I have a corporate private network(VPN) and on one VM a website is hosted which can be accessed internally only. e.g. https://internal.com/welcome.html
Now, I want to allow few pages of the site to be accessible from outside but with their own url.
e.g. they will open http://theirdoamin.com/welcome.html which will be redirected into my private network and internally it will be mapped/proxied to https://internal.com/welcome.html.
This way outside will never know the actual url (i.e https://internal.com/welcome.html.
My question is, can we achieve this using Apache Reverse proxy server sitting in-front of my hosted VM?
Second question, can I also limit the access to welcome.html page only and not others?
My colleague already implemented using Apache Nifi but I still believe it can be simple done using Apache Reverse Proxy setup.
Please advise.
Thanks
1) Yes, Apache reverse-proxy is able to do that.
2) You can limit access as you like.
1) I'd set up two vhosts (for examples), one with the original name and one with the VPN-accessable name.
Listen 80
#If you are running a Apache 2.2 you'll need the following line, for 2.4 you won't
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot "srv/www/example1"
ServerName internal.com
<Directory "/srv/www/example1">
Require all granted
</Directory>
# Other directives here, if needed
</VirtualHost>
<VirtualHost *:80>
ServerName external.com
ProxyPreserveHost On
RewriteEngine On
RewriteRule ^ https://internal.com/welcome.html [P]
ProxyPassReverse / https://internal.com/
</VirtualHost>
You'll need the RewriteRule to target a specific file instead of a whole domain. Otherwise a simple ProxyPass would have been enough.
This requires the modules mod_rewrite, mod_proxy and mod_proxy_http to be activated.
2) is done by the RewriteRule. It only allows access to that specific target-file (welcome.html).
Related
I have an apache server with a bought domain.
I want to know if it is possible to redirect some web pages... For example
I have a NextCloud Server that I want to access by www.example.com/nextcloud
And a plex server I want to access by www.example.com/plex
PD: I don't have the possibilities of subdomains like www.plex.example.com because I didn't hire it when I bought the domain
Is this possible? How do I need to configure apache virtualhost? Thanks!
You mention that you want to access by www.example.com/nextcloud and by www.example.com/plex. I will therefore take for granted that you do not want the site address to change in your client's browser. So no redirection here. Redirection would change the address bar value.
Then the option you want is a reverse proxy. It will "hide" the fact that the client is being served pages by another site or application.
Assumptions:
You have system 1 with an Apache server that responds to http://www.example.com
You have system 2 with an application that responds to http://www.domain1.com/nextcloud.
You have system 3 with an a plex application that reponds to http://www.domain2.com/plex
Therefore on system 1, in the configuration file for your Apache (most probably httpd.conf), you will:
load the proxy modules
add these lines in your <VirtualHost>:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
[... SOME OTHER CONFIG ...]
ProxyPass "/nextcloud" "http://www.domain1.com/nextcloud"
ProxyPassReverse "/nextcloud" "http://www.domain1.com/nextcloud"
ProxyPass "/plex "http://www.domain2.com/plex"
ProxyPassReverse "/plex" "http://www.domain2.com/plex"
[... SOME OTHER CONFIG ...]
</VirtualHost>
Now domain1.com and domain2.com can be IP addresses, but using dns is so much better for flexibility. Adjust this sample as required.
Complete mod_proxy documentation: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
I am a little lost on how to achieve the following...
I have a single domain name which is running a CMS # www.mywebsite.com
If a specific URL is given apache calls the other VM (different IPv4) running a shop. www.mywebsite.com/store
I've trawled through apache vhosts but nothing seemingly covers the above scenario if its even possible ...https://httpd.apache.org/docs/2.0/vhosts/examples.html
Any guidance would be very much appreciated.
If I understand your problem correctly, you could do this with mod_proxy.
For example:
<VirtualHost *:80>
ServerName www.mywebsite.com
ProxyPass /store/ http://store.local/
ProxyPassReverse /store/ http://store.local/
</VirtualHost>
You could use the IP address, server hostname or whatever in the proxy directives - store.local is just an example.
The mod_proxy documentation is extensive.
I'm trying to get Apache 2.4.10 on Debian 8 "Jessie" up and running with multiple websites hosted on it. This might be an obvious and already answered question but I've never had the need to set-up a dedicated web host (usually just drop a WAMP server for development needs or pick up a web hosting service) and so far I have not had any luck finding an answer to my problem (I've found the complete opposite answers of what I'm trying to achieve). I need to get this working because apart from just hosting a couple of websites, there will be additional software set-up, for which, a regular web hosting service won't do.
Everything seems to be working as intended but the only problem is that I can't seem to find an optimal configuration which wouldn't just block access to default vhost with 403 - Forbidden. What I need is Apache to ignore requests (not just return a 404 document but tell the browser there's nothing there) from anyone accessing the default vhost or by accessing the server directly through it's designated IP. The designated IP should be left for SSH access only (since I don't have any kind of physical access to this server).
