I know this is a common problem and I know there is a simple solution, however I cannot get the solutions that I have found online to work with my situation.
I have an address as such:
https://localhost/cms
However, when a visitor goes to this address apache cannot find the resource, but if a visitor goes to:
https://localhost/cms/
it works, as expected. So, to combat this I am trying to created a mod rewrite condition, but I am having a bit of trouble. Here is my conf file so far:
<VirtualHost *:443>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(.*)/cms
RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1/ [L,R=301]
ProxyPreserveHost on
ProxyRequests off
ProxyPass /cms/ http://localhost:9000/cms/
ProxyPassReverse /cms/ http://localhost:9000/cms/
</VirtualHost>
Any suggestions?
So, I figured it out by using ReverseProxy, here is the updated conf file:
<VirtualHost *:443>
ProxyPreserveHost on
ProxyRequests off
ProxyPass /cms/ http://localhost:9000/cms/
ProxyPassReverse /cms/ http://localhost:9000/cms/
ProxyPass /cms http://localhost:9000/cms/
ProxyPassReverse /cms http://localhost:9000/cms/
</VirtualHost>
Related
I've set up the Portainer UI as a docker container, and it's working great if I connect my browser to port 9000 (as in http://foo.bar.com:9000). I can navigate around the UI and open up container consoles (which use websockets) without a problem.
But, what I need to do i connect with SSL (as in https://foo.bar.com).
I set up an httpd container on the same machine, and gave it the following configuration file:
<VirtualHost *:443>
ServerName foo.bar.com
ProxyPass / http://foo.bar.com:9000/
ProxyPassReverse / http://foo.bar.com:9000/
RequestHeader set X-Forwarded-Proto "https"
<Location /api/websocket/>
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule /api/websocket/(.*) ws://foo.bar.com:9000/api/websocket/$1 [P]
</Location>
## SSL directives
SSLEngine on
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
## Logging
ServerSignature Off
ErrorLog "logs/error_ssl.log"
CustomLog "logs/access_ssl.log" common
</VirtualHost>
Both httpd and portainer are being brought up by separate docker-compose.yml files.
Now, the Portainer web pages still come up just fine, but the consoles for the containers won't work. Somehow, my websocket configuration above is broken. Any ideas on what I might be doing wrong?
After hours of playing with it, I finally got this to work and wanted to share. First, at least in httpd 2.4, you need to explicitly load mod_proxy_wstunnel.so so make sure and put a LoadModule in. Until you do that, nothing will work.
Here is the httpd configuration that was successful:
<VirtualHost *:443>
ServerName foo.bar.com
ProxyPreserveHost on
ProxyPreserveHost On
ProxyRequests Off
# allow for upgrading to websockets
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule ^/?(.*) ws://foo.bar.com:9000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule ^/(.*) http://foo.bar.com:9000/$1 [P,L]
ProxyPass "/" "http://foo.bar.com:9000/"
ProxyPassReverse "/" "http://foo.bar.com:9000/"
## SSL directives
SSLEngine on
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
## Logging
ServerSignature Off
ErrorLog "logs/error_ssl.log"
CustomLog "logs/access_ssl.log" common
</VirtualHost>
Thanks a lot - saved me lot of trouble setting this up in Apache. I'm using it in local network only so I don't care much about https and certs so I've modified it bit to go through http
<VirtualHost *:80>
ServerName foo.bar.com
ServerAlias foo.bar.alias.com
ProxyPreserveHost On
ProxyRequests Off
# allow for upgrading to websockets
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule ^/?(.*) ws://localhost:9000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule ^/(.*) http://localhost:9000/$1 [P,L]
ProxyPass "/" "http://localhost:9000/"
ProxyPassReverse "/" "http://localhost:9000/"
# Logging
ErrorLog ${APACHE_LOG_DIR}/portainer_error.log
CustomLog ${APACHE_LOG_DIR}/portainer_access.log combined
</VirtualHost>
Env: Ubuntu 18, Apache2, XWiki 12.1 on JETTY 9.4
I have xwiki on https://wiki.company.com:8443/xwiki/ and I would like to hide port 8443 and optionaly /xwiki/.
I have tried with virtualhost:
<VirtualHost *:443>
ProxyPreserveHost On
SSLProxyEngine On
SSLProxyCheckPeerCN Off
SSLCertificateFile /etc/ssl/certs/company.crt
SSLCertificateKeyFile /etc/ssl/private/comapny.key
ProxyPass / https://wiki.company.com:8443/xwiki/
ProxyPassReverse / https://wiki.company.com:8443/xwiki/
</VirtualHost>
This similar solution works for many projects but not for xwiki. The problem is that in this solution xwiki has problem with loading some files because it still try to load files from
https://wiki.company.com/xwiki/webjars/wiki%3Axwiki/drawer/2.4.0/css/drawer.min.css
instead of
https://wiki.hl-display.com/webjars/wiki%3Axwiki/drawer/2.4.0/css/drawer.min.css
So maybe is there any other solution like removing xwiki
ProxyPass / https://wiki.company.com:8443/
ProxyPassReverse / https://wiki.company.com:8443/
and redirect user when enter in browser exact https://wiki.company.com to https://wiki.company.com/xwiki/
Or mod rewrite to replace string
https://wiki.company.com/xwiki/hhh/jjj/aaa
To
https://wiki.company.com/hhh/jjj/aaa
?
