I must have read every single article on the internet regarding Redmine and Apache and I still cant get it to work!
I have Redmine running on http://server:3000 perfectly using Thin. We have another Apache service on the same server which hosts our internal web tools on a different port (8096) so I would like Redmine to follow the same convention.
In that respect on Apache in httpd.conf I've added:
ProxyPass /redmine http://127.0.0.1:3000/
ProxyPassReverse /redmine http://127.0.0.1:3000/
ProxyPreserveHost on
Which seems to work fine. If you type in http://server:8096/redmine it will bring up the Redmine start page, but clicking on any other link results is a 404.
It looks like its not appending the /redmine on links from the site as clicking on the 'admin' link takes me too http://server:8096/admin instead of http://server:8096/redmine/admin
I've also looked into adding any of the three below to config/environment.rb but there seems to be conflicting info on which to use, and none of them seem to:
ActionController::AbstractRequest.relative_url_root = "/redmine"
ActionController::Base.relative_url_root = "/redmine"
Redmine::Utils::relative_url_root = "/redmine"
As always any help is greatly appreciated!
Edit::
I am also trialling out
ProxyPass /redmine http://server:3000
ProxyHTMLURLMap http://server:3000 /redmine
<Location /redmine>
ProxyPassReverse http://server:3000
SetOutputFilter proxy-html
ProxyHTMLURLMap / /redmine/
ProxyHTMLURLMap /redmine/ /redmine
</Location>
but seems to have the same result. Interestingly, if I access http://localhost:8096/redmine from the local server all the links seems to work and direct to the correct page, except the CSS and JS is not working.
If remotely I manually type in any of the links http://server:8096/redmine/admin then I get the correct page with CSS etc, it's just the linking between pages that isn't working!
Man, I've never seen an working setup of apache proxy changing context like this:
ProxyPass /redmine http://127.0.0.1:3000/
This should work:
ProxyPass /redmine http://127.0.0.1:3000/redmine
To do that, you need to setup your backend server (mongrel or whatever) to work on a sub-uri.
I would suggest you to use mod_passenger instead. This is the easiest way to setup redmine and it doesn't involve proxy. Here follows my setup:
brunojcm#brunojcm-htpc:~$ cat /etc/apache2/sites-available/redmine
<Directory /var/www/redmine>
RailsBaseURI /redmine
PassengerResolveSymlinksInDocumentRoot on
</Directory>
Where /var/www/redmine is a link to your public redmine folder.
brunojcm#brunojcm-htpc:~$ ll /var/www/redmine
lrwxrwxrwx 1 root root 27 Sep 4 2011 /var/www/redmine -> /opt/redmine/current/public/
You will also need to install mod_passenger. I don't remember exactly how to do it, but I believe you need to gem install passenger and after run passenger-install-apache2-module and follow the instructions.
Hope it helps!
Related
I am trying to deploy a grails app on an existing site (mysite.org) using Tomcat with a virtual host, and I've been told I also need to use a ProxyPass and a ProxyPathReverse to the chosen port. I've successfully set up Tomcat, added the WAR file to the tomcat/default-root folder, and edited the server.xml file to include this, an exclusion for serving content to the app.
<VirtualHost *:*>
ProxyPreserveHost On
ProxyTimeout 3600
Timeout 3600
ProxyPass /interventions !
ProxyPass / http://00.00.000.000:8080/
ProxyPassReverse / http://00.00.000.000:8080/
ServerName interventions.mysite.org
</VirtualHost>
I'm not really sure where to go from here, what I want to happen is to be able to go to interventions.mysite.org and use this app. I know I need to properly configure the virtual host but I've gotten lost in guides that seem to focus on setting it up from the start rather than integrating with an existing site, which had me worried about making any changes without realising (given my lack of knowledge right now).
What should my next step be, and are there any resources I should seek out (or search terms I should use, as I'm totally overwhelmed after my attempts)?
**Edit: Is my wishing to use interventions.mysite.org rather than, say, mysite.org/interventions complicating the issue?
create a site in apache called interventions.mysite.org.conf
To create the site you can just copy the already existing site file found in the sites-available folder in your apache installation and just make edits where necessary.
You file should look like the one i have pasted below, i believe the code i have pasted below should work fine for you, just make edits to the ProxyPass and ProxyPassReverse fields to match your app installation.
