I haven't been able to solve an issue with my server:
I use a linux server, Debian 7.0 distro.
I am hosting many different domains, all except one, are plain http domains which I can easily redirect using virtual hosts on httpd.conf or apache2.conf. The problem I can't solve is with one domain, which requires SSL, so I need to force redirect http to https. I worked on virtual host of that specific domain, and managed to get http to https redirect, but now, all remaining domains are forced also to the https domain. How can achieve each http domain redirects to it's own, but also the requires SSL domain redirects to https?
Thanks
If you are using some versions of Apache, I know as late as version 2.2, you will need to include the line:
NameVirtualHost *:80
before your virtual host lines. I can't be sure that this is your problem, but I just had the exact same thing happening to me on Arch, which apparently doesn't have the latest Apache.
Related
I have the following question that I do not know how to solve it in the most efficient way.
I have two servers, one with Apache where I have a Wordpress instance responding for port 80, and on another server I have a Wildfly with another application listening on port 8080. The Wordpress that I have configured on the Apache server, responds to the URL http://www.somedomain.com What I'm not so clear about is how to do when a request arrives at http://www.somedomain.com/yyyy and redirects me to the Wildfly server where an application is responding to the URL : 8080 / app
How could I do it in the most effective way? Using the rewrite module in the .htaccess file or using the Apache proxy module and configuring it in the Apache virtual host? How would I have to do it?
Thank you very much in advance.
You're mixing a few things that are not related to each other. First of all, a redirect is something different than a proxy. Redirecting means asking the client (browser) to look at another URL. A proxy, on the other hand, retrieves the content of the other URL itself and passes it to the client. Using a proxy, the other URL remains invisible to the client.
Second, mod_rewrite is not limited to htaccess configuration. In fact it's better to configure mod_rewrite in the virtual host configuration, just as you suggested with the proxy configuration.
The htaccess is simply for users who are not allowed to mess with the server configuration itself. Configuration in the htaccess can be limited by the admin for security purposes at the cost of slowing down the server.
That said, if you are looking to map your wildfly server paths into your main server's paths, you might want to use something like this inside your main server's virtual host block:
<Location "/yyyy">
ProxyPass "http://wildfly:8080/app"
</Location>
See http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass for detailed explanations.
Trying to reverse proxy with https only. All though the ssl & https works with the chosen domain, it is directing to the apache root not the desired reverse proxy server.
So far Ive got the server to force https when http is used. I rewrite www to non www. Ive had reverse proxy work fine when its just http but https goes to the "it works" root file with a green lock.
Any ideas?
So i solved this issue at the last hour. But where i am confused is i solved this by manipulating the config files and using the defualt text. Not by adding my own virtual hosts and injecting code at the bottom like the old days or blogs would suggest. I added proxy rules into the proxy config file. Added cert paths into the ssl config file and that seemed to take over randomly pasting code into http config as it might be sugested elsewhere on the net.
I am trying to setup a gitlab repository and I am quite new to the web server side of things. My setup is the following:
I have an apache server which is running my main website on port 8080.
I have the gitlab configured with SSL and Nginx and running on port 2443.
At the moment, the gitlab site can be accessed through https://www.example.com:2443.
What I would like to do is setup a redirect through my apache server where if someone comes to http://www.example.com/gitlab or https://www.example.com/gitlab, they get redirected to ``https://www.example.com:2443` (preferably without the web browser text field changing).
Could this be done easily with Apache? Also, since the redirect is to an SSL site, any special things we need to consider?
You can try adding the redirect directive to your Apache VirtualHosts (8080 and 443).
Redirect permanent /gitlab https://www.example.com:2443
I'm a bit out of my depth here and nothing I have found quite addresses my problem. Si any and all suggestions are most welcome.
I've got tomcat6 running on CentOS 6.5 hidden behind an apache server (v2.2.15) and I am using Apache's mod_proxy to expose the tomcat webapps, which are running on port 8080. The tomcat hosts one production application and several development applications. On the apache side, both a Drupal site and the aforementioned tomcat production application are on the same domain and, thanks to rewrite rules, all requests to this domain are changed to https. The development sites are reached via subdomains and do not get re-written as https requests.