I have try a lot of settings but without any success :(
OK, I found solution :) By adding 3 lines in VirtualHost
RewriteCond %{HTTP_HOST} wiki.company.com$ [NC]
RewriteCond %{REQUEST_URI} !^/xwiki/(.*)$
RewriteRule ^(.*)$ /xwiki/ [R=301,L]
So now when user enter exact URL: https://wiki.company.com it will redirect to https://wiki.company.com\xwiki\. So wiki works, port is hidden and nice URL works :)
so complete code is:
<VirtualHost *:443>
ProxyPreserveHost On
SSLProxyEngine On
SSLProxyCheckPeerCN Off
SSLCertificateFile /etc/ssl/certs/company.crt
SSLCertificateKeyFile /etc/ssl/private/company.key
RewriteEngine on
ServerName https://wiki.company.com
RewriteCond %{HTTP_HOST} wiki.company.com$ [NC]
RewriteCond %{REQUEST_URI} !^/xwiki/(.*)$
RewriteRule ^(.*)$ /xwiki/ [R=301,L]
ProxyPass / https://wiki.company.com:8443/
ProxyPassReverse / https://wiki.company.com:8443/
</VirtualHost>
I'am facing a tomcat with apache as a reverse proxy.
URL: http://zvprod.cbc.local/ Works fine.
you've successfully installed Tomcat. Congratulations!
i just want a rewrite or redirect to /zvhtml
from http://zvprod.cbc.local to http://zvprod.cbc.local/zvhtml
Tried different Rules, there is always a browser error "too many redirects"
<VirtualHost *:80>
ServerName zvprod.cbc.local
#RewriteEngine On
#RewriteRule .* http://zvprod.cbc.local/zvhtml [R=301,L]
<Location />
Require all granted
</Location>
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://172.22.16.10:60131/
ProxyPassReverse / http://172.22.16.10:60131/
</VirtualHost>
Thanks in advance
RewriteRule .* http://zvprod.cbc.local/zvhtml [R=301,L]
is wrong because it matches all traffic, and then ends in an infinite loop. Instead, try
RewriteRule ^/$ http://zvprod.cbc.local/zvhtml [R=301,L]
I have installed SSL Certificates on my website and on the example.com everything works fine, meaning that typing example.com redirects correctly to https://example.com. However, I have installed a certificate for a subdomain as well such that the link becomes: subdomain.example.com.
My goal is to have subdomain.example.com redirect to https://subdomain.example.com . This might sound weird but this semi-works meaning that when I first surf to subdomain.example.com it uses the http protocol but when I refresh that same page it switches to https protocol.
This is my VirtualHost conf file (port 80):
<VirtualHost *:80>
ServerName subdomain.example.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://example.com/
</Location>
RewriteEngine on
#Forward all requests to gitlab-workhorse except existing files like error documents
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
RewriteCond %{SERVER_NAME} =subdomain.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#RewriteCond %{SERVER_PORT} !443
#RewriteRule ^(/(.*))?$ https://%{HTTP_HOST}/ [R=301,L]
</VirtualHost>
I have removed to non related lines from this sample above. Here is the 443 conf file:
< IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
ServerName subdomain.example.com
ServerSignature Off
< IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
ServerName subdomain.example.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
#Allow forwarding to gitlab-workhorse
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://domain/
</Location>
RewriteEngine on
#Forward all requests to gitlab-workhorse except existing files like error documents
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subexample.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLUseStapling on
Header always set Content-Security-Policy upgrade-insecure-requests
</VirtualHost>
</IfModule>
Worth noting is that I am using certbot.
Hopefully someone can help me.
You say "My goal is to have subdomain.example.com redirect to https://subdomain.example.com".
Then why have all that proxy configuration in your :80 VirtualHost? Simply force the redirection to :443, and let :443 handle the proxy (and other).
So your VirtualHost would become:
<VirtualHost *:80>
ServerName subdomain.example.com
CustomLog logs/subdomain_80_access.log combined
ErrorLog logs/subdomain_80_error.log
RewriteEngine On
RedirectMatch ^/(.*)$ https://subdomain.example.com/$1
</VirtualHost>
so i have a config file that states this
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.aaaaaaaa.yyyyyyyyy.co.uk
ServerAlias aaaaaaa.yyyyyyy.co.uk
ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.aaaaaaa.yyyyyyyyy.co.uk [OR]
RewriteCond %{SERVER_NAME} =aaaaaa.yyyyyyyyy.co.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.xxxxxx.yyyyyyyy.co.uk
ServerAlias xxxxxxx.yyyyyyyyy.co.uk
ProxyPass / http://localhost:8989/
ProxyPassReverse / http://localhost:8989/
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.xxxxxxxxxxx.yyyyyyyy.co.uk [OR]
RewriteCond %{SERVER_NAME} =xxxxxx.yyyyyyyyyy.co.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
when visiting aaaaaaa.yyyyyyyyy.co.uk it redirects to https which is the desiered effect and launches the correct app.
however when i visit xxxxx.yyyyyyy.co.uk it shows the correct app but does not redirect to https, when i physically type https://xxxx.yyyyyy.co.uk it redirects me to the same app as aaaaaaa.yyyyyyyyyy.co.uk.
how can i make this work!
The main issue here is certbot dosn't play nice with multiple hosts in 1 file.
The steps to correct the problem where;
1 remove all certificates
2 recreate all virtual hosts in there own file within sites-availible
(minus the rewrite portion)
example content of one conf file
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.aaaaaaaa.yyyyyyyyy.co.uk
ServerAlias aaaaaaa.yyyyyyy.co.uk
ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
</VirtualHost>
3 after doing this for all virtual hosts (sites) run the command
certbot --apache
and create new certificates for all making sure to select the redirect function at the end.
worked great!