Apache Reverse Proxy not Working with Grafana - apache

I'm pulling my hair out because it must be something simple.
I've setup Grafana to run through a subdomain via proxy which works fine. I'm doing basic authentication as well to login to Grafana, this is my apache config:
<VirtualHost *:80>
ServerAdmin webmaster#example.co
ServerName example.co
ServerAlias www.example.co
DocumentRoot /var/www/example.co/public_html/
ErrorLog /var/www/example.co/logs/error.log
CustomLog /var/www/example.co/logs/access.log combined
<Location "/application">
AuthType Basic
AuthName "Graphs Login"
AuthUserFile /var/www/example.co/members/.htpasswd
Require valid-user
ProxyPass http://localhost:3000/
</Location>
ProxyPassReverse /application http://example.co:3000/
</VirtualHost>
And my config in grafana.ini
# The public facing domain name used to access grafana from a browser
domain = example.co
# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
;enforce_domain = false
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
root_url = %(protocol)s://%(domain)s:%(http_port)s/application/
I've also tried to do this with a 301 redirect:
Redirect 301 /application http://example.co/application/
<Location "/application/">
AuthType Basic
AuthName "Graphs Login"
AuthUserFile /var/www/example.co/members/.htpasswd
Require valid-user
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
</Location>
The ProxyPass to the domain works fine, however if I use the IP address it doesn't go to the domain, but rather it tries to load it as IP:3000/application which then gives a Grafana error (Blank page with {{alert.title}})
Any idea what I am doing wrong and how I can redirect the IP:3000 to DOMAIN:3000 such as the ProxyPass is doing with Reverse Proxy?
I'm using Ubuntu 12.04
I've done all sorts of things such as adding trailing slashes, removing them from both apache and from grafana configs, i've been using incognito everytime to ensure there is no caching and I just can't get it to work in Reverse Proxy where I'm trying to redirect the IP to the domain that I've set in Grafana and ProxyPass.
Please help!

I am not 100% sure if this may be the issue. However let's give it a try: Try removing the slashes after the ProxyPass directives:
ProxyPass /application http://localhost:3000
ProxyPassReverse /application http://localhost:3000
Grafana seems to be very picky with regard to those slashes. I had several issues with those little buggers :) I will explain the details further below. A very simple working setup (without specific authentication though) looks like this:
Apache
<VirtualHost *:443>
ServerName example.co
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# grafana
ProxyPass /grafana http://thorin:3000
ProxyPassReverse /grafana http://thorin:3000
</VirtualHost>
Grafana
domain = example.co
root_url = %(protocol)s://%(domain)s/grafana
Explanation: Slashes
Next I explain the reason for the unexpected behavior as far as I understood it. For completeness sake I am also adding an issue I had with certain rewrite rules in addition to the proxy setup.
Proxy
So what happens if you keep the slashes?
# WRONG!
ProxyPass /application http://localhost:3000/
ProxyPassReverse /application http://localhost:3000/
In this case, the response you get from Grafana is a ugly page showing {{alert.title} and a bunch of other unformated HTML. The reason for this is that Grafana can not load certain resources:
http://example.co/application/public/build/grafana.dark.css?v5.2.4
http://example.co/application/public/build/vendor.4f5454f867a0cc2fe8dd.js
However, you proxy settings work correctly, right? Well, partially. They have that tiny slash / resulting in the following lookups on your Grafana installation:
http://localhost:3000//public/build/grafana.dark.css?v5.2.4
http://localhost:3000//application/public/build/vendor.4f5454f867a0cc2fe8dd.js
Notice the extra slash / after http://localhost:3000. Try calling those URLs. They do not work. This is Grafana being very picky about URLs :) Thus, removing the extra slashes from your Apache config will do the trick.
At least that is what I came up with so far:)
Rewrite
No, rewrite rules. In our setup we have Jekyll setup in another subpath, say http://example.co/jekyll where we use relative URLs to access resources. This requires a slash at the end of each URL. We solved this by adding following rewrite rule in Apache (there may be better solutions for this; if you have suggestions please let me know):
# add trailing slashes to support relative URLs
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !(.*)\.[a-zA-Z0-9]+$
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ $1/ [R=301,L]
This resulted in some funny effects on Grafana:
we could not log in
the admin/admin account worked however it got stuck at changing the default password
all data sources were gone
Turns out that Grafana did not like the redirects and slash policy we introduced here. The solution was to only enable this rewrite rule for applications that needed it:
# add trailing slashes to support relative URLs
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !(.*)\.[a-zA-Z0-9]+$
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteCond %{REQUEST_URI} ^jekyll.*$
RewriteRule ^(.*)$ $1/ [R=301,L]
Let me know if this helps :)

