ProxyPassMatch with regex - apache

The url i'd like to proxy pass looks something like this, could you please help me figure out the correct regex. I'm a apache newbie.
https://example.com/v1/documents?uri=root/support/bugtracking/attachments/29099/support-log.txt
I'd like root/support/bugtracking/attachments/29099/support-log.txt to be passed to https://other-server/download.xqy?file=root/support/bugtracking/attachments/29099/support-log.txt
Currently i have the below configuration which does not seem to be working:
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW
SSLCertificateFile /etc/httpd/certs/cert.pem
SSLCertificateKeyFile /etc/httpd/certs/key.pem
SSLCACertificateFile /etc/httpd/certs/ca.cert.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:9050/
ProxyPassReverse / http://localhost:9050/
ProxyPassMatch ^/v1/documents?uri=(root/support/bugtracking/*)$ https://other-server.com/download.xqy?file=$1
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>

You cannot match against the query string with ProxyPassMatch. You'll have to use mod_rewrite to do it.
# XXX: This creates a "worker" for this backend when
# not using ProxyPass.
<Proxy https://other-server.com/>
# Actual thing being set is redundant
ProxySet keepalive=On
</Proxy>
RewriteEngine ON
RewriteCond %{QUERY_STRING} uri=(root/support/bugtracking/.*)$
RewriteRule ^/v1/documents https://other-server.com/download.xqy?file=%1 [P]

Related

How to deploy just html, css and javascript files to apache tomcat (centos) and configure inside etc/httpd folder?

I have created a project in which there are index.html, CSS and JavaScript files. So I have put it inside my /home/tomcat/webapps/player folder. I have a domain name and SSL certificates for that too. Now, I want to configure virtualhost for port 80 and 443. Here I am bit confused that how to write configuration for that?
I have tried to write my configuration as below:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /home/tomcat/webapps/player
<Proxy /home/tomcat/webapps/player>
Options None
Order deny,allow
Allow from all
</proxy>
ProxyRequests on
ProxyPassReverseCookieDomain localhost example.com www.example.com
Redirect / https://www.example.com/
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.example.com$1 [R,L]
ErrorLog /var/log/httpd/player-error_log
CustomLog /var/log/httpd/player-access_log common
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
SSLEngine on
SSLCertificateFile /home/cert/projectfolder/ssl.cer
SSLCertificateKeyFile /home/cert/projectfolder/private.key
SSLCertificateChainFile /home/cert/projectfolder/caclient.cer
DocumentRoot /home/tomcat/webapps/player
ProxyRequests on
ProxyPassReverseCookieDomain eldtapp.com www.example.com
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</VirtualHost>
Please help me suggesting some solutions.

Try to setup jitsi behind a apache2 reverse proxy

Iam using a ubuntu 18.04 linux VM as a reverse proxy to forward https subdomains to intern targets f.e. guacamole.mydomain.com and jitsi.mydomain.com.
Each system is a seperate linux VM.
public ip --> web reverse proxy 192.168.2.10 --> guacamole.mydomain.com 192.168.2.20 and jitsi.mydomain.com 192.168.2.30
guacamole is working as expected but iam facing some issues with fowarding https to jitsi.mydomain.com.
All other ports are directly forwarded to jitsi without a proxy.
i created two conf files in /etc/apache2/sites-enabled one for jitsi and one for guacamole and generated a lets encrypt cert with certbot --apache.
When i try to open jits.mydomain.com from outside, i get the following Error: ERR_TOO_MANY_REDIRECTS.
Within the network jitsi is reachable via https, so what did i miss?
unfortunately iam not very familiar with proxy and apache.
thanks in advance guys.
jitsi.conf
<VirtualHost *:80>
ServerName jitsi.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.2.30:80/
ProxyPassReverse / http://192.168.2.30:80/
RewriteEngine on
RewriteCond %{SERVER_NAME} =jitsi.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
jitsi-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName jitsi.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.2.30:80/
ProxyPassReverse / http://192.168.2.30:80/
SSLCertificateFile /etc/letsencrypt/live/jitsi.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jitsi.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
guacamole.conf
<VirtualHost *:80>
ServerName guacamole.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
<Location />
Order allow,deny
Allow from all
ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
ProxyPassReverse http://192.168.2.20:8080/guacamole/
ProxyPassReverseCookiePath /guacamole /
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
</Location>
SetEnvIf Request_URI "^/tunnel" dontlog
CustomLog /var/log/apache2/guac.log common env=!dontlog
RewriteEngine on
RewriteCond %{SERVER_NAME} =guacamole.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
guacamole-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName guacamole.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
<Location />
Order allow,deny
Allow from all
ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
ProxyPassReverse http://192.168.2.20:8080/guacamole/
ProxyPassReverseCookiePath /guacamole /
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
</Location>
SetEnvIf Request_URI "^/tunnel" dontlog
CustomLog /var/log/apache2/guac.log common env=!dontlog
SSLCertificateFile /etc/letsencrypt/live/guacamole.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/guacamole.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Just stumbled upon your question while looking for a solution of a different problem on Jitsi but I think you'll find a useful solution in this page:
https://debamax.com/blog/2020/03/18/installing-jitsi-behind-a-reverse-proxy/
It's not my solution. I'm just trying to help.
Cheers

