Trying to install jitsi meet with apache2 - jitsi

I know there are already post on this subject, but they don't produce good results and I would like to share, here, my thinking on this subject. Feel free to moderate my post if you think it's a bad idea.
Server: Ubuntu 16.04.1, Apache2.4.18
DNS conf:
for Jitsi meet - meet.mydomain.xx ----> ip_of_my_server
for my website - mydomain.xx ----> ip_of_my_server
Like I said I try to run Jitsi meet on apache2.
By following the steps described in Quick install (https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md)
If I install Jitsi meet on my server just after installing Ubuntu so without Apache or Nginx. Jitsi works great.
If I install Jitsi meet on my server after installing Nginx. Jitsi works great.
With the same method of installation, I try to install Jitsi meet after installing Apache2, so I notice that Jitsi meet does not configure itself apache2, so I tried this first configuration:
<VirtualHost *:443>
ServerAdmin postmaster#mydomain.xx
ServerName meet.mydomain.xx
ServerAlias meet.mydomain.xx
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
DocumentRoot "/usr/share/jitsi-meet/"
<Directory /usr/share/jitsi-meet/>
AllowOverride All
</Directory>
ProxyPass / http://meet.mydomain.xx:5280/http-bind
ProxyPassReverse / http://meet.mydomain.xx:5280/http-bind
ProxyPreserveHost Off
<Location "/http-bind">
Order allow,deny
Allow from all
</Location>
<Location "/meet/xmpp-websocket">
ProxyPass http://meet.mydomain.xx:5280
ProxyPassReverse http://meet.mydomain.xx:5280
</Location>
ErrorLog /var/www/meet/logs/error.log
CustomLog /var/www/meet/logs/access.log combined
SSLCertificateFile /etc/letsencrypt/live/acert.mydomain.xx/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/acert.mydomain.xx/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
When I load the page meet.mydomain.xx I get the following error:
"It works! Now your customer BOSH points to this URL to connect to
Prosody.
For more information see Prosody. Setting up BOSH "
But when I look at the /etc/prosody/conf.avail/meet.mydomain.xx.cfg.lua file, I notice that bosh is already enabled and the rest of the configuration is ok with what is explain here https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md
The log contains no errors.
If you have an idea to fix this problem I'm interested.
Second configuration that I tested:
<VirtualHost *:80>
ServerAdmin postmaster#mydomain.xx
ServerName meet.mydomain.xx
ServerAlias meet.mydomain.xx
DocumentRoot "/usr/share/jitsi-meet/"
SSLProxyEngine On
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/[a-zA-Z0-9]+$
RewriteRule ^/(.*)$ / [PT]
RewriteRule ^/http-bind$ https://meet.mydomain.xx:5281/http-bind [P,L]
ErrorLog /var/www/meet/logs/error.log
CustomLog /var/www/meet/logs/access.log combined
</Virtualhost>
With this setup the result seems better, I can see the home page of Jitsi meet but without the text, without the logo and when I click on the go button, nothing happend.
The log contains no errors.
So here I don't no really what to do. If someone have some advices or ideas, ​​thank you to share it !
Bye, thank you for reading
Gspohu

