I had the environment with several JBoss and Tomcat servers. They are connected to Apache via modcluster modules (to Apache IP address and port 8090). The Apache contains the configuration:
loadbalancer.conf
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule advertise_module modules/mod_advertise.so
Listen *:8090
<VirtualHost *:8090>
<Location /mod_cluster_manager>
SetHandler mod_cluster-manager
Order deny,allow
Deny from 8.8.8.8
Allow from all
</Location>
KeepAliveTimeout 60
MaxKeepAliveRequests 100
EnableMCPMReceive
ManagerBalancerName My_Cluster
AdvertiseFrequency 5
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
ProxyPass /other_app http://192.168.100.70:8080/other_app
ProxyPassReverse /other_app http://192.168.100.70:8080/other_app
ProxyPass / balancer://My_Cluster
</VirtualHost>
All work ok but one new application doesn't support connection to Apache. I need to use ProxyPass. When I insterted the ProxyPass to 443 virtual host so all balanced contexts stopped to work. When I inserted:
ProxyPass / balancer://My_Cluster
The /other_app context stopped work.
Can you advise me how configure context /other_app handling by ProxyPass and all other contexes by modcluster balancer?
Try using the following top level directive (add just below the LoadModule's)
#This is needed to prevent mod_cluster creating balancer for all VH's
CreateBalancers 1
Managed to do it with the following:
ProxyPass /other_app http://192.168.100.70:8080/other_app
ProxyPassReverse /other_app http://192.168.100.70:8080/other_app
ProxyPass /other_app !
ProxyPass / balancer://My_Cluster
Inspired by https://serverfault.com/questions/363788/serve-all-requests-via-proxy-except-a-specific-one
Related
I'm trying to route any links that start with /api/ to port 3002 on my server but they always get routed to 3008. For example https://example.com/api/customers should be proxied/routed to localhost:3002
<VirtualHost *:443>
ServerAdmin (redacted)
ServerName (redacted)
ServerAlias (redacted)
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/(redacted)/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/(redacted)/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/(redacted)/chain.pem
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location "/api\/(.*)/">
ProxyPass http://localhost:3002/
ProxyPassReverse http://localhost:3002/
</Location>
<Location "/">
ProxyPass http://localhost:3008/
ProxyPassReverse http://localhost:3008/
</Location>
</VirtualHost>
Using this config going to domain.com works and shows my website but domain.com/api/customers returns an error from the webapp on port 3008 so it's not being routed correctly (it should go to 3002).
The apps on port 3008 and 3002 are running correctly so that's not the issue.
I've tried putting domain/ first and domain/api last in the config file but that didnt seem to fix it. And the config file is enabled
I've tried different regexes to match the api endpoint aswell but this one should work
Apache is listening on port 443
These mods are enabled which should be needed for this:
proxy_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
Please let me know if you want any extra information
Modify your config as below and have a try.
Post the access log and curl response if not working.
curl -ILKv https://domain.name/api/anything
curl -ILKv https://domain.name/api
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Proxy>
ProxyPass /api http://localhost:3002
ProxyPassReverse /api http://localhost:3002
I ended up solving it like this:
RewriteEngine on
RewriteRule "/api\/(.*)" "http://localhost:3002/api/$1" [P]
<Location "/">
ProxyPass http://localhost:3008/
ProxyPassReverse http://localhost:3008/
</Location>
I would like to setup the local pgadmin in server mode behind the reverse proxy. The reverse proxy and the pgadmin could be on the same machine. I tried to set up but it always fails.