Basically, the web server should be accessible from a web browser through "FQDN-1" and "FQDN-2" (each located in their individual directories) and access to any other web address on this server should be ignored (invoking browser "404 not found" instead of returning a server error document, which would indicate that something is there).
my current vhost files:
<VirtualHost *:80>
ServerName FQDN-1
ServerAlias www.FQDN-1
ServerAdmin mail#FQDN-1
DocumentRoot /var/www/FQDN-1/public_html
ErrorLog /var/www/FQDN-1/logs/error.log
CustomLog /var/www/FQDN-1/logs/access.log combined
</VirtualHost>
And
<VirtualHost *:80>
ServerName FQDN-2
ServerAlias www.FQDN-2
ServerAdmin mail#FQDN-2
DocumentRoot /var/www/FQDN-2/public_html
ErrorLog /var/www/FQDN-2/logs/error.log
CustomLog /var/www/FQDN-2/logs/access.log combined
</VirtualHost>
The default vhost has been disabled through "a2dissite 000-default"
Iptables block everything except tcp port 80 and 22 (SSH access is whitelisted in iptables to just few specific iPs).
You can let the built-in name-based vhosting do the work for you. You can simply setup an additional (non default / non-first listed for *:80) virtualhost with
ServerName your-ip
and put a simple rule like
RewriteEngine ON
RewriteRule ^ .* [F]
or
Redirect 403 /
I've got one dedicated server which I splitted into more virtual servers.
On main server I use standard port for http (80), but for others I was forced to set different ports.
But I've got some spare domains.
What is best way to make invisible redirect to another server when user come through specific domain?
I don't want to use iframes or redirect to another website. I would like domain to act like on shared web hostings. But with different servers.
Is it possible to do?
I know that apache gets information about from which domain user came.
I would like to do it with virtual hosts if it's possible.
<VirtualHost *>
ServerName mydomain
ServerAlias mydomain
some redirection
CustomLog /var/log/apache2/mydomain.access.log combined
ServerAdmin myemail
</VirtualHost>
Thanks in advance :]
Since you have access to the server's config, take a look at the ProxyPass, ProxyPassMatch, and ProxyPassReverse directives that are part of mod_proxy. You'll need to make sure the module is loaded before you can use these directives.
In general, in your mydomain config, say you want to have visitors see the site at http://myother.domain.com/ when they go to http://mydomain/other, you'd just add:
ProxyPass /other http://myother.domain.com/
ProxyPassReverse /other http://myother.domain.com/
The ProxyPassReverse is to ensure proxied location responses get rewritten. For example, if a page at http://myother.domain.com/ returned a 301 redirect to http://myother.domain.com/newimage.gif, this directive will internal rewrite the response's location from http://myother.domain.com/newimage.gif to http://mydomain/other/newimage.gif, for it to be proxied again.
If you have cookie domains that also need rewriting, take a look at ProxyPassReverseCookieDomain and ProxyPassReverseCookiePath.
They say that Apache's mod_rewrite is the swiss-army knife of URL manipulation, but can it do this?
Lets say I want to add a new application to my Apache webserver, where the only configurable option of the app is a port number.
I want to use & give out URLs of the form "http://hostname.example.com/app" rather than "http://hostname.example.com:8080". This would ensure that clients would be getting through the institution's firewall as well, and it's generally tidier.
My application includes absolute URIs in php, javascript and css, so I want to prepend my own root location to the URI in the applications internal links. I have no access to DNS records and so can't create another name-based virtual server.
Using Apache's mod_rewrite and mod_proxy modules, I can transparently redirect a client to the correct home-page of the application. But links within that homepage don't point a client to links relative to the new base URL.
So, what's the best way of proxying a request to an application that is listening on a specific port?
For example, if I had an application listening on port 8080, I could put this in my Apache configuration:-
<VirtualHost *:80>
SSLProxyEngine On
ServerName myhost.example.com
RewriteEngine On
UseCanonicalName On
ProxyVia On
<Location "/application">
RewriteRule ^/application/?(.*) http://localhost:8080/$1 [P,L]
</Location>
</VirtualHost>
This would work fine if the application didn't use absolute URLs, but it does. What I need to do is rewrite URLs that are returned by the application's css, javascript and php.
I've looked at the ProxyPass and ReverseProxyPass documentation, but I don't think these would work..?
I've also come across Nick Kew's mod_proxy_html, but this isn't included in the standard Apache Distribution, and my institution's webserver seems to have been fine for years without it.. Other than trawling manually (or using a grep -r | sed type expression) through the application's source code, or using this 3rd party add-on, are there any other ways to go about this?
Could I perhaps use some of the internal server variables in a mod_rewrite rule? For example a rewrite rule based on ’HTTP_REFERER'?
Using mod_proxy would work just fine. For instance, I mapped https://localhost/yalla/ to point to a subdirectory of my webserver:
LoadModule proxy_module modules/mod_proxy.so
ProxyRequests On
<Proxy *>
Order deny,allow
Allow from localhost
</Proxy>
ProxyPass /yalla/ http://yalla.ynfonatic.de/tmp/
If you implement this, you'll note that the pictues of the directory-listing aren't visible; this is because they're below the /tmp/ directory on the remote server, hence not visible.
So, in your case you'd do:
LoadModule proxy_module modules/mod_proxy.so
ProxyRequests On
<Proxy *>
Order deny,allow
Allow from localhost # Or whatever your network is if you need an ACL
</Proxy>
ProxyPass /app/ http://hostname.example.com:8080/
Like with everything in Apache configuration, watch those trailing slashes when referring to directories.
Good luck!
Alex.