I am new to openshift and i am trying to customize apache config.
I want to add virtual host to openshift.conf.
LoadModule perl_module modules/mod_perl.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Listen localhost:8080
<VirtualHost *:8080>
ServerName somehost
ProxyPass / somehost:8000/ keepalive=On
ProxyPassReverse / somehost:8000/
RequestHeader set X-Forwarded-HTTPS "0"
</VirtualHost>
You can not add a virtual host to the apache config. You would have to use the DIY cartridge or build a custom apache cartridge. If you can give more details on what exactly you are trying to accomplish (looks like a reverse proxy of some type), then maybe we can offer a suggestion, also, we do not allow proxies on openshift.
Related
I have an apache reverse proxy setup from where I am redirecting to a completely different URL. The destination URL is a cloud-hosted service different from the Apache installation location. The redirect is happening properly. But how do I preserve the original URL and mask this new cloud-hosted URL?
This is my apache httpd.conf on Oracle Linux
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyRequests Off
<VirtualHost *:80>
ProxyPreserveHost On
ServerName xxx.xxx.xx.xx:80
ServerAlias https://sample-url.cloud.com/
Redirect / https://sample-url.cloud.com/
</VirtualHost>
How to achieve this.
Well, I looked everywhere I could, but if some know where I could find a solution, sorry for asking once again the question.
We are looking to implement this solution :
HTTP client -> Apache 2.4 Reverse Proxy -> HTTP Server => Works OK
HTTPS client -> Apache 2.4 Reverse Proxy -> HTTPS Server => Works OK
But, when the HTTPS server replies with a "302" redirection header, the server name in the header is not translated to the client-side known server name. So, the client fail to connect, due to a DNS error.
We can't add the backend server name in the DNS, so we need that solution to work.
Important notice: the same works in HTTP. It means that when the server reply is a "302" redirection header in HTTP, there's no problem. It works even if the target of the redirection is a HTTPS link. So what is not working is redirecting from HTTPS to HTTPS.
The backend webserver is Tomcat.
The problem is: in HTTPS header, the redirection URL is "https://[backendname]/something.html" but we expect it to be "https://[servername]/something.html"
We've checked that we have no error in log file (error level set to "debug").
Here is our virtual site configuration:
<VirtualHost [reverse proxy IP]:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile D:/Apache24/ssl/certs/servername.cer
SSLCertificateKeyFile D:/Apache24/ssl/private/servername.key
ServerName [servername]
ProxyPass / https://[backendname]:443/
ProxyPassReverseCookiePath / https://[backendname]:443/
ProxyPassReverse / https://[backendname]:443/
SetOutputFilter proxy-html
ProxyHTMLEnable On
ProxyHTMLURLMap https://[backendname] https://[servername]
ErrorLog D:/Apache24/logs/custom/[servername]_error.log
CustomLog D:/Apache24/logs/custom/[servername]_access.log combined
SetEnv nokeepalive ssl-unclean-shutdown
</VirtualHost>
Problem related Apache activated modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule xml2enc_module modules/mod_xml2enc.so
So, any help to make this work will be greatly appreciated.
Thanks.
Here is the working solution, as suggested by Michael Akerman
disable caching
write new instruction: ProxyPassReverse https://[backend]/
Thanks for your help
Note: Updated config and added trailing slash to websocket path. Still same problem
Is it possible to use go-websocket behind a Apache reverse proxy with mod_proxy_wstunnel?
I tried and failed to get things working.
I tried to use the Chat example behind an Apache reverse proxy (with mod_proxy_wstunnel enabled). And it doesn't work. The proxy is a success, while the websocket part does not work at all.
My Apache config looks similar to this:
<VirtualHost *:80>
DocumentRoot /var/www/foobar
ServerName foobar.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /ws/ ws://localhost:8080/ws/
ProxyPassReverse /ws/ ws://localhost:8080/ws/
ErrorLog logs/error_log-foobar
CustomLog logs/access_log-foobar common
LogLevel debug
</VirtualHost>
And of course I'm running the chat server on port 8080. I've tested it with SSH tunnel, and things work perfectly. Then I moved on to Apache.
The first time I tried, the javascript console complains this:
NetworkError: 403 Forbidden - http://foobar.com/ws/
The request seems to be stucked at the origin check.
Then I tried again after comment out the origin check, it get this:
NetworkError: 400 Bad Request - http://foobar.com/ws/
It seems the chat server do not get the upgrade request at all.
How should I debug this?
Where should I start looking?
Thanks everyone! After taking several advices above, I found the solution.
And for someone who might have similar issue, here is the solution to my question:
As Aralo suggested, trailing slash must be added to the WebSocket path (in my case: "/ws/"). It looks Apache will only handle WebSocket with a valid GET request.
James Henstridge was right. The order of ProxyPass relevant. ProxyPass of /ws/ must be put before the / line.
After consulting the Chat example code, I found an origin check in the function ServeWs() and removed.
Everything works now.
And thanks covener, reading logs does help.
