Jenkins behind Apache Server / Can't log in Jenkins - apache

I'm running an Apache Server 2.2 to handle Jenkins and SonaType Nexus information (both installed as Windows Service). While SonatypeNexus runs perfectly Jenkins doesn't. To be more specific: I'can't log in Jenkins. Just for your notice: we are using LDAP to login, but this can't be the reason for login failure, as login from local host works.
If I try to log in Jenkins from localhost:8071 it works perfectly.
When I log in from another system via network (using https://myServer.com:8095/) I can browse and configure Jenkins, but I can't login. Whenever I try I get "redirected" to the page of Jenkins I was on before hitting the "login" button.
Security settings are set to "everyone can do anything" -> can't be the reason either.
Hint 0: As you maybe already noticed we are using https for for any request from the outside dedicated to the server. But within the server Apache only uses http to handle information -> could this lead to problems?
Hint 1: I only get "redirected" using correct login parameters. Using wrong ones is leading me to the "Invalid login information. Please try again." page.
Hint 2: Sonatype Nexus is running behind the same Apache Server and works great.
Potentional Reason: guess the reason why I can login via localhost, but not via network must be our Apache 2.2 server which is handling information wrong. By using localhost I can bypass Apache (-> works) but via network Apache gets used (-> don't work).
Any ideas how to fix this or at least what the reason could be?
Here are some settings from apache server (httpd-ssl.conf) that maybe could be useful:
<VirtualHost *:8095>
ServerName myServer.com
ServerAdmin admin#myServer.com
# Nexus via HTTPS.
ProxyPass /nexus http://localhost:8072/nexus
ProxyPassReverse /nexus http://localhost:8072/nexus
ProxyPassReverseCookiePath / /nexus
RequestHeader set X-Forwarded-Proto "https"
ErrorLog logs/nexus_error_ssl.log
CustomLog logs/nexus_access_ssl.log common
# Jenkins via HTTPS.
ProxyPass / http://localhost:8071/ nocanon
ProxyPassReverse / http://localhost:8071/
ProxyPassReverse / http://my.host.com/
# also tested second ProxyPassReverse with specific port
ProxyPassReverseCookiePath / /
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ProxyRequests Off
AllowEncodedSlashes NoDecode
SSLEngine on

I'm not sure if i describe my solution correct, since my collegue found the answer and not me.
Since the Apache was handling https (incomming from jenkins) correctly (requests reached LDAP), but was unable to pass http information (incomming from LDAP) correctly (login was unable).
So he took a look at the http settings and configured the settings to enable http. This was leading to our goal -> we can login now, BUT it also leads towards another problem -> http is enabled and usable for users...

On this page, it hints that you might need to add another ProxyPassReverse to fix http links generated by Jenkins:
ProxyPassReverse / http://your.host.com:8095/
Also, it mentions that you should add
ProxyPreserveHost On
to your config. Please check the link for further information.

Related

How to redirect URL with port to URL with context?

I have a server with apache(2.4.18) installed
I have installed multiple applications on the server like Grafana, Sonarqube, and MySQL enterprise monitor(MEM)
Each application has URL like this
http://test.com:9000
http://test.com:3000
I am looking for a solution which allows me to redirect this URL with the port to URL with context, something like that
http://test.com:9000 --> http://test.com/sonar
http://test.com:3000 --> http://test.com/grafana
I have added some code in /etc/apache2/sites-enabled/000-default.conf file
Redirect permanent /sonar http://test.com:9000
Redirect permanent /grafana http://test.com:3000
but when I enter http://test.com/sonar in the web browser it redirects to http://test.com:9000 URL only
I want http://test.com/sonar this URL to persists on Web browser
If you use Redirect permanent, server will send 301 response back to client (along with new Location). That will result in browser issuing a new request, this time to new Location, and also new location will be shown in browser address bar.
What you need is Reverse Proxy. For this you need to make sure that mod_proxy is enabled in your apache configuration (usually it is enabled by default), and put something like this in your .conf file:
ProxyPreserveHost On
ProxyPass /sonar http://127.0.0.1:9000
ProxyPassReverse /sonar http://127.0.0.1:9000
ProxyPass /grafana http://127.0.0.1:3000
ProxyPassReverse /grafana http://127.0.0.1:3000
You will probably also have to make your applications aware that they are running under non-root context (by making some configuration changes):
http://docs.grafana.org/installation/behind_proxy/
https://docs.sonarqube.org/latest/setup/install-server/
You need to proxy requests and not redirect them.
Use a ProxyPass directive as mentioned in the official apache proxy documentation
For example add this location block inside your configuration:
<Location "/sonar">
ProxyPass "http://test.com:9000"
</Location>