Here is mypgadmin conf:
Listen 8080
<VirtualHost *:8080>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/pgadmin.crt
SSLCertificateKeyFile /etc/pki/tls/private/pgadmin.key
LoadModule wsgi_module modules/mod_wsgi.so
LoadModule ssl_module modules/mod_ssl.so
WSGIDaemonProcess pgadmin processes=1 threads=25
WSGIScriptAlias /pgadmin /usr/lib/python2.7/site-packages/pgadmin4-web/pgAdmin4.wsgi
<Directory /usr/lib/python2.7/site-packages/pgadmin4-web/>
WSGIProcessGroup pgadmin
WSGIApplicationGroup %{GLOBAL}
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
</VirtualHost>
and my reverse proxy conf
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
ErrorLog /var/log/httpd/reverse_proxy_error.log
CustomLog /var/log/httpd/reverse_proxy_access.log combined
SSLProxyEngine on
SSLProxyVerify require
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCACertificateFile "/etc/pki/tls/certs/ca-bundle.crt"
ProxyPreserveHost On
ProxyPass / https://localhost:8080/pgadmin
ProxyPassReverse / https://localhost:8080/pgadmin
</VirtualHost>
The httpd start but when I want to test it with
wget --no-check-certificate https://localhost/
it give me error 400
but the
wget --no-check-certificate https://localhost:8080/pgadmin
is working. Where is the problem in my config?
this work for me. I make pgadmin proxy to sub directory (https://localhost/pgadmin)
<VirtualHost *:80>
ServerName localhost
DocumentRoot "/var/www"
<Directory "/var/www">
AllowOverride all
</Directory
ProxyPass /ws/ ws://0.0.0.0:8888/
ProxyPass /phpmyadmin/ http://phpmyadmin/
<Location /pgadmin/>
ProxyPass http://pgadmin:5050/
ProxyPassReverse http://pgadmin:5050/
RequestHeader set X-Script-Name /pgadmin
RequestHeader set Host $http_host
</Location>
</VirtualHost>
Have you tried with latest version, I think it is fixed this commit Ref: LINK
Online Docs: https://www.pgadmin.org/docs/pgadmin4/dev/server_deployment.html
This config works,
use 0.0.0.0 for pgadmin docker, else use your ip
change port 5050 with your pgadmin port
<VirtualHost *:80>
ServerName pgadmin.yourdomain.com
RedirectMatch permanent ^/pgadmin4$ /pgadmin4/
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:5050/
ProxyPassReverse / http://0.0.0.0:5050/
Header edit Location ^/ /pgadmin4/
Header always set X-Script-Name /pgadmin4
</VirtualHost>
Cofigure with SSL, replace yourdomain.com with valid SSL for your domain
<VirtualHost *:80>
ServerName pgadmin.yourdomain.com
RedirectMatch permanent ^/(.*)$ https://pgadmin.yourdomain.com/$1
</VirtualHost>
<VirtualHost *:443>
ServerName pgadmin.yourdomain.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
RedirectMatch permanent ^/pgadmin4$ /pgadmin4/
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:5050/
ProxyPassReverse / http://0.0.0.0:5050/
Header edit Location ^/ /pgadmin4/
Header always set X-Script-Name /pgadmin4
</VirtualHost>
I have VPS and currently i am running 5 Spring boot applications on that server along with httpd.
all html for those applications are inside their respective jars. All of them having different domain names. So after hitting the dns name it should automatically go that port application, right now i need to specify the port number explicitly like example.com:9090 i tried virtual host in httpd.conf but its not working.
Listen 9001
<VirtualHost *:9001>
ServerAdmin admin#admin.askcomputers.co.in
DocumentRoot /var/www/html/example2.com
ServerName www.example2.com
</VirtualHost>
I think you should make sure that you have the proper modules installed for httpd:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Then I think you should have 5 VirtualHost sections with reverse proxy setup:
<VirtualHost www.example1.com:80>
ServerAdmin admin#admin.askcomputers.co.in
ServerName www.example1.com
ProxyRequests Off
ProxyPass / http://localhost:9090
ProxyPassReverse / http://localhost:9090
</VirtualHost>
...
<VirtualHost www.example5.com:80>
ServerAdmin admin#admin.askcomputers.co.in
ServerName www.example5.com
ProxyRequests Off
ProxyPass / http://localhost:9094
ProxyPassReverse / http://localhost:9094
</VirtualHost>
Setting up apache reverse proxy
Client ==> Proxy ==> Server
This is on a windows machine on my local for testing have set an entry in my host file mapping the proxy dns to 127.0.0.1
httpd.conf
<VirtualHost *:443>
ServerName <proxy Server>
SSLEngine On
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLCertificateFile "<cert for proxy server>"
SSLCertificateKeyFile "<key for proxy server>"
ProxyPass / https://appserver.com/
ProxyPassReverse / https://appserver.com/
</VirtualHost>
I don't see any errors in the error.log while starting. When I make a request https://proxy.com there is no entry in access.log or error.log.
