I am trying to setup a private forward proxy in a small server. I mean to use it during a conference to tunnel my internet access through an ssh tunnel to the proxy server.
So I created a virtual host inside apache-2.2 running the proxy, the proxy_http and the proxy_connect module.
I use this configuration:
<VirtualHost localhost:8080>
ServerAdmin xxxxxxxxxxxxxxxxxxxx
ServerName yyyyyyyyyyyyyyyyyyyy
ErrorLog /var/log/apache2/proxy-error_log
CustomLog /var/log/apache2/proxy-access_log combined
<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
# deny access to all IP addresses except localhost
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Proxy>
# The following is my preference. Your mileage may vary.
ProxyVia Block
## allow SSL proxy
AllowCONNECT 443
</IfModule>
</VirtualHost>
After restarting apache I create a tunnel from client to server:
#> ssh -L8080:localhost:8080 <server address>
and try to access the internet through that tunnel:
#> links -http-proxy localhost:8080 http://www.linux.org
I would expect to see the requested page. Instead a get a "connection refused" error. In the shell holding open the ssh tunnel I get this:
channel 3: open failed: connect failed: Connection refused
Anyone got an idea why this connection is refused ?
Related
I found a trick to tunnel http over ssh to my local computer.
https://www.maketecheasier.com/reverse-ssh-tunnel-allow-external-connections/
I use a web server running Apache on my local computer, but want to access it from outside without using port forwarding but using a VPS. The reason is I use a mobile device (i.e. laptop, but can also be a cellphone) as a web server.
Assumed the local device has port 8080 as http port and the VPS uses another port (e.g. standard 80). This command on my local computer (macOS, Linux or even Android device using Termux) works:
ssh -R 80:127.0.0.1:8080 root#VPS
When I access the VPS by http://VPS I access the web interface of my local computer. Fine. That works.
But I want to access it via https by
ssh -R 443:127.0.0.1:8443 root#VPS
and install a Letsencrypt certificate. Can I do that on the VPS or should I do that on the local device and enable ssl.conf and use 8443 as secure port ?
Then I want to access my device via the VPS over https://VPS.
Is that possible ?
I found the answer.
I found this approach:
Apache ssl.conf:
<VirtualHost *:443>
SSLEngine on
DocumentRoot /var/www/html/test/
ServerName my.example.com
LogLevel Debug
Include whitelist.conf
ErrorLog ${APACHE_LOG_DIR}/ssl-error.log
CustomLog ${APACHE_LOG_DIR}/ssl-access.log combined
SSLCertificateFile /root/.acme.sh/my.example.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/my.example.com/my.example.com.key
# SSLCertificateChainFile /root/.acme.sh/my.example.com/fullchain.cer
SSLProxyEngine On
ProxyRequests Off
# NON SSL access to be redirected to https://my.example.com:443
ProxyPass / http://my.anotherdomain.com:81/
ProxyPassReverse / http://my.anotherdomain.com:81/
# RewriteCond %{HTTPS} off
# RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]
</VirtualHost>
This redirects my device non-SSL port 8080 to the VPS (my.example.com:81)
ssh -p 22 -R 81:192.168.0.7:8080 root#myVPS -N
Or on the device itself I can run in Termux:
ssh -p 22 -R 81:127.0.0.1:8080 root#myVPS -N
That makes my device SSL accessible using the certificates of my.example.com via VPS host.
I'm setting up a forward proxy on Apache 2.4, and I'm finding that every request for an HTTPS url results in a 400 response.
The apache error log shows:
[ssl:error] AH02032: Hostname my.example.net provided via SNI and hostname stanford.edu provided via HTTP are different
What could I be doing wrong? My config is as follows:
Listen 3443
<VirtualHost *:3443>
SSLEngine on
ProxyRequests on
ProxyVia off
<Proxy *>
Allow from all
</Proxy>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/my.example.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.example.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/my.example.net/chain.pem
ErrorLog /var/log/httpd/myerr.log
</VirtualHost>
I've tried adding all of the following but to no effect:
SSLProxyEngine with both on and off
SSLProxyVerify none
AllowCONNECT 443
I test the proxy by running:
https_proxy='https://my.example.net:3443/' curl 'https://stanford.edu/'
My server my.example.net is running Apache 2.4 on CentOS 7
The curl command appears to be the issue: instead of using an https scheme for the https_proxy variable, use http (so that there is only one TLS connection, and it goes right through to the destination host):
https_proxy='http://my.example.net:3443/' curl 'https://stanford.edu/'
I have a VPS host that handles a subdomain (gate.domain.eu).
