GitLab and ISPConfig 3 issue - apache

I have a website managed with ISPConfig 3 on a VPS running Debian 8 and Apache.
The website is accessible via domain.ee but I want to get my GitLab running (on the same time) on git.domain.ee
But when I installed GitLab and runned it, he overwrited ISPConfig and started to run on git.domain.ee AND domain.ee (and all the others adresses pointing to my VPS)
Here is my gitlab.rb config:
external_url 'http://git.domain.ee'
unicorn['port'] = 8080
web_server['external_users'] = ['www-data']
And here is my gitlab.conf runned by apache:
<VirtualHost *:80>
ServerName git.domain.ee
ServerSignature Off
ProxyPreserveHost On
<Location />
Order deny,allow
Allow from all
ProxyPassReverse http://127.0.0.1:8080
ProxyPassReverse http://git.domain.ee/
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
</VirtualHost>
Obviously domain.ee is replaced with my real domain name.

let git run on localhost:8080 and configure apache as reverse proxy
like so:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ProxyVia Off
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://127.0.0.1:8080
ProxyPassReverse / http://127.0.0.1:8080
</VirtualHost>
you can add the other rules as you need them

Related

Try to setup jitsi behind a apache2 reverse proxy

Iam using a ubuntu 18.04 linux VM as a reverse proxy to forward https subdomains to intern targets f.e. guacamole.mydomain.com and jitsi.mydomain.com.
Each system is a seperate linux VM.
public ip --> web reverse proxy 192.168.2.10 --> guacamole.mydomain.com 192.168.2.20 and jitsi.mydomain.com 192.168.2.30
guacamole is working as expected but iam facing some issues with fowarding https to jitsi.mydomain.com.
All other ports are directly forwarded to jitsi without a proxy.
i created two conf files in /etc/apache2/sites-enabled one for jitsi and one for guacamole and generated a lets encrypt cert with certbot --apache.
When i try to open jits.mydomain.com from outside, i get the following Error: ERR_TOO_MANY_REDIRECTS.
Within the network jitsi is reachable via https, so what did i miss?
unfortunately iam not very familiar with proxy and apache.
thanks in advance guys.
jitsi.conf
<VirtualHost *:80>
ServerName jitsi.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.2.30:80/
ProxyPassReverse / http://192.168.2.30:80/
RewriteEngine on
RewriteCond %{SERVER_NAME} =jitsi.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
jitsi-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName jitsi.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.2.30:80/
ProxyPassReverse / http://192.168.2.30:80/
SSLCertificateFile /etc/letsencrypt/live/jitsi.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jitsi.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
guacamole.conf
<VirtualHost *:80>
ServerName guacamole.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
<Location />
Order allow,deny
Allow from all
ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
ProxyPassReverse http://192.168.2.20:8080/guacamole/
ProxyPassReverseCookiePath /guacamole /
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
</Location>
SetEnvIf Request_URI "^/tunnel" dontlog
CustomLog /var/log/apache2/guac.log common env=!dontlog
RewriteEngine on
RewriteCond %{SERVER_NAME} =guacamole.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
guacamole-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName guacamole.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
<Location />
Order allow,deny
Allow from all
ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
ProxyPassReverse http://192.168.2.20:8080/guacamole/
ProxyPassReverseCookiePath /guacamole /
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
</Location>
SetEnvIf Request_URI "^/tunnel" dontlog
CustomLog /var/log/apache2/guac.log common env=!dontlog
SSLCertificateFile /etc/letsencrypt/live/guacamole.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/guacamole.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Just stumbled upon your question while looking for a solution of a different problem on Jitsi but I think you'll find a useful solution in this page:
https://debamax.com/blog/2020/03/18/installing-jitsi-behind-a-reverse-proxy/
It's not my solution. I'm just trying to help.
Cheers

