I'm having quite a lot of difficulties with running a frontend proxy in front of play.
This post is also on the google group, I'll post the received suggestions on both.
I'm using apache and mod_proxy and the application is supposed to be running in a location "mywebsite.be/dev/app/". It is able to display the HTML.
But when I run the application, all the CSS/JS/images are missing, also all references are incorrect. I look up the source and it seems that Play did not replace the #{/pathname/to/resources} and other relative links to its correct url. In order to let everything work, all urls should be prefixed with "/dev/app". How can this be done?
I tried experimenting with the ctxPath, but that's not what I need, the application runs fine on its own, but apache2 has issues translating all those urls in the reverse proxy.
Can this be solved? I was thinking of somehow editing the #-operator in the templating system, but that can't be it, right?
greetings,
Jasper
Have you looked at this post? I think it is related.
Can not generate correct URLs for static resources with playframework when using Apache as a Proxy
Also, please keep an eye out for Play 1.2.2, as this intends to solve this problem, according to a post I have read in the Play groups.
One of my teammates came up with the answer. It's quite simple.
If you have your apache2 configuration, instead of pointing to the localhost root, you just point to the localhost:9000/dev/app:
ProxyPreserveHost On
RedirectMatch /dev/app /dev/app/
<Location /dev/app/>
AuthType Basic
AuthName "Test Omgeving"
AuthUserFile /var/trac/htpasswd
Require valid-user
ProxyPass http://127.0.0.1:9000/dev/app/
ProxyPassReverse http://127.0.0.1:9000/dev/app/
</Location>
This tricks apache2 in thinking that there is another subdirectory in your localhost server, but in fact, there isn't any, but now it references correctly, therefore translating all trafic to the corresponding resources.
Perhaps not the classy way to do things, but it works fine :)
Thanks for all the help. Hope this post helps other people with frontend proxies out there.
Greetings
i will recommend you use proxy balancer as it will help to balance your servers if you plan to use more than one instance of play server in future
<Proxy balancer://my-balancer>
Order deny,allow
Allow from all
BalancerMember url1:port route=instanceOne
BalancerMember url2:port route=instanceTwo
ProxySet lbmethod=bytraffic
</Proxy>
ProxyPass / balancer://my-balancer/
now it will pass your traffic to url1:port or url2:port and it will also fetch your images and other static urls
Related
I have two servers running Apache2, one with an associated domain name, let's say "www.home.com" and another one only known by its IP address, let's say 10.11.12.13.
On www.home.com I have three web sites, configured through aliases in apache.
I have http://www.home.com, http://www.home.com/school, http://www.home.com/work.
All these sites are on the server www.home.com.
On 10.11.12.13, I have only one site, accessible by http://10.11.12.13/wiki
How can I configure apache to have http://www.home.com/wiki working but transparently (not changing URL) call http://10.11.12.13/wiki site ?
In other words, the user shall only see www.home.com/wiki/xxxxx when he uses the wiki.
What I have done:
On www.home.com : i have added a wiki folder with nothing in it, and an alias for www.home.com/wiki to work properly.
Then I have tried to use mod rewrite to replace 10.11.12.13 by www.home.com but that does not work, and I am not even sure to do it the right way.
For your information, mod rewrite is configured and works properly on both servers.
Someone could please help me on that ?
Maybe mod rewrite is not the right solution ?
Thanks !
Sam
I finally found a solution : the mod_proxy along with tags.
The conf that worked for me:
<VirtualHost *:80>
[...]
ServerName www.home.com
<Location /wiki>
Allow from all
ProxyPass "http://10.11.12.13/wiki"
ProxyPassReverse "http://10.11.12.13/wiki"
</Location>
</VirtualHost>
I'm really hoping someone can help me out with this because I've been at it for several days and I think I'm going crazy!
I'm trying to do what to me sounds like a stupidly simple thing. I want to set up a proxy server using Apache on a dedicated machine that I rent so that I can get around my ISPs nonsense firewall. I am aware that I could use a VPN, I don't want to do that for reasons that should hopefully become clear after I explain the details of what I want.
First of all, I don't want the proxy server to be used for every request. Only for the sites that are blocked by my ISP.
Suppose I try to access blockedsite.com/path/to/resource and it fails. I then simply want to change the URL in the address bar to proxy.myserver.com/proxy/blockedsite.com/path/to/resource and have Apache handle everything to provide me with a seamless experience. That means,
ProxyPassReverse should modify the response headers to use to the proxy server.
