I have a need to run Apache httpd in front of my JBoss so I can leave the JBoss ports in place (8080/8443) but have Apache/80 forward to Jboss/8080 and Apache/443 forward to Jboss/8443.
I have the HTTP forwarding working but I can't get HTTPS forwarding to work.
To get HTTP forwarding to work I simply loaded the correct proxy modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
Then added these new directives:
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
If all I want to do is forward port 443 to 8443 to I have to enable SSL? I don't need Apache to load and process a certificate.
You're confusing two things.
If you want port forwarding from port 443 to 8443, don't go via Apache Httpd, just forward the port (for example, via iptables). In this case your JBoss container must be configured to handle the SSL/TLS connection (all the certificate settings).
If you want a reverse proxy from Apache Httpd (listening on port 443) to your JBoss container, you don't need to enable SSL/TLS on your JBoss container (especially on localhost), just proxy the request to Apache Httpd in plain HTTP (or via AJP). For this, you'll need to configure Apache Httpd to handle the SSL/TLS connection.
Related
Caddy 2 is a powerful, open source web server with automatic HTTPS written in Go. I have a web app where users can point their custom domains. So caddy can easily generate ssl with tls on demand. https://caddyserver.com/docs/automatic-https
So I want to set caddy as a reverse-proxy for apache, so I edited my ports.conf file and set it to
Listen 8080
<IfModule ssl_module>
Listen 8443
</IfModule>
<IfModule mod_gnutls.c>
Listen 8443
</IfModule>
And my caddy file is set to:
mydomain:80 {
reverse_proxy localhost:8080
}
mydomain:443{
reverse_proxy localhost:8443
However http works fine with it, but https doesn't work at all. I even tried checking if the port 8443 is free even, changed it to 44301. But it doesnt work.
My questions:
1) How to properly configure caddy as reverse proxy for apache?
2) Should I also change the ports from VirtualHost file? (Tried changing to 8080, but apache wont start)
3) Is there anything I am missing setting it up as a reverse proxy with apache?
Appreciate your help!!
I have one server with 2 ip addresses.
I have multiples applications in .net (webapi, a console application, etc) and one specific using PHP which is running on apache (w/ xampp).
I configured IIS to run on default port 80 and xampp is using port 8080.
As I said before, I have two ip addresses and two domains (eg: domain1.com and domain2.com).
I need to pinpoint domain1.com.br to the IIS app (which is working) but my php app never get reached since all the requests are directed to port 80 (which iis takes control).
What can I do to solve this?
I know that I can point both ip's to port 80 but how to tell IIS whenever he gets a request from a specific domain/host (in this case, domain2.com.br) he redirects to the port 8080?
You may need to let the apache takes the control,due to apache's redirect features.The main idea is to setup the apache, use apache's redirect features(vhost,if you prefer to call it so) to direct the special requests to your IIS server.
Change your IIS listening to port 8080 (and set the domain to your domain,domain1.com for example).Leave your apache to listen on 80.
Enable the module below in your apache config file(http.conf):
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
And Enable:
Include conf/extra/httpd-vhosts.conf
3. The next step is to setup the virtual host. Edit the config fileconf\ extra\httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "x:\The\Dir\to\Your\Php\Site"
ServerName domain2.com.br
ErrorLog "logs/domain2-error.log"
CustomLog "logs/domain2-access.log" common
</VirtualHost>
And the setup to your domain2.com.br is Done.Restart your apache server,visit your site by domain name ,and your php site shall be working.
If the steps upon is working as expected,this shall be the last step.
<VirtualHost *:80>
ServerName your.net.site.domain.com
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:8080/"
ProxyPassReverse "/" "http://127.0.0.1:8080/"
ErrorLog "logs/domain1-error.log"
CustomLog "logs/domain1-access.log" common
</VirtualHost>
And now it should work as you expect it to.
Use
Reverse Proxy method
What is Reverse Proxy Method
A reverse proxy server is a type of proxy server that typically sits
behind the firewall in a private network and directs client requests
to the appropriate backend server. A reverse proxy provides an
additional level of abstraction and control to ensure the smooth flow
of network traffic between clients and servers.
Refer NGINX Documentation to know more about Reverse Proxy.
