We Keep Coding

Reverse Proxy with pgadmin and apache

I would like to setup the local pgadmin in server mode behind the reverse proxy. The reverse proxy and the pgadmin could be on the same machine. I tried to set up but it always fails.
Here is mypgadmin conf:
Listen 8080
<VirtualHost *:8080>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/pgadmin.crt
SSLCertificateKeyFile /etc/pki/tls/private/pgadmin.key
LoadModule wsgi_module modules/mod_wsgi.so
LoadModule ssl_module modules/mod_ssl.so
WSGIDaemonProcess pgadmin processes=1 threads=25
WSGIScriptAlias /pgadmin /usr/lib/python2.7/site-packages/pgadmin4-web/pgAdmin4.wsgi
<Directory /usr/lib/python2.7/site-packages/pgadmin4-web/>
WSGIProcessGroup pgadmin
WSGIApplicationGroup %{GLOBAL}
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
</VirtualHost>
and my reverse proxy conf
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
ErrorLog /var/log/httpd/reverse_proxy_error.log
CustomLog /var/log/httpd/reverse_proxy_access.log combined
SSLProxyEngine on
SSLProxyVerify require
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCACertificateFile "/etc/pki/tls/certs/ca-bundle.crt"
ProxyPreserveHost On
ProxyPass / https://localhost:8080/pgadmin
ProxyPassReverse / https://localhost:8080/pgadmin
</VirtualHost>
The httpd start but when I want to test it with
wget --no-check-certificate https://localhost/
it give me error 400
but the
wget --no-check-certificate https://localhost:8080/pgadmin
is working. Where is the problem in my config?

this work for me. I make pgadmin proxy to sub directory (https://localhost/pgadmin)
<VirtualHost *:80>
ServerName localhost
DocumentRoot "/var/www"
<Directory "/var/www">
AllowOverride all
</Directory
ProxyPass /ws/ ws://0.0.0.0:8888/
ProxyPass /phpmyadmin/ http://phpmyadmin/
<Location /pgadmin/>
ProxyPass http://pgadmin:5050/
ProxyPassReverse http://pgadmin:5050/
RequestHeader set X-Script-Name /pgadmin
RequestHeader set Host $http_host
</Location>
</VirtualHost>

Have you tried with latest version, I think it is fixed this commit Ref: LINK
Online Docs: https://www.pgadmin.org/docs/pgadmin4/dev/server_deployment.html

This config works,
use 0.0.0.0 for pgadmin docker, else use your ip
change port 5050 with your pgadmin port
<VirtualHost *:80>
ServerName pgadmin.yourdomain.com
RedirectMatch permanent ^/pgadmin4$ /pgadmin4/
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:5050/
ProxyPassReverse / http://0.0.0.0:5050/
Header edit Location ^/ /pgadmin4/
Header always set X-Script-Name /pgadmin4
</VirtualHost>
Cofigure with SSL, replace yourdomain.com with valid SSL for your domain
<VirtualHost *:80>
ServerName pgadmin.yourdomain.com
RedirectMatch permanent ^/(.*)$ https://pgadmin.yourdomain.com/$1
</VirtualHost>
<VirtualHost *:443>
ServerName pgadmin.yourdomain.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
RedirectMatch permanent ^/pgadmin4$ /pgadmin4/
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:5050/
ProxyPassReverse / http://0.0.0.0:5050/
Header edit Location ^/ /pgadmin4/
Header always set X-Script-Name /pgadmin4
</VirtualHost>

Two sites with two different log files - SSL Apache2 Ubuntu

I have two websites in the same web server (Ubuntu 16.04.2 LTS - Apache/2.4.18). Everything works well when I try to access to both websites using HTTP (port 80). This is the vhosts.conf file content:
<VirtualHost *:80>
ServerName site1
DocumentRoot /var/www/html/site1
ErrorLog ${APACHE_LOG_DIR}/site1_error.log
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName site2
DocumentRoot /var/www/html/site2
ErrorLog ${APACHE_LOG_DIR}/site2_error.log
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined
</VirtualHost>
So, both sites are accessible through "mydomain.com/site1" and "mydomain.com/site2". I have installed a Let's Encrypt certificate and, to make it works, I have configured a virtual host like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/site_error.log
CustomLog ${APACHE_LOG_DIR}/site_access.log combined
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I can access both site using SSL (port 443) successfully but I can't use different log files for different sites. I have tried something like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com/site1
DocumentRoot /var/www/html/site1
ErrorLog ${APACHE_LOG_DIR}/site1_error.log
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined
Alias /site1 /var/www/html/site1
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:443>
ServerName mydomain.com/site2
DocumentRoot /var/www/html/site2
ErrorLog ${APACHE_LOG_DIR}/site2_error.log
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined
Alias /site2 /var/www/html/site2
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
But it doesn't work. How can I distinguish between two sites in order to have two different log files?

