I am trying to develop a RESTful service using Apache 2 and mod_fastcgi as my transport and security layer.
What I am trying to achieve is that a C++-application is called when a request is made. Then I want to use the HTTP method and the URI to decide (inside the application) which of the (internal) resources should be accessed and in which way.
Calling my C++-FastCGI application works (located # /var/www/html/foo/fastcgi_test). But only with a specific URI - the URI where my binary is located:
If I open http://127.0.0.1/foo/fastcgi_test in a browser my application runs and returns a html test page like I want.
Trying e.g. http://127.0.0.1/foo/bar returns a page with a 404. But I would like the same application to be called (fastcgi_test).
My configuration (so far) looks like this:
<IfModule mod_fastcgi.c>
FastCgiIpcDir /var/lib/apache2/fastcgi
<Location /foo>
SetHandler fastcgi-script
</Location>
FastCgiServer /var/www/html/foo/fastcgi_test -flush
</IfModule>
I read the mod_fastcgi manual and dug through the Apache manuals, but I can't find the right hint. It seems I don't seach for the right key word.
As I am very new to Apache configuration I maybe/hopefully just miss the right starting point.
How do I configure Apache/mod_fastcgi to send requests to a "branch of URIs" to the same FastCGI process? Can somebody provide a pointer?
The key is to use an alias. I also moved the FastCGI program out of the content area of Apache into a separate directory (/var/www/fastcgi).
My solution looks like this:
<IfModule mod_fastcgi.c>
FastCgiIpcDir /var/lib/apache2/fastcgi
<Directory /var/www/fastcgi>
SetHandler fastcgi-script
</Directory>
<Location "/foo">
Require all granted
</Location>
FastCgiServer /var/www/fastcgi/fastcgi_test -flush
AliasMatch "/foo(.*)" "/var/www/fastcgi/fastcgi_test"
</IfModule>
Related
As part of upgrading a legacy Java application (hosted on Weblogic cluster), one section of this application will be replaced by a single page application (REACT), calling out over an API to various services that contain migrated backend functionality. For now until all UI dependencies are ported off the legacy application, the REACT SPA will still be hosted inside a JSP page (some common JSP code has not been ported, and so will be present on the JSP page hosting the react app).
The infrastructure hosting this setup is currently an Apache server, routing to the Weblogic cluster or newer services as needed. Proxying to the weblogic cluster was simple before, as all *.jsp pages were routed to the cluster with a simple weblogic plugin block:
<IfModule mod_weblogic.c>
WebLogicCluster server1:port,server2:port
MatchExpression *.jsp
</IfModule>
However with the new SPA, I also need a whole set of routes to proxy to a single .jsp page containing my SPA. If my goal was only to proxy by path, I could solve that easily with apache weblogic plugin:
<Location /newSection/>
WLSRequest On
WebLogicCluster server1:port,server2:port
PathTrim /newSection/
PathPrepend SPA.jsp
DefaultFileName SPA.jsp
</Location>
However this only works for the base /newSection/ url, as a url like
http://host/newSection/spa-route
gets proxied to
http://host/SPA.jsp/spa-route
which is obviously not valid.
No amount of PathTrim, PathPrepend, or anything else I try for the weblogic plugin solves the problem that I am trying to proxy by path to a single URI (everything needs to proxy to http://host/SPA.jsp, SPA router handles the rest)
I am currently experimenting with just using mod_rewrite and mod_proxy instead, as RewriteRule [P] allows me to proxy to a single URI on the cluster (cluster IP coming from Proxy balancer). However this is much more complicated to set up (still trying), and I have to implement things like session stickiness myself.
A solution for how to use the mod_weblogic plugin to proxy to a particular URI would be great, but examples of how to use mod_rewrite, mod_proxy, and/or mod_proxy_balancer to achieve this proxying to a single URI on a weblogic cluster would be extremely helpful as well.
Turns out there was an apache feature (Passthrough) I was not aware of (or at least how exactly it works) that can bridge Apache rewrite rules to the weblogic plugin nicely.
RewriteRule /newSection/.*$ /SPA.jsp [PT,L]
The passthrough rewrites the URI to http://host/SPA.jsp WITHOUT doing a rewrite. The passthrough then explicitly passes that new URI back through the rule stack and other modules. At this point the original weblogic plugin rule I had that proxies by MIME type to the cluster (*.jsp) will pick up the URI and work nicely.