This works with FreeBSD 12.2-RELEASE, apache24-2.4.46,
particularly also with the jitsi client app on Android telephones.
I think it will answer your question.
As an additional tweak on our site: for https we use the non-standard port 444 (instead of usual 443).
I followed the very useful instructions of http://www.bobeager.uk/pdf/jitsi.pdf (Thanks for this!), but then, instead of nginx, I use apache, simple because it's running anyway on this server.
The apache config:
loaded modules in httpd.conf
LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
The apache VirtualServer config: Note the /index.html in RewriteRule!
<VirtualHost *:444>
ServerName meet.example.com:444
DocumentRoot "/usr/local/www/jitsi-meet"
ServerAdmin np#ibu.de
SSLEngine on
SSLProxyEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/meet.example.com/fullchain.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/meet.example.com/privkey.pem"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/[a-zA-Z0-9]+$
RewriteRule ^/([a-zA-Z0-9=?]+)$ /index.html
</IfModule>
<directory "/usr/local/www/jitsi-meet">
require all granted
Options +Includes
directoryindex index.html
AddOutputFilter Includes html
XBitHack on
</directory>
# BOSH
<location "/http-bind">
proxypass "http://localhost:5280/http-bind"
header set host "expr=%{HTTP_HOST}"
</location>
# XMPP websockets
<location "/xmpp-websocket">
proxypass "http://localhost:5280/xmpp-websocket"
header set host "expr=%{HTTP_HOST}"
header set x-forwarded-for "expr=%{REMOTE_ADDR}"
</location>
</VirtualHost>
Because of the XBitHack I did:
chmod +x /usr/local/www/jitsi-meet/*.html
not sure, whether this is necessary; but I think, it does not hurt.
Changes in /usr/local/www/jitsi-meet/config.js
Note: some values are set to domain only, others to domain+port
Misconfiguration here may cause javascript CORS errors in browser.
Check with firefox crtl-shift-I , console
var domainroot = 'meet.example.com'
var domainuri = domainroot+':444'
var config = {
hosts: {
domain: domainroot,
bridge: 'jitsi-videobridge.'+domainroot,
focus: 'focus.'+domainroot,
muc: 'conference.'+domainroot
},
// BOSH URL. FIXME: use XEP-0156 to discover it.
// bosh: '//jitsi-meet.example.com/http-bind',
bosh: '//'+domainuri+'/http-bind',
....

Related

Redirect specifc HTTPS request to a specific port with apache

I have a problem to redirect some request to an other port. Here's my configuration:
I have a public domain like XXXX.ddns.net
I have a Rapsbian server with apache and files in my /var/www folders are correctly served (angular website)
On the same Raspbian server there is a REST server running on the 3000 port
This is running on HTTPS with SSL(letsencrypt)
I would like that all requests to XXXX.ddns.net/api/* to be redirected to the 3000 port.
I change the .htaccess file and the rewrite rule seems to works on local but I can't make it working from my internet site. API requests achieve with a error 500.
Here is my current .htaccess file:
RewriteEngine On
RewriteRule ^api/(.*) https://localhost:3000/api/$1 [QSA]
# not sure if it should be http or https in the rule but nothing works
#RewriteRule ^api/(.*) http://localhost:3000/api/$1 [QSA]
# If an existing asset or directory is requested go to it as it is
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteRule ^ - [L]
# If the requested pattern is file and file doesn't exist, send 404
RewriteCond %{REQUEST_URI} ^(\/[a-z_\-\s0-9\.]+)+\.[a-zA-Z]{2,4}$
RewriteRule ^ - [L,R=404]
Here is my current 000-default-le-ssl.conf file (in /etc/apache2/sites-available):
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ServerName XXXX.ddns.net
SSLCertificateFile /etc/letsencrypt/live/XXXX.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXX.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<Location /api>
ProxyPass http://127.0.0.1:3000/api
ProxyPassReverse http://127.0.0.1:3000/api
</Location>
</VirtualHost>
</IfModule>
If someone could help me to achieve it...
Thanks!
Your self-found solution looks strange to me. You switch on the SSLProxyEngine and than disable all security measures. Is the backend API running under HTTPS and HTTP at port 3000 at the same time? This is not possible.
I use this setup (apache as proxy to backend application) pretty often and would suggest the following configuration:
As I did not understand the purpose of the rewrite directives I left them out. The VirtualHost at port 80 always redirects HTTP requests to HTTPS. If this works add permanent to the directive (permanent is cached by some browsers, see comment in VirtualHost *:80).
The VirtualHost for HTTPS serves content from your DocumentRoot at /var/www/html. The Directory directive takes care that only correctly addressed files are served (no lookups possible). The VirtualHost also provides the proxy for the /api on the same server on port 3000.
It should work for apache 2.4 if your letsencrypt configuration is correct (fill-in the XXXX). Both VirtualHost configurations can be written into a single file, usually located in /etc/apache2/sites-available with a symlink to /etc/apache2/sites-enabled. Please remove/rename your .htaccess file and other configurations before testing this configuration. If you need access control through apache this could also be configured directly in the VirtualHost configuration.
<VirtualHost *:80>
ServerName XXXX.ddns.net
# Always https
Redirect / https://XXXX.ddns.net/
# Redirect permanent / https://XXXX.ddns.net/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName XXXX.ddns.net
# These are your SSL settings; your responsibility
SSLCertificateFile /etc/letsencrypt/live/XXXX.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXX.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# Your document root; where the JavaScript application lives
DocumentRoot /var/www/html
<Directory /var/www/html/ >
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride None
Order Allow,Deny
Allow From All
</Directory>
# Reverse proxy settings for api
ProxyRequests Off
ProxyPreserveHost On
<Location /api >
ProxyPass http://127.0.0.1:3000/api
ProxyPassReverse http://127.0.0.1:3000/api
</Location>
</VirtualHost>
Thanks for your help. I don't really know how but it works now!
I dont rember exactly what i did, but the last one was to modify my 000-default-le-ssl.conf file like this:
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<Location /api>
ProxyPass http://127.0.0.1:3000/api/
ProxyPassReverse http://127.0.0.1:3000/api/
ProxyPass https://127.0.0.1:3000/api/
ProxyPassReverse https://127.0.0.1:3000/api/
</Location>

