I am having difficulties configuring apache 2.4 to use it's proxy_balancer mod. My use case is fairly straight forward. Requests are reaching the apache node which should be load balanced to the cluster. This is my config:
<VirtualHost *:80>
ProxyRequests off
ServerName localhost
<Proxy balancer://geocode>
BalancerMember "http://192.168.2.11:8080/ors/status"
BalancerMember "http://192.168.2.35:8080/ors/status"
Require all granted
ProxySet lbmethod=byrequests
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
Require all granted
</Location>
ProxyPass /balancer-manager !
ProxyPass "/geocodelb" "balancer://geocode"
ProxyPass "/geocode" "http://192.168.2.35:8080/ors/status"
</VirtualHost>
When navigating to localhost:80/geocodelb I receive 404 Not Found:
129.206.205.50 - - [01/Oct/2017:19:39:55 +0000] "GET /geocodelb
HTTP/1.1" 404 164 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12;
rv:56.0) Gecko/20100101 Firefox/56.0"
but localhost:80/geocode works:
129.206.205.50 - - [01/Oct/2017:19:40:07 +0000] "GET /geocode HTTP/1.1"
200 757 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0)
Gecko/20100101 Firefox/56.0"
(The ../status points to a tomcat instance and returns a json object)
If I replace the url's of the BalancerMembers with something arbitrary - like google.com - it works.
I can also reach the balancer-manager at localhost:80/balancer-manager and obtain the correct information. If I am not mistaken it is telling me that everything looks ok (see screenshot). What am I missing here?
The reason for this not working is that the balancermember must be a url to a server, without a path. The path is to be added in the ProxyPass directive, like this balancer://orsbackend/ors/geocode. Here the working config:
<VirtualHost *:80>
ProxyRequests off
ServerName localhost
<Proxy balancer://orsbackend>
BalancerMember "http://192.168.2.11:8080"
BalancerMember "http://192.168.2.35:8080"
ProxySet lbmethod=byrequests
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
Require all granted
</Location>
ProxyPass /balancer-manager !
ProxyPass "/geocode" "balancer://orsbackend/ors/geocode"
</VirtualHost>
Related
I have an apache instance running three domains using name based virtual hosting and every domain has resources to reverse proxy them down to an application server. Application server is a JBoss running a since JVM instance (http://x.x.x.x:8080/)
The domains along with their resources are,
www.abc.com
- alpha
www.def.com
- beta
www.ghi.com
- gamma
- (root URL - no resource)
abd.com and def.com domains have one resource whereas ghi.com has two (root (/) and gamma).
this is how we have setup virtual hosting for three different domains. A sample for abc.com domain is below,
<VirtualHost *>
ServerName abc.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/alpha" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /alpha balancer://mycluster4/alpha
ProxyPassReverse /alpha balancer://mycluster4/alpha
</VirtualHost>
With all configuration in place when I try accessing these domains,
www.abc.com/alpha --> works
www.def.com/beta --> works
www.ghi.com/gamma --> works
www.ghi.com/ --> works
since ghi.com domain has a root mapping (/) I am able to access resources of other domain through ghi.com and if I remove the root mapping, cross domain resource accessibility does not work.
www.ghi.com/alpha --> works
www.ghi.com/beta --> works
I do not want the resources of other domain to be accessed through ghi.com. I cannot remove root mapping from ghi.com virtual host configuration.
We have tried multiple configuration but none has worked out.
I may sound bit non technical here which I apologize, but this is my problem statement and I am looking for for a fix.
update 1: configuration file after fix proposed by pandurang.
NameVirtualHost *
<VirtualHost *>
ServerName ghi.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/gamma " env=BALANCER_ROUTE_CHANGED
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/ " env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster4>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /gamma balancer://mycluster4/gamma
ProxyPassReverse /gamma balancer://mycluster4/gamma
ProxyPass / balancer://mycluster4/
ProxyPassReverse / balancer://mycluster4/
ProxyPass /alpha !
</VirtualHost>
Use the below sequence and test.
ProxyPass /alpha !
