Route two domains to same JBoss instance - apache

I have two public websites (foo.com and bar.com) that are pointed to a hardware load balancer. This hardware forwards the traffic to my server as follows:
http://foo.com ==> port 7700
https://foo.com ==> port 7701
http://bar.com ==> port 7800
https://bar.com ==> port 7801
My server is currently an old iPlanet box that defines two virtual servers (foo.com for 7700, 7701 and bar.com for 7800, 7801). Since the load balancer forwards directly to these ports, everything works fine.
I now need to port these website to an Apache 2.2 + JBoss 6.0 configuration, and I'm currently at a loss as to what the best practice is to accomplish this.
I've already set up Apache to listen on my four ports (7700,7701,7800, 7801) and configured SSL for 7701,7801. I'm assuming it is preferred to let Apache handle the SSL handshakes and connections. I have set up 4 Virtual Host entries in Apache, as follows:
<VirtualHost *:7700>
DocumentRoot "/htdocs/foo.com"
ServerName foo.com
</VirtualHost>
<VirtualHost *:7701>
DocumentRoot "/htdocs/foo.com"
ServerName foo.com
SSLEngine on
SSLCipherSuite ALL:...
SSLCertificateFile "/cert/foo.com.crt"
SSLCertificateKeyFile "/cert/foo.com.key"
</VirtualHost>
<VirtualHost *:7800>
DocumentRoot "/htdocs/bar.com"
ServerName bar.com
</VirtualHost>
<VirtualHost *:7801>
DocumentRoot "/htdocs/bar.com"
ServerName bar.com
SSLEngine on
SSLCipherSuite ALL:...
SSLCertificateFile "/cert/bar.com.crt"
SSLCertificateKeyFile "/cert/bar.com.key"
</VirtualHost>
I've tested this with static content, and both the HTTP and HTTPS connections are working correctly.
For my JBoss configuration, I currently have my applications deployed as /foo and /bar, although I don't know if that should be the final configuration. What I want to accomplish is this:
Forward all traffic from 7700/7701 to http://localhost:8080/foo, and from 7800/7801 to http://localhost:8080/bar. I don't want to see the /foo and /bar in the public URL, though - the user should just see http://www.foo.com and http://www.bar.com.
Is there a way to configure mod_jk to forward requests to a specific URL? Or should I be looking at ways to have JBoss host foo.com on port A and bar.com on port B -- and just have mod_jk forward to each port separately?

I think mod_jk combined with URL rewriting should handle what you need. The mod_jk information on workers indicates that you should be able to use mod_jk to forward requests based on URL using the uriworkermap. It's also mentioned that you can have a separate uriworkermap for each virtual host.
I'd also like to suggest that you take a look at mod_cluster - it might have additional capabilities that would help with this.
EDIT
Argh. After your clarification (and some better digging), I think there may be a different answer. I am currently using ProxyPass/ProxyPassReverse to redirect top-level URLs to individual servlets. I've reviewed the Apache VirtualHost docs again, and I think that if you combine that with mod_proxy, you'll be able to get what you want.
Here's a proposed configuration example that builds on what I have and could meet your specifications:
Listen 7700
Listen 7701
Listen 7800
Listen 7801
<VirtualHost *:7700>
ProxyPreserveHost On
ProxyPass / http://localhost:8080/foo
ProxyPassReverse / http://localhost:8080/foo
ServerName foo.com
</VirtualHost>
<VirtualHost *:7701>
ProxyPreserveHost On
ProxyPass / http://localhost:8080/foo
ProxyPassReverse / http://localhost:8080/foo
ServerName foo.com
SSLEngine on
SSLCipherSuite ALL:...
SSLCertificateFile "/cert/foo.com.crt"
SSLCertificateKeyFile "/cert/foo.com.key"
</VirtualHost>
<VirtualHost *:7800>
ProxyPreserveHost On
ProxyPass / http://localhost:8080/foo
ProxyPassReverse / http://localhost:8080/foo
ServerName bar.com
</VirtualHost>
<VirtualHost *:7801>
ProxyPreserveHost On
ProxyPass / http://localhost:8080/foo
ProxyPassReverse / http://localhost:8080/foo
ServerName bar.com
SSLEngine on
SSLCipherSuite ALL:...
SSLCertificateFile "/cert/bar.com.crt"
SSLCertificateKeyFile "/cert/bar.com.key"
</VirtualHost>
I apologize for missing this the first time. The only thing you'll want to test is to make sure that the URLs for servlet access are correct. The pattern I have in use is http://{host}:{port}/{WARName}/{ServletPath}. If you've already tested the configuration with static content, only the proxy setup should need to be added/tuned. I'm not sure if you'll need the Listen statements or not; I think you will, as your ports are non-standard.