This way Apache takes care of rewriting a set of paths to a specific URI, and the weblogic plugin nicely takes care of the rest (proxying to cluster, load balancing, sticky sessions, etc.)
Here is how you use weblogic plugin to direct individual urls, feel free to change options as per your requirement:
Create a virtual host file:
<VirtualHost *:80>
SSLEngine on
ServerName fqdn
ServerAlias alias
ServerAdmin webmaster#localhost
Header always append X-Frame-Options DENY
DocumentRoot /var/apache2/htdocs
<Directory /var/apache2/htdocs>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule mod_weblogic.c>
debug ERR
FileCaching on
WLIOTimeoutSecs 600
Idempotent ON
FileCaching ON
DynamicServerList ON
KeepAliveEnabled OFF
<Location /newsection>
SetHandler weblogic-handler
WebLogicCluster host1:port,host2:port
</Location>
<Location /newsection/SPA.jsp>
SetHandler weblogic-handler
WebLogicCluster host3:port,host4:port
</Location>
<Location /SPA.jsp>
SetHandler weblogic-handler
WebLogicCluster host5:port,host6:port
</Location>
</IfModule>
</VirtualHost>
I would like to deploy my war file, lets call it myapp-1.0.war, to tomcat 8, and be able to access the app with url http://<hostname>/myapp
I tried to achieve this by editing the webapps.conf in apache httpd 2.4 with the following content:
# Rewrite rule for URL without a trailing slash
<IfModule rewrite_module>
RewriteRule ^/myapp$ /myapp/ [R,L]
</IfModule>
Alias /myapp "E:/apache-tomcat-instances/instance01/webapps/myapp-1.0"
<Directory "E:/apache-tomcat-instances/instance01/webapps/myapp-1.0">
AllowOverride None
Require all granted
</Directory>
<IfModule jk_module>
JkMount /myapp/* worker01
</IfModule>
However, this does not work. When I go to url http://<hostname>/myapp, I get redirected to http://<hostname>/myapp/, but I get a 404 in return.
Any hints of what I'm doing wrong?
Remove the use of mod_rewrite, adjust your paths in httpd.conf, and use Tomcat's built-in versioning for WAR files:
C:\> REN "E:/apache-tomcat-instances/instance01/webapps/myapp-1.0" "E:/apache-tomcat-instances/instance01/webapps/myapp##1.0"
This also allows you to deploy a new version, say, myapp##1.1 and have them both deployed at the same time. Users without a session will go to the newer version, and users with existing sessions will go to their assigned version.
Check out Tomcat's documentation for parallel deployment.
A short explanation of what I'm doing is: I need to automatically create virtualhosts for each ip address on my machine, make it point to the vsftpd user directory (/home/xxx) and deny any kind of scripts from being executed.
I want to stop any kind of webpages and especially PHP scripts from being executed, because it would post a huge security risk(apache is sudo). The purpose of this virtualhost is purely to serve game resource files, extentions like .wav , .mdl , .tga , .spr and so on.
I searched around and found this
deny from all
<filesmatch "\.(avi¦wmv¦mpg¦mov)$">
Allow from all
</filesmatch>
But this is .htaccess content. How can I implement this functionality of only allowing certain extentions inside my httpd.conf file? It would be a pain to make it use .htaccess, and a risk because users might edit them.
Please refrain from any comments unrelated to my question, such as "sudo apache? you're a dumbass" and so on.
There is no such thing as .htaccess only content. The is a huge misconception. Most of time you do NOT want to use .htaccess and Apache recommends that you not use it unless necessary. Apache rules can always be put in the server config.
When not to use .htaccess
Now you can put that in your VirtualHost directive. The same location where your document root is defined.
The FilesMatch directive can be used in these context.
Context: server config, virtual host, directory, .htaccess
http://httpd.apache.org/docs/current/mod/core.html#filesmatch
So in your vhost file you can add a Directory directive like this example.
<Directory /path/to/documentroot/>
Deny from all
<FilesMatch "\.(avi|wmv|mpg|mov)$">
Allow from all
</FilesMatch>
</Directory>
If you are using Apache 2.4 then you need to use Require.
<Directory /path/to/documentroot/>
Require all denied
<FilesMatch "\.(avi|wmv|mpg|mov)$">
Require all granted
</FilesMatch>
</Directory>
I have a mod_wsgi application running under Apache2, and whenever there is an uncaught exception, the default Apache HTTP 500 error page is shown despite the fact that I have ErrorDocument 500 /500.html in my Apache config.