You can use reverse proxy either on your IIS or Apache(Xampp) Server. But since you have a Windows Server I recommend you to do reverse proxy on IIS server.
Example: Rewrite or Reverse proxy in IIS
I have couple of IBM HTTP Servers v8.5, IHS1 and IHS2 configured to two managed nodes on a WebSphere cluster that is running DefaultApplication.
I had setup SSL(on default port 443) on these two IHS1 and IHS2 servers and configured plug-in xml to access the applications like snoop. So now, I can access snoop application via the URLs
https://ihs1/snoop and
https://ihs2/snoop
I now want to setup another IBM HTTP server on a another machine, that would have a single URL, say https://loadbalancer , sitting in front of the above two machines, to act as a loadbalancer and distribute the client's requests to the above two URLs. All my application clients must only be able to access the snoop app via https://loadbalancer/snoop
I have started in this direction, through a reverse proxy configuration on this loadbalancer, but no luck.
In httpd.conf, I have uncommented the three lines
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
and the VirtualHost block looks as below:
Listen 0.0.0.0:443
<VirtualHost loadbalancer:443>
SSLEnable
SSLProtocolDisable SSLv2
SSLClientAuth 0
ProxyPass / https://ihs1/
ProxyPass / https://ihs2/
ProxyPreserveHost on
SSLProxyEngine on
</VirtualHost>
KeyFile C:/IBM/HTTPServer/ihsserverkey.kdb
SSLDisable
Any definitive httpd.conf configuration suggestions on the loadbalancer? or is this path completely different?
This is not really an IBM topology. IHS 7.0 through 8.5.5 contains mod_proxy_balancer (in the WebSphereCE/ subdirectory) that would allow you to load-balance two backends this way with mod_proxy, but it would not be supported by IBM.
If both tiers are really necessary, use something in the very front that is either an IP sprayer (layer 3/4) or a standalone HTTP proxy server.
It is also possible to rig a plugin-cfg.xml statically to use IHS+WAS Plugin at the front tier, but it's not so straightforward.
I have a local web socket server running on WSS:// port 9000. In the same server I have apache running as well.
When I try and connect from my remote client directly to port 9000 via WSS like this:
wss://myserver:9000
it works fine. However, I blocked port 9000 on my router and am trying to access it via apache (which is running on SSL).
When I try and access
wss://myserver/
I can see the logs in Apache that it issued a GET but my web socket server does not receive the connection.
I've read through various SO threads and I think I have my ordering correct.
Details:
Apache Version:
Server version: Apache/2.4.7 (Ubuntu)
sudo apache2ctl -M shows proxy_* modules running
proxy_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
Apache configuration: (relevant lines inside VirtualHost)
ProxyPass / wss://localhost:9000/
ProxyPassReverse / wss://localhost:9000/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
Note that both my local web socket server and Apache are configured to use the same certificates
(I'm not sure if I need the Proxy * part, but I saw it in one SO thread)
And here are debug logs:
http://pastebin.com/gqVp3Pz5
Thanks
It seems by default Apache wstunnel does not work when the need is to tunnel SSL end to end. What works is if Apache terminates WSS and then does a WS with the local server.
I found this thread tunneling secure websocket connections with apache that describes how to recompile Apache to allow for end to end WSS tunneling.
I've currently decided to not do apache tunneling and open a firewall port for my event server directly as I don't expect my users to have the inclination to recompile Apache for this.
It seems that it is possible to get Apache server to Proxy and Manage SSL handshake on https requests and service them as 'http' thru another server behind it.
I have configured an apache server for ProxyPass using following configuration
SSLProxyEngine On
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/
I am able to get all all traffic to the apache server that is listening to port 8080 direct and serve by the localhost:8081 server so
http://localhost:8080/hi is being correctly served by http://localhost:8081/hi
However the following does not work :
http**s**://localhost:8080/hi to be served by http://localhost:8081/hi
Apache is trying to pass the https:// traffic to the 8081 server, without managing the SSL handshake.
Your Apache listener on port 8080 is an http listener, not an https listener. You can't handle both types of traffic on the same port. If you want to handle SSL traffic, you'll need to set up a new context on another port with SSLEngine On and all the other normal SSL configuration (certificate, key, etc).
This question has one version of this configuration.
Also this post.