Apache: Rewrite then Proxy - apache

So, I have two servers, let's call them nice#server and a#another#server
nice#server is what clients will talk to and is running Apache2 performing basic reverse proxy for simple services, a#another#server hosts a proprietary application server on port . I need to completely rewrite two url's before they get passed through, but just add a folder to all other URLs.
Some Examples below:
User Requests: nice#server/
Apache requests a#another#server:8080/appname
User Requests: nice#server/css#css
Apache requests a#another#server:8080/appname/css#css
User Requests: nice#server/a
Apache requests a#another#server:8080/appname/command1?name=option1
User Requests: nice#server/b
Apache requests a#another#server:8080/appname/app2?name=option2
I have done a lot of Googling and test on this but cannot seem to get it to work, sorry I've not kept the links that i've tried!!! I have stripped the vHost file right back down for now.
<VirtualHost *:80>
ServerName service#domain#com
ErrorLog ${APACHE_LOG_DIR}/service-domain-com-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/service-domain-com-access.log combined
ProxyPreserveHost On
ProxyRequests off
ProxyPass / a#another#server:8080/
ProxyPassReverse / a#another#server:8080/
</VirtualHost>
Thanks in advance for any guidance on how to do this.

I managed to get this fixed with a bit of trial and error. posting solution here in case anyone else is having the issue.
Working configuration file
<VirtualHost *:80>
ServerName service.domain.com
ErrorLog ${APACHE_LOG_DIR}/internal-fqdn-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/internal-fqdn-access.log combined
RewriteEngine On
RewriteRule ^/a$ /appname/command1?name=option1 [PT]
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://a.another.server:8080/
ProxyPassReverse / http://a.another.server:8080/
</VirtualHost>

Related

Reverseproxy Apache configuration is allowing unwanted traffic through the server

To allow the access to a specific server not publicly available, we've structured an architecture with a Apache webserver exposed on internet, and we would like to configure it as Reverse Proxy to redirect only some requests to the private server.
This is the piece of httpd.conf file:
Listen 5000
<VirtualHost *:5000>
ServerAdmin webmaster#localhost
ServerName servername
ErrorLog /etc/httpd/conf/error.log
#<Location />
# ProxyPass "http://...:5000/"
# ProxyPassReverse "http://...:5000"
# Order allow,deny
# Allow from all
#</Location>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass "/" "http://...:5000/" interpolate connectiontimeout=30 timeout=12000
#RewriteRule ^(.*) "http://...:5000/$1"
#ProxyPassMatch ^(.*) "http://...:5000/$1"
ProxyPassReverse "/" "http://...:5000/"
</VirtualHost>
Whenever we put Listen 5000 a lot of undesired traffic pass through the server to other servers on Internet.
In the code above the commented lines are some of attempts I've done.
What is wrong in the configuration that is not blocking the server to works as proxy for everything?
Thank you in advance for the help
IF you want to deny some paths from being proxied you have to use the "!": here is a link to the documentation explaining how to do it http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass

Setup crafter cms studio for access via apache web server proxy and ajp connector

I need to setup crafter cms studio within the authoring part to be able to access from remote host (e.g. VPS). I'm using Tomcat ajp connector via Apache web server proxy.
I've tried do it like adding the virtual host:
<VirtualHost *:80>
ServerName studio
DocumentRoot /home/web-apps/crafter/bin/apache-tomcat/webapps/studio
RewriteEngine On
ProxyPreserveHost On
# Send requests to Engine's Tomcat
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
# This is where errors related to this virtual host are stored
ErrorLog logs/mysite-error.log
# This is where access logs are stored
CustomLog logs/mysite-access.log combined
</VirtualHost>
But not really succeeded. I can see only the default page which always tells me: "Crafter CMS has no site configured for this domain. Please configure the site you want to show or select a site on the authoring environment." when I'm requesting it like http://my_remote_host_ip/studio
Anyone has ever challended problem like this?
What you have looks right. Perhaps you can try:
clearing your cookies for my_remote_host_ip
clearing your browser cache
removing DocumentRoot directive (not really needed in this particular case)
This works for me:
<VirtualHost *:80>
ServerName myserver
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
ErrorLog ${APACHE_LOG_DIR}/authoring-error.log
CustomLog ${APACHE_LOG_DIR}/authoring-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName myserver
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/my.crt
SSLCertificateKeyFile /etc/apache2/ssl/my.key
SSLCertificateChainFile /etc/apache2/ssl/their.crt
ProxyPreserveHost On
# Studio
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
ErrorLog ${APACHE_LOG_DIR}/authoring-error.log
CustomLog ${APACHE_LOG_DIR}/authoring-access.log combined
</VirtualHost>
Another approach is to try the community edition on AWS and see if that works with your browser. Then you can look at how that's configured and copy the config: https://aws.amazon.com/marketplace/pp/B08374YPTP?qid=1581949339014&sr=0-2&ref_=srh_res_product_title

