Trying to reverse proxy with https only. All though the ssl & https works with the chosen domain, it is directing to the apache root not the desired reverse proxy server.
So far Ive got the server to force https when http is used. I rewrite www to non www. Ive had reverse proxy work fine when its just http but https goes to the "it works" root file with a green lock.
Any ideas?
So i solved this issue at the last hour. But where i am confused is i solved this by manipulating the config files and using the defualt text. Not by adding my own virtual hosts and injecting code at the bottom like the old days or blogs would suggest. I added proxy rules into the proxy config file. Added cert paths into the ssl config file and that seemed to take over randomly pasting code into http config as it might be sugested elsewhere on the net.
Related
I have the following question that I do not know how to solve it in the most efficient way.
I have two servers, one with Apache where I have a Wordpress instance responding for port 80, and on another server I have a Wildfly with another application listening on port 8080. The Wordpress that I have configured on the Apache server, responds to the URL http://www.somedomain.com What I'm not so clear about is how to do when a request arrives at http://www.somedomain.com/yyyy and redirects me to the Wildfly server where an application is responding to the URL : 8080 / app
How could I do it in the most effective way? Using the rewrite module in the .htaccess file or using the Apache proxy module and configuring it in the Apache virtual host? How would I have to do it?
Thank you very much in advance.
You're mixing a few things that are not related to each other. First of all, a redirect is something different than a proxy. Redirecting means asking the client (browser) to look at another URL. A proxy, on the other hand, retrieves the content of the other URL itself and passes it to the client. Using a proxy, the other URL remains invisible to the client.
Second, mod_rewrite is not limited to htaccess configuration. In fact it's better to configure mod_rewrite in the virtual host configuration, just as you suggested with the proxy configuration.
The htaccess is simply for users who are not allowed to mess with the server configuration itself. Configuration in the htaccess can be limited by the admin for security purposes at the cost of slowing down the server.
That said, if you are looking to map your wildfly server paths into your main server's paths, you might want to use something like this inside your main server's virtual host block:
<Location "/yyyy">
ProxyPass "http://wildfly:8080/app"
</Location>
See http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass for detailed explanations.
I had a drupal installation working fine. I tried to migrate that one on a Docker Container runing behind a nginx reverse proxy. Everything seems fine but i have some .js and .css files that can't load because in drupal they are linked with http. The error is:
Mixed Content: The page at https://proxy.xx.xx/ was loaded
over HTTPS, but requested an insecure stylesheet
http://proxy.xx.xx/sites/default/files/css/css_xE-rWrJf-
fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css'. This request has been
blocked; the content must be served over HTTPS.
I have something like 7 of them and i can't find where those files are called in drupal or how to change the http to https.
Best regards.
Alright, so I got to work by adding the following to the Drupal settings.php:
$conf['reverse_proxy'] = TRUE;
$base_url = 'https://whatever-your-domain-is.com';
$conf['reverse_proxy_addresses'] = array('internal_nginx_proxy_ip');
$conf['reverse_proxy_header'] = 'HTTP_X_FORWARDED_FOR';
This works for jwilder's nginx-proxy container(s) together with JrCs' letsencrypt companion container. The nginx container is handling the HTTPS/SSL (certificates) and talks HTTP with the Drupal-container internally. The Drupal container only needs to be run with the 3 ENV VARS VIRTUAL_HOST, LETSENCRYPT_HOST, LETSENCRYPT_EMAIL for everything to be set up and work its magic.
Only downside: The Drupal container's apache logs show the internal IP of the nginx proxy. But the nginx logs show the correct client IPs and Drupal apparently gets them right as well, so it's only a minor nuisance for me.
I guess the additions to the settings.php should also be applicable to custom/manual setups.
We found what was wrong. Drupal was communicating with the Nginx proxy without ssl. Some config and it was ok.
I'm a bit out of my depth here and nothing I have found quite addresses my problem. Si any and all suggestions are most welcome.
I've got tomcat6 running on CentOS 6.5 hidden behind an apache server (v2.2.15) and I am using Apache's mod_proxy to expose the tomcat webapps, which are running on port 8080. The tomcat hosts one production application and several development applications. On the apache side, both a Drupal site and the aforementioned tomcat production application are on the same domain and, thanks to rewrite rules, all requests to this domain are changed to https. The development sites are reached via subdomains and do not get re-written as https requests.
