I have a web server with differents IP addresses.
Apache virtualhosts and DNS are mapped like this :
ip1 => ip1.domain.com
ip2 => ip2.domain.com
ip3 => ip3.domain.com
I did this so i can use guzzlehttp from different IP addresses.
But if I do this, from any on those virthual host :
$client = new \GuzzleHttp\Client();
$url = "https://www.whatismyip.com";
$response = $client->request('GET', $url);
$content = $response->getBody();
I walways get the IP from the server, not from the virtualhost.
Am I missing something ? Is there a better way to do this ?
Thanks for your help,
Turns out all it need is to specify the network interface in Guzzle.
No need for different virtual host, one is enough.
Example:
$client = new \GuzzleHttp\Client(['curl' => [ CURLOPT_INTERFACE => 'eth0:1' ]]);
Related
Aware this question has being asked a few times and I've read a lot of the solutions but I still cannot get my reverse proxy to work.
I have a Raspberry Pi with Pi-hole.
Hostname: pi-hole.local
IP address: 192.168.1.254
Lighttpd port: 8080
I want to visit http://pi-hole.local in my browser without :8080 and view the Pi-hole admin page.
ATM, I have to type http://pi-hole.local:8080.
I have added mod_proxy to:
server.modules = (
...
mod_proxy
...
)
I have server.port = 8080 and I have this block:
$HTTP["url"] =~ "pi-hole.local" {
proxy.server = ( "" => ("" => ( "host" => "192.168.1.254", "port" => 8080 )))
}
pi-hole.local is the URI authority, not the url-path.
$HTTP["host"] =~ "pi-hole.local" {
proxy.server = ( "" => ("" => ( "host" => "192.168.1.254", "port" => 8080 )))
}
Separately, for http://pi-hole.local to work, lighttpd also needs to be listening on port 80. Is that the case on your system? Is something else listening on port 80? If not, then $SERVER["socket"] == "*:80" {} will have lighttpd additionally listening on port 80, in addition to server.port = 8080. However, I have not looked into how pi-hole uses this, so you should test that pi-hole still works the way you want it to.
Instead of mod_proxy, a better way might be mod_redirect.
server.modules += ("mod_redirect")
$HTTP["host"] =~ "pi-hole.local" {
url.redirect = ("" => "http://pi-hole.local:8080${url.path}${qsa}")
}
I want to drop or reject a connection based on the value of the client cert CN discovered during ssl negotiation.
I'm not familiar with syntax and can't find similar examples.
I'm stuck with lighttpd v.1.4.45.
In a mixture of real and pseudocode:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
...
ssl.ca-file = "..."
...
# client side authentification
ssl.verifyclient.activate = "enable"
ssl.verifyclient.enforce = "enable"
ssl.verifyclient.depth = "2"
# this line instructs client cert CN value to be extracted
ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN"
}
# psuedocode
<client CN> <not regexp-equal> <regexp> {
<reject>
}
Can it be done at the lighttpd level? Assume going down to application code is not an option.
(I'm also curious to see an example of how could it be done at application level but that is not the primary question.)
Use lighttpd mod_auth. https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth
server.modules += ("mod_auth")
auth.require = ( "" =>
(
"method" => "extern",
"realm" => "certificate",
"require" => "user=agent007|user=agent008"
)
)
You have to list the permitted SSL_CLIENT_S_DN_CN values in user=...|user=...
I'm relatively new to puppet and currently working on 'puppetlabs-apache' module. I'm missing something while setting both ssl and non-ssl on a virtual-host.
Manifest applied:
include apache
include apache::mod::rewrite
#apache::vhost { 'site.mydomain.com':
# port => '80',
# docroot => '/var/www/site',
# rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
#}
apache::vhost { 'site.mydomain.com':
port => '443',
ssl => true,
docroot => '/var/www/site',
docroot_owner => 'www-data',
docroot_group => 'www-data',
# rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
}
The thing is I don't need the non-ssl (80 port), but all requests should redirect to 443.
If I comment out the first vhost definition of site.mydomain.com for port 80, it throws an error:
Error 400 on SERVER: Duplicate declaration: Apache::Vhost[site2.mydomain.com] is already declared in file..
Not sure what I'm missing here. What should I do to make this permanent redirect happen?
http://site2.mydomain.com/ => https://site2.mydomain.com/
To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate apache::vhost defined types and redirect unencrypted requests to the virtual host with SSL enabled:
apache::vhost { 'site.mydomain.com:80':
servername => 'site.mydomain.com',
port => '80',
docroot => '/var/www/site',
rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
redirect_status => 'permanent',
redirect_dest => 'https://site.mydomain.com'
}
apache::vhost { 'site.mydomain.com:443':
servername => 'site.mydomain.com',
port => '443',
ssl => true,
docroot => '/var/www/site',
docroot_owner => 'www-data',
docroot_group => 'www-data',
rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
}
You also needed those additional redirect attributes for the non-ssl virtualhost resource. Since apache::vhost is a defined resource type with no namevar, you can circumvent the multiple resource declaration issue by using two unique and purely cosmetic resource titles.
Working out Matt's answer and error while running it made me come at following answer.
apache::vhost { 'site.mydomain.com:80' ... }
apache::vhost { 'site.mydomain.com:443' : ...}
Thanks,
I have a webcam stream only accessible on the host machine via http://localhost:1234
This stream has no authentication.
I would like to setup a lightweight http server that listens on port 80 for outside connections, prompts for username and password, and then forwards the stream from localhost:1234
How do I do this?
Lighttpd can do this.
The following config files will forward requests to http://domain.com/ => http://localhost:1234/ requesting a http basic auth first.
lighttpd.conf
## Add auth and proxy mods to your existing modules list
server.modules = (
"mod_auth",
"mod_proxy"
)
$HTTP["host"] == "domain.com" {
auth.backend = "plain"
auth.backend.plain.userfile = "lighttpd-plain.user"
auth.require = (
"/" => (
"method" => "basic",
"realm" => "MyWebcam",
"require" => "valid-user"
)
)
proxy.server = (
"/" => (
(
"host" => "127.0.0.1",
"port" => 1234
)
)
)
}
lighttpd-plain.user
webcamuser:webcampassword
Make sure you load mod_auth before mod_proxy in server.modules, getting them in the wrong order can make lighty panic.
So I am trying to configure Varnish on my cPanel server which has a primary shared IP along with a few other secondary IP addresses for dedicated domains that are hosted with me.
I have followed the following guide on how to get varnish to run, and it works perfectly for the shared IP domains, but the secondary IP domains won't load at all, going to the default Apache page.
http://crybit.com/how-to-enable-varnish-in-cpanel-server/
I was looking online for other resources and found to configure multiple hosts in the default.vcl file for varnish, so I had done exactly that but the service fails to load as soon as I try launch it, even with just two hosts in the file.
Am I doing something wrong?
backend default {
.host = "11.11.11.11";
.port = "8080";
}
backend secondary1 {
.host = "22.22.22.22";
.port = "8080";
}
I have also tried configuring the following below but also to no success, service won't load!
sub vcl_recv{
if(req.http.host == "www.secondary1.com") || (req.http.host == "secondary1.com) {
set req.backend = secondary1;
} else {
set req.backend = default;
}
}
Hoping that someone can give me a hand!
Can you please check your /etc/sysconfig/varnish file and change your -a flag with your IP's.
-a 192.168.0.1:80,192.168.0.2:80 \