I want to check my logic with you experts to check if it is correct.
What do I want to do?
Requests to Location search of suggest are send to Proxypass.
Proxypass connection is passed through the proxy with the Proxy Remote directive
Will that eventually work?
How can see if the proxy is being used?
ProxyRemote "https://website.com/query/search/" "http://proxy.com:8080"
ProxyRemote "https://website.com/query/suggest/" "http://proxy.com:8080"
<Location "/search">
RequestHeader set Auth-Key "test"
ProxyPass https://website.com/query/search/
</Location>
<Location "/suggest">
RequestHeader set Auth-Key "test"
ProxyPass https://website/query/suggest/
</Location>
Try adding LogLevel proxy:trace5 above the ProxyRemote entries.
Then check the apache2 logs (usually /var/log/apache2/access_log) for [proxy:...] entries: specifically look for [...] connecting https://website.com/[...] to website.com:443.
Don't forget to remove the LogLevel entry again, proxy:trace5 is pretty verbose.
I have installed Jenkins on Apache container and started it, but whenever I am trying to access it using the URL http://localhost:8080/jenkins/ I am being redirected to the URL http://localhost:8080/jenkins/login?from=%2Fjenkins%2F and then the pop up attached appears asking me for the password, I pasted the password from the file that is mentioned, to the textbox it is not getting disappeared, unsure what to do.
in my case the Jenkins was not unlocking with initial Admin password, then I thought of setting it up initially with Apache and then proceed with fixing the problem . The problem was in the number of slashes you put after ProxyPass and ProxyPassReverse entries.
Wrong entries
ProxyRequests Off
ProxyPreserveHost On
<Proxy http://localhost:8081/jenkins*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /jenkins http://localhost:8081/jenkins/ nocanon
AllowEncodedSlashes NoDecode
ProxyPassReverse /jenkins http://localhost:8081/jenkins/
ProxyPassReverse /jenkins http://your.hostname.domain/jenkins/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
Correct one which worked.
ProxyRequests Off
ProxyPreserveHost On
<Proxy http://localhost:8081/jenkins*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /jenkins http://localhost:8081/jenkins nocanon
AllowEncodedSlashes NoDecode
ProxyPassReverse /jenkins http://localhost:8081/jenkins
ProxyPassReverse /jenkins http://your.hostname.domain/jenkins
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
Let me know your thoughts.
use instructions from https://github.com/geerlingguy/ansible-role-jenkins/issues/50#issuecomment-214935354 and check an update below regarding locking access for anonymous users - worked for me today.
Shamelessly stolen from the link above:
Create the file /var/lib/jenkins/jenkins.install.UpgradeWizard.state
with one line 2.0
Create the file
/var/lib/jenkins/init.groovy.d/basic-security.groovy with the
contents:
#!groovy
import jenkins.model.*
import hudson.security.*
def instance = Jenkins.getInstance()
println "--> creating local user 'admin'"
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount('admin','admin')
instance.setSecurityRealm(hudsonRealm)
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
instance.setAuthorizationStrategy(strategy)
instance.save()
you should deploy your jenkins to ......./tomcat/webapps/root
then the jenkins url should like 'http://localhost:8080/login?from=%2F',
when it is done,just copy code in the file ..../initialAdminPassword
to Administrator password
Type your linux ipaddress:8080/jenkins/.So to unlock your jenkins type ifconfig and know your ip address
For example my ip address for centos is 192.168.2.4
I type 102.168.2.4:8080/jenkins/ in my web browser. Good luck
I want to have Apache proxy to different servers and also have a "catch everything else that doesn't fit" to a server.
I want the following cases where ProxyPass is configured in the proxy's Apache conf file:
ProxyPass / - The "catch-all" where everything else that doesn't fit will go here
ProxyPass /sub1 - going to /sub1 takes me to sub1.domain.com...
ProxyPass /sub2 - going to /sub2 takes me to sub2.domain.com...
I tried the following:
<Location /sub1>
ProxyPass http://sub1.domain.com/
</Location>
<Location /sub2>
ProxyPass http://sub2.domain.com/
</Location>
<Location />
ProxyPass http://sub1.domain.com/
</Location>
This doesn't seem to work as everything defaults to <Location />.
I tried using LocationMatch and wasn't successful in getting sub1 or sub2 to return content. Referred from here: https://serverfault.com/questions/591591/apache-locationmatch-regex-behaviour-does-not-seem-correct
With the above LocationMatch, the headers were working but no content was returned. Going to /A or /B resulted to "Not found".
Does anyone know how I can get this working for Apache or is it even possible?
Try proxypassmatch instead of location directive.
I would like to run an IPython notebook web server behind an Apache (reverse) proxy so that instead of the URL
https://my.server:XXXX
(where XXXX is some port number) I could use
https://my.server/py0
I am aware that IPython uses websockets and I suspect this is the part that is missing from my setup, but I simply could not find a suitably detailed description on how to configure this. Unfortunately the IPython webserver setup docs don't have much to say regarding proxies apart from this:
When behind a proxy, especially if your system or browser is set to
autodetect the proxy, the notebook web application might fail to
connect to the server’s websockets[...]