Apache Reverse Proxy: (Keeping Existing route alive)

I have an app running on localhost:3000. I also have another app that is configured to run on virtualhost local.testserver.com
I want to create an apache reverse proxy that will route all request from local.testserver.com/finance to my app that runs at localhost:3000.
At the same time, I want to be able to access my app when I go to localhost:3000.
Below is the configuration I am using currently. This works for routing request from local.testserver.com/finance to my localhost:3000 app. But whenever I visit localhost:3000 directly it redirects me back to local.testserver.com
<Location /finance >
ProxyPass http://localhost:3000
ProxyPassReverse http://localhost:3000
</Location>
You will need to add the path on the ProxyPassReverse setting to "/finance" so it knows where to reverse requests back.
You may not need the <Location /finance>...</Location> part
ProxyPass "/finance" http://localhost:3000
ProxyPassReverse "/finance" "http://localhost:3000"
Please refer to the documentation to better understand how
ProxyPassReverse works here:
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypassreverse

Apache hybris configuration to proxy pass HTTP and HTTP(S) yacceleratorstorefront (electronic store) URL to Hybris Server

I am trying to access the yacceleratorstorefront/electronics/en/?site=electronics URL from apache web server to Hybris where the electronic store URL is configured. The electronic store URL is accessible and working from any of the server in environment if apache web server is BY PASSED
http://10.0.1.141:9001 is my Hybris server.
ERROR ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
HTTP Status 500 - Cannot find CMSSite associated with current URL ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
type Status report
message Cannot find CMSSite associated with current URL
description The server encountered an internal error that prevented it from fulfilling this request.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Any suggestion or advice is highly appreciated. Thank you in advance.
-Regards, S#BS
------------------------------------------------httpd Code below----------------------------------------------------
<VirtualHost *:80> ProxyPreserveHost On
ProxyPass / http://10.0.1.141:9001/ ProxyPassReverse / http://10.0.1.141:9001/
ServerName localhost</VirtualHost>
<VirtualHost *:443> ServerName localhost
#ProxyRequests Off #ProxyPreserveHost On ProxyPass / https://10.0.1.141:9002/yacceleratorstorefront/electronics/en/?site=electronics ProxyPassReverse / https://10.0.1.141:9002/yacceleratorstorefront/electronics/en/?site=electronics
SSLEngine on SSLCertificateFile /etc/httpd/certs/mysite.com.crt SSLCertificateKeyFile /etc/httpd/certs/mysite.com.key
</VirtualHost>
The error message indicates that you are not setting the ?site=electronics parameter at the http version of you proxy (it also seems to be missing in the proxypass setting for port 80).
I'm not an apache buff but maybe it works if you configure your proxy settings for port 80 in the same way:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://10.0.1.141:9001/?site=electronics
ProxyPassReverse / http://10.0.1.141:9001/?site=electronics
ServerName localhost
</VirtualHost>
Just some more info: Apart from the site parameter approach you can also use a host name approach.
Not sure if you have access to the hybris wiki, but here are some more details:
https://wiki.hybris.com/display/pmtelco/Using+Modulegen+to+Create+a+B2C+Telco+Setup#UsingModulegentoCreateaB2CTelcoSetup-AccessingtheStorefront
(its for Telco accelerator, but it works the same for any other storefront).
Not sure how that works together with apache, I assume you have to setup some sub domains or something.
Does it work if you try to access apache on https directly? (There it seems you have the correct url containing the site parameter).
Note: The site parameter is basically only needed for the first http request of a session. It is used to determine which storefront, i.e. BaseSite is supposed to be used. All subsequent requests (of the same session) shouldn't require the site parameter.
Hope that helps!
Your http config is fine. Your https config is wrong.
Do not put ?site=electronics or anything like that in your apache config.
The site detection works based on the URL. In the sample data you are using that is at least a regex looking for "electronics" in the hostname.
One single apache config will be able to support all sites. You do not need to specify the site. You do not need to specify /yacceleratorstorefront.
Simply edit your hosts file to include "10.0.1.141 electronics.rtfm"
Now access http://electronics.rtfm/
You can avoid adding the site in the URL by going in HMC: WCMS > Websites
Under the Properties tab, add a new URL pattern that will match your site.
Once it is done, URLs that match the site's pattern will automatically use that site.
Using URL patterns for each site will simplify the web server's configuration.