Related

Apache 2.4.43 is changing my url "?" to "%3F"

I have just deployed apache 2.4 and i defined a virtual host tag to redirect to a specific url.
The problema is my url includes a "?" character and Apache change it to "%3F".
Here is my actual Virtual host configuration tag:
<VirtualHost *:80>
ServerName http://app2x.example.com
RewriteEngine On
ProxyRequests Off
ProxyPreserveHost On
ErrorLog "logs/app2x.example.com-error.log"
CustomLog "logs/app2x.example.com.log" common
ProxyPass /sib http://172.168.100.3:9097/sib/f?p=103:1
ProxyPassReverse /sib http://172.168.100.3:9097/sib/f?p=103:1
</VirtualHost>
as you can see there is a "?" character in url, but when i test it i get next error :
/sib/f%3Fp=103:1 start: 2020-04-21T17:37:53.992Z duration: 16ms
URLMappingNotFoundException [statusCode=404, reasons=[The request could not be mapped to any database. Check the request URL is correct, and that URL to database mappings have been correctly configured]]
I have tested with this url:
ProxyPass /sib http://172.168.100.3:9097/
and work just fine, but i need to redirect to full shown url
I am Using windows 2019 server STD Edition 64 bits with Apache 2.4.43 and the URL i am pointing to is in another similar machine.
i am new using Apache and have not found an answer on google to solve it, any help will be appreciated.
Thanks
i have just fixed my issue (after a couple of days googling and trying), i made it work.
I have to use RewriteRule as follows:
1.) my httpd-vhosts.conf file looks like this:
<VirtualHost *:80>
ServerName http://app2x.example.com
RewriteEngine On
RewriteRule ^/sib$ sib/f?p=103:1 [R=301] # => everything that contains "/sib" redirect to url: "sib/f?p=103:1"
RewriteRule ^/([a-zA-Z0-9]+)$ sib [R=301] # => everything that contains "/any letter or number" redirect it to sib, that, at same time, will redirect it to url: "sib/f?p=103:1"
ProxyRequests Off # => so the server does not work as a normal proxy
ProxyPreserveHost On # => important to keep url format from oracle apex server, if not, will display errors when using the app because apache will change the deeper url's
ProxyPass / http://172.168.100.3:9097/ # => important do not forget this last "/"
ProxyPassReverse / http://172.168.100.3:9097/
</VirtualHost>
2.) don't forget to enable mode rewrite line in file: httpd.conf, so the previous config can work
Enable this line => LoadModule rewrite_module modules/mod_rewrite.so
Thats it!,
happy coding
Majv

Redirecting HTTP to HTTPS with Apache RedirectPermanent for sites that use modperl

I have an Apache 2.4 site that serves content that is generated by modperl via HTTPS. The relevant Location section is as follows:
<Location />
SetHandler modperl
PerlResponseHandler MyService
</Location>
I would now like to enable the same content via HTTP as well. The following /etc/apache2/sites-enabled/myservice.conf works to some extend in that it redirects URLs with trailing paths but not the "root" page (say, http://myservice.mycompany.com). I suspect this is (also) because this page is special in that it is backed by modperl.
<VirtualHost *:80>
LogLevel debug
ServerName myservice.mycompany.com
RedirectPermanent / https://myservice.mycompany.com
</VirtualHost>
So how can I use RedirectPermanent for redirecting from HTTP to HTTPS for an entire Apache sites, including those pages that are backed by modperl?
To redirect any path in your site, you probably want to use mod_rewrite. These rules should work:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
(I've removed the perl and mod_perl tags from this question. The rewrite happens long before the server cares about how it's going to serve the content.)

