I'm using a framework that uses a full-stack to display all its webpages. This runs standard on port 9000. Very fine, but when going into production, the server seems to block everything except a few standard ports.
So therefore, the framework (Play framework), advises you to do this in your front-end webserver (in my case Apache2).
file: play.conf
<VirtualHost *:80>
ServerName http://avon.ugent.be
CustomLog /var/www/log/proxy-access.log common
ErrorLog /var/www/log/proxy-error.log
ProxyPreserveHost On
DocumentRoot /var/www
<Location /dev/app>
AuthType Basic
AuthName "Test Omgeving"
AuthUserFile /var/trac/htpasswd
Require valid-user
ProxyPass http://127.0.0.1:9000/
ProxyPassReverse http://127.0.0.1:9000/
</Location>
</VirtualHost>
This of course requires the mod_proxy module, that is being enabled with a2enmod mod_proxy. (I run this on a Debian distro)
The idea is to run two webservers, one front-end and one back-end with the application.
The reloading of the apache webserver works fine, the site is enabled and everything, but when I surf to the http://my.website.com/dev/app url, it renders a 404... Suggestions what's going wrong?
EDIT3:
After 10+ hours of trying it boils down to this:
I found the debugging command (finally :p) and this is the output:
apache2ctl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80 is a NameVirtualHost
default server avon.ugent.be (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost avon.ugent.be (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost avon.ugent.be (/etc/apache2/sites-enabled/play.conf:1)
Syntax OK
Which indicates that the virtual server is indeed being added to the configuration.
But still, it renders a 404. Now, somewhere i've read that's because there is no index.html in that path. Is that necessary if you just want to use a reverse proxy?
For a start please try using Location instead of Directory. Directory is used for identifying directory paths on the filesystem not paths relative to the document root.
<Location '/dev/app'>
AuthType Basic
AuthName "Test Omgeving"
AuthUserFile /var/trac/htpasswd
Require valid-user
</Location>
Try the following. It should prompt for the username/password and then pass the request to http://127.0.0.1:9000. In my case, Apache gives a "Service Temporarily Unvavailable", which you should get as well if you turn off the application running on port 9000
<VirtualHost *:80>
ServerName my.website.com
<Location /dev/app>
AuthType Basic
AuthName "Test Omgeving"
AuthUserFile passwd/.htpasswd
Require valid-user
ProxyPass http://127.0.0.1:9000
ProxyPassReverse http://127.0.0.1:9000
</Location>
</VirtualHost>
If you still get a 404, can you confirm that it's not the backend server sending it?
Related
I'm trying to configure a sub-domain for my subversion repository.
I have a VH example.fr pointing to my personal website, and I want another VH svn.example.fr to point to the repository.
However, when I try to connect to svn.example.fr, I get the front page of my website...
Here is my Apache configuration file:
<VirtualHost *:80>
DocumentRoot /srv/example.fr
ServerName example.fr
ServerAlias www.example.fr
<Directory /srv/example.fr>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName svn.example.fr
<Location />
DAV svn
SVNPath /srv/svn/repo
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /srv/svn/repo/conf/passwd
AuthzSVNAccessFile /srv/svn/repo/conf/authz
Require valid-user
</Location>
</VirtualHost>
I don't see any problem here, but I'm sure there is.
Thanks for your help !
EDIT : The configuration file is correct. I should precise that I'm running Apache inside a Docker container. Just after creating the conf file, I restarted Apache by restarting the container. This is not the right way to do it: restarting the container does not restart the server.
So Lazy Badger was right finally, thanks.
This is question for SU
After creating VirtualHost section you have to restart Apache
(Not related to network|Apache config, future trouble) Plain-text /srv/svn/repo/conf/passwd, used by svnserve, can't be used as Apache user-file, i.e. you have to have
...
AuthUserFile /path/to/htpasswd/file
...
DocumentRoot for VirtualHost must be defined, svn.example.fr miss it
(I am x-posting this from serverfault because I didn't get any responses there and we have a lot apache pros over here)
I am using my apache as a reverse proxy for a few requests to a webserver running on an internal port to allow access via my regular virtual host. This is on an ubuntu 15 running apache 2.4 in vagrant.
Here's my virtualhost config:
<VirtualHost *:80>
DocumentRoot /vagrant/htdocs
ServerName test.vm
# proxy pass mailcatcher to internal webserver
<Location /mailcatcher>
ProxyPass http://localhost:1080
ProxyPassReverse http://localhost:1080
</Location>
<Location /assets>
ProxyPass http://localhost:1080/assets
</Location>
<Location /messages>
ProxyPass ws://localhost:1080/messages
ProxyPassReverse http://localhost:1080
</Location>
<Directory />
Require all granted
</Directory>
<Directory /vagrant/htdocs>
AllowOverride all
</Directory>
</VirtualHost>
For a while, this works fine. However, after a time, suddenly all requests to this virtualhost are proxied to the internal webserver. So if I call http://test.vm/cron/mails.php at first it will run mails.php as expected. However after a random amount of time or event, suddenly the aforementioned URL will start serving responses from Mailcatcher.
The message you were looking for does not exist, or doesn't have content of this type
This is a Mailcatcher error that you get when you request a message that no longer exists.
