Apache ProxyPassReverse values - apache

our IT is trying to configure a new apache/jboss/apj setup.
When I browse to http://domain.com/jboss/test.jsp
and System.out.println request.getRequestURL()
I get http://domain.com/test.jsp
(without jboss)
My app encounteres a lot of 404's because of this.
The IT department said Jboss has no concept of the /jboss/ part of the url because of the proxy. Are they configuring things properly or do I need to change my code. To me my code is not portable if I have to hard code url paths.
Edit-
Here is what they told me:
<Location /jboss>
ProxyPass balancer://cluster stickysession=JSESSIONID
ProxyPassReverse https://domain.com/jboss/
</Location>
This article supports my question
https://sosiouxme.wordpress.com/2010/08/18/fixing-apache-httpd-reverse-proxy-redirect-rewrites/
Edit2
On our old server in a my login framework servlet used by a few apps I had
response.sendRedirect("login.jsp?message=You have successfully logged off.");
to get things to work with the new proxy I have to recode as
response.sendRedirect("/jboss/AppName/login.jsp?message=You have successfully logged off.");
I lose portablity and reuseabilty with the latter syntax.
The error (in Apache, not jboss) for
response.sendRedirect("login.jsp?message=You have successfully logged off.");
File does not exist: /WEB/wwwssl/AppNamelogin.jsp
Note there is no "/" between my appname and login.jsp
The error (in Apache, not jboss) for
response.sendRedirect("/login.jsp?message=You have successfully logged off.");
File does not exist: /WEB/wwwssl/login.jsp
Note the AppName is missing

Note that the article you mention uses mod_proxy_html (ProxyHTMLURLMap ProxyHTMLURLMap / /ajp/nocluster/), which will fix links to use the right path prefix. This is not part of the default mod_proxy modules provided with Apache Httpd.
Instead of putting these directives in a <Location> block, using a single line syntax might forward the path correctly:
ProxyPass /jboss balancer://cluster stickysession=JSESSIONID

Related

configure Apache reverse proxy to work with CKAN dataset preview

I tried to configure Apache's reverse proxy on a running CKAN instance; most pages work, with a few exceptions (notably data preview and user login).
What I did: I’ve set up a CKAN instance using docker, at http://my.intranetwebsite.fr:8082
I’ve deployed it into : http://cybis.univ-grenoble-alpes.fr:8082
(port 80 is already used).
Tests shows that everything worked well on port 8082.
I now want to have this web page accessible on port 80. We use apache’s reverse proxy for several services on this website, so I’ve added this to /etc/apache2/apache2.conf
<Location /data>
ProxyPass http://localhost:8082 retry=0
ProxyPassReverse http://localhost:8082
SetOutputFilter proxy-html
ProxyHTMLURLMap http://localhost:8082
</Location>
RewriteRule ^/data$ /data/ [R]
And I've changed the parameters in production.ini:
ckan.root_path = /data/{{LANG}}
ckan.site_url = http://cybis.univ-grenoble-alpes.fr
And restarted apache on the host, and restarted the container.
Everything works fine on :80/data except the login, and a strange behaviour for the data explorer: it gets an iframe with the home page of the ckan in place of the explorer.
Thank you for any help
If you use ckan.root_path then think you may well have to change the paths in who.ini too, e.g. login_form_url = /data/user/login.
For the Data Explorer, maybe someone else can suggest. One of his example URLs is here: http://cybis.univ-grenoble-alpes.fr/data/dataset/militarized-interstate-disputes-v4-3/resource/55ed7ecb-841b-47c0-80cd-65fa80a04401 and shows a 404 error in the iframe where the preview should be.