All URLs in the response body should be modified to use the proxy
Here's what I have so far:
<VirtualHost *:80>
ServerName proxy.myserver.com
ProxyRequests off
ProxyPass /proxy/ http://
ProxyPassReverse /proxy/ http://
ProxyPassReverse /proxy/ https://
ProxyHTMLURLMap http:// /proxy/
ProxyHTMLURLMap https:// /proxy/
<Location /proxy/>
ProxyPassReverse /
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|</title>|</title><meta name='referrer' content='no-referrer' />|ni"
ProxyHTMLEnable On
#ProxyHTMLURLMap / /app1/
RequestHeader unset Accept-Encoding
Order allow,deny
Allow from all
</Location>
</VirtualHost>
This setup works beautifully for URLs that don't try to redirect me elsewhere. But if for example I try to access proxy.myserver.com/proxy/facebook.com I am still being redirected on the client side to https://www.facebook.com instead of https://proxy.myserver.com/proxy/www.facebook.com as I would like. The extra weird thing is that when I set up my own test site which does nothing except redirect me to an HTTPS address, the ProxyPassReverse rule for HTTPS does actually seem to work... but not when I try to access sites like Facebook or Google.
I see no reason to ramble on about my issues, what I'm looking for is astoundingly simple: a transparent, seamless experience! Aside from sticking proxy.myserver.com/proxy/ in front of the URL in the address bar, I shouldn't have to do anything else for it to work. Yet that is not the case and despite over a week of searching, I have found nothing online to help me with this. It's as if I'm the only person in the universe to want to create a simple proxy with Apache that actually works as a firewall-get-arounder.
Please can someone lend me a hand here?! Even just to tell me I'm going about this all wrong and should give up and install Squid or something??
Your last paragraph contains the right answer. You should indeed just "install Squid or something". In particular, I'd recommend Apache Traffic Server - http://trafficserver.apache.org/ - this is exactly what it's made for.
While Apache httpd can do proxying, it's not it's primary function, and so there are always things that will end up being frustrating with it. We could get your above scenario working, but it's really not the right tool for the job.
I'm more of a frontend guy (CSS, javascript) trying to expand my knowledge about backend (apache, proxies) (so try to be gentle) and I'm asking after serveral hours of documentation, trying different approaches but so far nothing worked. I'm aware that I might be oblivious to concepts that go without saying for someone knowing their way around backend.
I have this Yii2 application, with a module, working fine. I would like this module to be available at the root level of another domain, on the same machine.
From everything I've read, the following code, placed in vhosts of my apache, should work:
<VirtualHost *:80>
ServerName buletin
ProxyPass / http://bdc/ik2/frontend/web/buletin/default/
ProxyPassReverse / http://bdc/ik2/frontend/web/buletin/default/
</VirtualHost>
I'm expecting to see the default action of my module when I go to http://buletin.
What am I missing?
Ok, in case someone else has the same problem, just double check all of your app's redirects and make sure everything works inside your module. If it doesn't, either add it as exception to the ProxyPass i.e.:
ProxyPass /ik2/frontend/web/themes/ http://bdc/ik2/frontend/web/themes/
ProxyPass /ik2/frontend/web/img/ http://bdc/ik2/frontend/web/img/
ProxyPass /ik2/frontend/web/assets/ http://bdc/ik2/frontend/web/assets/
#(all exceptions need to be placed above general ProxyPass and ProxyPassReverse)
or make it available inside your module.
In my case, I wasn't logged in the "new" website and it was redirecting me to /site/login, which did not exist (no buletin/default/site/login). Once I handled it and I added the exceptions for the assets and images to the ProxyPass, it's all working smoothly.
Okay let me explain my problem really fast. I have a JEE Programm running on my tomcat server. The server has some user defined in the tomcat-users.xml When i test my programm on my local machine everything works fine.
However if i deploy the .war on my server and i want to access a Rest Endpoint i get a 401 unauthorized error. If i remove the users security check i can work fine with the program. So the URLs and server setup is correct.
I think that the problem is somehow related to the forwarding of tomcat through my apache.
So lets assume i have an apache running on http://myIp.de
then i forwarded tomcat with following apache config:
ProxyRequests off
ProxyPass /tomcat http://localhost:8181/ nocanon
ProxyPassReverse /tomcat http://localhost:8181/
so now i can reach tomcat through: http://myIp.de/tomcat
also i can "speak" to my app via: tomcat/myApp
But somehow the Authentizication now fails. And i think the problem is
somehow related to wrong context path. Because tomcat/manager
also fails to login.
