jira jira.domain.com
ErrorLog "/var/log/httpd/nbsrvjira-07v.domain.com_error.log"
ServerSignature Off
CustomLog "/var/log/httpd/nbsrvjira-07v.domain.com_access.log" combined
SSLEngine On
SSLCertificateFile "/etc/pki/tls/certs/nbsrvjira-07v.domain.com.cert"
SSLCertificateKeyFile "/etc/pki/tls/private/nbsrvjira-07v.domain.com.key"
RewriteEngine On
ProxyPass / http://localhost:8080/ connectiontimeout=5 timeout=300
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
I have tried various rewrite rules within the https configuration but none seem to work. Can someone help?
Chris
Maybe set up more than one VirtualHost for *:443 where one or more will just redirect to https://jira and only one will act as https://jira and contain the proxying? Just a guess.
I have a domain www.example.com hosted in one location.
I have created another account with a different hosting provider that allows me to create subdomains: www.test1.example.com and www.test2.example.com
I am putting a custom page for each of the subdomains when the user goes to test1.example.com, test2.example.com....
After the user logs in on this custom page, I want to maintain the subdomain (of test1.example.com) but internally have all requests point to www.example.com.
I am running the custom pages on Apache and the domain pages on Apache Tomcat - I think that using 'mod_rewrite' is the way to go?
Put the following in a .htaccess file in your subdomain's document root:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^test1\.example\.com$
RewriteRule ^/(.*) http://example.com/$1 [redirect,last]
To enable mod_rewrite on a modern Ubuntu web server run this command:
sudo ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/rewrite.load
Make sure AllowOverride is set to "All" in your VirtualHost configuration (for example /etc/apache2/sites-available/default):
<Directory /var/www/document/root/>
AllowOverride All
</Directory>
then restart Apache:
sudo /etc/init.d/apache2 restart
So, basically the answer I found that worked was to use mod_proxy. I enabled that as an Apache module and included the following in my httpd-vhosts.conf file.
NameVirtualHost *:80
<VirtualHost *:80>
ServerName test1.example.com
DocumentRoot "location_of_the_custom_page"
ErrorLog "logs\errors.log"
<directory "D:\wamp\www\capitalfloat">
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Deny from all
Allow from all
</directory>
</VirtualHost>
<VirtualHost *:80>
ServerName localhost2
ServerAlias *.example.com
ErrorLog "logs\errors.log"
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://www.example.com
ProxyPassReverse / http://www.example.com
</VirtualHost>
I also had to include 'http://www.example.com' and 'test1.example.com' in the Windows Host File (For me, C:\Windows\System32\drivers\etc\hosts). In my custom login page, the request goes to 'example.com' and all subsequent requests are sent to 'www.example.com' but the url still shows 'test1.example.com/...'
I am attempting to setup a proxy with Apache2 so that incoming requests to http://myipaddress.com go to http://localhost:3000/ where I have Gitlab ( a rails app ) running. The following is what I have in my Apache configuration file on Ubuntu 10.04. I can successfully access the gitlab default page initially, but any subsequent requests performed by me by clicking on other pages after that go to a 404 NOT FOUND page. I can manually enter /gitlab/ in front of any of these failed redirects and they work just fine. How can I make this work without having to rewrite /gitlab/ after each redirect request after the initial request?
## Setup a proxy which listens on the port that gitlabh does ( from start_server.sh )
ProxyRequests Off
ProxyPass /gitlab/ http://localhost:3000/
ProxyPassReverse /gitlab/ http://localhost:3000/
#DocumentRoot /home/gitlabhq/gitlabhq/public
<Proxy http://localhost:3000/>
Order deny,allow
Allow from all
</Proxy>
I understand that I could have the code below , which would solve my problem. But I don't know how to modify the prefix of the gitlab rails service. I'd really appreciate some help!
ProxyPass /gitlab/ http://localhost:3000/gitlab/
ProxyPassReverse /gitlab/ http://localhost:3000/gitlab/
UPDATE:
Thanks to Friek's comment I've come very close to solving this. Below is part of my http.conf file. The only problem is when I hit the home button or the logo on the gitlab app it attempts to redirect to gitlab/ which gives me the basic index.html file from Apache2 saying 'it works!'. How can I configure this to allow me to simply got /gitlab and it takes me to the root home view of gitlab?? Thanks!
