I have successfully installed reverse proxy on Apache. It works like a charm. I'm using it to proxy https request to http. My problem is that I need to forward variable SERVER_HTTPS to my end server, to indicate if person is using ssl connection or just http. I have found one way to do:
Each time I can forward HTTP_X_FORWARDED_PROTO variable and check on end server:
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
But this variant is not good for me, because I can't edit the end servers scripts. Lets say that I don't even have access to it. But I know how to check if it is forwarded. So, Generally my question is: Is there any way that I can forward this variable? I have seen one more variant, with Rewrite engine , but it didn't work for me and there is no detailed information. Maybe If I will set my server on Nginx + apache this will send this header variable?
If you can edit the end server configuration, take a look at mod_rpaf RPAF_SetHTTPS option :
https://github.com/gnif/mod_rpaf
Related
I have some difficulties to understand the apache variables described in here:
https://httpd.apache.org/docs/2.4/expr.html#vars
What I need to use in my directive:
The IP of the webserver the apache is running on
The IP of the client trying to access the server
The URL (string) the client is trying to access
Alternatively, a boolean telling me whether the current request is coming from the server itself
As far as I understand, REMOTE_ADDR must be the client's IP. But where is the Servers ID hidden? SERVER_ADDR does not exist...
SERVER_ADDR depending if your server provide it, else try HTTP_HOST
REMOTE_ADDR
REQUEST_FILENAME/REQUEST_URI
There is no native function provided by Apache doing that but I let you check this topic you may find what you looking for.
I setup haproxy as reverse proxy in our organization . we want when the client request for some web site like lenovo or oracle or etc. …the request must be passed through our reverse proxy server .(because our client set our dns server and i defined reverse proxy’s ip as those such domain in our dns server). i using SSL passthrough .but i have some problem in this case.
1- some time haproxy doesnt work fine and have problem to load right certificate.for example when i want to see www.amazon.com haproxy load wrong certificate(SSL_ERROR_BAD_CERT_DOMAIN) so firefox prevent to load website. in this case i have www.intel.com in haproxy config so haproxy getting confused and load www.amazon.com with intel certificate website.
2-I want all sub domain of website like *.oracle.com or *.lenovo.com passed through our reverse proxy so we don’t need to register sub domains of website one by one in haproxy server .
i try with -reg or matching pattern method but all of them need to final destination.
3- some time redirection cant work properly and we facing http to https redirection error .(some time client enter lenovo.com or intel.com (means http requesting).to over come this problem i defined http frontend and redirect all request to https except one hypothetical request by acl . but my issue some time appear.
This is simple done by req_ssl_sni and writing simple acl to forward request but attention to just write single forntend and backend ,because multi frontend and backend cause a confusing in haproxy.
I've got a problem with apache configuration. In short: there is a JBoss server with backend and Apache with frontend. Both are independent. There are requests, that are sent to the address like 1.1.1.1:8080/xyz (to the JBoss server) and I would like to make something like overwritting the 1.1.1.1 address with for example 'jboss' word. Just make it hidden for the person that will use the app and not making it necessary to give that person access to the JBoss server.
How can I do it? Should I try configure a VirtualHost or something different?
You can't rewrite to an external server but you can Proxy / Reverse Proxy the requests. Have a look at https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
We have a server running Apache providing services via a simple API. We now stumbled upon the problem that we cannot access the API using a third-party library, altough the resulting HTTP request are ALMOST the same. The only difference - as far as we can tell from Wireshark - is the presence or absence of the explicit information about port 80. For example:
curl -d "..." http://www.example.com/foo/bar/
curl -d "..." http://www.example.com:80/foo/bar/
Both work, and Wireshark shows Host: www.example.com, i.e., without the port 80. As far as I understand cURL as well as browser or most other clients remove port 80. So far, all fine.
Now, a third-party library to make requests requires to set a port, and we need to set it to 80. If the library makes a request, Wiresharks now shows Host: www.example.com:80 - note the additional port information. This request fails, and as far as we can see in Wiresharks, this failing request only differs with respect to the host field.
Can this be a configuration issue of Apache? We currently have no direct access to the server to check the conf files. Or are we missing something completely different here.
From rfc 2616:
Host = "Host" ":" host [ ":" port ] ; Section 3.2.2
So "Host: www.example.com:80" is perfectly legitimate. But I have never seen port 80 (or 443 in the case of HTTPS) in the host field of a HTTP request. It is obviously required where the request is routed via a proxy to a non-standard port.
This would give me some concerns as to the quality of the "third-party library". My first of port of call in resolving this would be to speak to the providers of the component - they have presumably come across the problem before.
You did not mention what access you have to the library - did you check that this is not a configurable option? Do you have access to the source code, and the permission to modify it? (if not, that would imply it is commercial, paid-for software - which should give you the right to some support).
I don't know what the solution is, but some obvious things to try would be:
configure the URL at the default vhost for webserver rather than explicitly for www.example.com
or use mod_headers to rewrite the host field
or put a forward proxy in front of the webserver e.g. squid and add a url rewriter (if squid does not automatically strip the port from the host field)
Apache performs string matching with the Host field. So when the :80 is attached, the string matching will fail and Apache will consider it a URL it does not handle and reject it. That is why curl stripped it.
You can read more about the ServerName field here, which is the setting in which Apache matches against Host.
Update
So the :80 has no effect and the string matching still works.
On my production server, I did not change Apache's configuration. I wrote some quick PHP to send out the GET request on a socket, and Apache still responded correctly with the :80 attached to the Host: field.
I also checked on the server itself and see the request come in with the errant :80 attached to it and Apache answers with the status of 200 and presents the HTML.
There is something else wrong with the third party software's request.
How do I remove the need to type /web on the end of my PLEX media server to access from outside my network? I have a no-ip.com account and set up a static domain name to point to a static ip. But that doesn't help much, because I still need to type in the /web to access my media server. I am using windows 7. I have set up a owncloud server before and removed the need to type /owncloud in the httpd.conf file. But I can't find it for the plex server. I read somewhere to set up a page that will redirect to /web, but I don't know how to do that. Thanks for help!
You can remove both the port (in case you are already not forwarding it from port 80 to Plex's port) and the need for the /web at end using redirection rules.
Here is a good example of how to do just that (this solution uses Apache):
http://matt.coneybeare.me/how-to-map-plex-media-server-to-your-home-domain/
EDIT: Small correction, that site I linked is not using redirection rules, it is using a reverse proxy.
With a redirection rule if you type: myPlexServer.com, you'll be redirected to myPlexServer.com:32400/web (as in, the address on your browser will actually be re-written to that, same as clicking on a link that takes you to another page).
With a reverse proxy, you effectively have a man in the middle, the reverse proxy server itself. You send requests to myPlexServer.com (Apache server in this case), it receives those requests and the proxy forwards them to myPlexServer.com:32400/web (PMS Server). The PMS server sends the reply to the Apache server and the Apache server sends the reply back to you. As far as PMS is concerned, the client requesting info is the Apache server, in fact it doesn't even know about you talking to the Apache server.