I have couple of IBM HTTP Servers v8.5, IHS1 and IHS2 configured to two managed nodes on a WebSphere cluster that is running DefaultApplication.
I had setup SSL(on default port 443) on these two IHS1 and IHS2 servers and configured plug-in xml to access the applications like snoop. So now, I can access snoop application via the URLs
https://ihs1/snoop and
https://ihs2/snoop
I now want to setup another IBM HTTP server on a another machine, that would have a single URL, say https://loadbalancer , sitting in front of the above two machines, to act as a loadbalancer and distribute the client's requests to the above two URLs. All my application clients must only be able to access the snoop app via https://loadbalancer/snoop
I have started in this direction, through a reverse proxy configuration on this loadbalancer, but no luck.
In httpd.conf, I have uncommented the three lines
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
and the VirtualHost block looks as below:
Listen 0.0.0.0:443
<VirtualHost loadbalancer:443>
SSLEnable
SSLProtocolDisable SSLv2
SSLClientAuth 0
ProxyPass / https://ihs1/
ProxyPass / https://ihs2/
ProxyPreserveHost on
SSLProxyEngine on
</VirtualHost>
KeyFile C:/IBM/HTTPServer/ihsserverkey.kdb
SSLDisable
Any definitive httpd.conf configuration suggestions on the loadbalancer? or is this path completely different?
This is not really an IBM topology. IHS 7.0 through 8.5.5 contains mod_proxy_balancer (in the WebSphereCE/ subdirectory) that would allow you to load-balance two backends this way with mod_proxy, but it would not be supported by IBM.
If both tiers are really necessary, use something in the very front that is either an IP sprayer (layer 3/4) or a standalone HTTP proxy server.
It is also possible to rig a plugin-cfg.xml statically to use IHS+WAS Plugin at the front tier, but it's not so straightforward.
Related
I have one server with 2 ip addresses.
I have multiples applications in .net (webapi, a console application, etc) and one specific using PHP which is running on apache (w/ xampp).
I configured IIS to run on default port 80 and xampp is using port 8080.
As I said before, I have two ip addresses and two domains (eg: domain1.com and domain2.com).
I need to pinpoint domain1.com.br to the IIS app (which is working) but my php app never get reached since all the requests are directed to port 80 (which iis takes control).
What can I do to solve this?
I know that I can point both ip's to port 80 but how to tell IIS whenever he gets a request from a specific domain/host (in this case, domain2.com.br) he redirects to the port 8080?
You may need to let the apache takes the control,due to apache's redirect features.The main idea is to setup the apache, use apache's redirect features(vhost,if you prefer to call it so) to direct the special requests to your IIS server.
Change your IIS listening to port 8080 (and set the domain to your domain,domain1.com for example).Leave your apache to listen on 80.
Enable the module below in your apache config file(http.conf):
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
And Enable:
Include conf/extra/httpd-vhosts.conf
3. The next step is to setup the virtual host. Edit the config fileconf\ extra\httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "x:\The\Dir\to\Your\Php\Site"
ServerName domain2.com.br
ErrorLog "logs/domain2-error.log"
CustomLog "logs/domain2-access.log" common
</VirtualHost>
And the setup to your domain2.com.br is Done.Restart your apache server,visit your site by domain name ,and your php site shall be working.
If the steps upon is working as expected,this shall be the last step.
<VirtualHost *:80>
ServerName your.net.site.domain.com
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:8080/"
ProxyPassReverse "/" "http://127.0.0.1:8080/"
ErrorLog "logs/domain1-error.log"
CustomLog "logs/domain1-access.log" common
</VirtualHost>
And now it should work as you expect it to.
Use
Reverse Proxy method
What is Reverse Proxy Method
A reverse proxy server is a type of proxy server that typically sits
behind the firewall in a private network and directs client requests
to the appropriate backend server. A reverse proxy provides an
additional level of abstraction and control to ensure the smooth flow
of network traffic between clients and servers.
Refer NGINX Documentation to know more about Reverse Proxy.
You can use reverse proxy either on your IIS or Apache(Xampp) Server. But since you have a Windows Server I recommend you to do reverse proxy on IIS server.
Example: Rewrite or Reverse proxy in IIS
I have a local web socket server running on WSS:// port 9000. In the same server I have apache running as well.
When I try and connect from my remote client directly to port 9000 via WSS like this:
wss://myserver:9000
it works fine. However, I blocked port 9000 on my router and am trying to access it via apache (which is running on SSL).
When I try and access
wss://myserver/
I can see the logs in Apache that it issued a GET but my web socket server does not receive the connection.
I've read through various SO threads and I think I have my ordering correct.