Apache config issue - redirect all traffic to https using Apache

I'm struggling tremendously with the concept of webservers. I will describe my desired solution and current situation as clear as possible.
I have an on-premise server, where Debian is running. I have installed several pieces of software on the server, including a full LAMP stack, Kibana, ThingsBoard etc. We got a public IP and recently acquired a domain, let's say apachenoob.com.
I can access my applications via a web browser at <ip>:<port> or apachenoob.com:<port>. However, I want those application to run over HTTPS, so I acquired a free SSL certificate with Certbot. Now https://apachenoob.com is working and showing the default Apache homepage.
What I want are a few things:
Instead of apachenoob.com:9090 I want users and myself to go to
thingsboard.apachenoob.com, or other URLS for other applications than ThingsBoard.
MY SOLUTION:
Add the following line to /etc/apache2/apache2.conf:
LoadModule rewrite_module modules/mod_rewrite.so
Add the following thingsboard.conf to /etc/apache2/sites-enabled/ (Debian):
<VirtualHost *:443>
ServerName thingsboard.apachenoob.com
ProxyPreserveHost On
SSLEngine on
ProxyPass / http://localhost:9090/
ProxyPassReverse / http://localhost:9090/
SSLCertificateFile /path/to/cert/file
SSLCertificateKeyFile /path/to/key
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:80>
ServerName thingsboard.apachenoob.com
Redirect / https://thingsboard.apachenoob.com/
</VirtualHost>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://thingsboard.apachenoob.com/$1 [R,L]
</IfModule>
I want to disable traffic to the IP (and optionally port number) or redirect everything to https://apachenoob.com
Less important: I developed an API using Python and Flask and got it to run over the MOD_WSGI module. But, it is also running over HTTP, where HTTPS is the goal.
For the first, I tried adding VirtualHosts, in seperate files and in the main apache2.conf, no result (as described in several posts). Someone even told me the application might have an own internal web server (HELP?!).
For the second, I tried redirecting rules (described here), both in the main config and in seperate files, no result.
For the third, I haven't even begun trying things as I'm feeling lost in a swamp of apache.
By all means, if this makes no sense please tell me and I will try to clarify.
For point 1. you need something like this (put it in file named thingsboard.conf in folder sites-enabled/ (add correct path to certificate/key):
<VirtualHost *:443>
ServerName thingsboard.apachenoob.com
ProxyPreserveHost On
SSLEngine on
SSLCertificateFile ...
SSLCertificateKeyFile ...
ProxyPass / http://localhost:9090/
ProxyPassReverse / http://localhost:9090/
</VirtualHost>
<VirtualHost *:80>
ServerName thingsboard.apachenoob.com
Redirect / https://thingsboard.apachenoob.com/
</VirtualHost>

Apache as reverse proxy doesn't work

I am trying to publish, behind a proxy, a Spring app (also with Spring Security) which has /x/services as entry point. It is running in Tomcat in 8080 in Google Engine (Debian). I configure Apache 2 as a reverse proxy with next configuration
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ProxyRequests off
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
# Servers to proxy the connection, or
# List of application servers Usage
ProxyPass / http://127.0.0.1:8080/x/services/
ProxyPassReverse / http://127.0.0.1:8080/x/services
ServerName localizator.org
ServerAlias *.localizator.org
</VirtualHost>
I checked it against a lot of examples and seems it is OK, but the only response I am getting is the "Index of /" page. And Apache logs are not helping at all.
Any help will be very appreciated.
For those with a similar problem don't forget to do :
sudo a2ensite proxy-host
(lets suppose your .conf file name is proxy-host)

HTTP Requests going to wrong VirtualHost apache2

Hoping someone can lend me a hand here as this has been bugging me for a few days now.
I have a apache config file, it does both standard HTTP server work as well as reverse proxy for pages within the network.
If i create a new DNS A record for the IP address of the apache server it will automatically send the request to the camera1.domainname.com virtual host and then forward me 192.168.2.160.
What i want it to to do is send it to the folder /var/www/bad_url.
Any suggestions here would be great as im pretty sure im going to start loosing hair.
NameVirtualHost *
ErrorLog ${APACHE_LOG_DIR}/error_baduri.log
CustomLog ${APACHE_LOG_DIR}/access_baduri.log combined
DocumentRoot /var/www/bad_url
ProxyPreserveHost On
ErrorLog ${APACHE_LOG_DIR}/error_cam1.log
CustomLog ${APACHE_LOG_DIR}/access_cam1.log combined
LogLevel debug
ProxyPass / http://192.168.2.160/
ProxyPassReverse / http://192.168.2.160/
ServerAlias camera1.domainname.com
ProxyPreserveHost On
ErrorLog ${APACHE_LOG_DIR}/error_mediaserver.log
CustomLog ${APACHE_LOG_DIR}/access_mediaserver.log combined
LogLevel debug
ProxyPass / http://192.168.2.207/
ProxyPassReverse / http://192.168.2.207/
ServerAlias mediaserver.domainname.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerAlias ubuntu1 ubuntu1.domainname.com 192.168.2.208
DocumentRoot /var/www/html
All the above is in file 'etc/apache2/sites-enabled/default.conf'. There are no other config files in that folder.
Im running Ubuntu
Just quickly. it seems order matters. As long as i have the wild card up the top it went there first unless another virtual host matched the criteria. weird.