Make your life easier by deploying your app under /tomcat on tomcat too. This way there's no path-translation required. Keep in mind that you'll get all the session cookies tied to a specific path and this path is not necessarily translated once forwarded to the client.
Also, sooner or later you might need
ProxyPreserveHost On
(look it up) or utilize mod_jk to preserve this header (and more information) automatically.
Edit: Following your comment, Basic Auth headers seem not to be forwarded to tomcat as well. I haven't attempted this myself, but all the places that I've looked up seem to imply that there'd be some duplication (e.g. second credentials file for Apache) - that doesn't look good. In this case I'd suggest to try out mod_jk rather than mod_proxy. You'll use the JkMount directive, rather than ProxyPass and need a workers.properties, but mod_jk is a lot better in keeping the full context of the request when forwarding to tomcat. I've had good experience with it so far and have only heard little complaints about it - largely in situations that were pretty huge and complex/complicated anyway. At least you should try if it solves your problems.
I have 3 machines.
One (loadbalance.lan) is used as a load balancer, the other two (172.16.30.5 and 172.16.30.6) are tomcat's servers. Main page of the tomcat is listening on port 8080
Im typing in the browser loadbalance.lan/tomcat and I am able to see one of the tomcat content (default tomcat page)
The problem is page isn't displayed correctly. There's no images and when I click on any link it displays 404 Not found error.
Lets say I want to access one of the sub pages on the tomcat website. Tomcat website address: 172.16.30.5:8080
Now I can choose, lets say "status" link which redirects me to: 172.16.30.5:8080/manager/status (and works fine)
When I access the same page but via reverse proxy server (loadbalance.net) and click that link on the loadbalance.lan page, links redirect me to loadbalance.lan/manager/status and I get 404 error.
Of course when I type in the browser loadbalance.lan/tomcat/manager/status it displays correct.
Problem with the images is also weird. When I use url: loadbalance.lan/tomcat I can't see images (Tomcat logo)
When I use this one: loadbalance.lan/tomcat/ (slash at the end) it's ok. At least images because links still redirect in wrong place.
Here is my loadbalance.lan apache config:
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<VirtualHost *:80>
ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
<Proxy balancer://cluster>
Order Deny,Allow
Allow from all
</Proxy>
<Proxy balancer://cluster>
BalancerMember http://172.16.30.5:8080
BalancerMember http://172.16.30.6:8080
<Proxy balancer://cluster>
</Proxy>
<Location /tomcat>
ProxyPass balancer://cluster
ProxyPassReverse balancer://cluster
</Location>
</VirtualHost>
Could someone help me with this?
Obviously there is something wrong with that proxy but I have no idea how to fix that :(
From ProxyPassReverse documentation (strong added):
This directive lets Apache adjust the URL in the Location, Content-Location and URI headers on HTTP redirect responses. This is essential when Apache is used as a reverse proxy (or gateway) to avoid by-passing the reverse proxy because of HTTP redirects on the backend servers which stay behind the reverse proxy.
Only the HTTP response headers specifically mentioned above will be rewritten. Apache will not rewrite other response headers, nor will it rewrite URL references inside HTML pages. This means that if the proxied content contains absolute URL references, they will by-pass the proxy. A third-party module that will look inside the HTML and rewrite URL references is Nick Kew's mod_proxy_html.
So, the proxy job is not to rewrite the html content of the pages, if the proxyied content does not know that the final url should contain /tomcat extension and the proxy does not alter the pages... you're stuck.
This is usually something you do not see because the 172.16.30.5:8080 part is well rewritten in localhost.lan, but this rewrite is not made by the proxy, quite certainly because urls are in fact only relative (<img src="/foo/bar.png">). Check the source code of the page to see if the domain name is really rewritten in urls).
There's several ways of handling that:
- You could avoid altering relative urls paths in, the proxy (so not using a tomcat/ prefix, but instead a dedicated virtualhost with a name, like tomcat.lodabalncer.lan).
- You could also use some dedicated tools, like mod_proxy_html to rewrite the content of the pages, but that's a slow and complex thing.
- The third way is to manage the final full url on the application side (here tomcat) and detect the proxy chain elements in X-Forwareded-for Header to rebuild the right domain.
- Some applications provides tools for that, like the VirtualHostMonster in Zope
For tomcat the preferred tool is mod_proxy_ajp and not mod_proxy. But for a load balancer proxy I do not think you can use mod_proxy_ajp. And, it's been a long time since I made this, but in my memory I think mod_jk was the solution to that.
Read this full documentation on tomcat proxying for details. At least you should get some hints for the solution.