Remember to enable the site by using the command below;
sudo a2ensite interventions.mysite.org.conf
and also ensure that you have i think mod_proxy enabled.
it can config just like the one below;
<VirtualHost *:80>
ServerName interventions.mysite.org
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests Off
ProxyPreserveHost On
ProxyErrorOverride On
ProxyPass / http://localhost:port/my-app/
ProxyPassReverse / http://localhost:port/my-app/
</VirtualHost>
You can also read the apache docs if you don't understand some of the config parameters. Hope that helps.
Cheers!
I am wondering how to configure my httpd server to serves the following pages:
My need is to serve static content located in my /var/www/static when url is /context/static and to proxy the remaining to a tomcat server
In this order:
/context/static/* --> files served by httpd
/context/* --> resources served by tomcat
I have tried to rewrite /context/static/* to a folder pointing to my /var/www/static and added the ProxyPath directive for the remaining but I can't get it working.
What are the best practices and how to achieve that ?
Thanks in advance
Well, in fact it is quiet easy...
Having such folders configured:
/var/www/static/
|- css/*
|- js/*
\ medias/*
The following httpd configuration will redirect static/* to the /var/www and the rest will be proxied
# first rewrite for statics
RewriteEngine On
RewriteRule ^/context/static/(.+)$ /static/$1
# then proxy remaining...
ProxyPass /context http://127.0.0.1:8080/context
ProxyPassReverse /context http://127.0.0.1:8080/context
I've found the following approach that works and is quite general. (4/12/2018)
Location/Proxypass expressions always take priority over any other location block, so you have to Exclude the paths that you don't want to be proxied. the "?!" does that in the regex. Since static content is, um, static, it is not so bad to require that the apache configuration be updated if another directory is needed to be served directly for a different media type.
The following was taken from a server that was proxying a Python Flask application.
<LocationMatch "^/(?!js|css|media)" >
ProxyPass http://127.0.0.1:5000
ProxyPassReverse http://127.0.0.1:5000
</LocationMatch>
<Location "/">
Require all granted
</Location>
Both of the existing answers rely on Regular Expressions. While they work, it is possible to do this without such complicated constructs. ProxyPass can take "!" as a second parameter, in which case it doesn't proxy the matching URL. For example
ProxyPass /context/static/ !
ProxyPass /context http://127.0.0.1:8080/context
ProxyPassReverse /context http://127.0.0.1:8080/context
or, with multiple exclusions,
ProxyPass /js !
ProxyPass /css !
ProxyPass /media !
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
These exceptions need to come before the more general rule in order to take precedence.
Thanks to freenode user "thumbs" in #httpd.
I'm having a hell of a time setting up a web2py server in a way that allows me to access the admin and appadmin interfaces from anywhere other than localhost, which is a requirement for me because the web2py server is hosted in a cloud location without a browser or X server. I understand that to access web2py's admin or appadmin interfaces from outside localhost that I must use SSL/HTTPS.
The web2py documentation seems to declare two different ways to do this. First, from the general web2py startup tutorial:
The administrative interface, admin, is only accessible from localhost
unless you run web2py behind Apache with mod_proxy. If admin detects a
proxy, the session cookie is set to secure and admin login does not
work unless the communication between the client and the proxy goes
over HTTPS
This lead me to search the web for how to setup web2py behind and apache which lead me to the web2py deployment recipes page, where it describes setting up web2py behind apache using mod_wsgi instead of mod_proxy. These are the instructions I'm currently following exactly, with the exception of updating the /etc/apache2/sites-available/web2py file to apache2.4 syntax and modifying the ServerName directive's value to "foo.bar.com" (omitted: the domain name of cloud box containing the server, this is replaced with foo.bar.com throughout this question).
However, when I get to the
When you restart Apache, it should pass all the requests to web2py without going through the Rocket wsgiserver.
part of the that web2py+apache+mod_wsgi tutorial, apache does not appear to be passing anything to web2py for me. I went ahead and moved the wsgihandler.py file as the next step in the tutorial describes, and here's my current state:
If I browse to foo.bar.com:80 from another machine, I get the Apache2 Ubuntu Default Page (the "It works!" page).
If I browse to foo.bar.com:8000 (web2py port), I the web2py server's default interface, but with no access to admin or appadmin because of the unsecure channel.
If I try to browse to foo.bar.com:443, I get the generic "Index of /" apache server
page. On this page "/" contains one directory link "html", which
is a link to the Apache2 Ubuntu Default Page (the "It works!" page).