ProxyPass /gamma balancer://mycluster4/gamma
ProxyPassReverse /gamma balancer://mycluster4/gamma
ProxyPass / balancer://mycluster4/
ProxyPassReverse / balancer://mycluster4/
Create Three different Name-based VirtualHost and disable context(alpha and beta) in www.ghi.com.
<VirtualHost www.abc.com>
ServerName abc.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/alpha" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /alpha balancer://mycluster4/alpha
ProxyPassReverse /alpha balancer://mycluster4/alpha
</VirtualHost>
<VirtualHost www.def.com>
ServerName def.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/beta" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /beta balancer://mycluster4/beta
ProxyPassReverse /beta balancer://mycluster4/beta
</VirtualHost>
<VirtualHost www.ghi.com>
ServerName ghi.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /alpha !
ProxyPass /beta !
ProxyPass / balancer://mycluster4/
ProxyPassReverse / balancer://mycluster4/
</VirtualHost>
My Jenkins is running in Kubernetes with Service type: LoadBalancer, and added below azure annotations to take internal subnet private ip address to expose service internally.
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
service.beta.kubernetes.io/azure-load-balancer-internal-subnet: subnetName
I've one ubuntu VM where Apache is installed. Created self signed certificated and terminated in apache configurations, and I'm able to access apache home page using HTTPS.
Then I've created proxy rule to Jenkins service IP address. Basically I want to access Jenkins from Apache HTTPS --> to internally HTTP traffic towards kubernetes service.
Here is Apache configurations:
xxxx#xxxx:/etc/apache2/sites-available$ ls -ltrh
total 28K
-rw-r--r-- 1 root root 1332 Jul 16 18:14 000-default.conf
-rw-r--r-- 1 root root 6338 Jul 16 18:14 default-ssl.conf
drwxr-xr-x 2 root root 4096 Dec 12 17:24 abc
-rw-r--r-- 1 root root 680 Dec 12 13:04 abc.conf
drwxr-xr-x 2 root root 4096 Dec 12 14:29 xyz
-rw-r--r-- 1 root root 1151 Dec 12 13:08 xyz.conf
cat abc/00-redirect-to-https.conf
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^jenkins$ login [L,R=302]
cat abc.conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/abc_error.log
CustomLog ${APACHE_LOG_DIR}/abc_access.log combined
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-Server
RequestHeader set X-Forwarded-Proto "http"
RequestHeader set X-Forwarded-Port "80"
</IfModule>
# Apache will try to set application/json based on mime type
# This behaviour casing problems with empty json responses from spring
RemoveType json
Include sites-available/abc/*.conf
</VirtualHost>
cat xyz/00-jenkins.conf
ProxyPass /jenkins balancer://jenkins/jenkins
ProxyPassReverse /jenkins balancer://jenkins/jenkins
<Proxy balancer://jenkins>
BalancerMember http://x.x.x.x:8080 loadfactor=1 keepalive=On retry=0
ProxySet lbmethod=bytraffic
</Proxy>
cat xyz.conf
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName FQDN
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/xyz_error.log
CustomLog ${APACHE_LOG_DIR}/xyz_access.log combined
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-Server
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</IfModule>
SSLEngine on
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/apache2/certs/ca.cert
SSLCertificateKeyFile /etc/apache2/certs/ca.key
# Apache will try to set application/json based on mime type
# This behaviour casing problems with empty json responses from spring
RemoveType json
Include sites-available/xyz/*.conf
</VirtualHost>
If I do curl -k https://localhost/jenkins from local ubuntu VM then response shows that authentication required which is fine as below, but redirecting url becomes window.location.replace('/login?from=%2F')
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fjenkins'/><script>window.location.replace('/login?from=%2Fjenkins');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html>
But with the same case, when I request from browser https://FQDN/jenkins again URL becomes https://FQDN/login?from=%2F But there browser throws URL Not found error
Not Found
The requested URL was not found on this server.
Please assist here to correct the configurations..
Thanks..
More observation from logs:
when I did curl -k https://localhost/jenkins apache access logs shows 403 which is ok because I've not passed credentials
127.0.0.1 - - [13/Dec/2019:13:37:40 +0000] "GET /jenkins HTTP/1.1" 403 3297 "-" "curl/7.58.0"
and when same tried from internet browser https://FQDN/jenkins apache logs first shows 403 which is wanted but soon after apache tries to find changed url in same VM instead of redirecting, due to which i'm not getting jenkins page.
