I'm more of a frontend guy (CSS, javascript) trying to expand my knowledge about backend (apache, proxies) (so try to be gentle) and I'm asking after serveral hours of documentation, trying different approaches but so far nothing worked. I'm aware that I might be oblivious to concepts that go without saying for someone knowing their way around backend.
I have this Yii2 application, with a module, working fine. I would like this module to be available at the root level of another domain, on the same machine.
From everything I've read, the following code, placed in vhosts of my apache, should work:
<VirtualHost *:80>
ServerName buletin
ProxyPass / http://bdc/ik2/frontend/web/buletin/default/
ProxyPassReverse / http://bdc/ik2/frontend/web/buletin/default/
</VirtualHost>
I'm expecting to see the default action of my module when I go to http://buletin.
What am I missing?
Ok, in case someone else has the same problem, just double check all of your app's redirects and make sure everything works inside your module. If it doesn't, either add it as exception to the ProxyPass i.e.:
ProxyPass /ik2/frontend/web/themes/ http://bdc/ik2/frontend/web/themes/
ProxyPass /ik2/frontend/web/img/ http://bdc/ik2/frontend/web/img/
ProxyPass /ik2/frontend/web/assets/ http://bdc/ik2/frontend/web/assets/
#(all exceptions need to be placed above general ProxyPass and ProxyPassReverse)
or make it available inside your module.
In my case, I wasn't logged in the "new" website and it was redirecting me to /site/login, which did not exist (no buletin/default/site/login). Once I handled it and I added the exceptions for the assets and images to the ProxyPass, it's all working smoothly.
Related
I have two servers running Apache2, one with an associated domain name, let's say "www.home.com" and another one only known by its IP address, let's say 10.11.12.13.
On www.home.com I have three web sites, configured through aliases in apache.
I have http://www.home.com, http://www.home.com/school, http://www.home.com/work.
All these sites are on the server www.home.com.
On 10.11.12.13, I have only one site, accessible by http://10.11.12.13/wiki
How can I configure apache to have http://www.home.com/wiki working but transparently (not changing URL) call http://10.11.12.13/wiki site ?
In other words, the user shall only see www.home.com/wiki/xxxxx when he uses the wiki.
What I have done:
On www.home.com : i have added a wiki folder with nothing in it, and an alias for www.home.com/wiki to work properly.
Then I have tried to use mod rewrite to replace 10.11.12.13 by www.home.com but that does not work, and I am not even sure to do it the right way.
For your information, mod rewrite is configured and works properly on both servers.
Someone could please help me on that ?
Maybe mod rewrite is not the right solution ?
Thanks !
Sam
I finally found a solution : the mod_proxy along with tags.
The conf that worked for me:
<VirtualHost *:80>
[...]
ServerName www.home.com
<Location /wiki>
Allow from all
ProxyPass "http://10.11.12.13/wiki"
ProxyPassReverse "http://10.11.12.13/wiki"
</Location>
</VirtualHost>
I have a Web-IRC-Client (The Lounge) running at http://www.example.com:3000/ (no HTTPS) and visiting the link works fine. When I specify the port I can use the Web-Client without any problems. Now, I don't want to type the port every time and that's why I am trying to setup a reverse proxy using Apache2's configuration file. The problem is that the client is loading the assets (CSS, JS, images) from the wrong location. See below for more info. I think ProxyHTMLURLMap is the right way of fixing it, but cannot get it to work. I should also note, that I am redirecting all non-www-http traffic to the www-https version.
<VirtualHost *:443>
[...]
SSLProxyEngine on
ProxyPass /irc http://www.example.com:3000/
ProxyPassReverse /irc http://www.example.com:3000/
ProxyHTMLURLMap http://www.example.com:3000/ /irc
</VirtualHost>
When I visit https://www.example.com/irc I just get the text of the website with my javascript, css, etc. Checking the source code reveals, that it is trying to load the assets from:
https://www.example.com/css/bootstrap.css
Which is wrong. It should, instead, be loading from:
https://www.example.com/irc/css/bootstrap.css
Any advice would be greatly appreciated!
