I'm trying to use Apache to host a server that will reverse proxy to multiple other servers. The way I'm attempting to do it is through the following:
<Location /server1/>
ProxyPass http://192.168.0.31/
ProxyPassReverse http://192.168.0.31/
Order allow,deny
Allow from all
</Location>
<Location /server2/>
ProxyPass http://192.168.0.32/
ProxyPassReverse http://192.168.0.32/
Order allow,deny
Allow from all
</Location>
The proxy server is at 192.168.0.30. The problem I'm encountering is that requests/file accesses aren't being served by the right server. The client requests it from the proxy server rather than from server1 or server2, and the proxy server doesn't have the files.
GET http://192.168.0.30/php/file.php 404 (Not Found)
Any tips on what to change to resolve this issue are appreciated. Note that this isn't supposed to be a form of load balancing - server 1 and server 2 should be accessible separately.
Related
Jenkins is working properly itself but in conjunction with proxy server it fails for specific URLs. These URLs don't have trailing slash and they are failing only when I'm using HTTPS proxy server (Apache). When accessing Jenkins with bypass of proxy server, there's no any problem.
I have 2 servers. Server 1 is a proxy server (Apache) which delivers HTTPS connection with external world. Server 2 is a Jenkins server. When accessing Jenkins with domain name it firstly goes thru Server 1, then redirects HTTP to HTTPS and then accesses Server 2. In that model, some of URLs are not working because of lack of trailing slash. When accessing Server 2 directly with its IP address, there is no any problem with URLs.
Many people (including me) are experiencing this. It's endlessly annoying, but on the jenkins bugtracker they either say it doesn't exist (anymore) or give workarounds. https://issues.jenkins-ci.org/browse/JENKINS-53434
If you are using a reverse proxy you have to make sure you are using the /jenkins prefix in the url.
You can set it on ubuntu in the file /etc/default/jenkins
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=8080 --httpListenAddress=127.0.0.1 --prefix=$PREFIX"
Here is my truncated apache config with the proxy config for a https port on 8079
<VirtualHost *:8079>
AllowEncodedSlashes NoDecode
ProxyRequests Off
<Proxy http://localhost:8080/jenkins*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /jenkins http://127.0.0.1:8080/jenkins nocanon
ProxyPassReverse /jenkins http://127.0.0.1:8080/jenkins
ProxyPassReverse /jenkins https://website.eu:8079/jenkins
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
Then in https://website.eu:8079/jenkins/config update the jenkins url
https://website.eu:8079/jenkins
I am attempting to access OrientDB's REST API through a reverse proxy. That is, I have a domain orientdb.mydomain.com that forwards to localhost:2480, where the server is. I have this working on the unsecured website, so I can access http://orientdb.mydomain.com and it brings up the studio site:
http://orientdb.mydomain.com/studio/index.html
However, this does not work through https. I get a 404 error ("The requested URL /studio/index.html was not found on this server")
I have a feeling that I'm not using the correct documentroot or there is something funny about OrientDB that it's generating the path above in another way. I cannot actually find this /studio directory anywhere.
This is from my virtualhost setting in my ssl.conf file.
<VirtualHost _default_:443>
DocumentRoot "/opt/orientdb-3.0.6/www"
<Directory "/opt/orientdb-3.0.6/www">
Require all granted
</Directory>
ServerName orientdb.mydomain.com
#more stuff
</VirtualHost>
By the way, I originally had the following options in my Directory tag, but it gave a forbidden error. I changed it to Require all granted and it now says not found- so I think I'm making progress.
AllowOverride All
Order allow,deny
In summary, is it possible to access the OrientDB server in this way and if so what do I put as DocumentRoot, etc?
I don't think you can do that.
OrientDB has its own HTTP server embedded so the only way it can work is with the reverse proxy configuration.
You can expose your web server (apache HTTP I guess) in https and terminate the "s" there, proxying to orientdb HTTP port (2480).