URL Rewrite in httpd.conf

I have a redirect setup on my Apache server within the httpd.conf file that redirects all traffic to "server.mydomain.com" to https://server.mydomain.com/uri. Unfortunately, some users will enter https before the URL and it does not redirect, instead they get Apache error page. I want to know how can I get users who input https before the URL to be redirect to https://server.mydomain.com/uri. I believe I may have to do a rewrite but I'm not sure or know how to go about doing it. I've research about rewrite and found it should be done in the .htaccess file but when I read Apache best practice they state it should not be done within .htaccess file for security and performance. Instead, it should be done within the config file. Since the redirection is working within the httpd.conf file, I would like to incorporate the rewrite there as well. I presume that is the correct according to Apache website. My issue is how do I go about doing this within that file. I've included the file information below. Any assistance is greatly appreciated. The server is using Tomcat 7 with Apache 2.2.15.
httpd.conf file:
</IfModule>
#
ProxyPass /uri/fbs-ws ws://server.mydomain.com:8081/uri/fbs-ws
ProxyPassReverse /uri/fbs-ws ws://server.mydomain.com:8081/uri/fbs-ws
</IfModule>
<VirtualHost *:80>
ProxyPass /uri http://server.mydomain.com:8080/uri
ProxyPassReverse /uri http://server.mydomain.com:8080/uri
Redirect permanent / https://server.mydomain.com/uri
</VirtualHost>
Did you try creating a vhost for 443 and switching to http there via Rewrite?
<VirtualHost *:443>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

Apache: Rewrite URL in the Background

This question is probably too simple but I cannot get it to work despite hours of testing (and even crashing the server twice o.o ).
The issue is asked frequently: A Tomcat server is accessible through:
"domain.net:8080/theserver/"
and I want it to be accessible directly on "domain.net/".
Just that should also be visible in the user's browser.
The engine "Plesk" which I'm using to configure the site offers a command field for such things. Using the following lines, I've established visible redirecting:
ProxyRequests off
RequestHeader unset Accept-Encoding
RewriteEngine on
RewriteRule ^(/.*) http://www.domain.net:8080/theserver [P]
The redirection doesn't happen in the background though. When I type domain.net into the browser, it switches to "domain.net:8080/theserver/".
What's the right way to make this happen in the background?
"theserver" is the root-location which should be accessible on the server for now.
Huge thanks in advance!
Make sure Rewrite Module of webserver is enabled.
Make sure apache listens on port 80 and 8080 both.
Add this to .htaccess file in the root BUT NOT in the subdirectory "theserver".
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?domain.net$
RewriteCond %{REQUEST_URI} !^/theserver/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ http://domain.net:8080/theserver/$1
RewriteCond %{HTTP_HOST} ^(www.)?domain.net$
RewriteRule ^(/)?$ http://domain.net:8080/theserver/index.php [L]
You first need to make sure both mod_proxy and mod_proxy_http are enabled in plesk.
Also you should probably either use www or not www.
ProxyRequests Off
RewriteEngine on
RewriteRule ^(.*)$ http://domain.net:8080/myserver/$1 [P]
You can also use the ProxyPass in the server config/vhost.
<Location />
ProxyPass http://domain.net:8080/
ProxyPassReverse http://domain.net:8080/
</Location>
You're just missing ProxyPassReverse. The backend is sending a redirect on the initial URL to add a trailing slash. ProxyPassReverse fixes those redirects for you to use the frontend host/port.
If you control the apache web server, then do you not have to redirect any URL.
Rewriting is supposed to happen for unique requests. If possible, then should the type of rewrite you want get done in the configuration of apache.
First do you have to tell the apache server to listen on port 8080:
listen 8080
Then can you make a virtual host like this:
<VirtualHost *.:8080>
Servername www.domain.net
</VirtualHost>
See for instance:
https://httpd.apache.org/docs/trunk/vhosts/examples.html
and
https://httpd.apache.org/docs/trunk/vhosts/examples.html#port
specifically.
This is much more efficient than using .htaccess, because the latter is parsed at every request, where the solution with virtual hosts is loaded into memory during startup of the server.
Your solution is the other way around. It will make the port visible, because that is the rewrite you create. You want it the other way around and that can be established best by making use of virtual hosts.
A little example of a virtual host:
<VirtualHost www.example.nl:8080>
ServerName www.example.nl
ServerAlias example.nl
DocumentRoot /var/www/theserver
<Directory /var/www/theserver>
etc..
</Directory>
etc...
</VirtualHost>
You may want to actually setup ProxyPass and ProxyPassReverse to accomplish what you are trying to do
ProxyRequests on
ProxyPass / http://IP_OR_LOCALHOST:8080/theserver/
ProxyPassReverse / http://IP_OR_LOCALHOST:8080/theserver/
OR
ProxyPass /theserver/ http://IP_OR_LOCALHOST:8080/theserver/
ProxyPassReverse /theserver/ http://IP_OR_LOCALHOST:8080/theserver/
OR
ProxyPass /anyname/ http://IP_OR_LOCALHOST:8080/theserver/
ProxyPassReverse /anyname/ http://IP_OR_LOCALHOST:8080/theserver/