EDIT 1: Some more info: Browsing to the https proxy with a slash at the end (https://www.example.com/irc/) kind of works. The images and CSS get loaded, but the client itself doesn't respond and shows "This is taking longer than it should, there might be connectivity issues." even though everything is up.
EDIT 2: Another user suggested adding ProxyHTMLExtended On, but it didn't help either.
Even though this question is very old, I want to leave this here:
https://serverfault.com/a/685326
Note:
If it's still not working, you might add to your config:
ProxyHTMLEnable On
(UPDATE at the bottom for the main question, below may be superfluous details)
I'm having an interesting problem with Apache not reverse proxying as expected.
Basically, what's happening is when I click a link on my website that goes to the relative path /app1, I am expecting it the URL to be external.company.ca/app1 with content coming from internal.company.ca/some_app. Instead, the browser is going directly to internal.company.ca/some_app.
No 302 or anything, just straight there. This is odd to me, since internal.company.ca is not mentioned anywhere in the configuration except for the reverse proxy config, so I don't know how the browser is learning of the domain at all.
Here is a Fiddler capture from the client (browser) point of view showing the behaviour right after I click the link that goes to /app1 (you'll have to trust me that the green names are external.company.ca and the black names are internal.company.com and the path is /some_app/blahblah):
Everything happening after this point is loading the page with internal.company.com. This won't work at all in production, of course.
The following is a (truncated) version of our Apache configuration files for consideration:
<VirtualHost *:80>
# rewrite rules to 443
</VirtualHost>
<VirtualHost *:443>
ServerName external.company.ca
ServerAlias external.company.com
# Logging rules.........
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
# Most of this is off for testing purposes, adding in case it matters
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# more SSL stuff.... Now on to the interesting part
ProxyPreserveHost On
ProxyPass /app1 https://internal.company.com/some_app
ProxyPassReverse /app1 https://internal.company.com/some_app
</VirtualHost>
At one point, I thought that possibly the cookies were throwing things off since they were under different domains (.ca in front, .com in back), but I believe if the reverse proxying was working correctly, the browser would be none the wiser. Anyone see anything wrong with the above?
UPDATE
I found the culprit:
<script type="text/javascript">window.location.assign('https://internal.company.com/app1/login?redirectUrl=' + encodeURIComponent(window.location.pathname + window.location.hash));</script>
The problem is, how do I rewrite this absolute URL using Apache? I know mod_proxy_html modifies element attributes (such as href in the a element) but can it rewrite arbitrary data in an element itself?
The internal application was provided by a vendor, and although it may be possible to make modifications to it to remove code like the above, I would prefer to stay away from that path for now to see if there are alternatives.
I've come up with a somewhat nasty work-around:
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLLinks script src
ProxyHTMLURLMap https://internal.company.com
The problem is the use of absolute URL's throughout the HTML (and javascript) coming from the vendor's app. A search and removal of the domain solves the problem (but is incredibly slow).
If anyone has this problem in the future, I do not recommend using this solution. I'm guessing you're here because you can't modify the internal application. You should instead be sending in a ticket to whoever maintains the code to make their application more reverse-proxy friendly.
A potentially safer solution would be the use of mod_substitute. You could also consider ProxyHTMLExtended, but it can be quite brutal in its replacements, occasionally breaking JavaScript here and there.
Edit: Just noticed you're currently using ProxyHTMLExtended. My bad. As you've highlighted it is a pretty brutal and dangerous solution to the problem.
our IT is trying to configure a new apache/jboss/apj setup.
When I browse to http://domain.com/jboss/test.jsp
and System.out.println request.getRequestURL()
I get http://domain.com/test.jsp
(without jboss)
My app encounteres a lot of 404's because of this.