This turned out not to be an OrientDB issue, but a proxy issue. I had used a virtualhost to set up the proxy on port 80, but I did not do the same for port 443. After adding these settings to my 443 virtualhost on orientdb.mydomain.com, I was able to access the studio and the HTTP REST API through HTTPS.
ProxyPass / http://127.0.0.1:2480/
ProxyPassReverse / http://127.0.0.1:2480/
<Proxy *>
Require all granted
</Proxy>
My configuration is as follows - 1 unix server with two http servers running at the same time:
apache server on ports 80 and 443
Nginx server on port 8200 (www.myserver.com:8200)
The problem is that when I log in to Nginx site I need to authorize there. Doing this over internet with no SSL is not wise... I would like to connect to my apache server with SSL, be transparently redirected to another site and authorize still having encrpyted connection.
Nginx works via http so no ssl there... I would like to have url
https://www.myserver.com/duplicati to be proxied to http://www.myserver.com:8200
Effectively I want to have:
encrypted connection from the web client to www.myserver.com
proxy connection from https://www.myserver.com/duplicati to http://www.myserver.com:8200 (unencrypted), but limited to 1 physical machine which I don't care much about encryption (or actually lack of it)
What I did was the following
What I did was the following Apache config:
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /duplicati/ http://127.0.0.1:8200/ngax/
ProxyPassReverse /duplicati/ http://127.0.0.1:8200/ngax/
<Location /duplicati/>
ProxyPassReverse /
Order deny,allow
Allow from all
</Location>
Header edit Location ^http://127.0.0.1:8200/ngax/ https://127.0.0.1:8200/ngax/
still no luck with that config....
It looks like a simple thing to do but after 5h of struggle I need to send my very first post to Stackoverflow community ;-)
Could you kindly help me with it?
I develop a jsp website using tomcat as backend and apache as frontend redirecting with mod_proxy.
First my configs.
apache:
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine on
ProxyPass / https://realdomain.tld:8443/proj1/
ProxyPassReverse / https://realdomain.tld:8443/proj1/
<Location />
Order allow,deny
Allow from all
</Location>
When I reload my jsp webpage, every time i get a new session id. When developing on localhost without apache and mod_proxy everything works and I keep the same session id.
For my webapp it is important to keep the same session during the time.
Any Idea how i can tell apache to keep my session. I guess apache has to redirect the cookie to tomcat right? but how...
Any time you change the context path in the proxy (/ -> proj1) you create a whole heap of problems to solve. Your immediate cookie problem can be solved with the ProxyPassReverseCookiePath directive. I then suspect you'll find the next problem to solve. You'd be better off redeploying your application as the ROOT web application so that your ProxyPass directive is ProxyPass / https://realdomain.tld:8443/
As an aside, it looks like you are proxying to Tomcat's https connector. If you aren't careful you will create security problems for yourself if httpd receives requests over http, proxies them to Tomcat over https and Tomcat treats those requests as being received over a secure channel.
I am trying to setup a server with multiple web applications which will all be served through apache VirtualHost (apache running on the same server). My main constrain is that each web application must use SSL encryption. After googling for a while and looking other questions on stackoverflow, I wrote the following configuration for the VirtualHost:
<VirtualHost 1.2.3.4:443>
ServerName host.domain.org
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
</VirtualHost>
Even though https://host.domain.org:8443 is accessible, https://host.domain.org is not, which defeats the purpose of my virtual host configuration. Firefox complains that even though it successfully connected to the server, the connection was interrupted. Chrome return an error 107: net::ERR_SSL_PROTOCOL_ERROR.
Finally I should also mention that the virtual host works perfectly fine when I do not use SSL.
How can I make this work ?
Thanks
You don't need to configure SSL in both Apache and Tomcat.
The easiest way to accomplish that is configure SSL just on Apache and proxy to tomcat using http.