Other information:
I have an untouched instance of web2py installed at /home/www-data/web2py except that I've moved /home/www-data/web2py/handlers/wsgihandler.py to /home/www-data/web2py/wsgihandler.py
The contents of my /etc/apache2/site-available/ directory are:
000-default.conf (not touched by me)
default-ssl.conf (not touched by me)
web2py (created by me)
I've manually started up web2py with python ~/web2py/web2py.py --ip 10.7.166.27 (that's the IP for foo.bar.com (real domain name omitted))
apache2 is running as user www-data
The server OS is Ubuntu Server 14.04 x64
This is my /etc/apache2/sites-available/web2py file:
<VirtualHost *:80>
ServerName foo.bar.com
WSGIDaemonProcess web2py user=www-data group=www-data display-name=%{GROUP}
WSGIProcessGroup web2py
WSGIScriptAlias / /home/www-data/web2py/wsgihandler.py
<Directory /home/www-data/web2py>
AllowOverride None
Require all denied
<Files wsgihandler.py>
Require all granted
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(.*) /users/www-data/web2py/applications/$1/static/$2
<Directory /users/www-data/web2py/applications/*/static/>
Order Allow,Deny
Allow from all
</Directory>
<Location /admin>
Require all denied
</Location>
<LocationMatch ^/([^/]+)/appadmin>
Require all denied
</LocationMatch>
CustomLog /private/var/log/apache2/access.log common
ErrorLog /private/var/log/apache2/error.log
</VirtualHost>
<VirtualHost *:443>
ServerName foo.bar.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
WSGIProcessGroup web2py
WSGIScriptAlias / /users/www-data/web2py/wsgihandler.py
<Directory /users/www-data/web2py>
AllowOverride None
Require all denied
<Files wsgihandler.py>
Require all granted
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(.*) /users/www-data/web2py/applications/$1/static/$2
<Directory /users/www-data/web2py/applications/*/static/>
Require all granted
</Directory>
CustomLog /private/var/log/apache2/access.log common
ErrorLog /private/var/log/apache2/error.log
</VirtualHost>
Alright! I found my stupid mistake while writing this up. I had never bothered to properly configure apache itself:
/etc/apache2/sites-available/000-default.conf and /etc/apache2/sites-available/default-ssl.conf were why I was seeing what I was seeing when browsing to foo.bar.com:80 and foo.bar.com:443 respectively.
apache2.4 seems to require the .conf on configuration files, I didn't have that so I renamed /etc/apache2/sites-available/web2py to /etc/apache2/sites-available/web2py.conf
I didn't have a symlink to /etc/apache2/sites-available/web2py at /etc/apache2/sites-enabled/web2py, so I made one.
So, as of now:
When I browse to foo.bar.com:80 I get the same Apache2 Ubuntu Default Page, BUT
When I browse to foo.bar.com:80/web2py I get an internal server error which the apache logs tell me is a python import error from wsgihandler.py, which means the apache<->mod_wsgi<->web2py link is up and running
When I browse to foo.bar.com:443/web2py I get Chrome's yellow screen complaining about my self-signed certificate and after clicking through I get a permissions-denied page, presumably because of something I haven't set up yet in web2py/SSL
This means my original question is answered, but I might come back here and comment/edit if I get stumped again getting SSL to work.
I would like to run an IPython notebook web server behind an Apache (reverse) proxy so that instead of the URL
https://my.server:XXXX
(where XXXX is some port number) I could use
https://my.server/py0
I am aware that IPython uses websockets and I suspect this is the part that is missing from my setup, but I simply could not find a suitably detailed description on how to configure this. Unfortunately the IPython webserver setup docs don't have much to say regarding proxies apart from this:
When behind a proxy, especially if your system or browser is set to
autodetect the proxy, the notebook web application might fail to
connect to the server’s websockets[...]
So I decided to try it on my own and put the following in /etc/apache2/sites-enabled/default-ssl.conf :
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPass /py0/ https://localhost:10000/
ProxyPassReverse /py0/ https://localhost:10000/
Accessing IPython "directly" over the URL https://my.server:10000 works perfectly as advertised.
The URL https://my.server/py0 (without a trailing slash) returns "404 Not found".
The same with a trailing slash https://my.server/py0/ does "work" in that it forwards to https://my.server/login?next=%2F, which is then "Not found" in its own right -- obviously because the /py0/ part got lost. Maybe I should tell IPython about it but how ??
Perhaps relevant version numbers: Ubuntu 14.04 LTS, Apache 2.4.7.
Perhaps relevant SO question: IPython behind nginx. However, since everything else in my setup is handled by Apache to my full satisfaction, I do not want to run Nginx in addition.
