I'm already using mod_proxy to redirect from example-domain.com to example-domain.com:8080, well without CloudFlare (reserve proxy) it works... but with CloudFlare it just response an error 1000 DNS points to prohibited IP. Any chances to get trough this and still use CloudFlare to protect myself? I don't want that the address show something like this with mod_rewrite http://example-domain.com:8080, that's why I'm redirecting, hosting on port 80 is impossible so no changes there.
My vhost config:
<Directory /var/www/example-domain.com>
AllowOverride None
Require all denied
</Directory>
<VirtualHost *:80>
DocumentRoot /var/www/example-domain.com/web
ServerName example-domain.com
ServerAlias www.example-domain.com
ServerAlias alias.example-domain.com
ServerAdmin webmaster#example-domain.com
ProxyPreserveHost On
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://example-domain.com:8080/
ProxyPassReverse / http://example-domain.com:8080/
</VirtualHost>
Regardless of what port you are accessing CloudFlare through, CloudFlare has a tendency to try port 80/443 first. If it can connect to these ports during it's own proxying it stops there and then does not try the port you actually wanted (in your case 8080).
Therefore this looks like a cyclic loop, you are pointing your requests from CloudFlare to proxy to point back through CloudFlare to the server at port 8080. CloudFlare is then stripping the port 8080 and connecting via a plain connection.
The best way to fix this is to simply to set your ProxyPass to go through a URL that doesn't run through the CloudFlare network or simply through localhost.
So either change the ProxyPass in your VirtualHost to:
ProxyPass / http://direct.example-domain.com:8080/
ProxyPassReverse / http://direct.example-domain.com:8080/
Where direct.example-domain.com does not route through the CloudFlare network (a grey cloud in your CloudFlare DNS, providing you're doing a full-host CloudFlare set-up).
Alternatively change your proxy pass to go via the localhost:
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
Have fun!
Related
I just set up a JupyterHub and wanted to proxy a subdomain to the according port (sub.domain.com should point to 127.0.0.1:5000) in this case.
So I used ProxyPass and ProxyPassReverse in my server.conf. To my confusion, when setting up the redirect for the SSL-Site, it did not work when i proxied to https://127.0.0.1:5000 but I had to proxy to http://127.0.0.1:5000. Otherwise my browser would show a 500 - Proxy Error ("Error during SSL Handshake with remote server".)
So: Is the security of my connection in any way compromised when redirecting to http?
And more important: Why does it not work when I redirect to https://?
This is my full .conf:
<VirtualHost XX.XXX.XXX:XX:80>
SuexecUserGroup "#1000" "#1000"
ServerName sub.domain.com
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
</VirtualHost>
<VirtualHost XX.XXX.XXX:XX:443>
SuexecUserGroup "#1000" "#1000"
ServerName sub.domain.com
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/sub.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sub.domain.com/privkey.pem
#Include /etc/letsencrypt/options-ssl-apache.conf
SSLProxyEngine On
#SSLProxyVerify none
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
</VirtualHost>
I already played around with the ProxyEngine Options, but couldn't make it work.
Since your JupiterHub is running with plain HTTP on 127.0.0.1:5000 you need to use ProxyPass http://127.0.0.1:5000. Using https://... instead would mean that Apache would try to connect to your JupiterHub by HTTPS, which fails because it does not speak HTTPS.
This plain HTTP connection is internal on your machine only though. For external access you have Apache as reverse proxy which based on your configuration provides both HTTP and HTTPS access from outside and proxies it internally to your JupiterHub. Proxying plain HTTP directly to your JupiterHub is likely a bad idea though, instead it should redirect to the HTTPS version of your site with something like this:
<VirtualHost XX.XXX.XXX:XX:80>
ServerName sub.example.com
Redirect permanent / https://subexample.com/
</VirtualHost>
Additionally it is recommended to enforce HTTPS for the site by setting HSTS.
So: Is the security of my connection in any way compromised when redirecting to http?
The traffic can be intercepted if you keep proxying plain HTTP from outside directly to your JupiterHub instead of redirecting it to HTTPS. As for needing HTTPS on localhost itself see Is there a benefit to having SSL connections on localhost?
I am stuck on an apache configure issue. The website keeps loading. It seems like an infinite redirection issue.
I am setting up a reverse proxy. The purpose is to host two web servers(Wordpress and Flask) on the same machine. I want some requests go to wordpress and some of goes to Flask. My solution is to let Wordpress listening on port 8080 and Flask listening on port 8081. In the setting below, I am trying to redirect all requests to port 8080(I will add flask later). But, it doesn't work. The website keeps loading. Can I get some help?
