We Keep Coding

Try to setup jitsi behind a apache2 reverse proxy

Iam using a ubuntu 18.04 linux VM as a reverse proxy to forward https subdomains to intern targets f.e. guacamole.mydomain.com and jitsi.mydomain.com.
Each system is a seperate linux VM.
public ip --> web reverse proxy 192.168.2.10 --> guacamole.mydomain.com 192.168.2.20 and jitsi.mydomain.com 192.168.2.30
guacamole is working as expected but iam facing some issues with fowarding https to jitsi.mydomain.com.
All other ports are directly forwarded to jitsi without a proxy.
i created two conf files in /etc/apache2/sites-enabled one for jitsi and one for guacamole and generated a lets encrypt cert with certbot --apache.
When i try to open jits.mydomain.com from outside, i get the following Error: ERR_TOO_MANY_REDIRECTS.
Within the network jitsi is reachable via https, so what did i miss?
unfortunately iam not very familiar with proxy and apache.
thanks in advance guys.
jitsi.conf
<VirtualHost *:80>
ServerName jitsi.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.2.30:80/
ProxyPassReverse / http://192.168.2.30:80/
RewriteEngine on
RewriteCond %{SERVER_NAME} =jitsi.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
jitsi-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName jitsi.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.2.30:80/
ProxyPassReverse / http://192.168.2.30:80/
SSLCertificateFile /etc/letsencrypt/live/jitsi.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jitsi.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
guacamole.conf
<VirtualHost *:80>
ServerName guacamole.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
<Location />
Order allow,deny
Allow from all
ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
ProxyPassReverse http://192.168.2.20:8080/guacamole/
ProxyPassReverseCookiePath /guacamole /
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
</Location>
SetEnvIf Request_URI "^/tunnel" dontlog
CustomLog /var/log/apache2/guac.log common env=!dontlog
RewriteEngine on
RewriteCond %{SERVER_NAME} =guacamole.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
guacamole-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName guacamole.mydomain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
<Location />
Order allow,deny
Allow from all
ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
ProxyPassReverse http://192.168.2.20:8080/guacamole/
ProxyPassReverseCookiePath /guacamole /
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
</Location>
SetEnvIf Request_URI "^/tunnel" dontlog
CustomLog /var/log/apache2/guac.log common env=!dontlog
SSLCertificateFile /etc/letsencrypt/live/guacamole.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/guacamole.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Just stumbled upon your question while looking for a solution of a different problem on Jitsi but I think you'll find a useful solution in this page:
https://debamax.com/blog/2020/03/18/installing-jitsi-behind-a-reverse-proxy/
It's not my solution. I'm just trying to help.
Cheers

How to disable http to https re-direct in Jenkins?

I currently have Jenkins running behind SSL with http re-driecting to https. For a custom integration which doesn't support SSL yet, I need to disable the http to https re-direct. I am unable to do so by commenting the re-direct in apache conf.
Following is my apache config.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyVia On
Redirect permanent / https://jenkins-tb.myorg.com/
# RewriteEngine On
# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?login/(.*) https://%{SERVER_NAME}/login/$1 [R,L]
</Virtualhost>
<VirtualHost *:443>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/crt/jenkins-asd.myorg.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/key/server_jenkins-asd.myorg.com.key
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# ProxyPassReverse /login http://jenkins-thunderbolt.myorg.com/login
# ProxyPassReverse /login https://jenkins-thunderbolt.myorg.com/login
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "https"
RequestHeader set X-Forwarded-Port "443"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
# AllowEncodedSlashes NoDecode
</VirtualHost>
How do i re-enable http without disabling https? Basically need to stop re-direction from http to https.

Based on you configuration, replace the <VirtualHost *:80> block with the following. But please note, passwords are now transfered in clear text.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "http"
RequestHeader set X-Forwarded-Port "80"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
</Virtualhost>
This also includes that /sonar is also available over http.