I am using Go secure WebSocket (wss://) server behind Apache 2.4.18 on CentOS 7. Here are the settings:
Make sure the system has mod_proxy_wstunnel:
# find /usr/lib64/httpd/modules/ | grep ws
/usr/lib64/httpd/modules/mod_proxy_wstunnel.so
Add the following line in 00-proxy.conf:
# vim /etc/httpd/conf.modules.d/00-proxy.conf
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
Restart Apache:
# systemctl restart httpd
Check the setting:
# httpd -M | grep -iE 'proxy'
proxy_module (shared)
proxy_fcgi_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
Edit httpd-vhosts.conf:
# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:443>
ServerName go.mydomain.com:443
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine On
SSLCertificateFile "/etc/pki/tls/certs/mydomain.com/mydomain.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/mydomain.com/mydomain.key"
### The configured ProxyPass and ProxyPassMatch rules are checked
### in the order of configuration. The first rule that matches wins.
ProxyPassMatch ^/(ws(/.*)?)$ wss://192.168.0.1:443/$1
ProxyPass / https://192.168.0.1:443/
ProxyPassReverse / https://192.168.0.1:443/
ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerName go.mydomain.com:80
ProxyPreserveHost On
ProxyRequests off
###
ProxyPassMatch ^/(ws(/.*)?)$ ws://192.168.0.1:80/$1
ProxyPass / http://192.168.0.1:80/
ProxyPassReverse / http://192.168.0.1:80/
ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>
I'm pretty new to Apache HTTP, and sysadmin-ing in general, so i have this question
I have a domain (www.doamin.com) with an Apache listening to port 80,
also I have an Apache Tomcat on the same domain configured to port 8080.
Is there a way to configure a subdomain (i.e, tomcat.domain.com)
so it will redirect into my tomcat specific application,
so user can access applications through app1.domain.com and app2.domain.com (and it will be served by Tomcat)?
I've seen a lot of mentioning to
mod_jk
and
mod_proxy
but all of the post assumed prior knowledge with Apache.
can someone walk me thorugh?
Many thanks, -PK.
mod_jk is outdated. It is recomended to use mod_proxy (mod_proxy_http or mod_proxy_ajp) to connect forward requests to your apache server to the tomcat.
define a virtual host in your apache config
create a proxy directive that forwards your requests to tomcat
Maybe this SO question give you some hints.
You can define two virtual hosts (app1.domain.tld and app2.domain.tld) that have proxy definitions for their designated apps. Example for app1:
<VirtualHost *:80>
ServerName app1.domain.tld
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/app1
ProxyPassReverse / http://localhost:8080/app1
</VirtualHost>
while Magomi was almost right,
Presenting an exact way to do it.
Add your subdomain to the DNS server
integrate *mod_proxy* into httpf.conf :
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
define two virtual hosts as following
NameVirtualHost *:80
<VirtualHost *:80>
ServerName application.domain.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://www.domain.com:8080/application/
ProxyPassReverse / http://www.domain.com:8080/application/
</VirtualHost>
<VirtualHost *:80>
DocumentRoot C:\<pathToApache>\www
ServerName www.domain.com
</VirtualHost>
This will direct your site (www.domain.com) to your Apache HTTP server, and redirect all calls to Application to the Tomcat.
Hope this Helps,
-PK
I have a server with Apache2 (on port 80) and Glassfish (on port 8080). I'd like to configure Apache to transparently proxy al request to a certain virtual host to the glassfish Server.
I tried this, but it doesen't work:
<VirtualHost *>
ServerName tognettiimmobiliare.com
ServerAlias www.tognettiimmobiliare.com
ProxyRequests on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass / http://tognettiimmobiliare.com:8080/tognettiWEB/
ProxyPassReverse / http://tognettiimmobiliare.com:8080/tognettiWEB/
</VirtualHost>
Can anybody tell me why? Thanks
I am proxying Jenkins and Redmine from a different port with mod_proxy, my configuration looks something like this, sans an additional <Proxy> part which I believe is not needed:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyPass /jenkins/ http://localhost:8080/jenkins/
ProxyPassReverse /jenkins/ http://localhost:8080/jenkins/
ProxyPass /redmine/ http://localhost:81/redmine/
ProxyPassReverse /redmine/ http://localhost:81/redmine/
There are two things to keep in mind:
The context needs to be the same in both proxy and proxied URLs, like /jenkins/ and .../jenkins/
You should not use external URLs for the proxied page because it will then try to route out to the internet and connect from there, this is slow and firewalls might block the port. Use local machine names or IPs.
I use a simple VirtualHost like so which works.
<VirtualHost *:80>
# ServerName www.itmanx.com
ProxyPass / http://www.itmanx.int/
ProxyPassReverse / http://www.itmanx.int/
</VirtualHost>
make sure you have mod_proxy and mod_proxy_http loaded
I enabled JK on Glassfish by going to Configurations -> server-config -> HTTP Service -> Http Listeners -> jk-listener and enabled it.
Then set up the in my Apache config to proxy this way so the SSL data also gets transmitted.
<Location /util>
SSLOptions +StdEnvVars +ExportCertData
ProxyPass ajp://localhost:8004/util
</Location>
One caveat though, mod_proxy_wstunnel does not seem to work with this or at least I haven't found out how to yet since I use WSS and https://issues.apache.org/bugzilla/show_bug.cgi?id=55320 needs 2.4.10 which is not released yet.