I try to use Apache mod_proxy for icap protocol.
My configurations looks like:
<Location /RESPMOD>
ProxyPass icap://IP:1344/RESPMOD?policy=virus_only
ProxyPassReverse icap://IP:1344/RESPMOD?policy=virus_only
Order allow,deny
Allow from all
</Location>
The proxy module is built-in.
But than I get
[warn] proxy: No protocol handler was valid for the URL /RESPMOD. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
I didn't find proxy module for icap. Is there one (like for http protocol?) or should the configuration be different?
Unluckily, there is no such module.
Related
I am trying to return content with a web service. Behind an apache proxy if fails with "Operation insecure".
I read about adding an apache hook but it won't work for me. Setting the environment variable neither.
This is what I tried: how to make Mojolicious's url_for()->to_abs() return correct scheme (http or https) behind nginx
Maybe or webservice I have to do something else ? Also I use mojolicious lite.
Also the url_for is done in the template file .html.ep. I use it to call the web service from javascript.
I run Mojolicious 7.59 on Ubuntu 18.04. Thank you for you help
I solved it this way: the apache proxy must have some specific settings and also the mojo app must be in reverse proxy mode.
Apache Settings
Apache must know how to proxy the web services and it must tell mojo about the forwarding protocol.
I put all my webservices under the /ws/ and I added it to ProxyPass
My mojo app is at the same host at port 8080 so I proxy to localhost:8080.
It is very important to set the X-Forwarded-Proto
At /etc/apache2/sites-enabled/default-ssl.conf I changed this way:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /ws/ ws://localhost:8080/ws/ keepalive=On
ProxyPass / http://localhost:8080/ keepalive=On
ProxyPassReverse / http://localhost:8081/
RequestHeader set X-Forwarded-Proto "https"
Mojo Proxy
The mojolicious app must know it is in reverse proxy. If you are using hypnotoad it may not be necessary. When I did some tests with morbo I had to run it this way:
MOJO_REVERSE_PROXY=1 morbo script.pl
There is more documentation at https://mojolicious.org/perldoc/Mojolicious/Guides/Cookbook#Reverse-proxy
I need to forward all traffic from specified port to a Unix Domain Socket in Apache:
In sites-enabled/000-default.conf I have defined a VirtualHost:
<VirtualHost *:8091>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / unix:/var/lib/jenkins/workspace/myproject/mysocket.sock|http://127.0.0.1/
ProxyPassReverse / unix:/var/lib/jenkins/workspace/myproject/mysocket.sock|http://127.0.0.1/
</VirtualHost>
In ports.conf I have:
Listen 80
Listen 8091
I have both proxy and proxy_http mods enabled:
krzysiek:/etc/apache2$ a2enmod proxy
Module proxy already enabled
krzysiek:/etc/apache2$ a2enmod proxy_http
Module proxy already enabled
I am using Apache 2.4.7 and offical documentation states that:
In 2.4.7 and later, support for using a Unix Domain Socket is available by using a target which prepends unix:/path/lis.sock|
When I reload Apache I get error:
krzysiek:/etc/apache2$ sudo service apache2 restart
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
AH00526: Syntax error on line 64 of /etc/apache2/sites-enabled/000-default.conf:
ProxyPass URL must be absolute!
I tried changing:
ProxyPass / unix:/var/(...)
To:
ProxyPass / unix:///var/(...)
Then Apache reloads correctly but forwarding DOES NOT work, error.log says:
[proxy:warn] [pid 22436] [client 10.0.4.19:47662] AH01144: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
Could you explain me what I'm doing wrong? Or how do I forward traffic from port to unix socket on Apache correctly?
Might be a bit late 🙂, but the following apache config works for me:
ProxyRequests off
Define SOCKET_NAME /path/to/my.sock
ProxyPass / unix:${SOCKET_NAME}|uwsgi://%{HTTP_HOST}/
ProxyPassReverse / unix:${SOCKET_NAME}|uwsgi://%{HTTP_HOST}/
with modules proxy and proxy_uwsgi loaded.
Important do not place your socket in /tmp (I think systemd prevents the apache process to directly access it for security reasons).
Also, watch out for the file permissions.
I have a project where we use webpack's devserver for local development. We also have the hot module replacemet for live reload: hot module replacement
We have our front end running in docker. With that front end, we have also apache's mod_proxy. Idea is to have all http call's to go through the mod_proxy. So browser will send http to mod_proxy, that will then proxy to front end. This works well without hot module replacement. But for some reason, we are unable to get the hot module replacement work. I guess it is because hot module replacement uses web sockets, and tunneling web socket call's through apache's mod_proxy is not enabled by default?
