I have currently setup Apache Tomcat 7 in port 8080 and I am using NGINX with a Let's Encrypt SSL in front of it as a reverse proxy. The current configuration is working like a charm, but I need one be able to pass to Tomcat when the page been view is using SSL or not.
I found on the documentation the use of SSLValve in the server.xml file should do the trick, but the examples I have found are for apache as the reverse proxy and not for NGINX.
Has anyone done this setup?
Assuming you're using :8080 as the backend for both http and https:
server {
listen :80;
listen :443 defaultserver ssl;
...ssl directives....
location ~ / {
proxy_pass http://apache:8080;
}
NGINX configuration can fill in the ssl directive parts for your particular case
http://nginx.org/en/docs/http/configuring_https_servers.html
Related
I have an Ubuntu Server with both apache2 and nginx installed (Apache2 was installed by the system admin, and I installed nginx).
I cannot reach the default port that nginx is set to, it redirects me to apache's default page. I've tried changing the /etc/nginx/sites-enabled/default file to:
server {
listen 81 default_server;
listen [::]:81 default_server;
}
I restarted/reloaded the nginx service after making the changes but still land on the apache2 page. Is there something else that I need to edit in order to be able to access nginx? Thank you.
Caddy 2 is a powerful, open source web server with automatic HTTPS written in Go. I have a web app where users can point their custom domains. So caddy can easily generate ssl with tls on demand. https://caddyserver.com/docs/automatic-https
So I want to set caddy as a reverse-proxy for apache, so I edited my ports.conf file and set it to
Listen 8080
<IfModule ssl_module>
Listen 8443
</IfModule>
<IfModule mod_gnutls.c>
Listen 8443
</IfModule>
And my caddy file is set to:
mydomain:80 {
reverse_proxy localhost:8080
}
mydomain:443{
reverse_proxy localhost:8443
However http works fine with it, but https doesn't work at all. I even tried checking if the port 8443 is free even, changed it to 44301. But it doesnt work.
My questions:
1) How to properly configure caddy as reverse proxy for apache?
2) Should I also change the ports from VirtualHost file? (Tried changing to 8080, but apache wont start)
3) Is there anything I am missing setting it up as a reverse proxy with apache?
Appreciate your help!!
I currently have a NGINX configuration with many subdomains. I started a mumble-server on port 27845, it works if I try to access it on a Mumble client with <ip_adress>:27845.
I tried to use NGINX to provide a subdomain mumble.example.com on port 80, which use proxy_pass http://localhost:27845. But when I try to connect to mumble.example.com on my Mumble client, it says that :
This server is using an older encryption standard, and is no longer supported by modern versions of Mumble.
How can I use a valid SSL configuration for NGINX on the port 80 ? I can use solely ports 80 and 443, and 443 is used for OpenVPN.
Subdomain conf NGINX :
server {
server_name mumble.example.com;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
proxy_pass http://localhost:27845;
}
}
Nginx is an HTTP proxy, but mumble protocol is based on TCP/UDP, so I don't think Nginx can proxy for murmur service.
It seems that it is possible to get Apache server to Proxy and Manage SSL handshake on https requests and service them as 'http' thru another server behind it.
I have configured an apache server for ProxyPass using following configuration
SSLProxyEngine On
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/
I am able to get all all traffic to the apache server that is listening to port 8080 direct and serve by the localhost:8081 server so
http://localhost:8080/hi is being correctly served by http://localhost:8081/hi
However the following does not work :
http**s**://localhost:8080/hi to be served by http://localhost:8081/hi
Apache is trying to pass the https:// traffic to the 8081 server, without managing the SSL handshake.
Your Apache listener on port 8080 is an http listener, not an https listener. You can't handle both types of traffic on the same port. If you want to handle SSL traffic, you'll need to set up a new context on another port with SSLEngine On and all the other normal SSL configuration (certificate, key, etc).
This question has one version of this configuration.
Also this post.
I have a wildcard ssl cert for domain "www.abc.com", which running on Apache and using port 80 for http & port 443 for https.
Now, I would like to add a new domain "www2.abc.com", which running on Tomcat and using port 8080 for http & port 443 for https.
Is there any conflicts if I use both on port 443?
Many thanks.
Well, technically you can't have tomcat and apache listen on 443 at the same time. You could have Apache forward requests to tomcat and handle the encryption. Look up mod_jk, mod_proxy or mod_proxy_ajp for how to do this.
Once you do this, you can have multiple <VirtualHost> declarations for port 443 on Apache. If they all use the same wildcard certificate for *.abc.com this will work fine.
With this scenario, tomat probably won't be configured to do ssl at all. I'm recommending to use the protocol ajp (not http) for the forwarding part, as this will forward all necessary information about the nature of the connection to tomcat.
Is there any conflicts if I use both on port 443?
yes, you can't set two or more applications to listen on a same port at the same time.