How to implement a reverse proxy for one subdomain - reverse-proxy

I have a set of servers behind a firewall. It only supports port forwarding. So far all my subdomains (www., server., beta., cloud.) are all on one server (OS X Server).
I also have a dev. subdomain that is on a separate Freebsd server. form my internal network i can use my DNS to send traffic to the correct server for the dev. subdomain. but when i access from outside i cannot get to the dev server via port 80 as that port is forwarded to the main server.
Rather than using a none standard port I would like to reverse proxy back to the dev server from my main server but it looks like this is for URL's not for subdomains. Is there a way i can route all requests for dev.example.com to the internal development server via my main server.
Thanks..

Yes, that's a standard use case for all common rproxies, and you'll find almost ready to use examples in their respective documentations. With nginx the basic setup will look like this (put this a file in the enabled-sites subdirectory):
server {
# prod marked as default so lost traffic ends up on production
listen 192.168.0.1:80 default;
server_name production.your.domain;
access_log /var/log/nginx/production-access.log;
location / {
proxy_pass http://your.production.server:80;
}
}
server {
listen 192.168.0.1:80;
server_name dev.your.domain;
access_log /var/log/nginx/development-access.log;
location / {
proxy_pass http://your.development.server:80;
}
}
With Pound you could use something like
Service
HeadRequire "Host: .*production.your.domain.*"
BackEnd
Address your.production.server
Port 80
End
End
Service
HeadRequire "Host: .*dev.your.domain.*"
BackEnd
Address your.development.server
Port 80
End
End
# and a safety net for lost traffic
Service
URL "/"
Redirect "http://production.you.domain"
end;
Apache's mod_proxy is also possible, but due to lack of hands on experience with that combo I had to borrow an example from an Atlassian documentation webpage:
# Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
# Put this with your other VirtualHosts, or at the bottom of the file
NameVirtualHost *
<VirtualHost *>
ServerName confluence.example.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://confluence-app-server.internal.example.com:8090/
ProxyPassReverse / http://confluence-app-server.internal.example.com:8090/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
<VirtualHost *>
ServerName jira.example.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://jira-app-server.internal.example.com:8080/
ProxyPassReverse / http://jira-app-server.internal.example.com:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

Related

How to redirect https request from one port to another

I have a VPS host that handles a subdomain (gate.domain.eu).
Right now I have a secondary machine in a private network connected to VPN running a gitlab instance. Using vpn,and port forwarding, i managed to bring that gitlab instance to https://gate.domain.eu:8443.
How can I configure the apache server that it will point another subdomain eg(gitlab.domain.eu) to https://gate.domain.eu:8443?
The ideea is that a user should access gitlab trough gitlab.domain.eu.
I configured DNS server for gitlab.domain.eu and configured apache virtual host as follows:
<VirtualHost *:80>
ServerAdmin me#mydomain.com
ServerName gitlab.domain.eu
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://gate.domain.eu:8443/
ProxyPassReverse / https://gate.domain.eu:8443/
</VirtualHost>
When accessing gitlab.domain.eu I get:
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request."

