so i have a config file that states this
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.aaaaaaaa.yyyyyyyyy.co.uk
ServerAlias aaaaaaa.yyyyyyy.co.uk
ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.aaaaaaa.yyyyyyyyy.co.uk [OR]
RewriteCond %{SERVER_NAME} =aaaaaa.yyyyyyyyy.co.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.xxxxxx.yyyyyyyy.co.uk
ServerAlias xxxxxxx.yyyyyyyyy.co.uk
ProxyPass / http://localhost:8989/
ProxyPassReverse / http://localhost:8989/
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.xxxxxxxxxxx.yyyyyyyy.co.uk [OR]
RewriteCond %{SERVER_NAME} =xxxxxx.yyyyyyyyyy.co.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
when visiting aaaaaaa.yyyyyyyyy.co.uk it redirects to https which is the desiered effect and launches the correct app.
however when i visit xxxxx.yyyyyyy.co.uk it shows the correct app but does not redirect to https, when i physically type https://xxxx.yyyyyy.co.uk it redirects me to the same app as aaaaaaa.yyyyyyyyyy.co.uk.
how can i make this work!
The main issue here is certbot dosn't play nice with multiple hosts in 1 file.
The steps to correct the problem where;
1 remove all certificates
2 recreate all virtual hosts in there own file within sites-availible
(minus the rewrite portion)
example content of one conf file
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.aaaaaaaa.yyyyyyyyy.co.uk
ServerAlias aaaaaaa.yyyyyyy.co.uk
ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
</VirtualHost>
3 after doing this for all virtual hosts (sites) run the command
certbot --apache
and create new certificates for all making sure to select the redirect function at the end.
worked great!
Related
I have the following Apache config file. When someone types in http://mywebsite.com it is not redirecting them to https. Why?
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass "/" "http://10.0.1.123/"
ProxyPassReverse "/" "http://10.0.1.123/"
ServerName www.mywebsite.com
ServerAlias mywebsite.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =mywebsite.com
RewriteCond %{SERVER_NAME} =www.mywebsite.com
RewriteRule ^ https://mywebsite.com%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
ProxyPreserveHost On
ProxyPass "/" "http://10.0.1.123:80/"
ProxyPassReverse "/" "http://10.0.1.123:80/"
ServerName www.mywebsite.com
ServerAlias mywebsite.com
ServerAdmin admin_ws1#mywebsite.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mywebsite.com/privkey.pem
</VirtualHost>
<VirtualHost *:80>
...
ProxyPass "/" "http://10.0.1.123/"
...
RewriteRule ^ https://mywebsite.com%{REQUEST_URI} [END,NE,R=permanent]
The ProxyPass is telling Apache to work as reverse proxy and forward the request to the real server. The RewriteRule instead is telling Apache to answer the request itself with a redirect to the HTTPS version of the site. Obviously it cannot do both at the same time, so there is a conflict. Please remove Proxy* rules and keep only the Rewrite* rules on port 80.
I have a emqx broker setup on Ubuntu EC2.
When I try to connect to emqx through websocket with IP address, it works fine.
But when I use subdomain, the connection fails.
My Apache Config is
<VirtualHost *:80>
ServerName subdomain.example.com
ServerAlias subdomain.example.com
ServerAdmin admin#domain.in
RewriteEngine On
#RewriteCond %{REQUEST_URI} ^/socket.io [NC]
#RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule ^/mqtt/(.*) ws://localhost:8083/mqtt/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Apache access Logs
I changed the log level of apache to 'debug' and these are the error logs. Looks like it is trying to find the /mqtt folder.
I have already enabled mode "proxy_wstunnel.load". How can I connect to mqtt and ws using subdomain?
