how to load jsf application sits behind apache reverse proxy - apache

I have a jsf 2.x web app serving incoming requests behind apache reverse proxy server. The app name is "foo" hosted on tomcat server in which fqdn is "fooweb.com" and the reverse proxy server's fqdn is "barweb.com".
So I created foo_conf file in the proxy server having following directive:
<VirtualHost *:4443>
ServerName barweb.com
ProxyPass /foo https://fooweb.com:8443/foo
ProxyPassReverse /foo https://fooweb.com:8443/foo
</VirtualHost>
Three scenarios I observed after restarting the proxy server:
If I don't go through reverse proxy server, I have access to resources by entering url of "https://fooweb.com/foo/faces/index.xhtml"
If I go through the proxy server entering url of "https://barweb.com/foo" the server returns "http status 404 - /foo/" to a client.
If I fully specify resource and pass to the proxy server such as "https://barweb.com/foo/faces/index.xhtml" then I have access to resources just fine.
What I would like to achieve is entering "https://barweb.com/foo" would properly points to "https://barweb.com/foo/faces/index.xhtml". I'd appreciate your advice and guidance on this matter. Thank you!

Related

Does asp.net core kestrel need to run on https in production?

I am potentially planning to run asp.net core on linux behind an apache reverse proxy.
when running the asp.net core does it need to be running on https?
I can set apache https directive as follow - and when i access this from the browser it is working fine.
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ServerName app.domain.com
ServerAlias *.app.domain.com
ErrorLog ${APACHE_LOG_DIR}helloapp-error.log
CustomLog ${APACHE_LOG_DIR}helloapp-access.log common
Are there any issues with this?
In my opinion, if you has enabled the https on the apache and just use http redirect between the apache and the kestrel server, you could use http. Like this:
Brower --->https ---> Apache --> http ---> kestrel.
This will not causing the security issue. HTTPS helps prevent intruders from tampering with the communications between your websites and your users' browsers. Since if someone hack your server to capture the http request, he could also get your server's all information.

configuration proxy in httpd.conf

Good day,
As my understanding. Forward proxy is something like a middle man to help to do redirect.
For example, I have a web application, and I want to call a web services. And I want it to go through a proxy.
So it will become something like follow:
Application --> proxy server --> web services
However, I found something from internet which is I not understand. The proxy configuration is configure at httpd.conf.
<VirtualHost *:80>
ProxyPass / http://127.0.0.1:8080/
</VirtualHost>
As my understanding, this means that any request with "/" will direct to http://127.0.0.1:8080/.
I am start confuse here, this is something like doing redirect, is it anything related to proxy? If yes, where to put the proxy IP?
Kindly advise.
The proxy IP is already declared in the server block by declaring
<VirtualHost *:80>
It like saying tha on the local IP port 80, yu have a virtual server doing whatever is in the server block.
The difference between redirecting and proxying is that in redirect you are redirected to a different URL.
For example if you redirect the above, if you hit localhost:80 --->
localhost:8080
Check out the ProxyRemote directive for proxying remote if that's the matter.