Apache mod_proxy on Azure

I keep running into an issue with Apache's mod_proxy where it won't forward any traffic. I'm using a Windows Azure virtual machine running Ubuntu 13.04 and have configured the proper HTTPS endpoint (port 443) for it. The proper Apache modules (proxy, ssl, etc.) are all installed, and the error logs show nothing, not even a warning to explain why this is happening. My VirtualHost setup is as follows:
<VirtualHost *:443>
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
ServerName www.example.com
SSLEngine On
#SSLProxyEngine On
SSLCertificateFile /ssl/my.com.crt
SSLCertificateKeyFile /ssl/my.key
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
SSLRequireSSL
Order deny,allow
Allow from all
</Location>
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
I have Listen 443 and NameVirtualHost *:443 all set as well. My service on the other port is running fine as doing a wget responds with an HTTP 200 OK response and I can reach it by manually inputting the port number. I have disabled all firewalls (for testing) to no avail as well. However, whenever I try to reach the service from the outside world through mod_proxy (port 443), the request times out and I get the usual "website not available" browser error.
If it means anything, the app I am running on the other port I need to forward HTTPS traffic to is a Play Framework 2.1 application. I set the server up exactly as in their documentation but still have these problems, so I'm assuming it may have something to do with Azure.
Any ideas? Is there some other type of endpoint configuration that I need to do specific for Windows Azure virtual machines to support SSL/TLS?
So, apparently, I have no idea how or why - but the Azure Gods decided to shine upon my setup all of a sudden. Overnight, without so much as a reboot or anything, mod_proxy on Azure just started working. I have no idea what the issue was, or even if there was one in the first place, but apparently the problem lies with something in the Azure infrastructure.
Sorry I couldn't be of more help for others encountering similar issues, but just giving it time worked for some unknown reason.

What are my options to deploy Go applications alongside PHP applications?

What I'm basically trying to accomplish is having my main website running a CMS written in Go. This will be located at www.example.com.
I also have applications written in PHP located in directories, such as www.example.com/clients/
How can I serve example.com/clients using Apache/PHP while serving example.com using Go built-in web server?
Via mod_proxy in Apache2, you can proxy different paths into different destinations at localhost or anywhere else accessible by your server, including within your local network (if your server can access it).
For this you would use ProxyPass (Apache2 Docs for ProxyPass, which is very useful reading) like the example below:
<VirtualHost *:80>
ServerName some.example.host.xyz
DocumentRoot /var/www/your-document-root
Alias /clients/ /var/www/clients/
ProxyPass /clients/ !
ScriptAlias /something-using-cgi/ /var/www/cgi-stuff/
ProxyPass /something-using-cgi/ !
ProxyPreserveHost On
ProxyPass / http://localhost:9876/
ProxyPassReverse / http://localhost:9876/
ProxyPass /elsewhere/ http://elsewhere.example.host.xyz:1234/
ProxyPassReverse /elsewhere/ http://elsewhere.example.host.xyz:1234/
</VirtualHost>
You'll want to be sure that you set your proxy security such that external users can't use your reverse proxy as a forward proxy, too. You can do that via ProxyRequests as described in the official Apache2 docs. The way I did this on a server is to put this in your server-wide config (you should verify on your own that this is secure enough):
# disables forward proxy
ProxyRequests Off
Andrew Gerrand has a good blog post about this for nginx but the principle is the same for Apache.
You want to set up Apache as a reverse proxy for requests coming in for the Go application.
For Apache you want to look at mod_proxy