Setting up apache reverse proxy
Client ==> Proxy ==> Server
This is on a windows machine on my local for testing have set an entry in my host file mapping the proxy dns to 127.0.0.1
httpd.conf
<VirtualHost *:443>
ServerName <proxy Server>
SSLEngine On
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLCertificateFile "<cert for proxy server>"
SSLCertificateKeyFile "<key for proxy server>"
ProxyPass / https://appserver.com/
ProxyPassReverse / https://appserver.com/
</VirtualHost>
I don't see any errors in the error.log while starting. When I make a request https://proxy.com there is no entry in access.log or error.log.
Can anyone see an issue with in the config or give some ideas?
Thanks
Rahul
You only need the following to do an SSL proxy:
<VirtualHost *:443>
ServerName <proxy Server>
SSLEngine On
ProxyPass "/" "http://www.example.com/"
ProxyPassReverse "/" "http://www.example.com/"
SSLCertificateFile "<cert for proxy server>"
SSLCertificateKeyFile "<key for proxy server>"
</VirtualHost>
The other stuff isnt necessary.
ok so it finally worked. Started from scratch
1. Added Listen 443 in httpd.conf it already had for port 80 (Listen 80)
2. Enabled modules one by one
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule ssl_module modules/mod_ssl.so
3. Uncommented httpd-vhosts.conf in httpd.conf
4. Added the following in httpd-vhosts.conf
<VirtualHost *:443>
ServerAdmin xyz#mail.com
DocumentRoot "c:/Apache24/htdocs"
ServerName <proxy Server>
ErrorLog "c:/Apache24/logs/error-ssl.log"
CustomLog "c:/Apache24/logs/access-ssl.log" common
ProxyRequests Off
ProxyPreserveHost Off
SSLProxyEngine On
SSLEngine on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLCertificateFile "<cert for proxy server>"
SSLCertificateKeyFile "<Key for proxy server>"
ProxyPass / https://appserver.com/
ProxyPassReverse / https://appserver.com/
</VirtualHost>
and it started working. Had tried so many things and had so many changes that starting from start made sense. Mostly was missing the Listen 443 in the httpd.conf file
Related
I'm trying to route any links that start with /api/ to port 3002 on my server but they always get routed to 3008. For example https://example.com/api/customers should be proxied/routed to localhost:3002
<VirtualHost *:443>
ServerAdmin (redacted)
ServerName (redacted)
ServerAlias (redacted)
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/(redacted)/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/(redacted)/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/(redacted)/chain.pem
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location "/api\/(.*)/">
ProxyPass http://localhost:3002/
ProxyPassReverse http://localhost:3002/
</Location>
<Location "/">
ProxyPass http://localhost:3008/
ProxyPassReverse http://localhost:3008/
</Location>
</VirtualHost>
Using this config going to domain.com works and shows my website but domain.com/api/customers returns an error from the webapp on port 3008 so it's not being routed correctly (it should go to 3002).
The apps on port 3008 and 3002 are running correctly so that's not the issue.
I've tried putting domain/ first and domain/api last in the config file but that didnt seem to fix it. And the config file is enabled
I've tried different regexes to match the api endpoint aswell but this one should work
Apache is listening on port 443
These mods are enabled which should be needed for this:
proxy_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
Please let me know if you want any extra information
Modify your config as below and have a try.
Post the access log and curl response if not working.
curl -ILKv https://domain.name/api/anything
curl -ILKv https://domain.name/api
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Proxy>
ProxyPass /api http://localhost:3002
ProxyPassReverse /api http://localhost:3002
I ended up solving it like this:
RewriteEngine on
RewriteRule "/api\/(.*)" "http://localhost:3002/api/$1" [P]
<Location "/">
ProxyPass http://localhost:3008/
ProxyPassReverse http://localhost:3008/
</Location>
I would like to setup the local pgadmin in server mode behind the reverse proxy. The reverse proxy and the pgadmin could be on the same machine. I tried to set up but it always fails.