How to make yii2 module load at root level

I'm more of a frontend guy (CSS, javascript) trying to expand my knowledge about backend (apache, proxies) (so try to be gentle) and I'm asking after serveral hours of documentation, trying different approaches but so far nothing worked. I'm aware that I might be oblivious to concepts that go without saying for someone knowing their way around backend.
I have this Yii2 application, with a module, working fine. I would like this module to be available at the root level of another domain, on the same machine.
From everything I've read, the following code, placed in vhosts of my apache, should work:
<VirtualHost *:80>
ServerName buletin
ProxyPass / http://bdc/ik2/frontend/web/buletin/default/
ProxyPassReverse / http://bdc/ik2/frontend/web/buletin/default/
</VirtualHost>
I'm expecting to see the default action of my module when I go to http://buletin.
What am I missing?
Ok, in case someone else has the same problem, just double check all of your app's redirects and make sure everything works inside your module. If it doesn't, either add it as exception to the ProxyPass i.e.:
ProxyPass /ik2/frontend/web/themes/ http://bdc/ik2/frontend/web/themes/
ProxyPass /ik2/frontend/web/img/ http://bdc/ik2/frontend/web/img/
ProxyPass /ik2/frontend/web/assets/ http://bdc/ik2/frontend/web/assets/
#(all exceptions need to be placed above general ProxyPass and ProxyPassReverse)
or make it available inside your module.
In my case, I wasn't logged in the "new" website and it was redirecting me to /site/login, which did not exist (no buletin/default/site/login). Once I handled it and I added the exceptions for the assets and images to the ProxyPass, it's all working smoothly.

Reverse proxy with request dispatch (to Rstudio server)

I have a multi-tier application of three layers lets say public, business and workspace (all running apache).
Client requests hits the public servers, requests are processed and dispatched on to business servers that does 'things' and response is returned back to public server which then processes the response and pass it on to the client.
I have a scenario wherein I want a request say /rstudio coming to the public server dispatched onto the business which intern reverse proxy to workspace server. There are two catch here:
the workspace server varies per request
application running on workspace server (Rstudio) uses GWT and references resources (static resources js, css etc and RPC coms) on the root url. All the in-application redirection also happens on the domain.
From the business server, I have setup reverse proxy to Rstudio server from my application server.
<Proxy *>
Allow from localhost
</Proxy>
ProxyPass /rstudio/ http://business_server/
ProxyPassReverse /rstudio/ http://business_server/
RedirectMatch permanent ^/rstudio$ /rstudio/
and this work fine (ref. https://support.rstudio.com/hc/en-us/articles/200552326-Running-with-a-Proxy). To handle dynamic workspace server, I could the following but ProxyPassReverse does not support expression in value and this no joy with this approach.
ProxyPassMatch ^/rstudio/(.*)$ http://$1
ProxyPassReverse ^/rstudio/(.*)$ http://$1
RedirectMatch permanent ^/rstudio$ /rstudio/
I have tried the same with mod_rewrite rule (following) but without ProxyPassReverse and due to domain redirection on the GWT Rstudio, this does not work. Adding ProxyPassReverse would fix the problem but I am caught up with no expression on value part to deal with dynamic workspace server issue.
RewriteRule "^/rstudio/(.*)" "http://$1" [P]
Following is the third approach to solve this problem using LocationMatch and mod_headers:
<LocationMatch ^/rstudio/(.+)>
ProxyPassMatch http://$1
Header edit Location ^http:// "http://%{SERVER_NAME}e/rstudio/"
</LocationMatch>
But this is no joy too because value on header directive is not evaluated against environment variable (and only back-references work here). Althought I can get the reverse proxy thing working if I had code the business_server, which is :
<LocationMatch ^/rstudio/(.+)>
ProxyPassMatch http://$1
Header edit Location ^http:// "http://private_server/rstudio/"
</LocationMatch>
Question 1: I was wondering if there are any better way to solve this problem without hardcoding the server DNS in apache conf?
Question 2: With the hard coded server DNS the reverse proxy works for me (patchy but works) but I am hit with GWT issue of resource references on root and the request dispatch is not fully working. I get to the signin page but resources are not found.
I was wondering if there is any better way to handle that?
Following is the example log from browser:
Navigated to https://public_server/rstudio
rworkspaces:43 GET https://public_server/rstudio.css
rworkspaces:108 GET https://public_server/js/encrypt.min.js
rworkspaces:167 GET https://public_server/images/rstudio.png 404 (Not Found)
rworkspaces:218 GET https://public_server/images/buttonLeft.png 404 (Not Found)
rworkspaces:218 GET https://public_server/images/buttonTile.png 404 (Not Found)
rworkspaces:218 GET https://public_server/images/buttonRight.png 404 (Not Found)