So I decided to try it on my own and put the following in /etc/apache2/sites-enabled/default-ssl.conf :
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPass /py0/ https://localhost:10000/
ProxyPassReverse /py0/ https://localhost:10000/
Accessing IPython "directly" over the URL https://my.server:10000 works perfectly as advertised.
The URL https://my.server/py0 (without a trailing slash) returns "404 Not found".
The same with a trailing slash https://my.server/py0/ does "work" in that it forwards to https://my.server/login?next=%2F, which is then "Not found" in its own right -- obviously because the /py0/ part got lost. Maybe I should tell IPython about it but how ??
Perhaps relevant version numbers: Ubuntu 14.04 LTS, Apache 2.4.7.
Perhaps relevant SO question: IPython behind nginx. However, since everything else in my setup is handled by Apache to my full satisfaction, I do not want to run Nginx in addition.
Is there any good soul out there who has successfully configured IPython notebook web servers behind Apache? If yes, then please step forward and share your knowledge :-) Many thanks!
I got this working using the following setup.
IPython
IPython Notebook is listening at http://localhost:8888/ipython. It was necessary to add the /ipython prefix, because IPython uses absolute paths, so it must be the same as the reverse proxied path.
The ipython_notebook_config.py
c = get_config()
c.NotebookApp.ip = 'localhost'
c.NotebookApp.open_browser = False
c.NotebookApp.port = 8888
c.NotebookApp.base_url = '/ipython'
Apache
I enabled
mod_proxy
mod_proxy_http
mod_proxy_wstunnel
In the apache config I added
<Location /ipython>
ProxyPass http://localhost:8888/ipython
ProxyPassReverse http://localhost:8888/ipython
ProxyPassReverseCookieDomain localhost my.server.com
RequestHeader set Origin "http://localhost:8888"
</Location>
<Location /ipython/api/kernels/>
ProxyPass ws://localhost:8888/ipython/api/kernels/
ProxyPassReverse ws://localhost:8888/ipython/api/kernels/
</Location>
to an SSL enabled virtual host definition.
The RequestHeader set Origin "http://localhost:8888" was necessary for the websockets, otherwise you get a 403 Forbidden.
Now IPython is reachable at https://my.server.com/ipython (no trailing /!).
WARNING: This is rather verbose, as I gather you have figured much of this, but for documentation purposes, I laid out enough detail here for someone else to follow.
I put this answer together after implementing this myself with the help from various links. The first from here Websocket origin check fails when used with Apache WS proxy #5525. I repeat much of it here with some changes. Other links are referenced below.
1. Set up iPython:
This is in the post, but rather than do it as the original post suggested, I just followed the general instructions for Running a notebook server. With this done you should be able to test the setup, which will require enabling the port you have this configured for. If this does not work, then any Apache set up will not work.
2. Configure Apache:
Make sure you have the following mods available and enabled.
./configure --enable-proxy --enable-ssl --enable-deflate --enable-proxy-http --enable-proxy-wstunnel --enable-info --enable-rewrite --enable-headers
Added --enable-headers here as they were not installed on mine. Also I used the Apache2 a2enmod command. So sudo a2enmod headers, sudo a2enmod proxy, etc.
If you're running a version of Apache prior to 2.4, you do not have the proxy_wstunnel mod. You can either a patch your version or upgrade. To patch your version, you can follow these instructions. Be sure to copy over both mod_proxy.so and mod_proxy_wstunnel.so. To get the configure script, you need to run ./buildconfig, which has its own dependencies. This is noted in a comment therein.
Within Apache, create a "sites-available/iPython.conf" file. Originally I said to either add to httpd.conf or ports.conf. Adding your own site file is much cleaner and will allow you to enable/disable the configuration when desired.
Listen [ANY PORT HERE] # post has port 8999 here...
...
<VirtualHost *:[ANY PORT HERE]>
SSLProxyEngine On # post did not have this...
ProxyPass / http://127.0.0.1:8888/
ProxyPassReverse / http://127.0.0.1:8888/
# spoof headers to make notepad accept the request as coming from the same origin
Header set Origin "http://127.0.0.1:8888/"
RequestHeader set Origin "http://127.0.0.1:8888/"
LogLevel debug
</VirtualHost>
NOTE 1: The post uses port 8999, but it can be any port you want. You want port 80 here, but you do not need to specify it, so, modifying the above would yield:
<VirtualHost *:80>
... # Everything is the same here...
</VirtualHost>
NOTE 2: Since you are using SSL, you need to add SSLProxyEngine On within the body of the VirtualHost definition. As noted above, the post did not have this specifically.
NOTE 3: Port 8888 is whatever port ipython is running on. Change this based on your configuration.
NOTE 4: If you want to host multiple applications, and this is one of them, rather than having / and :8888/, you will want /ipython and :8888/ipython or whatever you want this to be named. In order to support this, see Running with a different URL prefix.
