I would like to:
redirect https requests for / to /sweetApp/
redirect all http requests to https
after the redirects, proxy requests to an internal ip address
I have set up these vhost rules. The http to https redirect works but the redirect to /sweetApp/ does not.
In the end, I would like an external request for sweetSite.com to proxy and redirect so the internal server only sees a request for 192.168.3.92:9080/sweetApp/
I am using Apache 2.4.3 so it should support name based ssl vhosts.
#Redirect to SSL
<VirtualHost *:80>
ServerName sweetSite.com
RedirectMatch ^/$ https://sweetSite.com/
</VirtualHost>
# The Real McCoy
<VirtualHost *:443>
ServerName sweetSite.com
#Map to /sweetApp/ by default
RedirectMatch ^/$ /sweetApp/
SSLEngine On
SSLProxyEngine On
SSLCertificateFile ssl/certificate.crt
SSLCertificateKeyFile ssl/certificate.key
#SSL to HTTP Proxy
ProxyPass / http://192.168.3.92:9080/
ProxyPassReverse / http://192.168.3.92:9080/
</VirtualHost>
The problem for me is that if there is a proxyPass rule, it takes precedence over any redirect rule.
Because I need this machine to do both the redirect and the proxy, the only solution I could find was to use mod_rewrite to "proxy" and to change the url to /sweetApp/.
Related
I have installed apache httpd 2.2.15 in my app server. I need to get the login page(https://ip_address:9002/xxstorefront/xx/en/USD/login) when I hit on https://dev.xxyy.com/login. I have installed SSL certificate for my domain and set below redirect rules.
ProxyPass /login http://localhost:9001/xxstorefront/xx/en/USD/login
ProxyPassReverse /login http://localhost:9001/xxstorefront/xx/en/USD/login
ProxyPass /login https://localhost:9002/xxstorefront/xx/en/USD/login
ProxyPassReverse /login https://localhost:9002/xxstorefront/xx/en/USD/login
RewriteEngine On
RewriteRule ^(.*)/login http://%{ip_address:9001}$1/{xxstorefront/xx/en/USD/login}$2 [L,R]
When I hit on https://dev.xxyy.com/login, I get below error,
Not Found
The requested URL /login was not found on this server.
Apache/2.2.15 (CentOS) Server at dev.xxyy.com Port 443
When I hit on https://dev.xxyy.com, I get the apache default homepage.
Pls guide me how should I set the redirect rules.
Your configuration is invalid. Those two lines:
ProxyPass /login https://localhost:9002/xxstorefront/xx/en/USD/login
ProxyPassReverse /login https://localhost:9002/xxstorefront/xx/en/USD/login
overwrite those two:
ProxyPass /login http://localhost:9001/xxstorefront/xx/en/USD/login
ProxyPassReverse /login http://localhost:9001/xxstorefront/xx/en/USD/login
Rewite mechanism probably does not work at all:
RewriteEngine On
RewriteRule ^(.*)/login http://%{ip_address:9001}$1/{xxstorefront/xx/en/USD/login}$2 [L,R]
I think this configuration should solve your problem:
<VirtualHost *:80>
ServerName dev.xxyy.com
ProxyPreserveHost On
ProxyPass / http://localhost:9001/xxstorefront/xx/en/USD/
ProxyPassReverse / http://localhost:9001/xxstorefront/xx/en/USD/
</VirtualHost>
<VirtualHost *:443>
ServerName dev.xxyy.com
SSLEngine on
// other SSL directives
ProxyPreserveHost On
ProxyPass / https://localhost:9002/xxstorefront/xx/en/USD/
ProxyPassReverse / https://localhost:9002/xxstorefront/xx/en/USD/
</VirtualHost>
It defines two virtual hosts which work as proxies and map all requests to xxstorefront/xx/en/USD/...:
http://dev.xxyy.com/(.*) → http://localhost:9001/xxstorefront/xx/en/USD/(.*)
https://dev.xxyy.com/(.*) → https://localhost:9002/xxstorefront/xx/en/USD/(.*)
I am struggling with proxy reversing an SSL server in Apache.
Right now I have many websites under many subdomains in one domain.
For example:
gitlab.mydomain.com
nextcloud.mydomain.com
plex.mydomain.com
All the websites use Letsencrypt certificates so they are HTTPS enabled.