Apache 2.4 redirect https to another port

I'm a rookie, but I've struggled with this for some time and I am definitely doing something wrong.
We use Apache 2.4 as the front of our internal web pages.
When I try to forward a request to a port other than 80, it goes crazy and is redirected several times
http://demos.company.com/demos.company.com/demos.company.com/demos.company.com/demos.company.com/demos.company.com/demos.company.com/[...]/demos.company.com/WebApplicationFail
httpd.conf:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule ^(.*) %{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile "C:/Program Files/Apache24/conf/ssl/company.crt"
SSLCertificateKeyFile "C:/Program Files/Apache24/conf/ssl/company.key"
SSLCertificateChainFile "C:/Program Files/Apache24/conf/ssl/CA.pem"
# Proxy configuration
ProxyPreserveHost On
ProxyRequests Off
ServerName demos.company.com
ProxyPass /WebApplicationOK http://10.0.0.160/WebApplicationOK
ProxyPassReverse /WebApplicationOK http://10.0.0.160/WebApplicationOK
ProxyPass /WebApplicationFailRoute http://10.0.0.125:8000/WebApplicationFail
ProxyPassReverse /WebApplicationFailRoute http://10.0.0.125:8000/WebApplicationFail
</VirtualHost>
We need to maintain the redirection of every http request to https.
If possible, we need that the Internet address "https://demos.company.com/ThisContext" show the intranet web "http://10.0.0.125:8000/OtherContext".
Thanks in advance.
That's the problem with adding complex directives for trivial tasks.
You have a Virtualhost which uses port 80, why even check for SSL?, everything it will receive will not be SSL.
Also the rewrite directive is missing the scheme.
So just:
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R,L]
If you don't need to use variables, for variable host names I would go even simpler:
Redirect / https://whateverhost.example.com/
Rule to success in httpd: Go always with the most simple option.
I've got it, it simple actually. You just only add those lines for redirection from below to your ssl.conf I guess
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName XXXX.ddns.net
# These are your SSL settings; your responsibility
SSLCertificateFile /etc/letsencrypt/live/XXXX.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXX.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# Your document root; where the JavaScript application lives
DocumentRoot /var/www/html
<Directory /var/www/html/ >
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride None
Order Allow,Deny
Allow From All
</Directory>
# Reverse proxy settings for API (custom redirection https to specific port)
ProxyRequests Off
ProxyPreserveHost On
<Location /api >
ProxyPass http://127.0.0.1:3000/api
ProxyPassReverse http://127.0.0.1:3000/api
</Location>
</VirtualHost>