For the most part, this arrangement works fine. But parts of the tomcat apps are AJAX (calling a Java Struts 1.2 backend). Most of those requests are handled OK. But a few AJAX requests result in redirects (i.e., forward.setRedirect(true)) and that redirect is http (I guess because the container itself is not secure). As a result, I run into cross site scripting issues. I imagine I can use CORS headers to avoid the problem. But that seems like a hack. Is there a relatively painless way I can use to have tomcat send redirects back as https without making tomcat handle ssl directly?
Cris
You could configure the RemoteIpValve in Tomcat:
Another feature of this valve is to replace the apparent scheme
(http/https) and server port with the scheme presented by a proxy or a
load balancer via a request header (e.g. "X-Forwarded-Proto").
To configure Apache to forward the original protocol in the X-Forwarded-Proto header, add a RequestHeader directive in your Apache config, e.g.:
<VirtualHost *:443>
RequestHeader set X-Forwarded-Proto "https"
...
Note that in Tomcat 7, there is also a RemoteIpFilter.
You don't need to do anything special. It already works. Make sure you set the "redirectPort" in server.xml to Apache's HTTPS port, usually 443, and add the following to your <security-constraint> sections for resources you want secured by HTTPS:
<user-data-constraint>
<description>HTTPS</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
Late to the game here but others may find this-- we had a similar setup and issue where everything worked fine until the application started using ajax posts which did redirects for the response. The fix was to use mod_header in apache to rewrite redirects using "Header edit Location"
http://httpd.apache.org/docs/current/mod/mod_headers.html
Header edit Location ^http://www.example.com/ https://www.example.com/
This went unnoticed prior to the ajax redirects because the browser has no problem doing page level redirects to http (which apache would then redirect back to https). But the ajax cross-site prevention halts at the initial http missing out on that would then be redirected to https by a subsequent request.
I haven't been able to solve an issue with my server:
I use a linux server, Debian 7.0 distro.
I am hosting many different domains, all except one, are plain http domains which I can easily redirect using virtual hosts on httpd.conf or apache2.conf. The problem I can't solve is with one domain, which requires SSL, so I need to force redirect http to https. I worked on virtual host of that specific domain, and managed to get http to https redirect, but now, all remaining domains are forced also to the https domain. How can achieve each http domain redirects to it's own, but also the requires SSL domain redirects to https?
Thanks
If you are using some versions of Apache, I know as late as version 2.2, you will need to include the line:
NameVirtualHost *:80
before your virtual host lines. I can't be sure that this is your problem, but I just had the exact same thing happening to me on Arch, which apparently doesn't have the latest Apache.
I am using VBulletin Suite 4.1.4., which is written using PHP and nginx+apache setup (nginx as the front end server and Apache as the back-end server). This is a pretty standard "nginx+apache" configuration with nginx working on port 80 and apache on port 8080. I tried to enable https support and ran into the following problem.
As I read on the web, when one uses "nginx+apache" and wants to have https, he should configure ssl only for nginx server. So, I added required lines into nginx vhost configuration
listen 443;
server_name myserver.org;
ssl on;
ssl_certificate /tmp/myserver.crt;
ssl_certificate_key /tmp/myserver.key;
When I type https://.... the vBulletin forum opens in secure connection and the lock in the right bottom corner of the browser confirms it, so it looks like my settings work. At least to some extent.
But when I bring the mouse over links on the page, these links are showed as http links, not https. So, if I want to stay in secure connection, I can of course add the letter "s" manually each time I open a new page, but normally when you open forum as https://... all displayed links should automatically change to https.
Any ideas why this does not happen?
Even the answer where the problem lies - (a) in nginx configuration, or (b) in apache configuration or (c) in vbulletin configuration would help.
Thanks in advance!
The problem is that vBulletin running on apache detects the HTTP protocol, not HTTPS. But, you can change vbulletin settings in the admin panel in the following way:
Forum URL to 'https://your-site.name'
Always use Forum URL as Base Path to 'yes'