Apache: Using reverse proxy and run local website - apache

On my linux machine I have apache2 running as a reverse proxy, because I wanted to make another webserver on port 8083 accessible while also making it password protected. For this I added this to my apache2.conf:
<VirtualHost *:80>
<Location / >
AuthName "Protected Area"
AuthType Basic
AuthUserFile /home/pi/.htpasswd
Require valid-user
</Location>
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/
</VirtualHost>
That works like a charm, but now I also want to use apache to serve a site, I would like to do this by making something like /mysite point to /var/www, but I can't really figure out how to do this or if it is even possible.
Any ideas?

I think you have two options:
1. Put the proxy in a separate <Location /someurl> and put the site outside. Requests to http://localhost/someurl/ will be proxied, everything else is the local site:
<VirtualHost *:80>
<Location /someurl >
# Password protection omitted for brevity
ProxyPass http://localhost:8083/
ProxyPassReverse http://localhost:8083/
</Location>
# Here is the site
DocumentRoot /var/www
# ... etc site config
</VirtualHost>
2. Use two separate VirtualHosts, one for the proxy and one for the site. You will need two separate hostnames pointing to your local ip. For local operations only, use /etc/hosts. In this exemple http://a.localhost/ is the proxy, http://b.localhost is the site:
/etc/hosts:
127.0.0.1 a.localhost
127.0.0.1 b.localhost
Apache config:
# This is the proxy, http://a.localhost/
<VirtualHost *:80>
ServerName a.localhost
# Do password protection as needed
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/
</VirtualHost>
# This is the site, http://b.localhost/
<VirtualHost *:80>
ServerName b.localhost
DocumentRoot /var/www
# ... etc site config
</VirtualHost>
I would probably go for two separate VirtualHosts, keeping stuff nicely separated.

Related

Change Apache Guacamole URL Path

I have recently installed Apache Guacamole on my Centos 8 server. When I try to access the server it uses the following url: http://10.10.44.11:8080/guacamole/#/ However, I would like to simplify this URL path to something like http://10.10.44.11/. In other words, no path after the IP Address.
I have spent a lot of time trying to figure out the solution by changing the <Location> path, I have tried all combinations possible but have not succeeded.
I have apache version 2.4.37 (centos) as well as tomcat-9.0.48.
By default /etc/httpd/conf.d/tomcat_manager.conf contains:
<VirtualHost *:80>
ServerAdmin root#localhost
ServerName 10.10.44.11
DefaultType text/html
ProxyRequests off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
However, I tried to change the variables a bit so it can remove the /path, based on multiple forms to something like:
<VirtualHost *:80>
ServerAdmin root#localhost
ServerName 10.10.44.11
<Location /> #
Order allow,deny
Allow from all
ProxyPass http://localhost:8080/guacamole/ flushpackets=on
ProxyPassReverse http://localhost:8080/guacamole/
</Location>
</VirtualHost>
Where "/" in <Location /> means NO-PATH
The problem is that I have not been able to successfully change the PATH at all... I am not an expert in apache, so perhaps I am doing something wrong?
If it is important: the location of my guacamole.war is at /etc/guacamole
Any help would be greatly appreciated!

Two servers with mod_proxy, second server host is local ip and shows /proxy/ in url?

I am having some issues in regards to sessions with a second server I am running on my home network. I do this as a hobby and to develop new applications before they officially go live.
I have a domain pointing to my ip and resolves successfully to server 1, but after configuring mod_proxy to send specific domains to server 2 I am getting some unwanted errors and results. I want the second server to act as a normal server and just go through the first server since my current router can only send port 80 to one local ip and not filter it.
I have a.mydomain.com for my second server and it resolves fine but When I try to use a web application on this second server I get the following error
Warning: You are now accessing Mydomain from http://10.0.1.38/, but Mydomain has been configured to run at this address: http://a.mydomain.com/
Can i fix this?
Also when trying to access phpmyadmin via the a.mydomain.com/phpmyadmin it will change to a.mydomain.com/proxy/phpmyadmin after logging in, can i change this so that it's basically seamless and does not add /proxy.
Here is my vhost config for server 1
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.server1domain.net
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ServerName a.mydomain.com
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://10.0.1.38/
ProxyPassReverse / http://10.0.1.38/
</VirtualHost>
Here is the vhost config for server 2
<VirtualHost *:80>
ServerAdmin admin#mydomain.com
DocumentRoot /var/www/mydomaincom
ServerName a.mydomain.com
</VirtualHost>
I am running Centos 6.4
Alright I finally figured this out, some of the stuff is a little obvious now but this works for anyone else in a similar situation.
So earlier in my http.conf I had this
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# destination directory
ProxyPass /proxy http://10.0.1.38
ProxyPassReverse /proxy http://10.0.1.38
</IfModule>
There seems to be two problems with this, it seems to add the /proxy/ directory and also is wrong since the ip does not have a trailing slash, thus I changed it to this
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</IfModule>
And my http.conf vhost config for the first server looks like this now
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://10.0.1.38/
ServerName a.mydomain.com
</VirtualHost>
If you forget the trailing slash after the ip you will most likely end up with 502 errors: Could not resolve dns
The second servers vhost config looks like this
<VirtualHost *:80>
ServerAdmin admin#mydomain.com
DocumentRoot /var/www/mydomain
ServerName a.mydomain.com
</VirtualHost>
Hope that helps anyone else with similar issues.