Has someone been able to achieve this? How did you manage to do it? What configurations were needed in devserver / hot module replacement? Did you use apache's mod_proxy web socket tunnel: mod_proxy_wstunnel, and how did you configure it? You do not need to answer to all the sub questions listed before, I just need the info on how to get it working.
A. Yes. I could get this working with the following configuration in Apache2
<Location /sockjs-node>
RequestHeader set Host "localhost:4200"
RequestHeader set Origin "http://localhost:4200"
ProxyPass ws://localhost:4200/sockjs-node
ProxyPassReverse ws://localhost:4200/sockjs-node
CacheDisable on
</Location>
<Location /sockjs-node/info>
ProxyPass http://localhost:4200/sockjs-node/info
ProxyPassReverse http://localhost:4200/sockjs-node/info
CacheDisable on
</Location>
B. My apache2 server has mod_proxy and mod_proxy_wstunnel enabled.
C. I am using this configuration for my angular 7 development.
I have been using Gateone behind an Apache proxy for a long time. All of a sudden, probably after the last apt-get update/upgrade of my Debian Jessie install, this no longer works.
The error I get in the error.log is this :
[Sat Sep 12 16:20:47.992400 2015] [proxy:warn] [pid 1870] [client 192.168.0.2:5022] AH01144: No protocol handler was valid for the URL /gateone/. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
All answers I could find were pointing to a missing proxy (sub)module that needed to be loaded. This is the list of proxy modules I have loaded :
proxy.conf proxy_connect.load proxy_html.conf proxy_http.load
proxy.load proxy_html.load proxy_wstunnel.load
And the (unchanged) section in my http conf file looks like this :
ProxyPass /gateone/ ws://localhost:8888/gateone/
ProxyPassReverse /gateone/ ws://localhost:8888/gateone/
ProxyPass /gateone/ wss://localhost:8888/gateone/
ProxyPassReverse /gateone/ wss://localhost:8888/gateone/
ProxyPass /gateone/ http://localhost:8888/gateone/
ProxyPassReverse /gateone/ http://localhost:8888/gateone/
This configuration used to work. Can anyone please tell me if something has changed lately in Debian Jessie, especially regarding proxying (websockets proxying) ?
Thanks,
Hans
2.4.17 has this exact same problem but 2.4.12 was fine.
Interestingly this ALSO occurs on the 2.4.16 and 2.4.17 Windows x64 release using VC14 or VC11 so this is entirely something internal to the proxy modules.
The only resolution appears to be downgrading to 2.4.12 because there exists no combination of proxy modules to make it work and you can use your config in 2.4.12 without issue. Definite websocket proxy break 2.4.16+
*Update: Workaround allows http: fallback from ws: when you use ProxyPass with a very specific URL.
Eg.
#Works 2.4.12 but fails 2.4.16+
ProxyPass /ws/ ws://localhost:8080/ws/
#2.4.16+ seems to want full and exact path and ws: fails but http: failover works
ProxyPass /ws/stomp/ http://localhost:8080/ws/stomp/
I've been working on a Perl Mojolicious project that uses websockets. I'm wanting to launch it on a shared server running apache and use proxyPass and proxyPassReverse to make the url prettier for my Mojolicious code running with Hypnotoad.
I have it set up as follows.
Apache url:
mydomain.com
Hypnotoad url:
mydomain.com:8080
With the following apache entry I can reverse proxy the Hypnotoad server to
project.mydomain.com
apache.conf entry
<VirtualHost *:80>
ServerName project.mydomain.com
DocumentRoot /var/www/project
<Directory /var/www/project/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://mydomain.com:8080/ keepalive=On
ProxyPassReverse / http://mydomain.com:8080/
RequestHeader set X-Forwarded-HTTPS "0"
</VirtualHost>
However my websocket requests give a 404 error when I use:
ws://project.mydomain.com/get-data
and a 302 error when I use:
ws://mydomain.com:8080/get-data
I guess this wouldn't be a problem is the websocket didn't check for authentication, but they use Mojolicious routes to check that you can post via the websocket.
From what I can see Apache doesn't support reverse proxying websockets. In apache/httpd conf files.
Has anyone found a usable solution to this using Apache that is stable for a production environment?
In March a patch was committed to the Apache trunk by Jim Jagielski which allows websockets to be proxied correctly. The patch adds a new submodule called proxy_wstunnel which allows mod_proxy to work with the "ws" and "wss" protocols.
The module is not yet in any official Apache releases (as of June 8th 2013), so you will need to compile it yourself. Voyageur's blog describes the process for Apache 2.2, but it should be easier for Apache 2.4
Apache httpd 2.4.6 includes proxying websocket requests.