The thing is, that so far no server running at my localhost was HTTPS. For example Plex is running as a standalone HTTP server on my localhost which I simply proxy reverse using Apache and in the internet it is secured with Letsencrypt.
Now I need to proxy reverse an already secured HTTP server. Namely Jenkins - it is running with Letsencrypt on my localhost for various reasons. I should also mention that the certificate used to encrypt it on localhost is the same as the certificate I use in Apache.
So my Jenkins is running on port 8443 and my Apache configuration for Jenkins is the following:
# Just to redirect HTTP to HTTPS
<VirtualHost *:80>
ServerName jenkins.mydomain.com
ServerAlias www.jenkins.mydomain.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<Virtualhost *:443>
ServerName jenkins.mydomain.com
ServerAlias https://jenkins.mydomain.com
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Proxy https://localhost:8443/jenkins*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /jenkins http://localhost:8443/jenkins nocanon
ProxyPassReverse /jenkins http://localhost:8443/jenkins
ProxyPassReverse /jenkins http://jenkins.mydomain.com/jenkins
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-Ssl on
RewriteEngine on
RewriteRule "^/$" "/jenkins/" [R]
SSLEngine on
SSLCertificateFile path/to/fullchain.pem
SSLCertificateKeyFile path/to/privkey.pem
</Virtualhost>
However, with this configuration I get an error 502 (Proxy Error):
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /jenkins/.
Reason: Error reading from remote server
The 502 you're getting is because Apache isn't receiving a response from http://localhost:8443/jenkins. This is the first issue that needs to be resolved before anything else can work. Ensure that you are able to access Jenkins by utilizing cURL.
For example: curl http://localhost:8443/jenkins if no response then try curl https://localhost:8443/jenkins if no response there, then I'd take a look and see if Jenkins is configured properly.
There are a couple things I did notice that should be updated in your Virtual Host configuration.
ServerAlias https://jenkins.mydomain.com should be ServerAlias www.jenkins.mydomain.com as https:// should not be included in a ServerAlias directive, plus you may want to be able to get to the site using https://www.jenkins.mydomain.com since that's in the non-https directive. You also most likely will want to include a rewrite in your https virtual host that rewrites www.jenkins.mydomain.com to jenkins.mydomain.com.
You probably don't need the second ProxyPassReverse directive.
How can I redirect any incoming HTTP requests to my local HTTPS configuration in apache2 on ubuntu?
The following does not work, because localhost is not replaced with the internal server ip.
<VirtualHost *:80>
Redirect / https://localhost
</VirtualHost>
<VirtualHost *:443>
ProxyPass ...
</VirtualHost>
Is that possible without having to explicit hardcode my local server IP into the Redirect?
This should do:
<VirtualHost *:80>
...
RewriteEngine On
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]
</VirtualHost>
Once you are sure it works OK, change 302 to 301
How to configure Apache to redirect all requests from port 80 to a port 8080? For example http://google.com.localhost must redirect to a http://google.com.localhost:8080 but for all requests.
<VirtualHost *:80>
ServerName proxy.localhost
ServerAlias *.localhost
Redirect permanent / *:8080
</VirtualHost>
You cannot use Redirect for this, because Redirect does not allow for variables.
Inspired by the examples using mod_rewrite from the Apache documentation:
RewriteEngine On
RewriteRule "^/?(.*)" "http://%{HTTP_HOST}:8080/$1" [L,R,NE]
Note that you need mod_rewrite enabled for this to work.
I'm trying to do an url rewriting with Apache 2.4. I want that requests to
http://subdomain.domain.com
http://www.subdomain.domain.com
https://www.subdomain.domain.com
are remapped to
https://subdomain.domain.com
to avoid an error in SSL wildcard cert that doesn't not match www.subdomain.domain.com.
I tried with:
<VirtualHost ip:80>
ServerName subdomain.domain.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost ip:80>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
</VirtualHost>
<VirtualHost ip:443>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
</VirtualHost>
<VirtualHost ip:443>
ServerName subdomain.domain.com
...
...
...
My configuration works for (1) and (2) but not for (3). Where is my mistake?
I think the problem is that one of your port 443 virtualhosts does not have SSL on.
Try this
<VirtualHost ip:443>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
SSLEngine on
SSLCertificateFile /something
SSLCertificateKeyFile /something
</VirtualHost>
Otherwise, the request simply won't be understood, because it's encrypted.
See eg How to redirect https to http without any SSL Certificate for why this is necessary.