Apache 2.2 reverse-proxy behind Nexus 3

The apache server is configure with following items :
<VirtualHost *:80>
...
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /jenkins/ http://localhost:8080/ timeout=300
ProxyHTMLURLMap http://localhost:8080 /jenkins
<Location /jenkins/>
ProxyPassReverse /
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLURLMap / /jenkins/ [L]
RequestHeader unset Accept-Encoding
</Location>
ProxyPass /nexus/ http://localhost:8081/ timeout=300
ProxyHTMLURLMap http://localhost:8081 /nexus
<Location /nexus/>
ProxyPassReverse /
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLURLMap / /nexus/ [L]
RequestHeader unset Accept-Encoding
</Location>
ProxyVia On
</IfModule>
Jenkins proxy works fine.
Nexus proxy load the page but cannot load resources. The HTML page ressources are not defined with the right path, instead of myhost.domain/nexus/static/... the URLs are myhost.domain/static/.... What's going wrong in the configuration ?

The solution is to switch Nexus context path configuration to '/nexus/'. In general, it seems that the nexus context path must match the proxy context path.

ProxyPass and DocumentRoot on one domain

Let's say I have the following configuration:
<VirtualHost domain.com>
# Server names, admins, logs etc...
ProxyVia On
ProxyRequests Off
<Location "/">
ProxyPass http://localhost:8080/tomcat-webapp/
ProxyPassReverse http://localhost:8080/tomcat-webapp/
Order allow,deny
Allow from all
</Location>
</VirtualHost>
Now, I want the address domain.com/forum to display content of my MyBB forum, which has its files inside the /var/www/forum directory. How to accomplish this?

Actually, I resolved this problem with the following code:
ProxyPass /forum !
ProxyPass / http://localhost:8080/tomcat-webapp/
ProxyPassReverse / http://localhost:8080/tomcat-webapp/
Alias /forum /var/www/forum

What it is recommending is using mod_rewrite to perform the ProxyPass instead of ProxyPass/ProxyPassReverse command.
Try something like:
RewriteRule ^/forum - [L]
RewriteRule ^/(.*) http://localhost:8080/tomcat-webapp/$1 [P,L]
ProxyPassReverse / http://localhost:8080/tomcat-webapp/

I use:
<VirtualHost *:80>
#other irrelevant configs here
ProxyPass /forum http://localhost:8080/myBB
ProxyPassReverse /forum http://localhost:8080/myBB
ProxyPass / http://localhost:8081/tomcat-app
ProxyPassReverse / http://localhost:8081/tomcat-app
</VirtualHost>
You don't have to say "tomcat-app" if your tomcat app is the root app.

Apache and tomcat in the same Virtualhost

I have a virtualhost that looks like :
<VirtualHost *:80>
ServerName www.mysite.com
SetOutputFilter DEFLATE
RedirectMatch ^/manager$ http://www.fna.fi/manager/
DocumentRoot /build/vhosts/mysite.com
ErrorLog /build/logs/site.com-error.log
CustomLog /build/logs/site.com-access.log combined
ProxyRequests Off
RewriteEngine on
ProxyPass /manager http://127.0.0.1:8060/manager/ retry=0
ProxyPassReverse /manager http://127.0.0.1:8060/manager
ProxyPass / http://127.0.0.1:8060/app/ retry=0
ProxyPassReverse / http://127.0.0.1:8060/app/
</VirtualHost>
Now I want to add a blog in /build/vhosts/mysite.com. So it will be : http://www.mysite.com/blog but when I access this site it looks like its being forwarded to Tomcat (most likely due to the "ProxyPass /...".
Is there a way to make it work for the scenario I have?
Thanks!

Currently anything will be forwarded to the tomcat:
ProxyPass / http://127.0.0.1:8060/app/ retry=0
ProxyPassReverse / http://127.0.0.1:8060/app/
You have to add a alias before your proxy directives to your config:
Alias /blog /build/vhosts/mysite.com
<Location /blog>
# make some configs for this location like...
Options FollowSymLinks
AllowOverride None
</Location>