165.225.106.137 - - [13/Dec/2019:13:38:19 +0000] "GET /jenkins HTTP/1.1" 403 3446 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
165.225.106.137 - - [13/Dec/2019:13:38:19 +0000] "GET /jenkins HTTP/1.1" 403 1564 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
165.225.106.137 - - [13/Dec/2019:13:38:20 +0000] "GET /login?from=%2F HTTP/1.1" 404 541 "https://DNSname/jenkins" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
It's working now after changing below configurations --
(1)
Set the context path by modifying the jenkins.xml configuration file and adding --prefix=/jenkins (or similar) to the <arguments> entry.
https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+Apache
(2)
Initially -- RewriteRule ^jenkins$ login [L,R=302]
Now -- RewriteRule ^/jenkins(.*)$ /
(3)
Initially --
ProxyPass /jenkins balancer://jenkins/jenkins
ProxyPassReverse /jenkins balancer://jenkins/jenkins
<Proxy balancer://jenkins>
BalancerMember http://x.x.x.x:8080 loadfactor=1 keepalive=On retry=0
ProxySet lbmethod=bytraffic
</Proxy>
Now --
ProxyPass /jenkins balancer://jenkins
ProxyPassReverse /jenkins balancer://jenkins
ProxyRequests Off
AllowEncodedSlashes NoDecode
<Proxy balancer://jenkins>
BalancerMember http://x.x.x.x:8080/jenkins loadfactor=1 keepalive=On retry=0
ProxySet lbmethod=bytraffic
</Proxy>
I received a messages from Sony Interactive Entertainment LLC ("SIE") says my server is abusive to their services.
I checked and make sure:
No one get remote access to my server except me. SSH and all other service only accept my IP, all other are being blocked by firewall
Apache (httpd) not be hacked, no PHP and any active script is running on my server.
All log (system, secure, message, ...) are empty or don't have any strange
Except apache access log I found:
77.38.177.177 - - [30/Jun/2017:19:21:48 +0000] "CONNECT auth.api.sonyentertainmentnetwork.com:443 HTTP/1.1" 400 226 "-" "-"
138.201.29.228 - - [30/Jun/2017:19:21:48 +0000] "CONNECT www.stoiximan.gr:443 HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1409.70 Safari/537.36"
94.122.39.35 - - [30/Jun/2017:19:21:49 +0000] "A" 400 226 "-" "-"
77.108.80.2 - - [30/Jun/2017:19:20:48 +0000] "CONNECT artiwell.com:443 HTTP/1.1" 200 - "-" "-"
138.201.19.161 - - [30/Jun/2017:19:21:48 +0000] "CONNECT www.bet-at-home.com:443 HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/17.0.1232.63 Safari/537.36"
77.108.80.2 - - [30/Jun/2017:19:21:48 +0000] "GET http://sea-tools.com.ua/oborudovanie/betonomeshalki/filter/287-k-werk HTTP/1.1" 200 25537 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36"
94.158.152.58 - - [30/Jun/2017:19:21:49 +0000] "A" 400 226 "-" "-"
138.201.19.161 - - [30/Jun/2017:19:21:48 +0000] "GET http://sports.titanbet.com/en/e/5260805/Ansan-Police-v-Ansan-Greeners?mkt_grp_code=TMWIN HTTP/1.1" 200 25023 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.604.118 Safari/537.36"
117.1.114.50 - - [30/Jun/2017:19:21:49 +0000] "GET http://static.doubleclick.net/instream/ad_status.js HTTP/1.1" 200 29 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
94.158.152.58 - - [30/Jun/2017:19:21:49 +0000] "CONNECT static.doubleclick.net:443 HTTP/1.0" 200 - "-" "-"
185.71.186.147 - - [30/Jun/2017:19:21:49 +0000] "CONNECT static.sportsinteraction.net:443 HTTP/1.1" 200 - "-" "-"
I have to set firewall to reject every HTTP request to external server to terminate that attack.