Is there any good soul out there who has successfully configured IPython notebook web servers behind Apache? If yes, then please step forward and share your knowledge :-) Many thanks!
I got this working using the following setup.
IPython
IPython Notebook is listening at http://localhost:8888/ipython. It was necessary to add the /ipython prefix, because IPython uses absolute paths, so it must be the same as the reverse proxied path.
The ipython_notebook_config.py
c = get_config()
c.NotebookApp.ip = 'localhost'
c.NotebookApp.open_browser = False
c.NotebookApp.port = 8888
c.NotebookApp.base_url = '/ipython'
Apache
I enabled
mod_proxy
mod_proxy_http
mod_proxy_wstunnel
In the apache config I added
<Location /ipython>
ProxyPass http://localhost:8888/ipython
ProxyPassReverse http://localhost:8888/ipython
ProxyPassReverseCookieDomain localhost my.server.com
RequestHeader set Origin "http://localhost:8888"
</Location>
<Location /ipython/api/kernels/>
ProxyPass ws://localhost:8888/ipython/api/kernels/
ProxyPassReverse ws://localhost:8888/ipython/api/kernels/
</Location>
to an SSL enabled virtual host definition.
The RequestHeader set Origin "http://localhost:8888" was necessary for the websockets, otherwise you get a 403 Forbidden.
Now IPython is reachable at https://my.server.com/ipython (no trailing /!).
WARNING: This is rather verbose, as I gather you have figured much of this, but for documentation purposes, I laid out enough detail here for someone else to follow.
I put this answer together after implementing this myself with the help from various links. The first from here Websocket origin check fails when used with Apache WS proxy #5525. I repeat much of it here with some changes. Other links are referenced below.
1. Set up iPython:
This is in the post, but rather than do it as the original post suggested, I just followed the general instructions for Running a notebook server. With this done you should be able to test the setup, which will require enabling the port you have this configured for. If this does not work, then any Apache set up will not work.
2. Configure Apache:
Make sure you have the following mods available and enabled.
./configure --enable-proxy --enable-ssl --enable-deflate --enable-proxy-http --enable-proxy-wstunnel --enable-info --enable-rewrite --enable-headers
Added --enable-headers here as they were not installed on mine. Also I used the Apache2 a2enmod command. So sudo a2enmod headers, sudo a2enmod proxy, etc.
If you're running a version of Apache prior to 2.4, you do not have the proxy_wstunnel mod. You can either a patch your version or upgrade. To patch your version, you can follow these instructions. Be sure to copy over both mod_proxy.so and mod_proxy_wstunnel.so. To get the configure script, you need to run ./buildconfig, which has its own dependencies. This is noted in a comment therein.
Within Apache, create a "sites-available/iPython.conf" file. Originally I said to either add to httpd.conf or ports.conf. Adding your own site file is much cleaner and will allow you to enable/disable the configuration when desired.
Listen [ANY PORT HERE] # post has port 8999 here...
...
<VirtualHost *:[ANY PORT HERE]>
SSLProxyEngine On # post did not have this...
ProxyPass / http://127.0.0.1:8888/
ProxyPassReverse / http://127.0.0.1:8888/
# spoof headers to make notepad accept the request as coming from the same origin
Header set Origin "http://127.0.0.1:8888/"
RequestHeader set Origin "http://127.0.0.1:8888/"
LogLevel debug
</VirtualHost>
NOTE 1: The post uses port 8999, but it can be any port you want. You want port 80 here, but you do not need to specify it, so, modifying the above would yield:
<VirtualHost *:80>
... # Everything is the same here...
</VirtualHost>
NOTE 2: Since you are using SSL, you need to add SSLProxyEngine On within the body of the VirtualHost definition. As noted above, the post did not have this specifically.
NOTE 3: Port 8888 is whatever port ipython is running on. Change this based on your configuration.
NOTE 4: If you want to host multiple applications, and this is one of them, rather than having / and :8888/, you will want /ipython and :8888/ipython or whatever you want this to be named. In order to support this, see Running with a different URL prefix.
Enable the new configuration:
sudo a2ensite iPython
If you need to disable:
sudo a2dissite iPython
Reload Apache:
sudo service apache2 reload
My Environment:
Ubuntu 14.04.1
Apache 2.4.7
ipython 2.3.0
EDIT: Updated to reflect the final changes I made to get this working. I also changed the instruction order to what I think makes more sense.