## For Gitlab using Apache2 Passenger
## Install on Ubuntu by:
## sudo gem install passenger && sudo passenger-install-apache2-module
## but only after running the install_and_configure_git.py script
## and creating a soft link to the rails gitlab /public directory like so:
## sudo ln -s /home/gitlabhq/gitlabhq/public /var/www/gitlab
LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.13/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.13
PassengerRuby /usr/local/bin/ruby
<VirtualHost *:80>
ServerName gitlab
## Set the overall Document Root
DocumentRoot /var/www
<Directory /var/www>
Allow from all
</Directory>
## Set the Rails Base URI
RackBaseURI /gitlab
RailsBaseURI /gitlab
<Directory /var/www/gitlab>
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
I came across this gist that worked for me. In case it ever goes dead, I'll repost it.
unicorn config file
Edit file /home/gitlab/gitlab/config/unicorn.rb
Find line listen "#{app_dir}/tmp/sockets/gitlab.socket" and comment it. Uncomment line listen "127.0.0.1:8080"
required modules for apache
sudo a2enmod proxy
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
sudo a2enmod rewrite
/home/gitlab/gitlab/config/gitlab.conf
<VirtualHost *:80>
ServerName git.domain.com
# Point this to your public folder of teambox
DocumentRoot /home/gitlab/gitlab
RewriteEngine On
<Proxy balancer://unicornservers>
BalancerMember http://127.0.0.1:8080
</Proxy>
# Redirect all non-static requests to thin
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L]
ProxyPass / balancer://unicornservers/
ProxyPassReverse / balancer://unicornservers/
ProxyPreserveHost on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Custom log file locations
ErrorLog /var/log/apache2/gitlab_error.log
CustomLog /var/log/apache2/gitlab_access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName gitlab
## Set the overall Document Root
DocumentRoot /var/www
<Directory /var/www>
Allow from all
</Directory>
## Set the Rails Base URI
RackBaseURI /gitlab
RailsBaseURI /gitlab
<Directory /var/www/gitlab>
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
These settings in your httpd.conf or your sites config file should do., Please remove the reverse proxy settings if you have any and try, it will work.,
if you have below lines along with above config, please remove the below lines,
ProxyPass /gitlab/ http://localhost:3000/gitlab/
ProxyPassReverse /gitlab/ http://localhost:3000/gitlab/
Proxy on
Restart your webserver
service apache2 restart
This is in case someone new comes across this issue.
This helped me, notice the ProxyPassReverse lines. My full issue and resolution is at https://stackoverflow.com/a/22390543/3112527 .
<IfModule mod_ssl.c>
<VirtualHost *:443>
Servername gitlab.my_domain.com
ServerAdmin my_admin#my_domain.com
SSLCertificateFile /etc/apache2/ssl.crt/gitlab_my_domain.crt
SSLCertificateKeyFile /etc/apache2/ssl.crt/gitlab_my_domain_private.key
SSLCACertificateFile /etc/apache2/ssl.crt/gitlab.ca-bundle
##### All the other Apache SSL setup skipped here for StackOverflow ####
ProxyPreserveHost On
<Location />
# New authorization commands for apache 2.4 and up
# http://httpd.apache.org/docs/2.4/upgrading.html#access
Require all granted
# For relative URL root "host:your_gitlab_port/relative_root"
#ProxyPassReverse http://127.0.0.1:8085/gitlab
#ProxyPassReverse https://gitlab.my_domain.com/gitlab
# For non-relative URL root
ProxyPassReverse http://127.0.0.1:8085
ProxyPassReverse https://gitlab.my_domain.com/
</Location>
# apache equivalent of nginx try files
# http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
# https://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
RequestHeader set X_FORWARDED_PROTO 'https'
# needed for downloading attachments
DocumentRoot /home/git/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/apache2/gitlab-ssl_error.log
CustomLog /var/log/apache2/gitlab-ssl_forwarded.log common_forwarded
CustomLog /var/log/apache2/gitlab-ssl_access.log combined env=!dontlog
CustomLog /var/log/apache2/gitlab-ssl.log combined
</VirtualHost>
</IfModule>
(from https://github.com/gitlabhq/gitlab-recipes/blob/master/web-server/apache/gitlab-ssl-apache2.4.conf)
I ended up here while Googling for errors I encountered while setting up Rails + unicorn using Apache (on port 80) to proxy to unicorn (on port 3000). In case it's of use to anyone else, here's my config:
<VirtualHost example.com:80>
ServerAdmin webmaster#example.com
ServerName example.com
ServerAlias www.example.com
ProxyPreserveHost On
<Location />
Require all granted
ProxyPassReverse http://example.com:3000
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://example.com:3000%{REQUEST_URI} [P,QSA]
DocumentRoot /home/user/rails-dir/public
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
LogLevel warn
ErrorLog /home/user/rails-dir/log/apache-error.log
CustomLog /home/user/rails-dir/log/apache-access.log combined
</VirtualHost>
This question also troubles me quite a long time. It's fixed now.