Add a ServerAlias directive under ServerName
Example:
ServerName domain.com
ServerAlias subdomain.domain.com
Try adding this too
ProxyPass "/" "http://127.0.0.1:8083/mqtt"
ProxyPassReverse "/" "http://127.0.0.1:8083/mqtt"
If you're are not sure if the broker is using socket.io, then remove this line:
#RewriteCond %{REQUEST_URI} ^/socket.io
I have installed SSL Certificates on my website and on the example.com everything works fine, meaning that typing example.com redirects correctly to https://example.com. However, I have installed a certificate for a subdomain as well such that the link becomes: subdomain.example.com.
My goal is to have subdomain.example.com redirect to https://subdomain.example.com . This might sound weird but this semi-works meaning that when I first surf to subdomain.example.com it uses the http protocol but when I refresh that same page it switches to https protocol.
This is my VirtualHost conf file (port 80):
<VirtualHost *:80>
ServerName subdomain.example.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://example.com/
</Location>
RewriteEngine on
#Forward all requests to gitlab-workhorse except existing files like error documents
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
RewriteCond %{SERVER_NAME} =subdomain.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#RewriteCond %{SERVER_PORT} !443
#RewriteRule ^(/(.*))?$ https://%{HTTP_HOST}/ [R=301,L]
</VirtualHost>
I have removed to non related lines from this sample above. Here is the 443 conf file:
< IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
ServerName subdomain.example.com
ServerSignature Off
< IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
ServerName subdomain.example.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
#Allow forwarding to gitlab-workhorse
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://domain/
</Location>
RewriteEngine on
#Forward all requests to gitlab-workhorse except existing files like error documents
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subexample.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLUseStapling on
Header always set Content-Security-Policy upgrade-insecure-requests
</VirtualHost>
</IfModule>
Worth noting is that I am using certbot.
Hopefully someone can help me.
You say "My goal is to have subdomain.example.com redirect to https://subdomain.example.com".
Then why have all that proxy configuration in your :80 VirtualHost? Simply force the redirection to :443, and let :443 handle the proxy (and other).
So your VirtualHost would become:
<VirtualHost *:80>
ServerName subdomain.example.com
CustomLog logs/subdomain_80_access.log combined
ErrorLog logs/subdomain_80_error.log
RewriteEngine On
RedirectMatch ^/(.*)$ https://subdomain.example.com/$1
</VirtualHost>
I am running apache 2.4.7 and presently all my traffic is going to a backend server on 8080 on the same server/instance.
I want my www traffic to go to a new server/instance and all my other subdomains (app, api, etc.) to go to the existing 8080.
Can somebody provide some direction?
Help appreciated.
<VirtualHost *:80>
ProxyPreserveHost On
ServerAdmin webmaster#example.com
ServerName example.com
Redirect "/" "https://www.example.com/"
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html/
Redirect "/ft/" "/"
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined
ProxyPass / http://0.0.0.0:8080/
ProxyPassReverse / http://0.0.0.0:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
If you want to do an external redirect to the new server for the www subdomain, you'll need to add the following to your configuration, under the other rewrite rules:
RewriteCond ${HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://www.example.com/${REQUEST_URI} [L,R=301]
And you would need to remove the ServerAlias directive. This is also assuming you've already pointed DNS to the new host.
If the new box serving the www content is to be another backed server, you would need another virtual host. Add the following at the top instead:
<VirtualHost *:80>
ServerName www.example.com
ProxyPass / http://other-box/
ProxyPassReverse / http://other-box/
</VirtualHost>
And you still would need to remove the ServerAlias directive.
I would like to make a redirect with unchanged URL. I have tried the configuration
<VirtualHost *:80>
ServerName test.localhost
ProxyPreserveHost On
ProxyPass / http://www.example.com/
ProxyPassReverse / http://www.example.com/
</VirtualHost>
but it doesn't work as I get a message in the browser saying "The page isn't redirecting properly". Any clues?
Do a rewrite with the proxy flag P:
<VirtualHost *:80>
ServerName test.localhost
RewriteEngine On
RewriteRule /(.*)$ http://www.example.com/$1 [P]
</VirtualHost>