Following the link proposed by CBroe, I have found the solution by using the SetEnvIf directive. The final working virtual host configuration looks like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
SetEnvIf Request_URI ^/site1(/|$) site1
SetEnvIf Request_URI ^/site2(/|$) site2
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined env=site1
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined env=site2
ErrorLog ${APACHE_LOG_DIR}/site_error.log
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

How to make an redirectSSL in the vhost

I get slightly crazy :)
I have a domain example.com and I have a SSL certificate for www.example.com
The example.com refers to the IP address of the server (it is an EC2 instance).
In the vhost.conf of the Server I have the following entries
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName www.example.com
DocumentRoot /var/www/vhosts/example-wp
SSLEngine On
...
</VirtualHost>
I took the information from the apache wiki.
https://wiki.apache.org/httpd/RedirectSSL
Thanks for helping
Tristan

You already have the necessary directives listed to perform the redirect. You also need to tell the vhost file where your certificate and key for the certificate exist. You also need to say whether or not a directory the user browses to is to load SSL. Please see a full example configuration file below.
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
ServerAlias example.com
ServerAdmin webmaster#local
DocumentRoot /path/to/web/content
DirectoryIndex index.php index.html
ErrorLog logs/error_log
CustomLog logs/access combined
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl.crt/certfile.cer
SSLCertificateKeyFile /etc/apache2/ssl.key/keyfile.key
<Directory "/path/to/web/content/">
Options None
AllowOverride None
Order allow,deny
Allow from all
SSLRequireSSL
</Directory>
</VirtualHost>

running jenkins behind apache2 on subdomain and different port

I am attempting to get a jenkins instance (running on http://localhost:8080/) to be visible at http://ci.domain.com:80/.
Current status:
* Browsing to ci.domain.com gives me the content of domain.com
* Browsing to ci.domain.com:8080 shows jenkins
* Browsing to domain.com:8080 shows jenkins
Ideal status:
* Browsing to ci.domain.com shows jenkins
* Browsing to ci.domain.com:8080 redirects to ci.domain.com
* Browsing to domain.com:8080 does whatever the server would do if there were nothing running on port 8080
My current apache site config (working as expected for shifting traffic to HTTPS) is as follows:
<VirtualHost *:8080>
ServerName ci.domain.com
ServerAlias ci
Redirect temp / http://ci.domain.com/
</VirtualHost>
<VirtualHost *:80>
ServerName ci.domain.com
ServerAlias ci
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Proxy http://localhost:8080/*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/domain.com
Redirect permanent / https://domain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/domain.com
<Directory /var/www/domain.com/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml $
</IfModule>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/fullchain.pem
<FilesMatch "\.(cgi|shtml|phtml_php)$">
SSLOptions +StdEnvVars
</FilesMatch>
</VirtualHost>
Any help is appreciated.

Apache - Proxy all subdomains from one IP

I'm trying to handle subdomains on a specific server and the normal URL from all servers. They're behind a load balancer. This works for http://test.com and it load balances.
For subdomains I can't tell if the proxy is working or why I'm getting a 404 error. Is there anything wrong with my config?
DNS: example.com 111.111.111.111
Load Balancer: 111.111.111.111
Master, write server: 222.222.222.222
httpd.conf, mirrored to all servers:
<Directory />
Header add myServerName "anglefish" # add a string for testing which server
Header add myServerTimes "D%D t%t"
</Directory>
000-default mirrored to each server except master
#Proxy subdomains from one server
<VirtualHost *:80>
ServerName *.example.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://222.222.222.222/
ProxyPassReverse / http://222.222.222.222/
</VirtualHost>
<VirtualHost *:443>
ServerName *.example.com
SSLEngine on
SSLProxyEngine On
SSLEngine on
SSLCertificateFile /etc/apache2/.ssh/example.com.crt
SSLCertificateKeyFile /etc/apache2/.ssh/example.com.key
SSLCertificateChainFile /etc/apache2/.ssh/example.com_bundle.crt
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://222.222.222.222/
ProxyPassReverse / http://222.222.222.222/
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/vhosts/example.com/public_html
<Directory /var/www/vhosts/example.com/public_html>
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias example.com
DocumentRoot /var/www/vhosts/example.com/public_html
SSLEngine on
SSLCertificateFile /etc/apache2/.ssh/example.com.crt
SSLCertificateKeyFile /etc/apache2/.ssh/example.com.key
SSLCertificateChainFile /etc/apache2/.ssh/example.com_bundle.crt
</VirtualHost>