Related

Use Apache To Run SSL On Port 8980 Specifically

I have a web service which I access by typing the following URL exactly as is (character for character):
http://10.115.252.127:8980/opennms/login.jsp
The website files are served from /opt/opennms/jetty-webapps/opennms/
My objective is to use Apache (httpd.conf) to force any traffic to this URL to use SSL and no longer HTTP.
I have successfully installed the SSL certificates with no issues.
I have configured a VirtualHost directive to redirect port 80 to 443
Only sites under /var/www/html/* are being successfully redirected.
Example: http://10.115.252.127/numbers successfully redirects to https://10.115.252.127/numbers
http://10.115.252.127/charts successfully redirects to https://10.115.252.127/charts
But, when I type in the URL http://10.115.252.127:8980/opennms/login.jsp it is always served as HTTP...how do I make it served as HTTPS like the others? I have checked the forums and all the posts assume you will always be redirecting port 80 and dont say anything about how to use SSL in the scenario I explained. I have the same issue with another service running on port 3000 http://10.115.252.127:3000/login
===extract from my httpd.conf===
<VirtualHost *:80>
ServerName 10.115.252.127
Redirect permanent / https://10.115.252.127/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
ServerName 10.115.252.127
#Documentroot /var/www/html
</VirtualHost>
Based on your confirmation of my understanding, here is what you can do:
############################################################################
Listen 80
# All connections on port 80 are redirected to port 443
<VirtualHost *:80>
ServerName www.example.com
CustomLog "logs/80_access.log" combined
ErrorLog "logs/80_error.log"
Redirect permanent / https://www.example.com
# No documentRoot, no content
</VirtualHost>
############################################################################
Listen 443
# All URI are answered from the documentRoot directory
# EXCEPT /openms, which is proxied to :8980
<VirtualHost *:443>
ServerName www.example.com
# temporary, remove when tests done
LogLevel debug
CustomLog "logs/443_access.log" combined
Errorlog "logs/443_error.log"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
# For your redirection to 8980
ProxyPass /opennms "https://www.example.com:8980/"
ProxyPassReverse /opennms "https://www.example.com:8980/"
documentRoot "/yourdir/apache/htdocs"
DirectoryIndex index.html
</VirtualHost>
Prerequisites
you must load proxy modules
you must load rewrite module
port 8980 is linked to some other software. Apache does not handle 8980.

TURN server behind reverse proxy

I would like to make the TURN server accessible behind a reverse proxy in order to use port 443 to avoid problems with blocked ports on public wifi networks, etc.
coturn is configured this way:
listening-port=8443
listening-ip=127.0.0.1
relay-ip=<public-ip-of-the-turn-server>
lt-cred-mech
use-auth-secret
static-auth-secret="secret"
realm=myturnserver.org
total-quota=0
bps-capacity=0
log-file=/var/log/turn.log
and the apache server config looks like this:
<VirtualHost *:443>
ServerName myturnserver.org
ServerAdmin root#myturnserver.org
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/myturnserver.org.error.log
CustomLog ${APACHE_LOG_DIR}/myturnserver.org.access.log combined
SSLCertificateFile /etc/letsencrypt/live/myturnserver.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myturnserver.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</VirtualHost>
but I can't connect to the turn server. Any ideas what is wrong here?

Apache host header proxy

I have multiple urls coming into a server. I want to user host headers to redirect the traffic. I am trying to use Apache to redirect these requests to various servers that are inside our firewall. I have gotten part of the solution, but, I seem to be missing something.
For example, http://hostHeader1.mycompany.com should be redirected to a server inside our firewall that handles requests for hostHeader1, and the result should be handed back to the client. http://hostHeader2.mycompany.com should be redirected to a server inside our firewall that handles requests for hostHeader2. Etc.
Right now, I have the following, but, it redirects all traffic to http://hostHeader1Handler/:
<VirtualHost *:*>
ProxyPreserveHost On
ProxyPass / http://hostHeader1Handler/
ProxyPassReverse / http://hostHeader1Handler/
ServerName hostHeader1.mycompany.com
</VirtualHost>
Any help appreciated.
Scott
This is probably your first or your only virtual host. Just add another virtual host before. Then this should be the new default.
NameVirtualHost *:*
<VirtualHost *:*>
ServerName your.default.domain.de
DocumentRoot /var/www/pathToHTML
</VirtualHost>
<VirtualHost *:*>
ProxyPreserveHost On
ProxyPass / http://hostHeader1Handler/
ProxyPassReverse / http://hostHeader1Handler/
ServerName hostHeader1.mycompany.com
</VirtualHost>