By I still have some unanswerable questions are:
Why some one can use my apache connect to external server?
How can they do that? How to stop this issue without use firewall to block every thing?
Below are my apache virtual host configuration:
NameVirtualHost *:80
<Directory "/data/websource">
DirectoryIndex index.html index.php
AllowOverride All
# Allow open access:
Require all granted
</Directory>
<VirtualHost *:80>
ServerName subdomain1.my.domain
DocumentRoot "web_root/subdomain1/source/www"
ServerAdmin postmaster#dummy-host2.localhost
ErrorLog "logs/subdomain1-error.log"
CustomLog "logs/subdomain1-access.log" combined
#turn on proxy
ProxyPreserveHost On
ProxyRequests On
ProxyPass /classroom1 http://xyz.my.other.ip/classroom1
ProxyPassReverse /classroom1 http://xyz.my.other.ip/classroom1
ProxyPass /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPass /client/ http://xyz.my.other.ip/client/
ProxyPassReverse /client/ http://xyz.my.other.ip/client/
ProxyPass /bbb http://xyz.my.other.ip/
ProxyPassReverse /bbb http://xyz.my.other.ip/
ProxyPass /demo/ http://xyz.my.other.ip/demo/
ProxyPassReverse /demo/ http://xyz.my.other.ip/demo/
ProxyPass /streams.xml http://xyz.my.other.ip/streams.xml
ProxyPassReverse /streams.html http://xyz.my.other.ip/streams.html
ProxyPass /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPassReverse /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPass /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPassReverse /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPass /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPassReverse /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPass /help.html http://xyz.my.other.ip/help.html
ProxyPassReverse /help.html http://xyz.my.other.ip/help.html
ProxyPass /call.php http://www.source/mynglevline/call.php
ProxyPassReverse /call.php http://www.source/mynglevline/call.php
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain2.my.domain
DocumentRoot "web_root/subdomain1/source/admin"
ServerAdmin postmaster#dummy-host2.localhost
ErrorLog "logs/subdomain1-admin-error.log"
CustomLog "logs/subdomain1-admin-access.log" combined
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain3.my.domain
DocumentRoot "web_root/subdomain3/source/www"
ServerAdmin postmaster#dummy-host2.localhost
ErrorLog "logs/subdomain3-error.log"
CustomLog "logs/subdomain3-access.log" combined
#turn on proxy
ProxyPreserveHost On
ProxyRequests On
ProxyPass /classroom1 http://xyz.my.other.ip/classroom1
ProxyPassReverse /classroom1 http://xyz.my.other.ip/classroom1
ProxyPass /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPass /client/ http://xyz.my.other.ip/client/
ProxyPassReverse /client/ http://xyz.my.other.ip/client/
ProxyPass /bbb http://xyz.my.other.ip/
ProxyPassReverse /bbb http://xyz.my.other.ip/
ProxyPass /demo/ http://xyz.my.other.ip/demo/
ProxyPassReverse /demo/ http://xyz.my.other.ip/demo/
ProxyPass /streams.xml http://xyz.my.other.ip/streams.xml
ProxyPassReverse /streams.html http://xyz.my.other.ip/streams.html
ProxyPass /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPassReverse /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPass /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPassReverse /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPass /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPassReverse /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPass /help.html http://xyz.my.other.ip/help.html
ProxyPassReverse /help.html http://xyz.my.other.ip/help.html
ProxyPass /call.php http://www.source/mynglevline/call.php
ProxyPassReverse /call.php http://www.source/mynglevline/call.php
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain4.my.domain
DocumentRoot "web_root/subdomain3/source/admin"
ServerAdmin postmaster#dummy-host2.localhost
ErrorLog "logs/subdomain3-admin-error.log"
CustomLog "logs/subdomain3-admin-access.log" combined
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain5.my.domain
DocumentRoot "web_root/subdomain5/source/www"
ServerAdmin postmaster#dummy-host2.localhost