My setting is:
<VirtualHost *:80>
DocumentRoot /wordpress/wp-content
SSLProxyEngine On
ProxyPreserveHost On
ServerName aa.mcmaster.ca
ProxyRequests off
ProxyPass / http://aas.mcmaster.ca/:8080
ProxyPassReverse / http://aaas.mcmaster.ca/:8080
</VirtualHost>
Thanks!
Use below ProxyPass and test.
ProxyPass / http://aa.mcmaster.ca:8080/
ProxyPassReverse / http://aa.mcmaster.ca:8080/
I'm using WSO2 API Manager. I have fronted API Manager(tomcat) with an Apache HTTP Server.
For the URL api.abc.xyz.lk a public IP has been assigned. For that public IP a local IP which is 192.168.6.162 has been assigned. I have added a virtual-host to redirect all the http://api.abc.xyz.lk to http://192.168.6.162:9763/store.
What I'm trying to do here is redirect all the http://api.abc.xyz.lk requests to http://192.168.6.162:9763/store.
Below is the virtual-host block I use.
<Virtualhost *:80>
ServerName api.abc.xyz.lk
ServerAlias api.abc.xyz.lk
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://192.168.6.162:9763/store
ProxyPassReverse / http://192.168.6.162:9763/store
</Virtualhost>
The problem is
the URL that works is as below
http://api.abc.xyz.lk:9763/store
But actually what I want is
http://api.abc.xyz.lk
How can I fix this?
you need to modify this proxy pass
ProxyPass /store http://192.168.6.162:9763/store
ProxyPassReverse /store http://192.168.6.162:9763/store
this will do the trick..
make sure to enable the proxy ports in server, you can configure proxy ports by editing "catalina-server.xml" in $UES_HOME/repository/conf/tomcat/catalina-server.xml
I have multiple urls coming into a server. I want to user host headers to redirect the traffic. I am trying to use Apache to redirect these requests to various servers that are inside our firewall. I have gotten part of the solution, but, I seem to be missing something.
For example, http://hostHeader1.mycompany.com should be redirected to a server inside our firewall that handles requests for hostHeader1, and the result should be handed back to the client. http://hostHeader2.mycompany.com should be redirected to a server inside our firewall that handles requests for hostHeader2. Etc.
Right now, I have the following, but, it redirects all traffic to http://hostHeader1Handler/:
<VirtualHost *:*>
ProxyPreserveHost On
ProxyPass / http://hostHeader1Handler/
ProxyPassReverse / http://hostHeader1Handler/
ServerName hostHeader1.mycompany.com
</VirtualHost>
Any help appreciated.
Scott
This is probably your first or your only virtual host. Just add another virtual host before. Then this should be the new default.
NameVirtualHost *:*
<VirtualHost *:*>
ServerName your.default.domain.de
DocumentRoot /var/www/pathToHTML
</VirtualHost>
<VirtualHost *:*>
ProxyPreserveHost On
ProxyPass / http://hostHeader1Handler/
ProxyPassReverse / http://hostHeader1Handler/
ServerName hostHeader1.mycompany.com
</VirtualHost>
I'm having trouble with making a subdomain to my Windows computer while using AJP to proxy to Tomcat. This is what I have in my httpd.conf file:
<VirtualHost *:80>
ServerName subdomain.localhost
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://localhost:8009/folder/
ProxyPassReverse / ajp://localhost:8009/folder/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
The subdomain has been added to `c:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 subdomain.localhost
When I go to http://localhost i goes straight to the proxy. When I go to http://subdomain.localhost i goes to the proxy as well. How do I make is so the subdomain only goes to the proxy and the regular goes to Apache?
You need to declare a second VirtualHost with localhost as the ServerName.
This should probably be moved to superuser.com but one thing to try:
<VirtualHost *:80> informs it to accept all incoming connections on port 80 to use these settings. I would try changing it to say:
<VirtualHost subdomain.localhost:80>
and see if that only applies these settings when the subdomain is used.
The ServerName tag that you put with the subdomain doesn't tell it who to listen for. The official documentation states:
The ServerName directive sets the
hostname and port that the server uses
to identify itself. This is used when
creating redirection URLs. For
example, if the name of the machine
hosting the web server is
simple.example.com, but the machine
also has the DNS alias www.example.com
and you wish the web server to be so
identified, the following directive
should be used:
You can read more on these configurations here.