Can anyone see an issue with in the config or give some ideas?
Thanks
Rahul
You only need the following to do an SSL proxy:
<VirtualHost *:443>
ServerName <proxy Server>
SSLEngine On
ProxyPass "/" "http://www.example.com/"
ProxyPassReverse "/" "http://www.example.com/"
SSLCertificateFile "<cert for proxy server>"
SSLCertificateKeyFile "<key for proxy server>"
</VirtualHost>
The other stuff isnt necessary.
ok so it finally worked. Started from scratch
1. Added Listen 443 in httpd.conf it already had for port 80 (Listen 80)
2. Enabled modules one by one
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule ssl_module modules/mod_ssl.so
3. Uncommented httpd-vhosts.conf in httpd.conf
4. Added the following in httpd-vhosts.conf
<VirtualHost *:443>
ServerAdmin xyz#mail.com
DocumentRoot "c:/Apache24/htdocs"
ServerName <proxy Server>
ErrorLog "c:/Apache24/logs/error-ssl.log"
CustomLog "c:/Apache24/logs/access-ssl.log" common
ProxyRequests Off
ProxyPreserveHost Off
SSLProxyEngine On
SSLEngine on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLCertificateFile "<cert for proxy server>"
SSLCertificateKeyFile "<Key for proxy server>"
ProxyPass / https://appserver.com/
ProxyPassReverse / https://appserver.com/
</VirtualHost>
and it started working. Had tried so many things and had so many changes that starting from start made sense. Mostly was missing the Listen 443 in the httpd.conf file
I have a server with Apache2 (on port 80) and Glassfish (on port 8080). I'd like to configure Apache to transparently proxy al request to a certain virtual host to the glassfish Server.
I tried this, but it doesen't work:
<VirtualHost *>
ServerName tognettiimmobiliare.com
ServerAlias www.tognettiimmobiliare.com
ProxyRequests on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass / http://tognettiimmobiliare.com:8080/tognettiWEB/
ProxyPassReverse / http://tognettiimmobiliare.com:8080/tognettiWEB/
</VirtualHost>
Can anybody tell me why? Thanks
I am proxying Jenkins and Redmine from a different port with mod_proxy, my configuration looks something like this, sans an additional <Proxy> part which I believe is not needed:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyPass /jenkins/ http://localhost:8080/jenkins/
ProxyPassReverse /jenkins/ http://localhost:8080/jenkins/
ProxyPass /redmine/ http://localhost:81/redmine/
ProxyPassReverse /redmine/ http://localhost:81/redmine/
There are two things to keep in mind:
The context needs to be the same in both proxy and proxied URLs, like /jenkins/ and .../jenkins/
You should not use external URLs for the proxied page because it will then try to route out to the internet and connect from there, this is slow and firewalls might block the port. Use local machine names or IPs.
I use a simple VirtualHost like so which works.
<VirtualHost *:80>
# ServerName www.itmanx.com
ProxyPass / http://www.itmanx.int/
ProxyPassReverse / http://www.itmanx.int/
</VirtualHost>
make sure you have mod_proxy and mod_proxy_http loaded
I enabled JK on Glassfish by going to Configurations -> server-config -> HTTP Service -> Http Listeners -> jk-listener and enabled it.
Then set up the in my Apache config to proxy this way so the SSL data also gets transmitted.
<Location /util>
SSLOptions +StdEnvVars +ExportCertData
ProxyPass ajp://localhost:8004/util
</Location>
One caveat though, mod_proxy_wstunnel does not seem to work with this or at least I haven't found out how to yet since I use WSS and https://issues.apache.org/bugzilla/show_bug.cgi?id=55320 needs 2.4.10 which is not released yet.