Proxy pass an application from a different machine to an apache web server

I have three applications running, 2 on local machine/server where Apache is installed and 1 on a different machine/server.
I am using Apache2.4 on Ubuntu 18.04
application 1(yii) = 127.0.0.1:80
application 2(mantis bt) = 127.0.0.1:8080
application 3(yii) = 192.168.X.X:80
I want to configure my apache web server to host the three applications on https. I proxy pass both app2 and app3.
app2 = /app2 http://127.0.0.1:8080
app3 = /app3 http://192.168.X.X
app1 can be accessed successfully without error,
app2 and app3 can be accessed but .css, .js and other files cannot be found and error 404.
Note: I can access all three apps when not on proxy pass.
also it is possible to host the three apps and have a url like the following:
https://app1.example
https://app2.example
https://app2.example
I am new to apache. Please help me.
Configure apache virtual host as a below configuration
For app2
<Virtualhost *:80>
ServerName app2.domain.com
ServerAdmin youremail#email.com
ProxyPass http://127.0.0.1:8080/
ProxyPassReverse http://127.0.0.1:8080/
</Virtualhost *:80>
For app3
<Virtualhost *:80>
ServerName app3.domain.com
ServerAdmin youremail#email.com
ProxyPass http://192.168.X.X/
ProxyPassReverse http://192.168.X.X/
</Virtualhost *:80>
Create a separate virtual host for both domains.
After creating virtual host restart apache
service apache2 restart
It's working for me, I hope it will be worked for you and load .css, .js and other files.
If you want to redirect aap3 to https, then your final virtual host file will be like below configuration:
<Virtualhost *:80>
ServerName app2.domain.com
ServerAdmin youremail#email.com
ProxyPass http://127.0.0.1:8080/
ProxyPassReverse http://127.0.0.1:8080/
</Virtualhost *:80>
<Virtualhost *:80>
ServerName app3.domain.com
Redirect / https://app3.domain.com/
</Virtualhost *:80>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName app3.domain.com
ServerAdmin youremail#email.com
ProxyPass http://192.168.X.X/
ProxyPassReverse http://192.168.X.X/
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias app3.domain.com
SSLCertificateFile /etc/letsencrypt/live/app3.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/app3.domain.com/privkey.pem
</VirtualHost>
</IfModule>
Please check my config below:
DocumentRoot /var/www/html/app1
ErrorLog /var/log/httpd/app1_log
LogLevel debug
<Directory /var/www/html/app1>
AllowOverride none
Order allow,deny
Allow from all
RewriteCond %{ENV:REDIRECT_STATUS} ^$
# use mod_rewrite for pretty URL support
RewriteEngine on
# If a directory or a file exists, use the request directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Otherwise forward the request to index.php
RewriteRule . index.php
</Directory>
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
<Location /app2>
ProxyPass http://127.0.0.1:8080/login_page.php
ProxyPassReverse http://1127.0.0.1:8080/login_page.php
SetEnv proxy-sendchunks 1
</Location>
<Location /app3>
ProxyPass http://192.168.X.X/
ProxyPassReverse http://192.168.X.X/
SetEnv proxy-sendchunks 1
</Location>
<Location /static/>
ProxyPass !
</Location>
</VirtualHost>
<VirtualHost *:443>
SSL Configuration
</VirtualHost>

Apache2: reverse proxy subdomain to remote address with port and subfolder?

