I Have configured Both Apache and Wildfly to use AJP in order to achieve the Proxy so i can produce Access-logs
Acccess Logs are Enabled from management profile of Wildfly
Port is listening on 8009
Apache has a Virtual Host listening on port 80
configured with the ProxyPass command.
Access Pattern is configured
and the result is receiving logs that have been proxied but not the original client ip is diplayed but only the loopback of 127.0.0.1
So am asking about a way to reveal the client Ip that requests the Apache Server.
syntax is okay and %a does display the 127.0.0.1
Thanks!
I have tried multiple access patterns (%a,%h,{i,xxx}...
I have tried both X-Forward-For ,X-Forwarded-For on Apache PreserveHost On etc..
I have tried tcpdump the port 8009 receiving 0 packets on the monitoring
UPD Provider's fault
I think I have read all the instructions and have done everything I could, but it still doesn't work :(
List of things I have done so far:
in httpd.conf file of the Apache server:
ServerName 192.168.0.102:8080
...
# onlineoffline tag - don't remove
Require all granted
...
Listen 0.0.0.0:8080
Listen [::0]:8080
Then I have the following result:
C:\Users\Sam>netstat -na | find ":8080"
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP [::]:8080 [::]:0 LISTENING
So, I guess, no firewall interruptions..
Then I have forwarded the thing in my TL-WR842ND router as follows:
In DHCP I set static local IP of 192.168.0.102 to my MAC and forwarded port 8080 to that IP. Then I rebooted the router but the port is still closed.
I can access WAMP though localhost:8080, through 192.168.0.102:8080, but cannot access remotely through the public IP. I also tried to set DMZ to 192.168.0.102 but that also had no impact. I called my provider and they said that they allow port forwarding and the problem must be on my side. pls help :(
Turns out, I have a common IP address with multiple other users and I have to pay extra to my provider in order to be able to expose services to the outside. I believe that is called a non-routable IP address.
You can read about it here
I recently installed an SSL certificate on my Amazon EC2 Ubuntu 12.04(32bit) server running Apache 2.
When I attempt to access my site via https, it does not load. When I perform an nmap scan, i see that port 443 is not open.
I tried to open port 443 in my ip tables to no avail. iptables -L yeilds
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
Here's how I installed ssl
I modified /etc/init.d/apache2.conf to include ssl.conf and modified ssl.conf to include the requisite
paths of my certificate files, ie
SSLCertificateFile /path/file
SSLCertificateKeyFile /path/file
SSLCertificateChainFile /path/file
I configured my security group to allow inbound requests from port 443 (TCP source:0.0.0.0/0)
When I perform the following test with php
if (!extension_loaded('openssl'))
{
echo "not loaded";
}
else
{
echo "loaded" ;
}
I get "loaded".
Any ideas?
In httpd-ssl.conf, do you have
Listen 443
If not, try adding that, and restarting apache.
First check if mod_ssl is enabled. If not, enable it by running a2enmod ssl. Then check if Apache is listening on port 443 for https. Then check if the firewall is not blocking port 443.
If anyone else finds this and is using Amazon Lightsail (like me), you have to use their web UI to explicitly open port 443.
I spent hours pouring over my server config files before I discovered that :/
In httpd.conf the following is disabled by default:
# Secure (SSL/TLS) connections
# Include conf/extra/httpd-ssl.conf
Simply remove the # from the Include and restart Apache.
If you can connect locally (e.g. with telnet localhost 443 as mti suggests), check if the firewall is configured properly.
In my case, ufw was blocking everything, so I had to ufw allow 443 which fixed the underlying problem to the same symptom.
I just ran into a situation where there was a process listening on port 443, the firewall was completely open, SELinux was disabled, and I still couldn't telnet to port 443. Not even from the localhost. I kept getting:
telnet 127.0.0.1 443
telnet: connect to address 127.0.0.1: Connection refused`
It turns out the iptables NAT table had some rules redirect traffic coming in on port 443 to a different port (8443). Nothing was listening on port 8443.
# iptables --table nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 8443
Removing the relevant NAT entries fixed the problem for me.
For me it's the stupid Chrome cache. Ctrl + Shift + Del to clear the cache, restart Chrome, and SSL is correctly working now.
If the SSL keys are not set (or were inexplicably commented out by gremlins), Apache 2.2 SSL will silently fail. There will be no error in the log, and it will not be listening to 443. The http:80 sites will work.
First, Check processes on port "80" and "443" sudo netstat -peanut | grep ':80' and *sudo netstat -peanut | grep ':443'* .If 443 is has no process then this would help:
Editing the Apache configuration file to serve the cert works well.
Use the command sudo certbot --apache
You are good
Sometimes an iptables -F works. I had the port 443 open for inbound in Amazon, but still the site was not opening in my browser.
Logged on to the site, gave an iptables -F and immediately the site was accessible.
I have a wildcard ssl cert for domain "www.abc.com", which running on Apache and using port 80 for http & port 443 for https.
Now, I would like to add a new domain "www2.abc.com", which running on Tomcat and using port 8080 for http & port 443 for https.
Is there any conflicts if I use both on port 443?
Many thanks.
Well, technically you can't have tomcat and apache listen on 443 at the same time. You could have Apache forward requests to tomcat and handle the encryption. Look up mod_jk, mod_proxy or mod_proxy_ajp for how to do this.
Once you do this, you can have multiple <VirtualHost> declarations for port 443 on Apache. If they all use the same wildcard certificate for *.abc.com this will work fine.
With this scenario, tomat probably won't be configured to do ssl at all. I'm recommending to use the protocol ajp (not http) for the forwarding part, as this will forward all necessary information about the nature of the connection to tomcat.
Is there any conflicts if I use both on port 443?
yes, you can't set two or more applications to listen on a same port at the same time.
Currently, I am running a website which is running on Tomcat which has Apache in front and varnish for caching. Tomcat is running on port 8080 and port 81 is used as varnish back end. I need to implement a feature for which I need to know the IP address of the client's machine visiting the website. I've tried to access the IP address by the header X-FORWARDED-FOR.
When the website is accessed from port 81 (i.e. http://mywebsite.com:81/) I can get the IP address of the client's machine but unfortunately when accessing through default port 80 (i.e. http://mywebsite.com/) it's returning the localhost IP address (127.0.0.1). Can anyone suggest what can be the worked around to get the user's real IP address from port 80 as well?
Your setup, if I understood correctly, is as follows:
Varnish (port 80) -> Apache (port 81) -> Tomcat (port 8080)
And you would like the actual remote IP to show up as REMOTE_ADDR on the Tomcat server.
Varnish appends X-Forwarded-For header by default, so that's already sorted. To get Apache to pass the actual remote IP to Tomcat, you should install reverse proxy add forward module for Apache (mod_rpaf). mod_rpaf does exactly what you're looking for. The appropriate config for Apache would be:
<IfModule !rpaf_module>
LoadModule rpaf_module modules/mod_rpaf-2.0.so
</IfModule>
<IfModule rpaf_module>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
RPAFheader X-Forwarded-For
</IfModule>
After enabling the module Tomcat should see the correct REMOTE_ADDR header as well as the HTTP_X_FORWARDED_FOR header.