Well, I looked everywhere I could, but if some know where I could find a solution, sorry for asking once again the question.
We are looking to implement this solution :
HTTP client -> Apache 2.4 Reverse Proxy -> HTTP Server => Works OK
HTTPS client -> Apache 2.4 Reverse Proxy -> HTTPS Server => Works OK
But, when the HTTPS server replies with a "302" redirection header, the server name in the header is not translated to the client-side known server name. So, the client fail to connect, due to a DNS error.
We can't add the backend server name in the DNS, so we need that solution to work.
Important notice: the same works in HTTP. It means that when the server reply is a "302" redirection header in HTTP, there's no problem. It works even if the target of the redirection is a HTTPS link. So what is not working is redirecting from HTTPS to HTTPS.
The backend webserver is Tomcat.
The problem is: in HTTPS header, the redirection URL is "https://[backendname]/something.html" but we expect it to be "https://[servername]/something.html"
We've checked that we have no error in log file (error level set to "debug").
Here is our virtual site configuration:
<VirtualHost [reverse proxy IP]:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile D:/Apache24/ssl/certs/servername.cer
SSLCertificateKeyFile D:/Apache24/ssl/private/servername.key
ServerName [servername]
ProxyPass / https://[backendname]:443/
ProxyPassReverseCookiePath / https://[backendname]:443/
ProxyPassReverse / https://[backendname]:443/
SetOutputFilter proxy-html
ProxyHTMLEnable On
ProxyHTMLURLMap https://[backendname] https://[servername]
ErrorLog D:/Apache24/logs/custom/[servername]_error.log
CustomLog D:/Apache24/logs/custom/[servername]_access.log combined
SetEnv nokeepalive ssl-unclean-shutdown
</VirtualHost>
Problem related Apache activated modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule xml2enc_module modules/mod_xml2enc.so
So, any help to make this work will be greatly appreciated.
Thanks.
Here is the working solution, as suggested by Michael Akerman
disable caching
write new instruction: ProxyPassReverse https://[backend]/
Thanks for your help
Related
i have a single payara instance. have been able to configure request forwarding from my apache web server to my payara. however upon every reload of a page using the actual domain url i have, the session gets recreated hence losing any attributes stored in the session from the previous request. However, same does not occur when i access my application via the ipaddress instead of the domain name
i am using a centos8 vps. didnt find mod_session as part of the modules in the /etc/httpd/modules folders so i installed using
yum install mod_sessions
and after running successfully checked and they were now in the modules folder. so i then edited the /etc/httpd/conf.modules.d/01-session.conf with the following lines
**LoadModule session_module modules/mod_session.so
LoadModule request_module modules/mod_request.so
LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule auth_form_module modules/mod_auth_form.so
LoadModule session_crypto_module modules/mod_session_crypto.so**
and then restarted the apache httpd server.
however, still doesn't work. visiting the webpage via the domain name recreates a new session at every request.
this is my current virtual host file setting
<VirtualHost *:80>
ServerName www.someapp.com
ServerAlias someapp.com
Session On
SessionEnv On
SessionCookieName session path=/
ProxyPreserveHost On
ProxyPass / http://localhost:8080/someapp/
ProxyPassReverse / http://localhost:8080/someapp/
RewriteEngine On
RewriteRule "^/someapp/?$" "home.jsp" [NC]
#RewriteRule ^/someapp/(.*)$ /$1 [NC]
</VirtualHost>
NOTE: someapp is not the name of the real app. just using that name in this example but u get the idea
i really need help. am unable to make login pages on my website work because once i enter the login details and after validation the user is set in the session, upon redirecting or making another request, new session gets created and i lose the user and am back to the login screen again of my application. please i need help
So for anyone facing this same problem as i did, the answer was to introduce the ProxyPassReverseCookiePath in the VirtualHost config file in the apache httpd conf files such that now your VirtualHost looks something like this:
<VirtualHost *:80>
ServerName www.someapp.com
ServerAlias someapp.com
Session On
SessionEnv On
SessionCookieName session path=/
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/someapp/
ProxyPassReverse / http://localhost:8080/someapp/
ProxyPassReverseCookiePath / http://localhost:8080/someapp/
</VirtualHost>
Also, major thank you to the similar issue solved on How to configure apache-vhost.conf file for getting Session value from Java
I have an apache reverse proxy setup from where I am redirecting to a completely different URL. The destination URL is a cloud-hosted service different from the Apache installation location. The redirect is happening properly. But how do I preserve the original URL and mask this new cloud-hosted URL?
This is my apache httpd.conf on Oracle Linux
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyRequests Off
<VirtualHost *:80>
ProxyPreserveHost On
ServerName xxx.xxx.xx.xx:80
ServerAlias https://sample-url.cloud.com/
Redirect / https://sample-url.cloud.com/
</VirtualHost>
How to achieve this.
I am new to openshift and i am trying to customize apache config.
I want to add virtual host to openshift.conf.
LoadModule perl_module modules/mod_perl.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Listen localhost:8080
<VirtualHost *:8080>
ServerName somehost
ProxyPass / somehost:8000/ keepalive=On
ProxyPassReverse / somehost:8000/
RequestHeader set X-Forwarded-HTTPS "0"
</VirtualHost>
You can not add a virtual host to the apache config. You would have to use the DIY cartridge or build a custom apache cartridge. If you can give more details on what exactly you are trying to accomplish (looks like a reverse proxy of some type), then maybe we can offer a suggestion, also, we do not allow proxies on openshift.