Enable PUT and DELETE methods on Apache 2.4

I'd like to enable on my Apache 2.4 under linux the PUT and DELETE methods. When clients try to invoke such methods I get a "405 Method Not Allowed" as answer.
On server side my PHP script handle such requests but it seems filtered by the server itself (that's makes the difference from the similar already answered question - Moreover other questions seems to refers to an old version of Apache).
Can I manage some configurations on .htaccess file or I have to modify the .conf files under /etc/apache2?
Thanks a lot.
Try the following changes on your server:
Open "/etc/httpd/conf/httpd.conf" and look for the following blocks:
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow Deny from all
</LimitExcept>
Then just add PUT and DELETE after PROPFIND. Then Restart httpd by "/sbin/service httpd restart" or service httpd restart.
Note: In some servers , mostly the ones with a control panel (DA,cPanel,..) you may change this file :/etc/httpd/conf/extra/httpd-directories.conf
I hope it solves your problem.
For Debian/Ubuntu.
In your conf:
<Location "/">
AllowMethods GET PUT
</Location>
In console:
sudo a2enmod allowmethods
sudo systemctl restart apache2.service
You can use allowmethods_module to enable that.
It's been available since apache version 2.3 but still experimental though.
<Location "/path/to/directory">
AllowMethods PUT DELETE
</Location>
I got the same error and the root cause is the redirects to https (80-443) are not occurring which one of the things are causing the docker client to fail while allowing the browser to work. I added below directives in Apache httpd (apache2) and it worked for me.
<VirtualHost *:80>
RedirectPermanent / https://%{SERVER_NAME}/
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
# General setup for the virtual host
ServerName example.org
ServerAdmin help#example.com
ErrorLog /tmp/error_log
SSLProxyEngine On
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyPass / http://<BackendIP>/ connectiontimeout=10 timeout=3600
ProxyPassReverse / http://<BackendIP>/
</VirtualHost>

Using go-websocket behind Apache mod_proxy_wstunnel

Note: Updated config and added trailing slash to websocket path. Still same problem
Is it possible to use go-websocket behind a Apache reverse proxy with mod_proxy_wstunnel?
I tried and failed to get things working.
I tried to use the Chat example behind an Apache reverse proxy (with mod_proxy_wstunnel enabled). And it doesn't work. The proxy is a success, while the websocket part does not work at all.
My Apache config looks similar to this:
<VirtualHost *:80>
DocumentRoot /var/www/foobar
ServerName foobar.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /ws/ ws://localhost:8080/ws/
ProxyPassReverse /ws/ ws://localhost:8080/ws/
ErrorLog logs/error_log-foobar
CustomLog logs/access_log-foobar common
LogLevel debug
</VirtualHost>
And of course I'm running the chat server on port 8080. I've tested it with SSH tunnel, and things work perfectly. Then I moved on to Apache.
The first time I tried, the javascript console complains this:
NetworkError: 403 Forbidden - http://foobar.com/ws/
The request seems to be stucked at the origin check.
Then I tried again after comment out the origin check, it get this:
NetworkError: 400 Bad Request - http://foobar.com/ws/
It seems the chat server do not get the upgrade request at all.
How should I debug this?
Where should I start looking?
Thanks everyone! After taking several advices above, I found the solution.
And for someone who might have similar issue, here is the solution to my question:
As Aralo suggested, trailing slash must be added to the WebSocket path (in my case: "/ws/"). It looks Apache will only handle WebSocket with a valid GET request.
James Henstridge was right. The order of ProxyPass relevant. ProxyPass of /ws/ must be put before the / line.
After consulting the Chat example code, I found an origin check in the function ServeWs() and removed.
Everything works now.
And thanks covener, reading logs does help.
I am using Go secure WebSocket (wss://) server behind Apache 2.4.18 on CentOS 7. Here are the settings:
Make sure the system has mod_proxy_wstunnel:
# find /usr/lib64/httpd/modules/ | grep ws
/usr/lib64/httpd/modules/mod_proxy_wstunnel.so
Add the following line in 00-proxy.conf:
# vim /etc/httpd/conf.modules.d/00-proxy.conf
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
Restart Apache:
# systemctl restart httpd
Check the setting:
# httpd -M | grep -iE 'proxy'
proxy_module (shared)
proxy_fcgi_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
Edit httpd-vhosts.conf:
# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:443>
ServerName go.mydomain.com:443
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine On
SSLCertificateFile "/etc/pki/tls/certs/mydomain.com/mydomain.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/mydomain.com/mydomain.key"
### The configured ProxyPass and ProxyPassMatch rules are checked
### in the order of configuration. The first rule that matches wins.
ProxyPassMatch ^/(ws(/.*)?)$ wss://192.168.0.1:443/$1
ProxyPass / https://192.168.0.1:443/
ProxyPassReverse / https://192.168.0.1:443/
ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerName go.mydomain.com:80
ProxyPreserveHost On
ProxyRequests off
###
ProxyPassMatch ^/(ws(/.*)?)$ ws://192.168.0.1:80/$1
ProxyPass / http://192.168.0.1:80/
ProxyPassReverse / http://192.168.0.1:80/
ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>

