I keep running into an issue with Apache's mod_proxy where it won't forward any traffic. I'm using a Windows Azure virtual machine running Ubuntu 13.04 and have configured the proper HTTPS endpoint (port 443) for it. The proper Apache modules (proxy, ssl, etc.) are all installed, and the error logs show nothing, not even a warning to explain why this is happening. My VirtualHost setup is as follows:
<VirtualHost *:443>
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
ServerName www.example.com
SSLEngine On
#SSLProxyEngine On
SSLCertificateFile /ssl/my.com.crt
SSLCertificateKeyFile /ssl/my.key
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
SSLRequireSSL
Order deny,allow
Allow from all
</Location>
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
I have Listen 443 and NameVirtualHost *:443 all set as well. My service on the other port is running fine as doing a wget responds with an HTTP 200 OK response and I can reach it by manually inputting the port number. I have disabled all firewalls (for testing) to no avail as well. However, whenever I try to reach the service from the outside world through mod_proxy (port 443), the request times out and I get the usual "website not available" browser error.
If it means anything, the app I am running on the other port I need to forward HTTPS traffic to is a Play Framework 2.1 application. I set the server up exactly as in their documentation but still have these problems, so I'm assuming it may have something to do with Azure.
Any ideas? Is there some other type of endpoint configuration that I need to do specific for Windows Azure virtual machines to support SSL/TLS?
So, apparently, I have no idea how or why - but the Azure Gods decided to shine upon my setup all of a sudden. Overnight, without so much as a reboot or anything, mod_proxy on Azure just started working. I have no idea what the issue was, or even if there was one in the first place, but apparently the problem lies with something in the Azure infrastructure.
Sorry I couldn't be of more help for others encountering similar issues, but just giving it time worked for some unknown reason.
Related
I've read a lot of questions and answers which seem exactly the same as mine, but I can't seem to get my setup to work. I have a VM running Apache with only HTTP support at 192.168.2.101:32773. I can access it on my local network as such just fine. I now am ready to expose it through my Apache web server that has Lets Encrypt setup to generate SSL certificates. So I added this to my server conf file:
<VirtualHost *:32773>
ServerName server.com
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://192.168.2.101:32773/
ProxyPassReverse / http://192.168.2.101:32773/
</VirtualHost>
However, I get an ERR_SSL_PROTOCOL_ERROR when I try to load it up as https://server.com:32773. If I however change my address to http://server.com:32773, it loads just fine. Anything look wrong in this snippet? Thanks!
HTTP and HTTPS need to be on different ports. Typically HTTPS is served on port 443.
This is embarrassing... At some point I changed my port forward rules to point 32773 directly to 192.168.2.101 so I could validate that the rules were working at all. The above config worked as soon as I realized I wasn't even sending traffic to my Apache SSL enabled server.
I am attempting to access OrientDB's REST API through a reverse proxy. That is, I have a domain orientdb.mydomain.com that forwards to localhost:2480, where the server is. I have this working on the unsecured website, so I can access http://orientdb.mydomain.com and it brings up the studio site:
http://orientdb.mydomain.com/studio/index.html
However, this does not work through https. I get a 404 error ("The requested URL /studio/index.html was not found on this server")
I have a feeling that I'm not using the correct documentroot or there is something funny about OrientDB that it's generating the path above in another way. I cannot actually find this /studio directory anywhere.
This is from my virtualhost setting in my ssl.conf file.
<VirtualHost _default_:443>
DocumentRoot "/opt/orientdb-3.0.6/www"
<Directory "/opt/orientdb-3.0.6/www">
Require all granted
</Directory>
ServerName orientdb.mydomain.com
#more stuff
</VirtualHost>
By the way, I originally had the following options in my Directory tag, but it gave a forbidden error. I changed it to Require all granted and it now says not found- so I think I'm making progress.
AllowOverride All
Order allow,deny
In summary, is it possible to access the OrientDB server in this way and if so what do I put as DocumentRoot, etc?
I don't think you can do that.
OrientDB has its own HTTP server embedded so the only way it can work is with the reverse proxy configuration.
You can expose your web server (apache HTTP I guess) in https and terminate the "s" there, proxying to orientdb HTTP port (2480).
This turned out not to be an OrientDB issue, but a proxy issue. I had used a virtualhost to set up the proxy on port 80, but I did not do the same for port 443. After adding these settings to my 443 virtualhost on orientdb.mydomain.com, I was able to access the studio and the HTTP REST API through HTTPS.