Sonatype Nexus: Proxy from SSL using Apache

We're running Sonatype's Nexus to store all of our builds, cache our dependencies, etc. etc. However, I'd like to move away from the default install's port 8081 URL and instead host it over SSL via an Apache proxy. I've setup Apache's mod_proxy to proxy to it such that https://myserver.com/nexus brings up Nexus. I used the following configuration directives inside of my virtual host config:
# Configure mod_proxy to be used for proxying URLs on this site to other URLs/ports on this server.
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
# Proxy the Sonatype Nexus OSS web application running at http://localhost:8081/nexus
<Location /nexus>
ProxyPass http://localhost:8081/nexus
ProxyPassReverse http://localhost:8081/nexus
</Location>
This seems to match the instructions at Running Nexus Behind a Proxy. However, I was unable to clear the "Base URL" setting in Nexus: it wouldn't let me leave it blank.
And everything mostly works: I can access Nexus at the HTTPS URL, log in, and perform most GUI functions.
However, when logging in I get the following warning message:
WARNING: Base URL setting of http://myserver.com/nexus does not match your actual URL! If you're running Apache mod_proxy, here's more information on configuring Nexus with it.
And not everything in the GUI actually works. So far I've noticed the following:
System Feeds: Gives the following error:
Problem accessing /nexus/service/local/feeds. Reason:
The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request
Nexus returned an error: ERROR 406: The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request
Deleting Hosted Repositories: I went through and deleted several empty & unneeded repositories. However, after confirming the deletions, only the first was removed. I had to login to the 8081 site to delete any of the others.
Per the documentation, it looks like a better solution may be to add a RequestHeader to the Apache configuration:
RequestHeader set X-Forwarded-Proto "https"
I tried the accepted answer, which appears to work, but once I added the RequestHeader, I was able to uncheck Force URL and the warning was cleared. I have not tested the other behavior the OP is describing, though.
You just need to adjust the baseUrl setting in the Administration->Server configuration screen. Set the url you are using and click the Force Base Url option.

Apache ProxyPass and Sessions

So I'm using Apache to proxy a specific folder to a Glassfish instance. The rules in my conf are:
ProxyPass /folder http://localhost:28083
ProxyPassReverse /folder http://localhost:28083
ProxyPassReverseCookiePath /folder http://localhost:28083
It's working fine, except for the sessions. For every subfolder a new session is created.
So while I stay in one folder, the session persists, but as soon as I jump into another folder a new session is made.
How can I have one session for all subfolders?
As covener already mentioned, the second parameter of ProxyPassReverseCookiePath should be a path. Be aware that the parameters are switched compared to the other directives, so in your case it would be:
ProxyPassReverseCookiePath / /folder
(Technically, this should not be necessary for it to work, as cookies from the path / are also available in /folder/, but it might cause them to interfere with the cookies of other web applications that you are running on the same domain.)
In addition, you might want to transform the cookie domain as well (unless you access your application only through http://localhost/folder/):
ProxyPassReverseCookieDomain localhost example.com
example.com is the domain over which your web application is accessed.
ProxyPassReverseCookiePath's 2nd parameter should just be a path, not a full URL. Apache can't properly fixup the path baked into the cookie w/ the current invalid usage.