Apache2 ProxyPass for Rails App Gitlab

I am attempting to setup a proxy with Apache2 so that incoming requests to http://myipaddress.com go to http://localhost:3000/ where I have Gitlab ( a rails app ) running. The following is what I have in my Apache configuration file on Ubuntu 10.04. I can successfully access the gitlab default page initially, but any subsequent requests performed by me by clicking on other pages after that go to a 404 NOT FOUND page. I can manually enter /gitlab/ in front of any of these failed redirects and they work just fine. How can I make this work without having to rewrite /gitlab/ after each redirect request after the initial request?
## Setup a proxy which listens on the port that gitlabh does ( from start_server.sh )
ProxyRequests Off
ProxyPass /gitlab/ http://localhost:3000/
ProxyPassReverse /gitlab/ http://localhost:3000/
#DocumentRoot /home/gitlabhq/gitlabhq/public
<Proxy http://localhost:3000/>
Order deny,allow
Allow from all
</Proxy>
I understand that I could have the code below , which would solve my problem. But I don't know how to modify the prefix of the gitlab rails service. I'd really appreciate some help!
ProxyPass /gitlab/ http://localhost:3000/gitlab/
ProxyPassReverse /gitlab/ http://localhost:3000/gitlab/
UPDATE:
Thanks to Friek's comment I've come very close to solving this. Below is part of my http.conf file. The only problem is when I hit the home button or the logo on the gitlab app it attempts to redirect to gitlab/ which gives me the basic index.html file from Apache2 saying 'it works!'. How can I configure this to allow me to simply got /gitlab and it takes me to the root home view of gitlab?? Thanks!
## For Gitlab using Apache2 Passenger
## Install on Ubuntu by:
## sudo gem install passenger && sudo passenger-install-apache2-module
## but only after running the install_and_configure_git.py script
## and creating a soft link to the rails gitlab /public directory like so:
## sudo ln -s /home/gitlabhq/gitlabhq/public /var/www/gitlab
LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.13/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.13
PassengerRuby /usr/local/bin/ruby
<VirtualHost *:80>
ServerName gitlab
## Set the overall Document Root
DocumentRoot /var/www
<Directory /var/www>
Allow from all
</Directory>
## Set the Rails Base URI
RackBaseURI /gitlab
RailsBaseURI /gitlab
<Directory /var/www/gitlab>
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
I came across this gist that worked for me. In case it ever goes dead, I'll repost it.
unicorn config file
Edit file /home/gitlab/gitlab/config/unicorn.rb
Find line listen "#{app_dir}/tmp/sockets/gitlab.socket" and comment it. Uncomment line listen "127.0.0.1:8080"
required modules for apache
sudo a2enmod proxy
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
sudo a2enmod rewrite
/home/gitlab/gitlab/config/gitlab.conf
<VirtualHost *:80>
ServerName git.domain.com
# Point this to your public folder of teambox
DocumentRoot /home/gitlab/gitlab
RewriteEngine On
<Proxy balancer://unicornservers>
BalancerMember http://127.0.0.1:8080
</Proxy>
# Redirect all non-static requests to thin
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L]
ProxyPass / balancer://unicornservers/
ProxyPassReverse / balancer://unicornservers/
ProxyPreserveHost on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Custom log file locations
ErrorLog /var/log/apache2/gitlab_error.log
CustomLog /var/log/apache2/gitlab_access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName gitlab
## Set the overall Document Root
DocumentRoot /var/www
<Directory /var/www>
Allow from all
</Directory>
## Set the Rails Base URI
RackBaseURI /gitlab
RailsBaseURI /gitlab
<Directory /var/www/gitlab>
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