Here is mypgadmin conf:
Listen 8080
<VirtualHost *:8080>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/pgadmin.crt
SSLCertificateKeyFile /etc/pki/tls/private/pgadmin.key
LoadModule wsgi_module modules/mod_wsgi.so
LoadModule ssl_module modules/mod_ssl.so
WSGIDaemonProcess pgadmin processes=1 threads=25
WSGIScriptAlias /pgadmin /usr/lib/python2.7/site-packages/pgadmin4-web/pgAdmin4.wsgi
<Directory /usr/lib/python2.7/site-packages/pgadmin4-web/>
WSGIProcessGroup pgadmin
WSGIApplicationGroup %{GLOBAL}
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
</VirtualHost>
and my reverse proxy conf
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
ErrorLog /var/log/httpd/reverse_proxy_error.log
CustomLog /var/log/httpd/reverse_proxy_access.log combined
SSLProxyEngine on
SSLProxyVerify require
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCACertificateFile "/etc/pki/tls/certs/ca-bundle.crt"
ProxyPreserveHost On
ProxyPass / https://localhost:8080/pgadmin
ProxyPassReverse / https://localhost:8080/pgadmin
</VirtualHost>
The httpd start but when I want to test it with
wget --no-check-certificate https://localhost/
it give me error 400
but the
wget --no-check-certificate https://localhost:8080/pgadmin
is working. Where is the problem in my config?
this work for me. I make pgadmin proxy to sub directory (https://localhost/pgadmin)
<VirtualHost *:80>
ServerName localhost
DocumentRoot "/var/www"
<Directory "/var/www">
AllowOverride all
</Directory
ProxyPass /ws/ ws://0.0.0.0:8888/
ProxyPass /phpmyadmin/ http://phpmyadmin/
<Location /pgadmin/>
ProxyPass http://pgadmin:5050/
ProxyPassReverse http://pgadmin:5050/
RequestHeader set X-Script-Name /pgadmin
RequestHeader set Host $http_host
</Location>
</VirtualHost>
Have you tried with latest version, I think it is fixed this commit Ref: LINK
Online Docs: https://www.pgadmin.org/docs/pgadmin4/dev/server_deployment.html
This config works,
use 0.0.0.0 for pgadmin docker, else use your ip
change port 5050 with your pgadmin port
<VirtualHost *:80>
ServerName pgadmin.yourdomain.com
RedirectMatch permanent ^/pgadmin4$ /pgadmin4/
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:5050/
ProxyPassReverse / http://0.0.0.0:5050/
Header edit Location ^/ /pgadmin4/
Header always set X-Script-Name /pgadmin4
</VirtualHost>
Cofigure with SSL, replace yourdomain.com with valid SSL for your domain
<VirtualHost *:80>
ServerName pgadmin.yourdomain.com
RedirectMatch permanent ^/(.*)$ https://pgadmin.yourdomain.com/$1
</VirtualHost>
<VirtualHost *:443>
ServerName pgadmin.yourdomain.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
RedirectMatch permanent ^/pgadmin4$ /pgadmin4/
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:5050/
ProxyPassReverse / http://0.0.0.0:5050/
Header edit Location ^/ /pgadmin4/
Header always set X-Script-Name /pgadmin4
</VirtualHost>
I have 3 Apache VM's running currently:
A) ProxyPass (Hosts Nothing)
B) Main Website
C) ZoneMinder Website
If you access example.com you get to the website, and can navigate around, but...
If I manually type http://example.com/zm trying to access zoneminder
It redirects http://example.com/zm in my remote browser to http://192.168.1.255:443/foo*
I can't seem to get my redirect working correctly, can anybody see what I am doing wrong?
Configs:
A) ProxyPass Server:
<VirtualHost *:80>
ServerName www.example.com
RedirectPermanent / http://example.com
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://192.168.1.255:80/
ProxyPassReverse / http://192.168.1.255:80/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
B) Main Website
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/html
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/example.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
</VirtualHost>
Got it working!
The setup:
Server A) Apache server that only serves proxypass and doesn't host anything
Server B) Apache server that hosts main domain.com
Server C) Apache server that hosts ZoneMinder # domain.com/zm
Server A Config:
<VirtualHost *:80>
ServerName domain.com
Redirect / https://www.domain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.domain.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On
SSLProxyCheckPeerCN on
SSLProxyCheckPeerExpire on
SSLEngine on
SSLCertificateFile /location of .crt
SSLCertificateKeyFile /location of .key
SSLCACertificateFile /location of .crt
ProxyPreserveHost on
ProxyPass /zm https://192.168.1.43:443/zm
ProxyPassReverse /zm https://192.168.1.43:443/zm
ProxyPass / https://192.168.1.42:443/
ProxyPassReverse / https://192.168.1.42:443/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
Notes: It is important to have the /zm come before the "/" catch all. I also noticed it FAILED if i used /zm/.