This service, Mailcatcher, is started with my VM and runs all the time. The weird thing is, I don't experience this issue when I am doing other stuff on the VM (there's a web app running on it). Only when I am actively debugging mails and using the Mailcatcher gui am a I suddenly sometimes experiencing this.
Waiting for a while or restarting apache "solves" this issue until it pops up the next time. Can anyone help me out on this? Did I set up my proxy wrong?
Thanks.
You can try these :
<VirtualHost *:80>
ServerName mailcatcher.domain.tld
ServerAdmin webmaster#domain.tld
<Location />
ProxyPass http://localhost:1080/
ProxyPassReverse http://localhost:1080/
</Location>
<Location /messages>
ProxyPass ws://localhost:1080/messages
ProxyPassReverse ws://localhost:1080/messages
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Notes :
Of course localhost is set in your /etc/hosts or should be change to your mailcatcher server.
It's better to dedicate a hostname to mailcatcher service. With mod_proxy is not easier to manage correctly sub directory path.
On my linux machine I have apache2 running as a reverse proxy, because I wanted to make another webserver on port 8083 accessible while also making it password protected. For this I added this to my apache2.conf:
<VirtualHost *:80>
<Location / >
AuthName "Protected Area"
AuthType Basic
AuthUserFile /home/pi/.htpasswd
Require valid-user
</Location>
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/
</VirtualHost>
That works like a charm, but now I also want to use apache to serve a site, I would like to do this by making something like /mysite point to /var/www, but I can't really figure out how to do this or if it is even possible.
Any ideas?
I think you have two options:
1. Put the proxy in a separate <Location /someurl> and put the site outside. Requests to http://localhost/someurl/ will be proxied, everything else is the local site:
<VirtualHost *:80>
<Location /someurl >
# Password protection omitted for brevity
ProxyPass http://localhost:8083/
ProxyPassReverse http://localhost:8083/
</Location>
# Here is the site
DocumentRoot /var/www
# ... etc site config
</VirtualHost>
2. Use two separate VirtualHosts, one for the proxy and one for the site. You will need two separate hostnames pointing to your local ip. For local operations only, use /etc/hosts. In this exemple http://a.localhost/ is the proxy, http://b.localhost is the site:
/etc/hosts:
127.0.0.1 a.localhost
127.0.0.1 b.localhost
Apache config:
# This is the proxy, http://a.localhost/
<VirtualHost *:80>
ServerName a.localhost
# Do password protection as needed
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/
</VirtualHost>
# This is the site, http://b.localhost/
<VirtualHost *:80>
ServerName b.localhost
DocumentRoot /var/www
# ... etc site config
</VirtualHost>
I would probably go for two separate VirtualHosts, keeping stuff nicely separated.
I have a web application currently being served on two HTTPS ports - let's say 443 and 8443. The application has an Apache HTTP server as the front end and I am running into trouble setting up Apache config to exclude certain paths on one of the ports. I have my config set up as below in Apache
<Location /MyApp>
AuthType SOME_AUTH_MODULE
require user valid-user
</Location>
<Location ~ "/MyApp/(Login.html|Welcome.html)">
Satisfy Any
Allow from all
AuthType None
Require all granted
</Location>
I have my virtual hosts setup in Apache as below
<VirtualHost _default_:443>
DocumentRoot /path/to/my/files
Servername www.example.com:443
Other details go here
</VirtualHost>
<VirtualHost _default_:8443>
DocumentRoot /path/to/my/files
Servername www.example.com:8443
Other details go here
</VirtualHost>
What are the expected problems with above configuration, considering that Location directive doesn't take host and port information? Does Location directive use the first matching entry OR will it use one of after the other?
More details for folks who know Shibboleth
The first Location entry allows users to access the application in an SSO (Single Sign On) environment. The second entry is designed to allow users to access the same virtual host on a different port (8443) without going through SSO. What we are seeing is, the request headers are lost towards the end of the processing chain. When I remove the second Location entry all works fine.
Put the /Location directive inside the vhost directive you want to secure.
<VirtualHost _default_:443>
DocumentRoot /path/to/my/files
Servername www.example.com:443
<Location /MyApp>
AuthType SOME_AUTH_MODULE
require user valid-user
</Location>
Other details go here
</VirtualHost>
<VirtualHost _default_:8443>
DocumentRoot /path/to/my/files
Servername www.example.com:8443
Other details go here
</VirtualHost>
I would like to password protect port 2000 of a web server by embedding a location directive inside of the virtualhost directive of the apache config file. However it didn't prompt for a password as expected. This is what I had in the apache config file:
<VirtualHost *:2000>
ServerName www.server.com
ServerAdmin email
DocumentRoot /var/www/html
ErrorLog logs/server.com-error_log
<Location / >
AuthType Basic
AuthName "Security"
AuthUserFile /var/www/s2/.htpasswd-users
Require valid-user
</Location>
</VirtualHost>
A couple reasons why I think it didn't work:
I needed a corresponding NameVirtualHost *:2000 to go with the VirtualHost directive
I was using a reverse ssh tunnel on that port so ssh was catching it before the web server. The web server that the tunnel connected to did not have password protection.
So now my question is how to password protect the server at the end of the tunnel. It is a simple server and not capable of passwords. That's why I was hoping to protect access to it via the apache server.
AuthType only works inside or in a .htaccess file:
You have it inside a and that's the rease it isn't working.