On my Ubuntu server, I have installed Odoo at http://localhost:8069; Odoo is a Python application, and serves through a Python server.
When http://localhost:8069 is opened first, Odoo checks for currently logged in user; if there is none, it redirects to http://localhost:8069/web/login ; if there is a logged in user, it redirects to http://localhost:8069/web.
I would thus like to make http://localhost:8069/web available on a subdomain, say http://odoo.myserver.com - so the user does not have to be distracted by the port (the :8069 part) and the subfolder (the /web part). In other words, the user should get the login page as http://odoo.myserver.com/login (instead of http://localhost:8069/web/login).
In my case, http://odoo.myserver.com is on the same computer as the one serving Odoo. So, I thought I'd try a reverse proxy in Apache2 for this. This is my subdomain configuration as a virtual host:
<VirtualHost *:80>
ServerName odoo.myserver.com
ServerAdmin info#myserver.com
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
<Location />
ProxyPass http://127.0.0.1:8069/web/
ProxyPassReverse http://127.0.0.1:8069/web/
</Location>
ProxyErrorOverride off
</VirtualHost>
When I have this active, and load http://odoo.myserver.com in my browser for the first time, I am redirected to http://odoo.myserver.com/web/login, and I get an Odoo styled 404 "Page not found" page.
If I try without a Location tag, and I map /web local to /web remote:
<VirtualHost *:80>
ServerName odoo.myserver.com
ServerAdmin info#myserver.com
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /web/ http://127.0.0.1:8069/web/
ProxyPassReverse /web/ http://127.0.0.1:8069/web/
ProxyErrorOverride off
</VirtualHost>
... then http://odoo.myserver.com simply gives me the default Apache page, and http://odoo.myserver.com/web/ does redirect to http://odoo.myserver.com/web/login (and something similar happens when I map as ProxyPass(Reverse) / http://127.0.0.1:8069/web/) - but this is not what I want.
EDIT: Closest I got to, was by following https://serverfault.com/questions/698995/apache-proxypass-redirect-subdomain-to-port-and-path :
<VirtualHost *:80>
ServerName odoo.myserver.com
ServerAdmin info#myserver.com
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8069/
ProxyPassReverse / http://127.0.0.1:8069/
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/web
RewriteRule ^/$ /web/$1 [R,L]
ProxyErrorOverride off
</VirtualHost>
... in which case, when I load http://odoo.myserver.com in my browser, I'm redirected to http://odoo.myserver.com/web/login, and I get a proper Odoo login page. Close enough, but still not there, because the /web part is still visible.
So, how would it be possible to proxy in such a way, that when:
User loads http://odoo.myserver.com - gets http://127.0.0.1:8069/web
User loads http://odoo.myserver.com/login - gets http://127.0.0.1:8069/web/login
...?
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName odoo.myserver.com
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /login>
ProxyPass / http://127.0.0.1:8069/web/login
ProxyPassReverse / http://127.0.0.1:8069/web/login
</Location>
<Location />
ProxyPass / http://127.0.0.1:8069/web
ProxyPassReverse / http://127.0.0.1:8069/web
</Location>
</VirtualHost>
Try this config

Apache 2.2 to 2.4 too many redirects

I have an old server which uses httpd 2.2 and this configuration works fine redirecting HTTP requests to HTTPS.
Moving to CentOS and upgrading to httpd 2.4 the existing configuration causes a too many redirects to occur.
<VirtualHost _default_:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost _default_:443>
SSLEngine on
... SSL Setup ...
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>
I'm using tomcat which is listening on port 8009 internally, I'm not sure why is it happening.
SUGGESTED
The ProxyPassReverse directive doesn't work well with ajp.
Switch to HTTP/HTTPS
Remove the ProxyPassReverse directive
Validate you have set RemoteIPHeader X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port and X-Forwarded-Proto appropriately as well

Use modreverseproxy only if cookie is found

I have a site, lets call it example.com which is hosted on an Apache server listening in on port 80. I also am using modproxy at the moment to send traffic to another server that is listening in on port 8000. How can I only allow the traffic to be proxied if a PHPSESSID cookie is found? Here is my conf settings for the moment.
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ProxyPass /private http://localhost:8000
ProxyPassReverse /private http://localhost:8000/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
Some other things that I am also trying are:
<Proxy *>
Allow from all
</Proxy>
RewriteEngine On
RewriteRule %{HTTP_COOKIE} ^.*PHPSESSID.*$ [NC]
RewriteRule /private http://localhost:8000/$1 [P,L]