ErrorLog "logs/release-error.log"
CustomLog "logs/release-access.log" combined
#turn on proxy
ProxyPreserveHost On
ProxyRequests On
ProxyPass /classroom1 http://xyz.my.other.ip/classroom1
ProxyPassReverse /classroom1 http://xyz.my.other.ip/classroom1
ProxyPass /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPassReverse /bigbluebutton/ http://xyz.my.other.ip/bigbluebutton/
ProxyPass /client/ http://xyz.my.other.ip/client/
ProxyPassReverse /client/ http://xyz.my.other.ip/client/
ProxyPass /bbb http://xyz.my.other.ip/
ProxyPassReverse /bbb http://xyz.my.other.ip/
ProxyPass /demo/ http://xyz.my.other.ip/demo/
ProxyPassReverse /demo/ http://xyz.my.other.ip/demo/
ProxyPass /streams.xml http://xyz.my.other.ip/streams.xml
ProxyPassReverse /streams.html http://xyz.my.other.ip/streams.html
ProxyPass /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPassReverse /testjava.html http://xyz.my.other.ip/testjava.html
ProxyPass /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPassReverse /myngleapi/ http://xyz.my.other.ip/myngleapi/
ProxyPass /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPassReverse /myngleapi http://xyz.my.other.ip/myngleapi
ProxyPass /help.html http://xyz.my.other.ip/help.html
ProxyPassReverse /help.html http://xyz.my.other.ip/help.html
ProxyPass /call.php http://www.source/mynglevline/call.php
ProxyPassReverse /call.php http://www.source/mynglevline/call.php
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain6.my.domain
DocumentRoot "web_root/subdomain5/source/admin"
ServerAdmin postmaster#dummy-host2.localhost
ErrorLog "logs/subdomain5-admin-error.log"
CustomLog "logs/subdomain5-admin-access.log" combined
</VirtualHost>
ProxyRequests On
This is your problem, quote from Apache's mod_proxy document:
Warning
Do not enable proxying with ProxyRequests until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.
Tomcat7 server hosts a website on my machine and I want to use Apache2 as a proxy to see it through my browser: http://localhost:8080/examples as http://localhost/examples.
I have installed Apache2 and Tomcat7, they both work on my computer.
I have loaded mod_proxy and mod_proxy_http modules
In my http_vhosts.conf file I have:
<VirtualHost *:80>
ProxyRequests off
SSLProxyEngine on
ProxyPreserveHost on
ServerName mathost.workstation.org
ProxyPass /examples http://localhost:8080/examples
ProxyPassReverse /examples http://localhost:8080/examples
ProxyRequests Off
</VirtualHost>
In my proxy_http.conf I have:
ProxyRequests Off
ProxyPreserveHost On
<Location "/examples/">
ProxyPass /examples http://localhost:8080/examples
ProxyPassReverse /examples http://localhost:8080/examples
Order deny,allow
Allow from all
</Location>
It doesn't work, apache logs say "GET /examples/ HTTP/1.1" 404 207".
Solved.
The problem was the path "/example/". I had to use the right url: "/example".
Then, http_vhosts.conf had 2 vhost on port 80, absolute useless.
I have
apache 2.4.10 192.168.0.10
jboss8 node1 192.168.0.20 - in domain mode
jboss8 node2 192.168.0.21 - in slave mode -
I trying create cluster via mod_proxy http://192.168.0.10/myapp with http and websocket connections
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host.example.com
DocumentRoot /var/www/html/cluster1
ServerName 192.168.0.10
ErrorLog logs/cluster1_log_error
CustomLog logs/cluster1_log_comm common
TransferLog logs/cluster1_log_trans
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://jboss>
BalancerMember ws://192.168.0.21:8080 route=2
BalancerMember http://192.168.0.21:8080 route=2
BalancerMember ws://192.168.0.20:8080 route=1
BalancerMember http://192.168.0.20:8080 route=1
ProxySet stickysession=ROUTEID
ProxySet nofailover=off
</Proxy>
ProxyPreserveHost On
ProxyRequests Off
ProxyPass /myapp balancer://jboss/myapp
ProxyPassReverse /myapp balancer://jboss/myapp
<Location /mcm>
SetHandler balancer-manager
</Location>
but If I disable workers ws and http for jboss2 via balancer manager -
traffic still sending to node
how to do it right ?
two balancers ?
one balancer ?
I need help