I have 2 servers, one running my Drupal 7 application through Apache on RHEL 6 and another server is running Varnish Cache. Apache is configured to run on custom HTTP port 8080. I want this application to run on 9443 port with SSL with Varnish Caching support.
I have tried Stunnel, but the site appears broken as the css are not being loaded. I have tried Nginx for SSL termination but browsers complain that there are mixed content as Drupal is generating URLs for resources with "http://".
Any help regarding this will be highly appreciated. Thanks a lot.
You problem is that according to drupal you are running http, and therefore will also return http links. which causes your mixed content issue. have you set your base_url to https?
Related
I have been tasked with Installing and Configuring Apache 2.4 on a windows server for the following purpose:
Configure SSL through apache
Apache Tomcat also installed on server to handle web request to a specific web application - MySQL db also on the same server.
How does one go about installing and configuring SSL through apache 2.4 on Windows Server 2012?
I have read so many documents and so many questions on forums etc and is now more confused than before.
http://httpd.apache.org/docs/2.4/
https://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html
So far i have download and installed apache as a service and created the Certificate service request from OPENSSL (downloaded and installed also).
All I need to do now is :
How does one import these certificates in apache ?
How do you test if the import was successful and if ssl is working ?
How to redirect Apache to Apache tomcat to serve the webpage
Can someone please outline the steps require and if possible how to perform these steps for apache in Windows.
Thanks.
Regards,
Robert Ramoutar.
How does one import these certificates in[to] Apache [httpd]?
http://httpd.apache.org/docs/2.4/ssl/ssl_faq.html#realcert
How do you test if the import was successful and if SSL is working?
Connect to the server using a web browser with HTTPS. If it works, and the certificate looks the way you wanted it to look and you don't get an errors/warnings, then you are good.
How to redirect Apache [httpd] to Apache Tomcat to serve the web page
You need to use a module for reverse-proxying like mod_proxy. Read the documentation for mod_proxy_http to see how to set one up.
I had a drupal installation working fine. I tried to migrate that one on a Docker Container runing behind a nginx reverse proxy. Everything seems fine but i have some .js and .css files that can't load because in drupal they are linked with http. The error is:
Mixed Content: The page at https://proxy.xx.xx/ was loaded
over HTTPS, but requested an insecure stylesheet
http://proxy.xx.xx/sites/default/files/css/css_xE-rWrJf-
fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css'. This request has been
blocked; the content must be served over HTTPS.
I have something like 7 of them and i can't find where those files are called in drupal or how to change the http to https.
Best regards.
Alright, so I got to work by adding the following to the Drupal settings.php:
$conf['reverse_proxy'] = TRUE;
$base_url = 'https://whatever-your-domain-is.com';
$conf['reverse_proxy_addresses'] = array('internal_nginx_proxy_ip');
$conf['reverse_proxy_header'] = 'HTTP_X_FORWARDED_FOR';
This works for jwilder's nginx-proxy container(s) together with JrCs' letsencrypt companion container. The nginx container is handling the HTTPS/SSL (certificates) and talks HTTP with the Drupal-container internally. The Drupal container only needs to be run with the 3 ENV VARS VIRTUAL_HOST, LETSENCRYPT_HOST, LETSENCRYPT_EMAIL for everything to be set up and work its magic.
Only downside: The Drupal container's apache logs show the internal IP of the nginx proxy. But the nginx logs show the correct client IPs and Drupal apparently gets them right as well, so it's only a minor nuisance for me.
I guess the additions to the settings.php should also be applicable to custom/manual setups.
We found what was wrong. Drupal was communicating with the Nginx proxy without ssl. Some config and it was ok.
I already installed Tomcat server while developing my java web app. But I also needed to get access to my database using PHPMyAdmin and install MySQL as well, so I downloaded XAMPP. I cannot disable apache server since I already have Tomcat. Now my struggle is, I cannot open
"localhost:8080" which was my original port. It's now replaced with simply "localhost".
Can you help me fix this error? THANK YOU :D
Sounds like you now have:
Tomcat serving traffic on port 8080, as it always has (at http://localhost:8080)
Apache/XAMPP serving traffic on port 80 (at http://localhost, obviously with the port missing since 80 is the default http port)
Assuming that's the case, you don't have a problem. Serving http traffic from different ports on the same host is not an issue.
I'm a bit out of my depth here and nothing I have found quite addresses my problem. Si any and all suggestions are most welcome.
I've got tomcat6 running on CentOS 6.5 hidden behind an apache server (v2.2.15) and I am using Apache's mod_proxy to expose the tomcat webapps, which are running on port 8080. The tomcat hosts one production application and several development applications. On the apache side, both a Drupal site and the aforementioned tomcat production application are on the same domain and, thanks to rewrite rules, all requests to this domain are changed to https. The development sites are reached via subdomains and do not get re-written as https requests.
For the most part, this arrangement works fine. But parts of the tomcat apps are AJAX (calling a Java Struts 1.2 backend). Most of those requests are handled OK. But a few AJAX requests result in redirects (i.e., forward.setRedirect(true)) and that redirect is http (I guess because the container itself is not secure). As a result, I run into cross site scripting issues. I imagine I can use CORS headers to avoid the problem. But that seems like a hack. Is there a relatively painless way I can use to have tomcat send redirects back as https without making tomcat handle ssl directly?
Cris
You could configure the RemoteIpValve in Tomcat:
Another feature of this valve is to replace the apparent scheme
(http/https) and server port with the scheme presented by a proxy or a
load balancer via a request header (e.g. "X-Forwarded-Proto").
To configure Apache to forward the original protocol in the X-Forwarded-Proto header, add a RequestHeader directive in your Apache config, e.g.:
<VirtualHost *:443>
RequestHeader set X-Forwarded-Proto "https"
...
Note that in Tomcat 7, there is also a RemoteIpFilter.
You don't need to do anything special. It already works. Make sure you set the "redirectPort" in server.xml to Apache's HTTPS port, usually 443, and add the following to your <security-constraint> sections for resources you want secured by HTTPS:
<user-data-constraint>
<description>HTTPS</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
Late to the game here but others may find this-- we had a similar setup and issue where everything worked fine until the application started using ajax posts which did redirects for the response. The fix was to use mod_header in apache to rewrite redirects using "Header edit Location"
http://httpd.apache.org/docs/current/mod/mod_headers.html
Header edit Location ^http://www.example.com/ https://www.example.com/
This went unnoticed prior to the ajax redirects because the browser has no problem doing page level redirects to http (which apache would then redirect back to https). But the ajax cross-site prevention halts at the initial http missing out on that would then be redirected to https by a subsequent request.
I have Apache tomcat 7 where I build my web application and I also have Apache Web Server where my web site exist wrote on Css and HTML. I want to inject my web app on web site. How can I make my Tomcat as web server and container and transfer web site from Apache WebServer to Tomcat. ???
I know tomcat also can work on 80 port. Just I use to read documentation how to integrate Apache WebServer with Tomcat using mod_jk ajp connectors and etc to do, seems like it doesn't work.
If you want to use Tomcat as your web server (to serve your .html and .css files and probably images), then you can just get rid of the Apache Web Server; you no longer need it, according to your question. Then, after putting all your html/css/etc. under webapps/[app-root]/, make sure that all references to port 8080 in Tomcat's conf/server.xml are changed to port 80, reboot Tomcat, and you'll be good to go.