For the most part, this arrangement works fine. But parts of the tomcat apps are AJAX (calling a Java Struts 1.2 backend). Most of those requests are handled OK. But a few AJAX requests result in redirects (i.e., forward.setRedirect(true)) and that redirect is http (I guess because the container itself is not secure). As a result, I run into cross site scripting issues. I imagine I can use CORS headers to avoid the problem. But that seems like a hack. Is there a relatively painless way I can use to have tomcat send redirects back as https without making tomcat handle ssl directly?
Cris
You could configure the RemoteIpValve in Tomcat:
Another feature of this valve is to replace the apparent scheme
(http/https) and server port with the scheme presented by a proxy or a
load balancer via a request header (e.g. "X-Forwarded-Proto").
To configure Apache to forward the original protocol in the X-Forwarded-Proto header, add a RequestHeader directive in your Apache config, e.g.:
<VirtualHost *:443>
RequestHeader set X-Forwarded-Proto "https"
...
Note that in Tomcat 7, there is also a RemoteIpFilter.
You don't need to do anything special. It already works. Make sure you set the "redirectPort" in server.xml to Apache's HTTPS port, usually 443, and add the following to your <security-constraint> sections for resources you want secured by HTTPS:
<user-data-constraint>
<description>HTTPS</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
Late to the game here but others may find this-- we had a similar setup and issue where everything worked fine until the application started using ajax posts which did redirects for the response. The fix was to use mod_header in apache to rewrite redirects using "Header edit Location"
http://httpd.apache.org/docs/current/mod/mod_headers.html
Header edit Location ^http://www.example.com/ https://www.example.com/
This went unnoticed prior to the ajax redirects because the browser has no problem doing page level redirects to http (which apache would then redirect back to https). But the ajax cross-site prevention halts at the initial http missing out on that would then be redirected to https by a subsequent request.
I have a Debian server which is running a number of client sites. Most of these are not running SSL so accessing by HTTP is fine.
I have one customer with an SSL certificate and accessing their site via HTTPS is fine too.
The problem comes if you try to access one of the other sites with HTTPS you get directed to the other site that has the SSL certificate.
For instance, lets say we have the following sites on the server:
alpha.net
bravo.net
charlie.net (SSL)
delta.net
So as you can see, charlie is the only one with SSL, and irrespective of if you go to http charlie.net or https charlie.net, it works fine.
http to all the other sites is fine, but if you were to go to https alpha.net, it will initially come up with an Invalid Certificate error and let you continue but whilst it has alpha.net in the address bar, its actually showing the charlie.net site in the browser.
I have researched SNI and how if any other sites have SSL I'll need to put them all on specific IP addresses (something else I need to try to work out how to do as I have no idea) but I am not sure why this is happening or how I resolve it.
Has anyone else encountered this before and how did you get around it?
Many thanks,
Rob
This does not have anything to do with SNI, as you currently only have one HTTPS server. What happens, as you've stated in your comment, is that the alpha.net domain resolves to your server's IP. Your Apache server is set up to listen for requests on port 443 on this IP, and to serve the contents of charlie.net to these requests. (And the certificate error means that the browser noticed the discrepancy between the certificate's alleged domain name and the domain name used for the request.)
Redirecting from HTTPS to HTTP is probably more trouble that it's worth, since you would need valid certificates for each domain, lest you present your users with another security warning. This would entail creating virtual hosts for alpha.net:443 and so on, on an SNI capable server (i.e., later versions of Apache 2.2+ with openssl), and adding a redirection like so:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
Probably the easiest course for your problem is to use a different IP for charlie.net. With this setup, there would be no way for alpha.net (and so on) to display the contents of another site.
If you have multiple IPs on your server, use a unique one for the SSL site, all non-SSL sites share another IP.
Since SSL doesn't care what is the domain you are visiting, it only cares if the current domain is approved from the list of domains(Common Name) it gets from the Ip address.