Is there some mod_wsgi directive I can use to display my custom error page? I'm not looking for something I can put in my mod_wsgi script as that won't help if there is an error in the script.
Edit 2: When using the below configuration browsing to /cgi-bin/test.wsgi displays the custom error page successfully, but browsing to /test displays the default Apache one.
Edit: Here is a small sample configuration that gives me the same problem:
/etc/apache2/sites-enabled/test
<VirtualHost *:80>
ServerName foo.example.com
DocumentRoot /path/to/docroot/
<Directory /path/to/docroot/>
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ /path/to/docroot/cgi-bin/
<Directory /path/to/docroot/cgi-bin/>
Options +ExecCGI
AddHandler wsgi-script .wsgi
Order allow,deny
Allow from all
</Directory>
ErrorDocument 500 /500.html
WSGIDaemonProcess test user=www-data group=www-data processes=4 threads=1 display-name=%{GROUP}
WSGIProcessGroup test
</VirtualHost>
/path/to/docroot/.htaccess
RewriteEngine on
RewriteBase /
RewriteRule ^test/?$ /cgi-bin/test.wsgi/ [L,QSA]
/path/to/docroot/500.html
<html><body>This be 500.</body></html>
/path/to/docroot/cgi-bin/test.wsgi
hi
What does the URL /500.html map to with the Apache configuration used?
If it doesn't map to a valid URL and so an attempt to issue a sub request against it generates a 404, then Apache will thence return a generic 500 response.
Have a look in your access log for the /500.html access and see if it indicates a 404.
By default the WSGI application takes complete control over the request and response cycle, so any Apache error handlers will be bypassed.
You will likely need a WSGIErrorOverride On directive before the Apache settings work. I have not tried this myself yet, but in tracking down advice on a similar goal for an ops team (having Apache return its own static error page when a Django app gives a 500) I came across this via How to return an apache error page from a wsgi app? and — with the opposite goal — How to configure Apache with mod_wsgi so that error messages come from the application?.
The original description for this feature as it was being added to mod_wsgi was:
In the case of mod_proxy there exists the ProxyErrorOverride directive,
which allows one to say that you want error pages generated by the back end
application to be ignored when appropriate, and allow Apache to generate
the content through its normal ErrorDocument directives.
An equivalent WSGIErrorOverride directive should be implemented to allow
WSGI applications to be better fitted into a large site where the WSGI
application isn't the only source of content, but just one contributor.
So it does sound like what we are after. Note that this was added to mod_wsgi version 3.0 and later, which have hopefully been out long enough to be in common use.
Im trying to finish the set up of roundcube by adding a virtualhost so every subscription on server will use the webmail.servername.com to access it.
I have uploaded this roundcube.conf file with the code:
<VirtualHost ip-one:7080 \ ip-two:7080 \ local-ip:7080>
ServerName roundcube.webmail
ServerAlias roundcube.webmail.*
ServerAdmin "fdmatte#gmail.com"
DocumentRoot "/var/www/roundcube/"
<Directory "/var/www/roundcube/">
Options +FollowSymLinks
DirectoryIndex index.php
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
</IfModule>
# This is needed to parse /var/lib/roundcube/.htaccess. See its
# content before setting AllowOverride to None.
AllowOverride All
order allow,deny
allow from all
</Directory>
The issues im having are the following:
Using this file when i access my a website like http://www.mywebiste.com it gets routed to http://mywebsite.com
When i access webmail.mywebsite.com roundcube gets loaded but it cant find included files like css and js
It only works correctly if i access the ip-one:7080, then it works fine load up all css and js and i can login, check and send emails.
Is there something wrong with my settings?
Im using a plesk 11.5.30
Redirect http://www.mywebiste.com -> http://mywebsite.com can be switched off in Domain's hosting setting it's "Preferred domain" dropdown
Second issue can appears if you have wildcard subdomain *.mywebiste.com, this is well know plesk 11.5 bug so you can just ask Paralles support for solution. (You can workaround it by youself via customizing virtual hosting templates, but you should know how all this plesk backend works).
It's works for ip-one:7080 because Plesk 11.5 don't configure nginx webmail's config for every domain, just for wildcard webmail.*. So, nginx choose "wrong" virtual server and point it to virtual server of this wildcard subdomain which has location "/internal-nginx-static-location/" where static files will be looking by nginx(he know that is is static files because Plesk apache module mod_aclr2 provide such info for him ), but this location point to vhost folder of subdomain.
It's maybe something else, but I can't say more accurate just by your description.