Apache redirect to another port

I've struggled with this for some time and am definitely doing something wrong.
I have Apache server and a JBoss server on the same machine. I'd like to redirect traffic for mydomain.example to JBoss localhost:8080/example. The DNS is currently setup for mydomain.example and it will go straight to port 80 when entered into the browser.
My question is how do I redirect to a different port when a certain domain name comes to Apache (in this case, mydomain.example)?
<VirtualHost ip.addr.is.here>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ProxyPass http://mydomain.example http://localhost:8080/example
ProxyPassReverse http://mydomain.example http://localhost:8080/example
</VirtualHost>
After implementing some suggestions:
Still not forwarding to port 8080
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ServerAlias www.mydomain.example
ProxyPass http://mydomain.example http://localhost:8080/example
ProxyPassReverse http://mydomain.example http://localhost:8080/example
</VirtualHost>
You should leave out the domain http://example.com in ProxyPass and ProxyPassReverse and leave it as /. Additionally, you need to leave the / at the end of example/ to where it is redirecting. Also, I had some trouble with http://example.com vs. http://www.example.com - only the www worked until I made the ServerName www.example.com, and the ServerAlias example.com. Give the following a go.
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.example.com
ServerAlias example.com
ProxyPass / http://localhost:8080/example/
ProxyPassReverse / http://localhost:8080/example/
</VirtualHost>
After you make these changes, add the needed modules and restart apache
sudo a2enmod proxy && sudo a2enmod proxy_http && sudo service apache2 restart
I solved this issue with the following code:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName myhost.example
ServerAlias www.myhost.example
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
I also used:
a2enmod proxy_http
I wanted to do exactly this so I could access Jenkins from the root domain.
I found I had to disable the default site to get this to work. Here's exactly what I did.
$ sudo vi /etc/apache2/sites-available/jenkins
And insert this into file:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.example
ServerAlias mydomain
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
Next you need to enable/disable the appropriate sites:
$ sudo a2ensite jenkins
$ sudo a2dissite default
$ sudo service apache2 reload
Found this out by trial and error. If your configuration specifies a ServerName, then your VirtualHost directive will need to do the same. In the following example, awesome.example.com and amazing.example.com would both be forwarded to some local service running on port 4567.
ServerName example.com:80
<VirtualHost example.com:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName awesome.example.com
ServerAlias amazing.example.com
ProxyPass / http://localhost:4567/
ProxyPassReverse / http://localhost:4567/
</VirtualHost>
I know this doesn't exactly answer the question, but I'm putting it here because this is the top search result for Apache port forwarding. So I figure it'll help somebody someday.
This might be an old question, but here's what I did:
In a .conf file loaded by Apache:
<VirtualHost *:80>
ServerName something.com
ProxyPass / http://localhost:8080/
</VirtualHost>
Explanation: Listen on all requests to the local machine's port 80. If I requested "http://something.com/somethingorother", forward that request to "http://localhost:8080/somethingorother". This should work for an external visitor because, according to the docs, it maps the remote request to the local server's space.
I'm running Apache 2.4.6-2ubuntu2.2, so I'm not sure how the "-2ubuntu2.2" affects the wider applicability of this answer.
You have to make sure that the proxy is enabled on the server. You can do so by using the following commands:
a2enmod proxy
a2enmod proxy_http
service apache2 restart
If you don't have to use a proxy to JBoss and mydomain.example:8080 can be "exposed" to the world, then I would do this.
<VirtualHost *:80>
ServerName mydomain.example
Redirect 301 / http://mydomain.example:8080/
</VirtualHost>
Just use a Reverse Proxy in your apache configuration (directly):
ProxyPass /foo http://foo.example.com/bar
ProxyPassReverse /foo http://foo.example.com/bar
Look here for apache documentation of how to use the mod
My apache listens to 2 different ports,
Listen 8080
Listen 80
I use the 80 when i want a transparent URL and do not put the port after the URL
useful for google services that wont allow local url?
But i use the 8080 for internal developing where i use the port as a reference for a "dev environment"
You need 2 things:
Add a ServerAlias www.mydomain.example to your config
change your proxypass to ProxyPassMatch ^(.*)$ http://localhost:8080/example$1, to possibly keep mod_dir and trailing slashes from interfering.
Apache supports name based and IP based virtual hosts. It looks like you are using both, which is probably not what you need.
I think you're actually trying to set up name-based virtual hosting, and for that you don't need to specify the IP address.
Try < VirtualHost *:80> to bind to all IP addresses, unless you really want ip based virtual hosting. This may be the case if the server has several IP addresses, and you want to serve different sites on different addresses. The most common setup is (I would guess) name based virtual hosts.
This is working in ISPConfig too. In website list get inside a domain, click to Options tab, add these lines: ;
ProxyPass / http://localhost:8181/
ProxyPassReverse / http://localhost:8181/
Then go to website and wolaa :) This is working HTTPS protocol too.
Try this one-
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.adminbackend.example.com
ServerAlias adminbackend.example.com
ProxyPass / http://localhost:6000/
ProxyPassReverse / http://localhost:6000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
This is how I redirected part of the requests to one url and rest to another url:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName localhost
ProxyPass /context/static/content http://localhost:80/web/
ProxyPassReverse /context/static/content http://localhost:80/web/
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
All are excellent insights to accessing ports via domain names on virtual servers. Do not forget, however, to enable virtual servers; this may be commented out:
NameVirtualHost *:80
<Directory "/home/dawba/www/">
allow from all
</Directory>
We run WSGI with an Apache server at the domain sxxxx.com and a golang server running on port 6800. Some firewalls seem to block domain names with ports. This was our solution:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName wsgi.sxxxx.example
DocumentRoot "/home/dxxxx/www"
<Directory "/home/dxxx/www">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /py/ "/home/dxxxx/www/py/"
WSGIScriptAlias /wsgiprog /home/dxxxx/www/wsgiprog/Form/Start.wsgi
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName sxxxx.com
ServerAlias www.sxxxx.com
ProxyPass / http://localhost:6800/
ProxyPassReverse / http://localhost:6800/
</VirtualHost>