The IT department said Jboss has no concept of the /jboss/ part of the url because of the proxy. Are they configuring things properly or do I need to change my code. To me my code is not portable if I have to hard code url paths.
Edit-
Here is what they told me:
<Location /jboss>
ProxyPass balancer://cluster stickysession=JSESSIONID
ProxyPassReverse https://domain.com/jboss/
</Location>
This article supports my question
https://sosiouxme.wordpress.com/2010/08/18/fixing-apache-httpd-reverse-proxy-redirect-rewrites/
Edit2
On our old server in a my login framework servlet used by a few apps I had
response.sendRedirect("login.jsp?message=You have successfully logged off.");
to get things to work with the new proxy I have to recode as
response.sendRedirect("/jboss/AppName/login.jsp?message=You have successfully logged off.");
I lose portablity and reuseabilty with the latter syntax.
The error (in Apache, not jboss) for
response.sendRedirect("login.jsp?message=You have successfully logged off.");
File does not exist: /WEB/wwwssl/AppNamelogin.jsp
Note there is no "/" between my appname and login.jsp
The error (in Apache, not jboss) for
response.sendRedirect("/login.jsp?message=You have successfully logged off.");
File does not exist: /WEB/wwwssl/login.jsp
Note the AppName is missing
Note that the article you mention uses mod_proxy_html (ProxyHTMLURLMap ProxyHTMLURLMap / /ajp/nocluster/), which will fix links to use the right path prefix. This is not part of the default mod_proxy modules provided with Apache Httpd.
Instead of putting these directives in a <Location> block, using a single line syntax might forward the path correctly:
ProxyPass /jboss balancer://cluster stickysession=JSESSIONID
I'm having quite a lot of difficulties with running a frontend proxy in front of play.
This post is also on the google group, I'll post the received suggestions on both.
I'm using apache and mod_proxy and the application is supposed to be running in a location "mywebsite.be/dev/app/". It is able to display the HTML.
But when I run the application, all the CSS/JS/images are missing, also all references are incorrect. I look up the source and it seems that Play did not replace the #{/pathname/to/resources} and other relative links to its correct url. In order to let everything work, all urls should be prefixed with "/dev/app". How can this be done?
I tried experimenting with the ctxPath, but that's not what I need, the application runs fine on its own, but apache2 has issues translating all those urls in the reverse proxy.
Can this be solved? I was thinking of somehow editing the #-operator in the templating system, but that can't be it, right?
greetings,
Jasper
Have you looked at this post? I think it is related.
Can not generate correct URLs for static resources with playframework when using Apache as a Proxy
Also, please keep an eye out for Play 1.2.2, as this intends to solve this problem, according to a post I have read in the Play groups.
One of my teammates came up with the answer. It's quite simple.
If you have your apache2 configuration, instead of pointing to the localhost root, you just point to the localhost:9000/dev/app:
ProxyPreserveHost On
RedirectMatch /dev/app /dev/app/
<Location /dev/app/>
AuthType Basic
AuthName "Test Omgeving"
AuthUserFile /var/trac/htpasswd
Require valid-user
ProxyPass http://127.0.0.1:9000/dev/app/
ProxyPassReverse http://127.0.0.1:9000/dev/app/
</Location>
This tricks apache2 in thinking that there is another subdirectory in your localhost server, but in fact, there isn't any, but now it references correctly, therefore translating all trafic to the corresponding resources.
Perhaps not the classy way to do things, but it works fine :)
Thanks for all the help. Hope this post helps other people with frontend proxies out there.
Greetings
i will recommend you use proxy balancer as it will help to balance your servers if you plan to use more than one instance of play server in future
<Proxy balancer://my-balancer>
Order deny,allow
Allow from all
BalancerMember url1:port route=instanceOne
BalancerMember url2:port route=instanceTwo
ProxySet lbmethod=bytraffic
</Proxy>
ProxyPass / balancer://my-balancer/
now it will pass your traffic to url1:port or url2:port and it will also fetch your images and other static urls