I have a weird problem.
I have http traffic coming in on port 80 that is managed by my vhosts file to proxy to internal web servers but I also have tcp non http traffic coming in on port 80 that needs to be proxied to another internal server on port 80.
I have tried to use proxypass but all that did was proxy http traffic just fine but didnt work on the non http traffic.
I have tried mod rewrite rules to try and isolate the source ip address of the non http traffic and create a rule to proxy it to my other internal host but that didnt work either.
I am using windows with apache and would prefer to use apache to achieve this if possible.
As per this Stack overflow thread- Apache is not an ideal tool for proxying TCP connections.
StackOverlow-how-to-setup-a-reverse-proxy-on-several-ports-tcp-udp
Related
How can I put a docker between the web requests and my web server (in order to analyse and block requests)? I found morbz/docker-web-redirect docker, but it seems that it is not enough for this task.
I'd recommend using nginx as reverse proxy, or better haproxy:
https://hub.docker.com/_/haproxy/
You have to configure haproxy container to listen to port 80 on the host, then direct traffic to your proxied web server.
Haproxy ACLS might be of your interest: How to route traffic (reverse Proxy) with HAProxy based on request body
there are projects running on apache and nginx.
as workaround, I set apache to run at port 80 while nginx at port 8000
How can I make nginx and apache to run the applications at similar port 80?
here is a simple scenario
myserver.com/apache1
myserver.com/apache2
myserver.com:8000/nginx1
myserver.com:8000/nginx2
is it possible to set a rule that if requests are for /nginx1 or /nginx2, apache will transfer request to nginx on port 80? or vice versa?
thanks.
base from reply of alvits and Kashyap, I have no other choice but to keep on setting both webserver to different ports
How can I set up proxy which listens on https and proxies the requests to other server on https without setting up SSL certificate on Apache for inbound https requests?
I just need to proxy the request over https connection.
If you don't have the SSL certificate in question on your apache box, it will be very difficult to set up proxying. The site configurations usually rely on the Host header and the URI path, which you won't have if you can't unwrap SSL.
Instead, if all SSL traffic is to be forwarded unconditionally, you might consider a TCP proxy instead of an application proxy.
There are several ways of setting this up, and it will vary depending on your chosen platform. If you're running on Linux, you can easily set up an iptables rule to forward requests to 443 to some remote host.
I have installed an SSL on ELB. I have one EC2 instance in the ELB and can access the website via the SSL fine (IIS Windows 2008 server).
The confusion is when I am in NON HTTPS and I perform a redirect in my app to the HTTPS area, I get an error.
Doing some digging in the listeners area, I can see Port 443 on the ELB forwards to port 80 on the instances which makes sense, but then how do I handle this scenario?
For now, I have 'hacked' it by adding a self signed cert on my instance and then forwarding 443 from ELB to 443 on the instance, but this kind of defies the point?!
Any advice on how this should be structured would be great!
You have both port 80 and 443 on you load balancer forwarding to port 80 on your instance, so you need to figure out how to tell them apart.
The ELB sets a header value so you can tell these two types of requests apart.
Take a look at http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-headers but the value you want to check is X-Forwarded-Proto - this should have http or https, and obviously if it's http you would then redirect to https.
I've used both Apache and nginx as a reverse proxy performing HTTPS termination (listening on port 443) and forwarding the unencrypted HTTP traffic to Tomcat on port 8080 before.
However, what I need to do now is do the opposite. I have some client applications running on localhost that are (for simplicity) just talking plain HTTP. I want to be able to tell these client apps to use a forward proxy (on localhost) that will convert them to HTTPS and use a client-side certificate for the communication to the origin. Ie, the client will think it is communicating plain HTTP on port 80, but the traffic will actually leave the host as HTTPS on port 443.
Does anyone know how to configure mod_proxy to do this (or even if it is possible)?
At a further stage, I may need to configure the proxy to use different client certificates based on headers set by the client and also have mod_proxy use RFC 5077 (quick session resumption).
It doesn't have to be Apache (so if nginx or squid can do the function I'm happy with that) as long as it's not a resource hog. We already have Apache running as a reverse proxy anyway so it would be handy if Apache can do it.