I'm in the process of getting a SSL certificate for my website which i'm running of a VPS. My website also serves as a web service for some ios/android applications to fetch data from. I'm just wondering if installing and configuring a SSL Certificate in Apache will force everyone to contact the web server over HTTPS and refuse regular HTTP calls. Hince will my applications break until I've released an update making all server calls to HTTPS?
Cheers
Apache can handle both http and https at the same time.
Normally you setup your http site under something like httpd.conf which includes a line (might be commented out) something like:
Include extra/httpd-ssl.conf
which tells apache to load additional configuration for the httpd-ssl.conf file located in the 'extra' directory.
if you did a standard install of apache then the httpd-ssl.conf file is already there with a generic template for the HTTPS site, just modify it as necessary and (if needed) uncomment the Include line above in httpd.conf.
Related
I have the following question that I do not know how to solve it in the most efficient way.
I have two servers, one with Apache where I have a Wordpress instance responding for port 80, and on another server I have a Wildfly with another application listening on port 8080. The Wordpress that I have configured on the Apache server, responds to the URL http://www.somedomain.com What I'm not so clear about is how to do when a request arrives at http://www.somedomain.com/yyyy and redirects me to the Wildfly server where an application is responding to the URL : 8080 / app
How could I do it in the most effective way? Using the rewrite module in the .htaccess file or using the Apache proxy module and configuring it in the Apache virtual host? How would I have to do it?
Thank you very much in advance.
You're mixing a few things that are not related to each other. First of all, a redirect is something different than a proxy. Redirecting means asking the client (browser) to look at another URL. A proxy, on the other hand, retrieves the content of the other URL itself and passes it to the client. Using a proxy, the other URL remains invisible to the client.
Second, mod_rewrite is not limited to htaccess configuration. In fact it's better to configure mod_rewrite in the virtual host configuration, just as you suggested with the proxy configuration.
The htaccess is simply for users who are not allowed to mess with the server configuration itself. Configuration in the htaccess can be limited by the admin for security purposes at the cost of slowing down the server.
That said, if you are looking to map your wildfly server paths into your main server's paths, you might want to use something like this inside your main server's virtual host block:
<Location "/yyyy">
ProxyPass "http://wildfly:8080/app"
</Location>
See http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass for detailed explanations.
There are javaEE applications run on WebSphere server.
The thing I wanna do that to configure a http server that takes the request and redirect to my local websphere server.
For example:
This is live Project testProject.com/Otel..
I wanna reach my local project when I insert local.testProject.com/Otel..
The thing I have done so far I can reach my local apache server when I click local.testProject.com just with adding in host file in windows/system32/drivre/etc directory.
The thing I could not do so far. redirecting this incoming request to my apache server to websphere server.
Could you please help me on these. Dont hasitate to ask further questions.
I would be appreciated if you could give me some ideas with just commenting at least.
Good days..
IBM provides a specialty reverse proxy module for Apache called the WebSphere WebServer Plug-in. Its use is described in detail in the websphere documentation.
In simple configurations, you can just configure any server you already have as a reverse proxy.
Load mod_proxy and mod_proxy_http (varies depending on Apache distribution)
Append to your virtual host:
ProxyPreserveHost ON
ProxyPass /otel http://washostname.example.com/otel
# ProxyPassReverse likely not required in your case.
Of course there are thousands of places to read about setting up Apache as a reverse proxy and there are nearly no WebSphere specifics.
I have scrapyd installed in Ubuntu.
I also have a website with SSL enabled, I need to make request to links like https://IP_HERE:6800/listjobs.json?project=default inside my website.
But it looks like Scrapyd does not work with HTTPS.
Even if I open link in browser it just keeps loading and loading.
But if I make request using http:// instead of https:// it works. But I want it to work with HTTPS.
I thought I need to edit my SSL conf file to work with port 6800. I did but still its not working.
Here is my SSL config file looks like.
<IfModule mod_ssl.c>
<VirtualHost *:443 *:6800>
.... and rest of confguration...
By looking at the source code of scrapyd, it uses a TCPServer from Pythons socketserver module. It is not possible to enable SSL in a Python module via the Apache config file.
What you want to use is a HTTPS-to-HTTP proxy, which wraps up scrapyd's HTTP into an HTTPS protocol. You can use Apache for that, see this tutorial from Digital Ocean or this blog post.
I'm running SonarQube with a reverse proxy. However, I'm also using X.509 authentication between SonarQube and the database for security reasons. I can no longer connect to my PostgreSQL database after upgrading from 5.4 to 5.6 because the certificate isn't being passed.
Is there another way to configure SonarQube to use a local keystore when negotiating an SSL connection to the database?
Is there a plan to add SSL support back?
Is there a plan to add WAR-style deployments back?
I might be stuck at 5.4.
HTTPS is supported by SonarQube using a reverse proxy. Here is the official documentation and the link:
To run the SonarQube server over HTTPS, you must build a standard reverse proxy infrastructure.
The reverse proxy must be configured to set the value "X_FORWARDED_PROTO: https" in each HTTP request header. Without this property, redirection initiated by the SonarQube server will fall back on HTTP.
Using an Apache Proxy
We assume that you've already installed Apache 2 with module mod_proxy, that SonarQube is running and available on http://private_sonar_host:sonar_port/ and that you want to configure a Virtual Host for www.public_sonar.com.