Apache multiple URL to one domain redirect

For the last two day, I've been spending a lot of time to solve my problem, maybe someone can help me.
Problem: I need to redirect different url's to one tomcat webbase-dir used for artifactory.
following urls should point to the tomcat/artifactory webapp:
maven-repo.example.local ; maven-repo.example.local/artifactory ; srv-example/artifactory
Where maven-repo.example.local is the dns for the server-hostname: "srv-example"
I'm accessing the tomcat app through the JK_mod module. The webapp is in the ROOT directory
This is what I've got so far:
<VirtualHost *:80>
#If URL contains "artifactory" strip down and redirect
RewriteEngine on
RewriteCond %{HTTP_HOST} ^\artifactory\$ [NC]
# (how can I remove 'artifactory' from the redirected parameters? )
RewriteRule ^(.*)$ http://maven-repo.example.local/$1 [R=301,L]
ServerName localhost
ErrorLog "logs/redirect-error_log"
</VirtualHost>
<VirtualHost *:80>
ServerName maven-repo.example.local
ErrorLog "logs/maven-repo.example.local-error.log"
CustomLog "logs/maven-repo.example.local-access.log" common
#calling tomcat webapp in ROOT
JkMount /* ajp13w
</VirtualHost>
The webapp is working with "maven-repo.example.local", but with "maven-repo.example.local/artifactory" tomcat gives a 404 - "The requested resource () is not available."
It seems that the mod_rewrite doesn't have taken any effect, even if I redirect to another page, e.g google.com
I'm testing on windows 7 with maven-repo.example.local added in the "system32/drivers/hosts" file
Thanks in advance!
Thanks a lot for your hint #PHP-Prabhu
a simple:
RedirectPermanent /artifactory /.
in the apache httpd.conf did the trick!
First, all Redirects are processed before Aliases are processed, and therefore a request that matches a Redirect or RedirectMatch will never have Aliases applied. Second, the Aliases and Redirects are processed in the order they appear in the configuration files, with the first match taking precedence
Please see this URL
http://httpd.apache.org/docs/2.1/mod/mod_alias.html