How to configure domain server to static IP, Port and Application Name

Sorry if the question is not that clear.
To illustrate what I want to do, I will give an example:
Application Link:
http://123.123.123.123:8080/KagodPaMore/
Domain:
http://www.iyotbihagay.com/
I wanted my application to be accessed using the link:
http://www.iyotbihagay.com:8080/KagodPaMore/
Also, I wanted it to redirect to the link above whenever the user will enter the following links:
http://www.iyotbihagay.com:8080/
http://www.iyotbihagay.com/
I have no idea on how to implement this.
- My application is served in Amazon EC2
- My domain service is on only-domains (but I cannot see any port options there where I could set the port)
- My server is JBoss Wildfly utilizing port 8080
- I have apache web server installed using port 80 (but not used)
- My amazon server (virtual) is configured on Ubuntu 14.04
hope someone could guide me in the right direction since I do not know how I could set this.
TIA
Application Link:
http://123.123.123.123:8080/KagodPaMore/
Domain:
http://www.iyotbihagay.com/
Objective:
http://www.iyotbihagay.com/ OR http://www.iyotbihagay.com/KagodPaMore/
Processes or Steps done to solve the issue:
* Use Apache Virtual Host - Proxy for default port (80):
For ubuntu apache: You may edit the default site configuration (/etc/apache2/sites-available/000-default.conf).
Add Virtual Host for port 80 to serve as proxy for the port 8080 and KagodPaMore application.
<VirtualHost *:80>
ServerName localhost
ProxyPreserveHost On
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /KagodPaMore http://localhost:8080/KagodPaMore/
ProxyPassReverse /KagodPaMore http://localhost:8080/KagodPaMore/
ProxyPass / http://localhost:8080/KagodPaMore/
ProxyPassReverse / http://localhost:8080/KagodPaMore/
</VirtualHost>
Save changes on the site configuration.
Restart Apache 'sudo service apache2 restart'
Now, you may access the application using:
* http://localhost:8080/KagodPaMore/
* http://localhost:8080/
Note: Do this on the server (123.123.123.123).
With this, you access the server like
'http://123.123.123.123/' it will be pointed to 'http://123.123.123.123:8080/KagodPaMore/' Or Locally like 'http://localhost/' it will be pointed to 'http://localhost:8080/KagodPaMore/'
Set your Domain Server's Main Address (Example: OnlyDomains) to '123.123.123.123'.
This is if you will use the domain server's own NS Servers.
For OnlyDomains, edit 'iyotbihagay.com' zone records and set
'#' - A Record -> '123.123.123.123'
'www' - A Record -> '123.123.123.123'
If you will delegate your own NS Server, make sure that you set your NS servers to point to '123.123.123.123'.
This way, you can I can access my web application by:
http://www.iyotbihagay.com/ or http://www.iyotbihagay.com/KagodPaMore/
Good Luck!
You can do:
Map your domain name to IP address, i.e. create A record www.iyotbihagay.com to 123.123.123.123. No need to specify port in here.
If you use Elastic Load Balancer (ELB), you can create a CNAME record to your ELB endpoint.
Configure Apache to accept request from port 80 and redirect it to port 8080. You can use mod_alias or mod_rewrite.
For the same thing, you need to configure JBoss Wildfly to rewrite/redirect the URL. (disclaimer: I'm not familiar with JBoss Wildfly)
Ensure to allow ingress to port 80 and 8080 on your Security Group.

Serve http server behind an Apache https Proxy

It seems that it is possible to get Apache server to Proxy and Manage SSL handshake on https requests and service them as 'http' thru another server behind it.
I have configured an apache server for ProxyPass using following configuration
SSLProxyEngine On
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/
I am able to get all all traffic to the apache server that is listening to port 8080 direct and serve by the localhost:8081 server so
http://localhost:8080/hi is being correctly served by http://localhost:8081/hi
However the following does not work :
http**s**://localhost:8080/hi to be served by http://localhost:8081/hi
Apache is trying to pass the https:// traffic to the 8081 server, without managing the SSL handshake.
Your Apache listener on port 8080 is an http listener, not an https listener. You can't handle both types of traffic on the same port. If you want to handle SSL traffic, you'll need to set up a new context on another port with SSLEngine On and all the other normal SSL configuration (certificate, key, etc).
This question has one version of this configuration.
Also this post.

Doing a proxy pass server on apache to tomcat+liferay

I have three sites hosted on liferay, and they use only one portal instance, therefore only one tomcat host.
I configured the virtual host properties on liferay, so when I type www.domain1.com, it goes to the right site.
However, when I type domain1.com, without the www prefix, it goes to the default liferay site.
One solution that I got was to do a proxy and rewrite server with apache 2, with mod_proxy_http and mod_rewrite modules.
The sites like domain1.com are rewritten to www.domain1.com, and I do a proxy pass like this:
ProxyPass / http://localhost:8085
ProxyPassReverse / http://localhost:8085
The tomcat server listens to the 8085 port, and apache listens to 8080.
But when the proxy pass goes on, I get a 403 - forbidden status.
I don't have a site hosted on apache, and I think that's why I got this status.
But I don't want to have any sites on apache, because the sites are on tomcat.
Is there a way to do this proxy setup without hosting a site on apache? Or maybe hosting a
"dummy" site, just to get the proxypass to work.
Specs:
Liferay 6.1
, Tomcat 7.0.27
, Apache 2.x
, Ubuntu Server 12.04
Best Regards!
Guilherme
try it without "/"
ProxyPass http://localhost:8085
ProxyPassReverse http://localhost:8085
or, maybe, you can do it with tomcat configuration: http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Host_Name_Aliases