Server B Config:
<VirtualHost *:443>
ServerName www.domain.com
DocumentRoot /var/www/html
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/domain.log
CustomLog ${APACHE_LOG_DIR}/domain.log combined
SSLEngine on
SSLCertificateFile /location of .crt
SSLCertificateKeyFile /location of .key
SSLCACertificateFile /location of .crt
</VirtualHost>
Note: it is not necessary to have *:80 redirects or Server Alias as only correctly formatted requests are sent to this server via ProxyPass filtering beforehand.
Server C Config: (domain.com/zm)
<VirtualHost *:443>
ServerName www.domain.com
DocumentRoot /var/www/html
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/domain.log
CustomLog ${APACHE_LOG_DIR}/domain.log combined
SSLEngine on
SSLCertificateFile /location of .crt
SSLCertificateKeyFile /location of .key
SSLCACertificateFile /location of .crt
</VirtualHost>
Yes it is the same. It works so I am happy!
Note: All 3 servers have my SSL certs installed, but I did not touch default-ssl.conf.
I had the environment with several JBoss and Tomcat servers. They are connected to Apache via modcluster modules (to Apache IP address and port 8090). The Apache contains the configuration:
loadbalancer.conf
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule advertise_module modules/mod_advertise.so
Listen *:8090
<VirtualHost *:8090>
<Location /mod_cluster_manager>
SetHandler mod_cluster-manager
Order deny,allow
Deny from 8.8.8.8
Allow from all
</Location>
KeepAliveTimeout 60
MaxKeepAliveRequests 100
EnableMCPMReceive
ManagerBalancerName My_Cluster
AdvertiseFrequency 5
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
ProxyPass /other_app http://192.168.100.70:8080/other_app
ProxyPassReverse /other_app http://192.168.100.70:8080/other_app
ProxyPass / balancer://My_Cluster
</VirtualHost>
All work ok but one new application doesn't support connection to Apache. I need to use ProxyPass. When I insterted the ProxyPass to 443 virtual host so all balanced contexts stopped to work. When I inserted:
ProxyPass / balancer://My_Cluster
The /other_app context stopped work.
Can you advise me how configure context /other_app handling by ProxyPass and all other contexes by modcluster balancer?
Try using the following top level directive (add just below the LoadModule's)
#This is needed to prevent mod_cluster creating balancer for all VH's
CreateBalancers 1
Managed to do it with the following:
ProxyPass /other_app http://192.168.100.70:8080/other_app
ProxyPassReverse /other_app http://192.168.100.70:8080/other_app
ProxyPass /other_app !
ProxyPass / balancer://My_Cluster
Inspired by https://serverfault.com/questions/363788/serve-all-requests-via-proxy-except-a-specific-one
I have some trouble setting my virtualhosts file up the right way.
I'd like to send vistors to the right server by using reverse proxy.
My current setup gives me an internal error.
i have only 1 public ip and want to proxy the visitor on the condition of the right servername to one of the local virtual servers.
NameVirtualHost *:80
<VirtualHost *:80>
ServerName sub.domain.com
ServerAdmin me#domain.com
ProxyPreserveHost On
ProxyPass / http://192.168.1.11:80
ProxyPassReverse / http://192.168.1.11:80
</VirtualHost>
<VirtualHost *:80>
ServerName otherdomain.com
ServerAdmin me#domain.com
ProxyPreserveHost On
ProxyPass / http://192.168.1.12:80
ProxyPassReverse / http://192.168.1.12:80
</VirtualHost>
If someone can find anything I'm doing wrong or has another way to achieve my goal i'd love to hear so..
Got it working! used the following setup:
<VirtualHost *:80>
ServerName sub.domain.com
ServerAdmin me#domain.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://192.168.1.11/websvn/
ProxyPassReverse / http://192.168.1.11/websvn/
</VirtualHost>
the /websvn/ part was neccesary to include the css and other files properly
In another loaded .conf file:
LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so
LoadModule proxy_ftp_module /usr/lib/apache2/modules/mod_proxy_ftp.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
Which is used to inlcude the neccesary modules