How to disable http to https re-direct in Jenkins?

I currently have Jenkins running behind SSL with http re-driecting to https. For a custom integration which doesn't support SSL yet, I need to disable the http to https re-direct. I am unable to do so by commenting the re-direct in apache conf.
Following is my apache config.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyVia On
Redirect permanent / https://jenkins-tb.myorg.com/
# RewriteEngine On
# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?login/(.*) https://%{SERVER_NAME}/login/$1 [R,L]
</Virtualhost>
<VirtualHost *:443>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/crt/jenkins-asd.myorg.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/key/server_jenkins-asd.myorg.com.key
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# ProxyPassReverse /login http://jenkins-thunderbolt.myorg.com/login
# ProxyPassReverse /login https://jenkins-thunderbolt.myorg.com/login
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "https"
RequestHeader set X-Forwarded-Port "443"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
# AllowEncodedSlashes NoDecode
</VirtualHost>
How do i re-enable http without disabling https? Basically need to stop re-direction from http to https.
Based on you configuration, replace the <VirtualHost *:80> block with the following. But please note, passwords are now transfered in clear text.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "http"
RequestHeader set X-Forwarded-Port "80"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
</Virtualhost>
This also includes that /sonar is also available over http.

Issue returning https url when returning response from a docker container

I am using docker which has an apache container and a lamp container. Lamp container contains the application code and Apache container has virtual host config info which is as follows.
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost on
ProxyPass / http://172.18.0.25/
ProxyPassReverse / http://172.18.0.25/
SSLProxyEngine on
SSLEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile /etc/ssl/certs/STAR_example_com.crt
SSLCertificateKeyFile /etc/ssl/certs/example_wildcard_private.key
SSLCertificateChainFile /etc/ssl/certs/STAR_example_com.ca-bundle
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
</VirtualHost>
Issue: When i am making a request to https://example.com then in response the apache container is returning response from http://example.com instead of https://example.com.
How to achieve this?
Lamp is receiving an http request from Apache, so you have to tell Lamp that the initial request, from the client, was through https.
Try adding this in the https virtual host definition:
RequestHeader set X-Forwarded-Proto "https"
With this header, Lamp should understand that the client did the request through https, so it will answer from https as well.
So, your virtual host definition should look like:
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost on
ProxyPass / http://172.18.0.25/
ProxyPassReverse / http://172.18.0.25/
SSLProxyEngine on
SSLEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile /etc/ssl/certs/STAR_example_com.crt
SSLCertificateKeyFile /etc/ssl/certs/example_wildcard_private.key
SSLCertificateChainFile /etc/ssl/certs/STAR_example_com.ca-bundle
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>

Apache HTTP Server, Tomcat and rewriting

Scenario:
Apache reverse proxy to Tomcat:
https://sub-domain.example.com:8080/app
To this:
https://sub-domain.example.com/app
When resolving to the app, it appends like so:
https://sub-domain.example.com/app/somedir/some.jsp
Is there a way in the request handling process we can remove the last appendage so the end-user just sees the following:
https://sub-domain.example.com/app
Our current Apache configuration:
ServerName sub-domain.example.com
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateChainFile /etc/pki/tls/certs/VendorCA.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
ServerName sub-domain.example.com
ServerAdmin admin#sub-domain.example.com
ErrorLog logs/sub-domain.example.com-error_log
CustomLog logs/sub-domain.example.com-access_log common
ProxyPass /app http://localhost:8080/app/
ProxyPassReverse /app http://localhost:8080/app/
</VirtualHost>
Any help will be really appreciated.