At this point, edit the HTTPd configuration file for the www.public_sonar.com virtual host. Include the following to expose SonarQube via mod_proxy at http://www.public_sonar.com/:
ProxyRequests Off
ProxyPreserveHost On
<VirtualHost *:80>
ServerName www.public_sonar.com
ServerAdmin admin#somecompany.com
ProxyPass / http://private_sonar_host:sonar_port/
ProxyPassReverse / http://www.public_sonar.com/
ErrorLog logs/somecompany/sonar/error.log
CustomLog logs/somecompany/sonar/access.log common
</VirtualHost>
Using Nginx
We assume that you've already installed Nginx, that you are using a Virtual Host for www.somecompany.com and that SonarQube is running and available on http://sonarhost:sonarport/.
At this point, edit the Nginx configuration file. Include the following to expose SonarQube at http://www.somecompany.com/:
# the server directive is nginx's virtual host directive
server {
# port to listen on. Can also be set to an IP:PORT
listen 80;
# sets the domain[s] that this vhost server requests for
server_name www.somecompany.com;
location / {
proxy_pass http://sonarhost:sonarport;
}
}
Using IIS
SonarQube recommends the use of a Reverse Proxy to secure you sonar installation. With the help of IIS and the Url Rewrite module, that's a piece of cake to setup.
What you'll need:
IIS enabled on a machine (doesn't have to be the SonarQube machine, but I'm going to assume you're doing this on the same system)
The Url Rewite extension for IIS (https://www.iis.net/downloads/microsoft/url-rewrite)
The Application Based Routing extension for IIS (https://www.iis.net/downloads/microsoft/application-request-routing)
An SSL certificate (can be self signed or a real one)
First step is to create a IIS website which will act as the reverse proxy.
Unless you're required to do Kerberos authentication, you don't need to configure any form of authentication on your Reverse Proxy. It should forward the challenge from SonarQube if you've configured Active Directory integration there.
If you are using Kerberos or IIS Advanced protection, please look here for guidance on configuring that correctly. (https://blogs.technet.microsoft.com/latam/2015/06/24/kerberos-authentication-and-application-request-routing/)
Configure the binding to use SSL and setup the correct hostnames and the certificate. I'm cheating a little by using the IIS Express Development Certificate installed on my machine:
Next we'll open the URL Rewrite settings to configure reverse proxy:
Click Add Rule to create a new rule:
And pick "Reverse Proxy" from the list of templates:
Enter the destination server URL (can be http://localhost:9000, or even a remote server) and click OK to create the rule:
You're back in the URL Rewrite screen where we'll need to add an extra server variable which we'll send along with the request to the other server in order to tell SonarQube it's actually behind a Reverse Proxy that's doing the SSL offloading for it:
Click "Add..." to create the server variable:
Add the server variable "X_FORWARDED_PROTO" to allow the Rewrite Module to manipulate this header:
You should now have the variable listed in the Variable list. Click "Go back to Rules" to move back to the rules list:
Edit the URL Rewrite rule you've just created:
Expand the Server variables section of the rule definition:
Add the "X_FORWARDED_PROTO" header you've allowed in the previous step and give it the value "https":
Apply the changes:
And now you should be able to access SonarQube over SSL. You may want to configure the original SonarQube instance to only accept traffic from your reverse proxy or only accept traffic from localhost through the Windows Firewall.
Copied from:
USING IIS
Server setup documentation
Answer to point 2 : The only way to deal with HTTPS on SonarQube is to use a proxy.
Have a look at the documentation for more information.
Answer to point 3 : No, there's no plan to get back to WAR.
I've set up a host with apache to serve static pages and to use Tomcat to serve my web application (See this question). The static pages are server from
"http://myhost.com"
and the dynamic (tomcat) pages are server from
"http://myhost.com/myapp"
The mod_proxy makes sure the "http://myhost.com/myapp" are forwarded to tomcat server running on "http://myhost.com:8080".
The problem is that now you get the standard Tomcat introduction page on "http://myhost.com/myapp" but if you click on a local link (e.g. 'Status') on the left, it generates an URL
"http://myhost.com/manager/status" while it should generate: "http://myhost.com/myapp/manager/status"
(The same is true for webapps installed under tomcat)
What should be changed in my configuration (apache, tomcat?) to redirect my tomcat links to the right place?
Have you set the ProxyPassReverse setting in your httpd.conf. This will overwrite the HTTP Header an you'll get to the correct request on the side of tomcat.
Your URLs are mapped from:
http://myhost.com/myapp -> http://myhost.com:8080
This means that accessing the above URL will be mapped to the ROOT application in Tomcat. The ROOT application will generate pages that contain links from Tomcat's root context.
In other words, if you go to:
http://myhost.com:8080
you will get a page that contains links to
http://myhost.com:8080/manager/status
This link will work. However when that page is given back to a browser that requested it via Apache, the full URL then looks like: http://myhost.com/manager/status
I assume that you intend to deploy an application called 'myapp' to Tomcat? If that is the case the Tomcat URL for this app will be
http://myhost.com:8080/myapp
Which will also work be mapped correctly when accessed via Apache.
If you absolutely must access Tomcats root application in this way you'll have to rewrite the URLs it outputs in the pages it returns.
I've had the most success with mod_proxy_ajp. It requires mod_proxy, but works over ajp. Using it instead, your conf file looks similar
ProxyPass / ajp://localhost:8009/
See my similar question and also the answer to this question. The only fault in mod_proxy_ajp that I've found is that if I need to restart tomcat I have to force an apache restart too.