Note: Updated config and added trailing slash to websocket path. Still same problem
Is it possible to use go-websocket behind a Apache reverse proxy with mod_proxy_wstunnel?
I tried and failed to get things working.
I tried to use the Chat example behind an Apache reverse proxy (with mod_proxy_wstunnel enabled). And it doesn't work. The proxy is a success, while the websocket part does not work at all.
My Apache config looks similar to this:
<VirtualHost *:80>
DocumentRoot /var/www/foobar
ServerName foobar.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /ws/ ws://localhost:8080/ws/
ProxyPassReverse /ws/ ws://localhost:8080/ws/
ErrorLog logs/error_log-foobar
CustomLog logs/access_log-foobar common
LogLevel debug
</VirtualHost>
And of course I'm running the chat server on port 8080. I've tested it with SSH tunnel, and things work perfectly. Then I moved on to Apache.
The first time I tried, the javascript console complains this:
NetworkError: 403 Forbidden - http://foobar.com/ws/
The request seems to be stucked at the origin check.
Then I tried again after comment out the origin check, it get this:
NetworkError: 400 Bad Request - http://foobar.com/ws/
It seems the chat server do not get the upgrade request at all.
How should I debug this?
Where should I start looking?
Thanks everyone! After taking several advices above, I found the solution.
And for someone who might have similar issue, here is the solution to my question:
As Aralo suggested, trailing slash must be added to the WebSocket path (in my case: "/ws/"). It looks Apache will only handle WebSocket with a valid GET request.
James Henstridge was right. The order of ProxyPass relevant. ProxyPass of /ws/ must be put before the / line.
After consulting the Chat example code, I found an origin check in the function ServeWs() and removed.
Everything works now.
And thanks covener, reading logs does help.
I am using Go secure WebSocket (wss://) server behind Apache 2.4.18 on CentOS 7. Here are the settings:
Make sure the system has mod_proxy_wstunnel:
# find /usr/lib64/httpd/modules/ | grep ws
/usr/lib64/httpd/modules/mod_proxy_wstunnel.so
Add the following line in 00-proxy.conf:
# vim /etc/httpd/conf.modules.d/00-proxy.conf
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
Restart Apache:
# systemctl restart httpd
Check the setting:
# httpd -M | grep -iE 'proxy'
proxy_module (shared)
proxy_fcgi_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
Edit httpd-vhosts.conf:
# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:443>
ServerName go.mydomain.com:443
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine On
SSLCertificateFile "/etc/pki/tls/certs/mydomain.com/mydomain.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/mydomain.com/mydomain.key"
### The configured ProxyPass and ProxyPassMatch rules are checked
### in the order of configuration. The first rule that matches wins.
ProxyPassMatch ^/(ws(/.*)?)$ wss://192.168.0.1:443/$1
ProxyPass / https://192.168.0.1:443/
ProxyPassReverse / https://192.168.0.1:443/
ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerName go.mydomain.com:80
ProxyPreserveHost On
ProxyRequests off
###
ProxyPassMatch ^/(ws(/.*)?)$ ws://192.168.0.1:80/$1
ProxyPass / http://192.168.0.1:80/
ProxyPassReverse / http://192.168.0.1:80/
ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>
I'm pretty new to Apache HTTP, and sysadmin-ing in general, so i have this question
I have a domain (www.doamin.com) with an Apache listening to port 80,
also I have an Apache Tomcat on the same domain configured to port 8080.
Is there a way to configure a subdomain (i.e, tomcat.domain.com)
so it will redirect into my tomcat specific application,
so user can access applications through app1.domain.com and app2.domain.com (and it will be served by Tomcat)?
I've seen a lot of mentioning to
mod_jk
and
mod_proxy
but all of the post assumed prior knowledge with Apache.
can someone walk me thorugh?
Many thanks, -PK.
mod_jk is outdated. It is recomended to use mod_proxy (mod_proxy_http or mod_proxy_ajp) to connect forward requests to your apache server to the tomcat.
define a virtual host in your apache config
create a proxy directive that forwards your requests to tomcat
Maybe this SO question give you some hints.
You can define two virtual hosts (app1.domain.tld and app2.domain.tld) that have proxy definitions for their designated apps. Example for app1:
<VirtualHost *:80>
ServerName app1.domain.tld
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/app1
ProxyPassReverse / http://localhost:8080/app1
</VirtualHost>
while Magomi was almost right,
Presenting an exact way to do it.
Add your subdomain to the DNS server
integrate *mod_proxy* into httpf.conf :
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
define two virtual hosts as following
NameVirtualHost *:80
<VirtualHost *:80>
ServerName application.domain.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://www.domain.com:8080/application/
ProxyPassReverse / http://www.domain.com:8080/application/
</VirtualHost>
<VirtualHost *:80>
DocumentRoot C:\<pathToApache>\www
ServerName www.domain.com
</VirtualHost>
This will direct your site (www.domain.com) to your Apache HTTP server, and redirect all calls to Application to the Tomcat.
Hope this Helps,
-PK