These settings in your httpd.conf or your sites config file should do., Please remove the reverse proxy settings if you have any and try, it will work.,
if you have below lines along with above config, please remove the below lines,
ProxyPass /gitlab/ http://localhost:3000/gitlab/
ProxyPassReverse /gitlab/ http://localhost:3000/gitlab/
Proxy on
Restart your webserver
service apache2 restart
This is in case someone new comes across this issue.
This helped me, notice the ProxyPassReverse lines. My full issue and resolution is at https://stackoverflow.com/a/22390543/3112527 .
<IfModule mod_ssl.c>
<VirtualHost *:443>
Servername gitlab.my_domain.com
ServerAdmin my_admin#my_domain.com
SSLCertificateFile /etc/apache2/ssl.crt/gitlab_my_domain.crt
SSLCertificateKeyFile /etc/apache2/ssl.crt/gitlab_my_domain_private.key
SSLCACertificateFile /etc/apache2/ssl.crt/gitlab.ca-bundle
##### All the other Apache SSL setup skipped here for StackOverflow ####
ProxyPreserveHost On
<Location />
# New authorization commands for apache 2.4 and up
# http://httpd.apache.org/docs/2.4/upgrading.html#access
Require all granted
# For relative URL root "host:your_gitlab_port/relative_root"
#ProxyPassReverse http://127.0.0.1:8085/gitlab
#ProxyPassReverse https://gitlab.my_domain.com/gitlab
# For non-relative URL root
ProxyPassReverse http://127.0.0.1:8085
ProxyPassReverse https://gitlab.my_domain.com/
</Location>
# apache equivalent of nginx try files
# http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
# https://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
RequestHeader set X_FORWARDED_PROTO 'https'
# needed for downloading attachments
DocumentRoot /home/git/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/apache2/gitlab-ssl_error.log
CustomLog /var/log/apache2/gitlab-ssl_forwarded.log common_forwarded
CustomLog /var/log/apache2/gitlab-ssl_access.log combined env=!dontlog
CustomLog /var/log/apache2/gitlab-ssl.log combined
</VirtualHost>
</IfModule>
(from https://github.com/gitlabhq/gitlab-recipes/blob/master/web-server/apache/gitlab-ssl-apache2.4.conf)
I ended up here while Googling for errors I encountered while setting up Rails + unicorn using Apache (on port 80) to proxy to unicorn (on port 3000). In case it's of use to anyone else, here's my config:
<VirtualHost example.com:80>
ServerAdmin webmaster#example.com
ServerName example.com
ServerAlias www.example.com
ProxyPreserveHost On
<Location />
Require all granted
ProxyPassReverse http://example.com:3000
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://example.com:3000%{REQUEST_URI} [P,QSA]
DocumentRoot /home/user/rails-dir/public
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
LogLevel warn
ErrorLog /home/user/rails-dir/log/apache-error.log
CustomLog /home/user/rails-dir/log/apache-access.log combined
</VirtualHost>
This question also troubles me quite a long time. It's fixed now.
The most helpful resource is from the Gitlab official document about using-a-non-bundled-web-server.
They also provide full workable recipe.
If you are using Apache version 2.4 or above, please use files
gitlab-apache24.conf or gitlab-ssl-apache24.conf for the HTTP and
HTTPS versions of the vhost repectively.
If you are using Apache version 2.2, please use files
gitlab-apache22.conf or gitlab-ssl-apache22.conf for the HTTP and
HTTPS versions of the vhost repectively.
The problem now simple to
Make sure you pick the right configuration file depending whether you
choose to serve GitLab with SSL or not. The only thing you need to
change is YOUR_SERVER_FQDN with your own FQDN and if you use SSL, the
location where your SSL keys currently reside. You also might need to
change the location of your log files.
to make sure the Apache2 version, use apache2 -version
If use HTTPS version, you may need to make sure your cert file is deployed correctly e.g. the files are placed consistent with recipe file specified.