Based on Apache's config of #adam, I'm putting here a full SSL-aware <VirualHost> sections but without the /ipython prefix, and i'm giving also the SSL-options for anyone interested:
<VirtualHost *:80>
ServerAdmin myname#my.place.com
ServerName some.server.com
SSLEngine off
Redirect permanent / https://some.server.com
</VirtualHost>
## From http://stackoverflow.com/questions/23890386/how-to-run-ipython-behind-an-apache-proxy
#
<VirtualHost *:443>
ServerAdmin myname#my.place.com
ServerName some.server.com
SSLEngine on
SSLCertificateFile some_server_com.crt
SSLCertificateKeyFile some_server_com.key
<Location />
ProxyPass http://localhost:8888/
ProxyPassReverse http://localhost:8888/
ProxyPassReverseCookieDomain localhost some.server.com
RequestHeader set Origin "http://localhost:8888"
</Location>
<Location /api/kernels/>
ProxyPass ws://localhost:8888/api/kernels/
ProxyPassReverse ws://localhost:8888/api/kernels/
</Location>
Redirect permanent / https://some.server.com
</VirtualHost>
This works for jupyter and password hash:
<VirtualHost *:443>
ServerName default
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine on
SSLEngine on
SSLProtocol TLSv1
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLCertificateFile /home/ubuntu/.certs/mycert.pem
ProxyPass /notebook/terminals/websocket/ wss://localhost:9999/notebook/terminals/websocket/
ProxyPassReverse /notebook/terminals/websocket/ wss://localhost:9999/notebook/terminals/websocket/
ProxyPass /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/
ProxyPassReverse /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/
ProxyPass /notebook https://127.0.0.1:9999/notebook
ProxyPassReverse /notebook https://127.0.0.1:9999/notebook
</VirtualHost>
On newer versions of IPython/Jupyter that have a terminal you also need to add entries for terminals.
<Location /ipython/terminals/websocket/>
ProxyPass ws://localhost:8888/ipython/terminals/websocket/
ProxyPassReverse ws://localhost:8888/ipython/terminals/websocket/
</Location>
I'm using apache version 2.4.18 in a server running Ubuntu 16.04.1 LTS(xenial)
and finally I have my jupyter notebook running through ssl.
I had already configured the standard SSL on my server, so https:// was working. I had also followed this instructions: Running a notebook server to get my cert file and my password in the jupyter_notebook_config.py configuration file. What I was missing was:
c.NotebookApp.allow_origin = '*'
c.NotebookApp.base_url = '/SomeName'
The apache configuration file that worked for me using solutions from several places and part of the answers here was:
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<Location "/SomeName">
ProxyPass https://localhost:XXXX/SomeName
ProxyPassReverse https://localhost:XXXX/SomeName
</Location>
<Location "/SomeName/api/kernels">
ProxyPass wss://localhost:XXXX/SomeName/api/kernels
ProxyPassReverse wss://localhost:XXXX/SomeName/api/kernels
</Location>
<Location "/SomeName/terminals/websocket">
ProxyPass wss://localhost:XXXX/SomeName/terminals/websocket
ProxyPassReverse wss://localhost:XXXX/SomeName/terminals/websocket
</Location>
where XXXX is the port you are using, e.g. 8888, and SomeName could be any name you want.
I hope this can help.
I would like to run a rails application (redmine, actually) in a subdirectory off my domain. SOmething like http://foobar.com/redmine. Redmine is running as a stand-alone passenger instance that I would like to proxy requests to.
passenger start -a 127.0.0.1 -p 8000 -e production
I can confirm that the app is running if I access it locally from the server.
lynx http://127.0.0.1:8000/
Now I can't figure out how to get Apache to serve the app properly. This is what I have, but it doesn't work quite right:
Alias /redmine /home/redmine/www/redmine-1.2/public
<Directory /home/redmine/www/redmine-1.2/public>
allow from all
ProxyPass http://127.0.0.1:8000
ProxyPassReverse http://127.0.0.1:8000
</Directory>
It serves static assets fine from the public folder but doesn't seem to proxy requests properly. Everything returns 403. Apache log:
client denied by server configuration: proxy:http://127.0.0.1:8000
Figured it out. Apache config:
<Location /redmine>
Order deny,allow
Allow from all
ProxyPass http://127.0.0.1:8000
ProxyPassReverse http://127.0.0.1:8000
</Location>
Then add this line to config/environment.rb:
config.action_controller.relative_url_root = "/redmine"