Multiple Apache Location directives for same path

I have a web application currently being served on two HTTPS ports - let's say 443 and 8443. The application has an Apache HTTP server as the front end and I am running into trouble setting up Apache config to exclude certain paths on one of the ports. I have my config set up as below in Apache
<Location /MyApp>
AuthType SOME_AUTH_MODULE
require user valid-user
</Location>
<Location ~ "/MyApp/(Login.html|Welcome.html)">
Satisfy Any
Allow from all
AuthType None
Require all granted
</Location>
I have my virtual hosts setup in Apache as below
<VirtualHost _default_:443>
DocumentRoot /path/to/my/files
Servername www.example.com:443
Other details go here
</VirtualHost>
<VirtualHost _default_:8443>
DocumentRoot /path/to/my/files
Servername www.example.com:8443
Other details go here
</VirtualHost>
What are the expected problems with above configuration, considering that Location directive doesn't take host and port information? Does Location directive use the first matching entry OR will it use one of after the other?
More details for folks who know Shibboleth
The first Location entry allows users to access the application in an SSO (Single Sign On) environment. The second entry is designed to allow users to access the same virtual host on a different port (8443) without going through SSO. What we are seeing is, the request headers are lost towards the end of the processing chain. When I remove the second Location entry all works fine.
Put the /Location directive inside the vhost directive you want to secure.
<VirtualHost _default_:443>
DocumentRoot /path/to/my/files
Servername www.example.com:443
<Location /MyApp>
AuthType SOME_AUTH_MODULE
require user valid-user
</Location>
Other details go here
</VirtualHost>
<VirtualHost _default_:8443>
DocumentRoot /path/to/my/files
Servername www.example.com:8443
Other details go here
</VirtualHost>

Apache documentroot other local server

I have a particular subdomain in my apache2 virtualhost 'httpd.conf' file that i would like to redirect to another local apache server. I have a router that redirects all requests on port 80 to the original server.
The second server is NOT on a different global IP address, but on a different local IP address.
Is there any way i can do this,
thanks
You can do this using Apache's proxy functionality. For example:
<VirtualHost *:80>
ServerName myhostname
<Location />
ProxyPass http://address-of-local-server/
ProxyPassReverse http://address-of-local-server/
</Location>
</VirtualHost>
This will cause Apache to proxy requests that match this VirtualHost definition to another server and return the results to the client.
This presumes that you have mod_proxy enabled.
You can mod proxy to any resource identified by it's IP address e.g
<VirtualHost *:80>
ServerName subdomain.domain.com
DocumentRoot /whatever
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location / >
ProxyPass http://192.168.0.x
ProxyPassReverse http://192.168.0.x
</Location>
#...
</VirtualHost>