ProxyPass / http://127.0.0.1:2480/
ProxyPassReverse / http://127.0.0.1:2480/
<Proxy *>
Require all granted
</Proxy>
My configuration is as follows - 1 unix server with two http servers running at the same time:
apache server on ports 80 and 443
Nginx server on port 8200 (www.myserver.com:8200)
The problem is that when I log in to Nginx site I need to authorize there. Doing this over internet with no SSL is not wise... I would like to connect to my apache server with SSL, be transparently redirected to another site and authorize still having encrpyted connection.
Nginx works via http so no ssl there... I would like to have url
https://www.myserver.com/duplicati to be proxied to http://www.myserver.com:8200
Effectively I want to have:
encrypted connection from the web client to www.myserver.com
proxy connection from https://www.myserver.com/duplicati to http://www.myserver.com:8200 (unencrypted), but limited to 1 physical machine which I don't care much about encryption (or actually lack of it)
What I did was the following
What I did was the following Apache config:
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /duplicati/ http://127.0.0.1:8200/ngax/
ProxyPassReverse /duplicati/ http://127.0.0.1:8200/ngax/
<Location /duplicati/>
ProxyPassReverse /
Order deny,allow
Allow from all
</Location>
Header edit Location ^http://127.0.0.1:8200/ngax/ https://127.0.0.1:8200/ngax/
still no luck with that config....
It looks like a simple thing to do but after 5h of struggle I need to send my very first post to Stackoverflow community ;-)
Could you kindly help me with it?
I'm new to networking and web development and am trying to create a home project for fun, to learn, and to have some capabilities I would like from a home server. So far, I already own a domain name and have DDNS set up with Namecheap and port forwarding on my router so that incoming requests on port 80 get forwarded to my Pi on that port. I can access a basic index.html page using mydomain.com and www.mydomain.com.
I also want to be able to access some other applications running on my Pi remotely in the future. Two I'm working on currently are Webmin and Shellinabox. I can currently do this by going to mydomain.com:12321 and mydomain.com:4200 respectively. However, I would like to have this set up in a cleaner way so I can instead go to webmin.mydomain.com and ssh.mydomain.com instead. I am able to do that using Virtual Hosts and a redirect currently, but that changes the URL in the browser.
As a more advanced solution, I'm trying to use mod_proxy so the URL in my browser still shows the URL I typed. I've done some searching and think the best way to do this is using mod_proxy with virtual hosts, but I have not been able to get it to work.
For starters, I don't think I understand how that works fully. My basic understanding is that apache forwards an incoming request to another server and relays the reply back to the original requesting machine. However, in testing, I tried to do this:
<VirtualHost *:80>
ServerName ssh.mydomain.com
ProxyPreserveHost On
ProxyRequests Off
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://www.google.com
ProxyPassReverse / http://www.google.com
</VirtualHost>
My understanding would be that the Google homepage would show up when I navigated to ssh.mydomain.com, however I instead get a Google error page that says:
That’s an error.
The requested URL / was not found on this server. That’s all we know.
Clearly I'm misunderstanding this. Prior to this testing, I had that block of code configured like this:
<VirtualHost *:80>
ServerName ssh.mydomain.com
ProxyPreserveHost On
ProxyRequests Off
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://localhost:4200
ProxyPassReverse / http://localhost:4200
</VirtualHost>
I've also tried 0.0.0.0 and 127.0.0.1 instead of localhost, so I don't believe that's the issue. When I have it set up as shown above and navigate to that URL, I get this in Safari:
Safari Can't Connect to the Server
Safari can't open the page "https://ssh.mydomain.com" because Safari can't connect to the server "ssh.mydomain.com".
I can't help but wonder if the https is causing some issue. I'm not typing it into my browser, but it is shown in the page it's trying to connect to. I'm just not sure at this point. I could make it functional, sure, but I want to learn how to do it the way I'm trying here. I'm open to other ideas that would keep the browser URL instead of redirects if there are other ways that don't use mod_proxy, but from other places I've read, this seems to be the way. Thanks in advance for your help.
I am trying to setup a server with multiple web applications which will all be served through apache VirtualHost (apache running on the same server). My main constrain is that each web application must use SSL encryption. After googling for a while and looking other questions on stackoverflow, I wrote the following configuration for the VirtualHost:
<VirtualHost 1.2.3.4:443>
ServerName host.domain.org
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
</VirtualHost>
Even though https://host.domain.org:8443 is accessible, https://host.domain.org is not, which defeats the purpose of my virtual host configuration. Firefox complains that even though it successfully connected to the server, the connection was interrupted. Chrome return an error 107: net::ERR_SSL_PROTOCOL_ERROR.
Finally I should also mention that the virtual host works perfectly fine when I do not use SSL.
How can I make this work ?
Thanks
You don't need to configure SSL in both Apache and Tomcat.
The easiest way to accomplish that is configure SSL just on Apache and proxy to tomcat using http.