Enable the new configuration:
sudo a2ensite iPython
If you need to disable:
sudo a2dissite iPython
Reload Apache:
sudo service apache2 reload
My Environment:
Ubuntu 14.04.1
Apache 2.4.7
ipython 2.3.0
EDIT: Updated to reflect the final changes I made to get this working. I also changed the instruction order to what I think makes more sense.
Based on Apache's config of #adam, I'm putting here a full SSL-aware <VirualHost> sections but without the /ipython prefix, and i'm giving also the SSL-options for anyone interested:
<VirtualHost *:80>
ServerAdmin myname#my.place.com
ServerName some.server.com
SSLEngine off
Redirect permanent / https://some.server.com
</VirtualHost>
## From http://stackoverflow.com/questions/23890386/how-to-run-ipython-behind-an-apache-proxy
#
<VirtualHost *:443>
ServerAdmin myname#my.place.com
ServerName some.server.com
SSLEngine on
SSLCertificateFile some_server_com.crt
SSLCertificateKeyFile some_server_com.key
<Location />
ProxyPass http://localhost:8888/
ProxyPassReverse http://localhost:8888/
ProxyPassReverseCookieDomain localhost some.server.com
RequestHeader set Origin "http://localhost:8888"
</Location>
<Location /api/kernels/>
ProxyPass ws://localhost:8888/api/kernels/
ProxyPassReverse ws://localhost:8888/api/kernels/
</Location>
Redirect permanent / https://some.server.com
</VirtualHost>
This works for jupyter and password hash:
<VirtualHost *:443>
ServerName default
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine on
SSLEngine on
SSLProtocol TLSv1
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLCertificateFile /home/ubuntu/.certs/mycert.pem
ProxyPass /notebook/terminals/websocket/ wss://localhost:9999/notebook/terminals/websocket/
ProxyPassReverse /notebook/terminals/websocket/ wss://localhost:9999/notebook/terminals/websocket/
ProxyPass /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/
ProxyPassReverse /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/
ProxyPass /notebook https://127.0.0.1:9999/notebook
ProxyPassReverse /notebook https://127.0.0.1:9999/notebook
</VirtualHost>
On newer versions of IPython/Jupyter that have a terminal you also need to add entries for terminals.
<Location /ipython/terminals/websocket/>
ProxyPass ws://localhost:8888/ipython/terminals/websocket/
ProxyPassReverse ws://localhost:8888/ipython/terminals/websocket/
</Location>
I'm using apache version 2.4.18 in a server running Ubuntu 16.04.1 LTS(xenial)
and finally I have my jupyter notebook running through ssl.
I had already configured the standard SSL on my server, so https:// was working. I had also followed this instructions: Running a notebook server to get my cert file and my password in the jupyter_notebook_config.py configuration file. What I was missing was:
c.NotebookApp.allow_origin = '*'
c.NotebookApp.base_url = '/SomeName'
The apache configuration file that worked for me using solutions from several places and part of the answers here was:
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<Location "/SomeName">
ProxyPass https://localhost:XXXX/SomeName
ProxyPassReverse https://localhost:XXXX/SomeName
</Location>
<Location "/SomeName/api/kernels">
ProxyPass wss://localhost:XXXX/SomeName/api/kernels
ProxyPassReverse wss://localhost:XXXX/SomeName/api/kernels
</Location>
<Location "/SomeName/terminals/websocket">
ProxyPass wss://localhost:XXXX/SomeName/terminals/websocket
ProxyPassReverse wss://localhost:XXXX/SomeName/terminals/websocket
</Location>
where XXXX is the port you are using, e.g. 8888, and SomeName could be any name you want.
I hope this can help.
I have two ProxyPass directives:
ProxyPass /client/ http://10.0.0.8:8080/client/
<Location /client/>
RequestHeader edit X-GWT-Module-Base ^(.*)/client/(.*)$ $1/client/$2
</Location>
ProxyPass / http://10.0.0.8:8080/client/
<Location />
RequestHeader edit X-GWT-Module-Base ^(.*)/(.*)$ $1/client/$2
</Location>
10.0.0.8 is running Glassfish on port 8080 and http://10.0.0.8:8080/client/ is URL to a GWT based application.
Both proxy's work OK ,except when it comes to an error on the Glassfish side.
If I go via /cllient/ proxy then I see the actual error that was produced on the Glassfish side. If I go via / proxy then I only see "Error 500 The call failed on the server, please see server log". I've tried setting ProxyErrorOverride Off, but it didn't help.
Why don't I see the error via / proxy?
https://groups.google.com/d/msg/google-web-toolkit/2P15JslejXg/dldFRN_pIeEJ
is the approach I'm using now and it works:
ProxyPass / http://10.0.0.8:8080/myGWTApp/
<Location />
RequestHeader edit X-GWT-Module-Base ^(http)://([^/]+)/(.*)$ $1://$2/myGWTApp/$3
</Location>