Apache redirect to another port

I've struggled with this for some time and am definitely doing something wrong.
I have Apache server and a JBoss server on the same machine. I'd like to redirect traffic for mydomain.example to JBoss localhost:8080/example. The DNS is currently setup for mydomain.example and it will go straight to port 80 when entered into the browser.
My question is how do I redirect to a different port when a certain domain name comes to Apache (in this case, mydomain.example)?
<VirtualHost ip.addr.is.here>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ProxyPass http://mydomain.example http://localhost:8080/example
ProxyPassReverse http://mydomain.example http://localhost:8080/example
</VirtualHost>
After implementing some suggestions:
Still not forwarding to port 8080
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ServerAlias www.mydomain.example
ProxyPass http://mydomain.example http://localhost:8080/example
ProxyPassReverse http://mydomain.example http://localhost:8080/example
</VirtualHost>
You should leave out the domain http://example.com in ProxyPass and ProxyPassReverse and leave it as /. Additionally, you need to leave the / at the end of example/ to where it is redirecting. Also, I had some trouble with http://example.com vs. http://www.example.com - only the www worked until I made the ServerName www.example.com, and the ServerAlias example.com. Give the following a go.
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.example.com
ServerAlias example.com
ProxyPass / http://localhost:8080/example/
ProxyPassReverse / http://localhost:8080/example/
</VirtualHost>
After you make these changes, add the needed modules and restart apache
sudo a2enmod proxy && sudo a2enmod proxy_http && sudo service apache2 restart
I solved this issue with the following code:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName myhost.example
ServerAlias www.myhost.example
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
I also used:
a2enmod proxy_http
I wanted to do exactly this so I could access Jenkins from the root domain.
I found I had to disable the default site to get this to work. Here's exactly what I did.
$ sudo vi /etc/apache2/sites-available/jenkins
And insert this into file:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ServerAlias mydomain
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
Next you need to enable/disable the appropriate sites:
$ sudo a2ensite jenkins
$ sudo a2dissite default
$ sudo service apache2 reload
Found this out by trial and error. If your configuration specifies a ServerName, then your VirtualHost directive will need to do the same. In the following example, awesome.example.com and amazing.example.com would both be forwarded to some local service running on port 4567.
ServerName example.com:80
<VirtualHost example.com:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName awesome.example.com
ServerAlias amazing.example.com
ProxyPass / http://localhost:4567/
ProxyPassReverse / http://localhost:4567/
</VirtualHost>
I know this doesn't exactly answer the question, but I'm putting it here because this is the top search result for Apache port forwarding. So I figure it'll help somebody someday.
This might be an old question, but here's what I did:
In a .conf file loaded by Apache:
<VirtualHost *:80>
ServerName something.com
ProxyPass / http://localhost:8080/
</VirtualHost>
Explanation: Listen on all requests to the local machine's port 80. If I requested "http://something.com/somethingorother", forward that request to "http://localhost:8080/somethingorother". This should work for an external visitor because, according to the docs, it maps the remote request to the local server's space.
I'm running Apache 2.4.6-2ubuntu2.2, so I'm not sure how the "-2ubuntu2.2" affects the wider applicability of this answer.
You have to make sure that the proxy is enabled on the server. You can do so by using the following commands:
a2enmod proxy
a2enmod proxy_http
service apache2 restart
If you don't have to use a proxy to JBoss and mydomain.example:8080 can be "exposed" to the world, then I would do this.
<VirtualHost *:80>
ServerName mydomain.example
Redirect 301 / http://mydomain.example:8080/
</VirtualHost>
Just use a Reverse Proxy in your apache configuration (directly):
ProxyPass /foo http://foo.example.com/bar
ProxyPassReverse /foo http://foo.example.com/bar
Look here for apache documentation of how to use the mod
My apache listens to 2 different ports,
Listen 8080
Listen 80
I use the 80 when i want a transparent URL and do not put the port after the URL
useful for google services that wont allow local url?
But i use the 8080 for internal developing where i use the port as a reference for a "dev environment"
You need 2 things:
Add a ServerAlias www.mydomain.example to your config
change your proxypass to ProxyPassMatch ^(.*)$ http://localhost:8080/example$1, to possibly keep mod_dir and trailing slashes from interfering.
Apache supports name based and IP based virtual hosts. It looks like you are using both, which is probably not what you need.
I think you're actually trying to set up name-based virtual hosting, and for that you don't need to specify the IP address.
Try < VirtualHost *:80> to bind to all IP addresses, unless you really want ip based virtual hosting. This may be the case if the server has several IP addresses, and you want to serve different sites on different addresses. The most common setup is (I would guess) name based virtual hosts.
This is working in ISPConfig too. In website list get inside a domain, click to Options tab, add these lines: ;
ProxyPass / http://localhost:8181/
ProxyPassReverse / http://localhost:8181/
Then go to website and wolaa :) This is working HTTPS protocol too.
Try this one-
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.adminbackend.example.com
ServerAlias adminbackend.example.com
ProxyPass / http://localhost:6000/
ProxyPassReverse / http://localhost:6000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
This is how I redirected part of the requests to one url and rest to another url:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName localhost
ProxyPass /context/static/content http://localhost:80/web/
ProxyPassReverse /context/static/content http://localhost:80/web/
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
All are excellent insights to accessing ports via domain names on virtual servers. Do not forget, however, to enable virtual servers; this may be commented out:
NameVirtualHost *:80
<Directory "/home/dawba/www/">
allow from all
</Directory>
We run WSGI with an Apache server at the domain sxxxx.com and a golang server running on port 6800. Some firewalls seem to block domain names with ports. This was our solution:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName wsgi.sxxxx.example
DocumentRoot "/home/dxxxx/www"
<Directory "/home/dxxx/www">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /py/ "/home/dxxxx/www/py/"
WSGIScriptAlias /wsgiprog /home/dxxxx/www/wsgiprog/Form/Start.wsgi
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName sxxxx.com
ServerAlias www.sxxxx.com
ProxyPass / http://localhost:6800/
ProxyPassReverse / http://localhost:6800/
</VirtualHost>