How to redirect different sub domain requests to different port

I have two applications, one is the www.myexample.com, another is the blog.myexample.com. I am using PHP and Apache.
Now, I want to let www.myexample.com runs on port 82 of my machine, and blog.myexample.com on port 83, on the same machine. How to configure the apache and/ or the PHP scripts so that when the requests for the requests are served properly?
Edit: Thanks for everyone who responds, but I afraid I don't get the question clear-- my bad!
What I really want is to simulate a condition whereby the www.myexample.com and blog.myexample.com are located on different machines. So when a request comes in, the gateway server ( the one which is also hosting www.myexample.com) will check whether this is a request for www.myexample.com or for blog.myexample.com and does the necessary reroutes.
How to do this? Thanks.
I will assume that you have your own reason for wanting the two sites (www and blog) to run on different ports - and in different processes. If this is not what you intended, e.g. you did not want to have two distinct processes, then having different ports may not be what you intended either: use VirtualHost instead, to co-host the two domains within the same apache+php instance on port 80. Otherwise, read on.
Assuming that you have your two apache+php processes listening on localhost:82 and localhost:83 respectively, bring up a third, apache-only process to act as a reverse proxy. Have the reverse proxy apache instance listen for requests coming on port 80 from the internet, with two virtual host definitions. The first virtual host definition, www, would forward requests to localhost:82, whereas the second virtual host definition, blog, would forward requests to locahost:83, e.g.:
NameVirtualHost *:80
# www
<VirtualHost *:80>
ServerName www.myexample.com
ProxyPass / http://localhost:82/
ProxyPassReverse / http://localhost:82/
</VirtualHost>
# blog
<VirtualHost *:80>
ServerName blog.myexample.com
ProxyPass / http://localhost:83/
ProxyPassReverse / http://localhost:83/
</VirtualHost>
I use proxy for this type of things.
In my example, I have apache 1.3 running on port 80, but I needed svn repository to run on apache 2.2, and I didn't want to type :82 on the end of the domain every time. So I made proxy redirection on apache 1.3 (port 80):
<VirtualHost *:80>
ServerName svn.mydomain.com
ServerAlias svn
ServerAdmin my#email.com
<IfModule mod_proxy.c>
ProxyPass / http://svn:82/
</IfModule>
</VirtualHost>
Run the following line on terminal (specify your domain and sub domain name correctly)
sudo nano /etc/apache2/sites-available/subdomain.domain.com.conf
Paste the following code and change as your requirement
<VirtualHost *:80>
ServerAdmin admin#domain.com
ServerName subdomain.domain.com
ServerAlias subdomain.domain.com
ProxyRequests Off
#ProxyPass / http://localhost:8080/
<Location />
ProxyPreserveHost On
ProxyPass http://domain.com:8080/
ProxyPassReverse http://domain.com:8080/
</Location>
# Uncomment the line below if your site uses SSL.
#SSLProxyEngine On
</VirtualHost>
Run the following lines on terminal (specify your domain and sub domain name correctly)
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod subdomain.domain.com.conf
sudo service apache2 restart
Off the top of my hat:
Listen 82
Listen 83
NameVirtualHost 1.2.3.4 # Use your server's IP here
<VirtualHost www.myexample.com:82>
# Configure www.myexample.com here
</VirtualHost>
<VirtualHost blog.myexample.com:83>
# Configure blog.myexample.com here
</VirtualHost>
A more complete answer to this would be to do something like this which allow you to setup a proxy gateway which is what is loosly described above.
ServerName localhost
<Proxy *>
Order deny,allow
Allow from localhost
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:10081/
ProxyPassReverse / http://localhost:10081/
ProxyPassReverseCookiePath / http://localhost:10081/