Apache reverse proxy https config leads to 503 error

Hope someone can point me in the right direction. I've been trying to get this to work for many hours :(
Scenario - I have a DMZ where I've set up the Apache server. I need to securely talk to the internal server where I have set up another Apache server which is reverse proxied again to a localhost app within the server.. So, basically..
outside world > internet (https://app1.com) > dmz (apache reverse proxy) > internal server (apache reverse proxy - https://app1prod.com) > (http) > localhost:8080
Now, in dmz, I can directly access https://app1prod.com without issues. But, I can't for the life of me get https://app1.com to work from dmz. I get a '503 service unavailable' message :( Here is my apache config in dmz..
<VirtualHost *:443>
ServerName app1.com
ProxyRequests off
SSLProxyCheckPeerName off
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
LogLevel debug
SSLEngine on
SSLProxyEngine on
SSLCertificateFile "xxx/cert.crt"
SSLCertificateKeyFile "xxx/key.key"
SSLCertificateChainFile "xxx/certchain.crt"
ProxyPass / https://app1prod.com/
ProxyPassReverse / https://app1prod.com/
<Proxy *>
order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost on
ProxyTimeout 1200
</VirtualHost>
On my httpd.conf, I have the following modules loaded in addition to the defaults..
mod_proxy.so
mod_proxy_connect.so
mod_proxy_http.so
mod_ssl
mod_rewrite.so
mod_socache_shmcb.so
mod_ssl.so
What am I doing wrong? Please help! Thanks a lot..
Try removing ProxyPreserveHost on.
With that directive enabled, the proxied requests will be send to server defined in ProxyPass directive, but the HTTP Host: header will be preserved from initial request. In your case, the requests sent by Apache to app1prod.com will have Host: app1.com header, and app1prod.com i not configured (probably deliberately) to respond to such request.

How to configure Apache Proxy? Need to send requests without a domain name to a diff server

I have a CentOS 6.7 server with Webmin and Virtualmin installed, hosting 15+ websites.
All works as it should.
However, if a request comes in without a domain name (directly to http://1.1.1.1 for example) I want to send that to another server on my local network say 192.168.1.10
I have done this before and dont remember it being complicated, but now I have spent many hours and frustration trying to make this work
I do not want to misconfigure Apache and end up letting hackers laugh at me and proxy thru my server, so I want to make sure it is configured correctly
I havent been able to make it work yet.
Here is my config:
<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
ProxyVia On
#
# To enable a cache of proxied content, uncomment the following lines.
# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details.
#
#<IfModule mod_disk_cache.c>
# CacheEnable disk /
# CacheRoot "/var/cache/mod_proxy"
#</IfModule>
#
</IfModule>
<VirtualHost *:*>
ProxyPreserveHost On
ProxyPass / http://192.168.1.1:80/
ProxyPassReverse / http://192.168.1.1:80/
</VirtualHost>
I GOT IT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
It can be fixed within Webmin/Virtualmin itself.
Just go to Virtualmin > (your default website) > Server Config > Edit Proxy Website
then put in your proxy address and enable it
like http://192.168.1.1:80
it has to be in that form, for example 192.168.1.1 WILL NOT WORK
:)

Symfony2: Use different port for Rest API

I currently starting a (Symfony2) project where I have to use a different port for HTTP-Communication of the REST-API (JSON/XML) then the normal HTML-Content.
Is this possible? And what is the best practice? Can this be solved by (Symfony-) routing? Goal is to provide the REST-API just for "internal" use (traffic coming from an internal ethernet-connection) and to "block" traffic which comes from a external connection.
Additional info:
I add a route /api/user e.g. for the User Rest API and /api/projects for the Project Rest API.
Can I do something like?
<VirtualHost *:81>
DocumentRoot /var/www/html/[Symfony-Folder]/web/api
</VirtualHost>
maybe you can try in your apache config to match your mydomain.tld/api route to a different port.
Also in your config file you can configure défault port like this :
# router configuration
router:
...
http_port: 81
But I don't know if you can define a port for different routes but maybe you can take a look on the router configuration.
You can do something like this I think :
<VirtualHost *:80>
ServerName mydomain.tld/api
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:81/
ProxyPassReverse / http://localhost:81/
</VirtualHost>
You listen on the port 80 but you redirect the traffic who match the /api path to a different port.

getting node.js app to work on port 3001

ok, this one is confusing me greatly!
If I add this to my apache conf:
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /node>
ProxyPass http://localhost:3001/
ProxyPassReverse http://localhost:3001/
</Location>
now, when I go to .../node, i see the following page:
"Welcome to socket.io."
But what I want to happen, is to see that page by typing in website:3001, but this just doesn't work. Why might this be?
Addiitional:
The server has a private IP, to which the router forwards IP traffic on ports 3000 and 3001. I can load the page using curl or wget using the private IP, but not the public IP. Any ideas why this might be?