Right now I have a secondary machine in a private network connected to VPN running a gitlab instance. Using vpn,and port forwarding, i managed to bring that gitlab instance to https://gate.domain.eu:8443.
How can I configure the apache server that it will point another subdomain eg(gitlab.domain.eu) to https://gate.domain.eu:8443?
The ideea is that a user should access gitlab trough gitlab.domain.eu.
I configured DNS server for gitlab.domain.eu and configured apache virtual host as follows:
<VirtualHost *:80>
ServerAdmin me#mydomain.com
ServerName gitlab.domain.eu
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://gate.domain.eu:8443/
ProxyPassReverse / https://gate.domain.eu:8443/
</VirtualHost>
When accessing gitlab.domain.eu I get:
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request."
I have problem when i try to setup virtual host on my windows 10 pc.
In my hosts file:
127.0.0.1 project.dev
In my httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster#project.dev
DocumentRoot "path to project"
ServerName project.dev
ErrorLog "logs/project.dev-error.log"
CustomLog "logs/project.dev-error-access.log" common
<Directory path to project>
Require all granted
Allowoverride All
</Directory>
</VirtualHost>
httpd.exe run without error.
I try to run:
localhost
It works but when i try to run:
project.dev
in the browser, it does not work.
This site can’t be reached
project.dev refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
I have tried to solve this issue for hours but i can't.
Windows firewall logs, System logs, Applications logs, Apache logs don't show me any infos to help me.
Could anyone help me debug this issue?
Thanks!
------------UPDATE--------
Today, i updated php and apache to newer version
https://windows.php.net/downloads/releases/php-7.2.6-Win32-VC15-x64.zip
https://www.apachehaus.com/downloads/httpd-2.4.33-o110h-x64-vc14-r2.zip
and tried to run project.dev with simple vhost:
<VirtualHost *:80>
DocumentRoot "C:/Users/0x1111/workspace"
ServerName project.dev
#ServerName www.example.com:80
</VirtualHost>
Chrome shows https error:
Your connection is not private
Attackers might be trying to steal your information from project.dev (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
Running localhost it works normal.
----UPDATE -----
when i use nslookup localhost:
Server: resolver1-fs.opendns.com
Address: 208.67.222.123
Non-authoritative answer:
Name: localhost
Addresses: ::1
127.0.0.1
But when i nslookup project.dev:
Server: resolver1-fs.opendns.com
Address: 208.67.222.123
*** resolver1-fs.opendns.com can't find project.dev: Non-existent domain
I am currently using WampServer 3.04, I can connect to it using my local network IP without any problem, but when it comes to connect via the Internet I always get this response: Connection REFUSED!
I have done a lot of things:
Enable Incoming Connections on my firewall for the port 8080 (The port that I want to use)
Configured HTTPD and HTTPD-vhosts both on my current IP and the port
Enabled port forward from extenal 8080 to private 8080 to my computer IP
Enabled put Online on Wamp
Tested if my port 8080 is open and it is open.
I honestly do not have anything else to try.
My httpd-vhosts:
<VirtualHost *:8080>
ServerName 192.168.1.3
DocumentRoot c:/wamp64/www
<Directory "c:/wamp64/www/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride All
Allow from all
</Directory>
</VirtualHost>
I also had the same issue since port 80 was used by VMware process. Hence I killed VMware process.
Run Powershell (get-process VM | stop-process -force)
Use star before &after vm
Start WAMP then goto Apache then -test port 80. If its not working then install Apache service(found below test port 80).It should solve the problem.
Regards,
Aameer