The most helpful resource is from the Gitlab official document about using-a-non-bundled-web-server.
They also provide full workable recipe.
If you are using Apache version 2.4 or above, please use files
gitlab-apache24.conf or gitlab-ssl-apache24.conf for the HTTP and
HTTPS versions of the vhost repectively.
If you are using Apache version 2.2, please use files
gitlab-apache22.conf or gitlab-ssl-apache22.conf for the HTTP and
HTTPS versions of the vhost repectively.
The problem now simple to
Make sure you pick the right configuration file depending whether you
choose to serve GitLab with SSL or not. The only thing you need to
change is YOUR_SERVER_FQDN with your own FQDN and if you use SSL, the
location where your SSL keys currently reside. You also might need to
change the location of your log files.
to make sure the Apache2 version, use apache2 -version
If use HTTPS version, you may need to make sure your cert file is deployed correctly e.g. the files are placed consistent with recipe file specified.
I am using Apache 2.2 with mod-proxy and I have configured it with several ProxyPass statements to proxy from remote URL to local URL. I need to have custom error documents returned from Apache for these proxied URLs so I set "ProxyErrorOverride On" in my mod-proxy configuration along with some ErrorDocument directives (with local URL path) to return custom error pages for a few HTTP status codes of interest. However, when a status code is returned for which I have NOT created an ErrorDocument directive for, Apache replaces the response body with a default error page instead of leaving the original response body intact. This won't work with the application. So I really have 2 questions:
1) Is it possible to configure Apache to leave the original response body intact for a particular status code if I don't have an ErrorDocument override defined for it?
2) Is it possible to have the ProxyErrorOverride directive only apply to some of the URLs in my ProxyPass statements?
As arober11 pointed out in the comment above:
Afraid the answer is: No and No. If the directive could be limited to
a location, directory, or set of URL's, then there would be something
in the "Context" section, of the man page:
httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyerroroverride
on the other hand: you can always add it to mod_proxy.c yourself.
For question 2:
Definitely doable. Using internal redirects to either new host or port this is possible. Brief outline using hosts (add noErrorOverrideUrl,doErrorOverrideUrl in DNS or /etc/hosts of apache-machine):
NameVirtualHost *:80
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^(/noErrorOverrideUrl/.*) http://noErrorOverrideUrl$1 [L,P]
RewriteRule ^(/doErrorOverrideUrl/.*) http://doErrorOverrideUrl$1 [L,P]
</VirtualHost>
<VirtualHost *:80>
ServerName noErrorOverrideUrl
ProxyErrorOverride Off
ProxyPass ...
...
</VirtualHost>
<VirtualHost *:80>
ServerName doErrorOverrideUrl
ProxyErrorOverride On
ProxyPass ...
...
</VirtualHost>
Brief outline using ports:
Listen 80
Listen 81
Listen 82
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^(/noErrorOverrideUrl/.*) http://server:81$1 [L,P]
RewriteRule ^(/doErrorOverrideUrl/.*) http://server:82$1 [L,P]
</VirtualHost>
<VirtualHost *:81>
ProxyErrorOverride Off
ProxyPass ...
...
</VirtualHost>
<VirtualHost *:82>
ProxyErrorOverride On
ProxyPass ...
...
</VirtualHost>
You can upgrade apache and use the If sentence avaible on 2.4+
<VirtualHost *:80>
...
<If "%{REQUEST_URI} =~ m#^\/QA(.*)$#">
ProxyErrorOverride Off
</If>
..
</VirtualHost>
Documentation