Details:
Apache Version:
Server version: Apache/2.4.7 (Ubuntu)
sudo apache2ctl -M shows proxy_* modules running
proxy_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
Apache configuration: (relevant lines inside VirtualHost)
ProxyPass / wss://localhost:9000/
ProxyPassReverse / wss://localhost:9000/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
Note that both my local web socket server and Apache are configured to use the same certificates
(I'm not sure if I need the Proxy * part, but I saw it in one SO thread)
And here are debug logs:
http://pastebin.com/gqVp3Pz5
Thanks
It seems by default Apache wstunnel does not work when the need is to tunnel SSL end to end. What works is if Apache terminates WSS and then does a WS with the local server.
I found this thread tunneling secure websocket connections with apache that describes how to recompile Apache to allow for end to end WSS tunneling.
I've currently decided to not do apache tunneling and open a firewall port for my event server directly as I don't expect my users to have the inclination to recompile Apache for this.
It's just my project. It's growing up and I want to add a new server as a sub-directory on the same domain. Is it possible to make sub-directory like:
example.com 127.0.0.1
example.com/project1/ 127.0.0.2
example.com/project2/ 127.0.0.3
How I config a DNS or Apache to make it work?
Sounds like you want to implement a proxy which can be done with mod_proxy. I assume the sites are already running on 127.0.0.2 and 127.0.0.3 and the public frontend is on 127.0.0.1
You will need to edit the configuration files on 127.0.0.1 and either in the main configuration (for a single site) or virtual host block for a virtual host, add the ProxyPass configuration:
ProxyPass /project1/ http://127.0.0.2/
ProxyPass /project2/ http://127.0.0.3/
This will send all requests from /project1/ to http://127.0.0.2/, if you want to keep this server hidden, or it's not accessible by the public such as an internal network address you will need to set up a reverse proxy so the results are fed back to users via your public front end, so you will need to add ProxyPassReverse configuration:
ProxyPassReverse /project1/ http://127.0.0.2/
ProxyPassReverse /project2/ http://127.0.0.3/
Further to this, you will need to enable the proxy modules in your configuration files as well, these are what I have enabled for a basic reverse proxy
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
There are some other modules that could be important depending on your situation
mod_proxy_connect This handles the CONNECT function if connecting to https:// servers
mod_proxy_ftp This handles connections to FTP servers
mod_proxy_ajp This handles connections to tomcat/AJP servers
mod_headers This can modify response and request headers
mod_deflate This negotiates compression with backends
mod_proxy_html This is a 3rd party module which will rewrite HTML links to the proxy address space
I have a need to run Apache httpd in front of my JBoss so I can leave the JBoss ports in place (8080/8443) but have Apache/80 forward to Jboss/8080 and Apache/443 forward to Jboss/8443.
I have the HTTP forwarding working but I can't get HTTPS forwarding to work.
To get HTTP forwarding to work I simply loaded the correct proxy modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
Then added these new directives:
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
If all I want to do is forward port 443 to 8443 to I have to enable SSL? I don't need Apache to load and process a certificate.
You're confusing two things.
If you want port forwarding from port 443 to 8443, don't go via Apache Httpd, just forward the port (for example, via iptables). In this case your JBoss container must be configured to handle the SSL/TLS connection (all the certificate settings).
If you want a reverse proxy from Apache Httpd (listening on port 443) to your JBoss container, you don't need to enable SSL/TLS on your JBoss container (especially on localhost), just proxy the request to Apache Httpd in plain HTTP (or via AJP). For this, you'll need to configure Apache Httpd to handle the SSL/TLS connection.
How can I set up a reverse proxy with mod_proxy without redirecting to another server or IP? This will be a virtual host environment. The reason I want to do this is so that mod_proxy handles the communication with the client's browser thereby freeing up web server processes to serve the next request instead of feeding the client's browser. This is especially important when using language modules such as mod_php with MPM Prefork. The flow that I'm trying to achieve is:
1. The traffic resolves to www.mydomain.com on port 80.
2. The proxy sends the request the web server.
3. The web server sends the answer back to the proxy and disconnects from the proxy.
4. The proxy feeds the client browser.
Once that is working I want to add nginx at the same IP address but for port 81 and proxy image requests to nginx on the same server. I do not want nginx handling the proxy nor do I want FCGI anything. I want my standard Apache mod_rewrite and .htaccess to work.
Thanks Tons!
Simply redirect to the localhost on a different port? Host your application on port 8080, and use mod_proxy to forward the requests:
ProxyPass /foo http://localhost:8080/foo
ProxyPassReverse /foo http://localhost:8080/foo
This may be helpful if you have application servers that are handling requests and you want multiple instances combined on a single machine. You can use one port per application server.
I don't know if it really would be faster than just using mod_php directly. Proxying requests also adds overhead.
Make sure you also use load these 2 modules
LoadModule proxy_module bin/mod_proxy.so
LoadModule proxy_http_module bin/mod_proxy_http.so
ProxyPass /TeamCity http://localhost/TeamCity
ProxyPassReverse /TeamCity http://localhost/TeamCity