switching my app from http to https - apache

i'm working on an extranet for my school, in php and mysql, running on apache2 and using friendly urls via mod_rewrite.
I'm thinking that since there is potentially sensitive data involved, it would be better to work on an https url rather than http. The thing is: i have absolutely no experience in https. The pros, the cons and will my app actually work or will i need to modify it?
Does it also mean i have to set up something specific on the server? Will it not break the mod_rewrite rules?
Thank you for your time.

For your app, everything is the same but the URL.
But the Apache must be configured to properly handle it. Its just another VirtualHost entry in httpd-vhosts.conf, but using port 443 and...
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile "/..path../certificate.crt"
SSLCertificateKeyFile "/..path../certificate.key"
DocumentRoot ...
httpd.conf:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
Search Google for instructions of how to create your 'testing purpose' SSL certificate.

Related

Apache HTTP VM Behind HTTPS Lets Encrypt

I've read a lot of questions and answers which seem exactly the same as mine, but I can't seem to get my setup to work. I have a VM running Apache with only HTTP support at 192.168.2.101:32773. I can access it on my local network as such just fine. I now am ready to expose it through my Apache web server that has Lets Encrypt setup to generate SSL certificates. So I added this to my server conf file:
<VirtualHost *:32773>
ServerName server.com
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://192.168.2.101:32773/
ProxyPassReverse / http://192.168.2.101:32773/
</VirtualHost>
However, I get an ERR_SSL_PROTOCOL_ERROR when I try to load it up as https://server.com:32773. If I however change my address to http://server.com:32773, it loads just fine. Anything look wrong in this snippet? Thanks!
HTTP and HTTPS need to be on different ports. Typically HTTPS is served on port 443.
This is embarrassing... At some point I changed my port forward rules to point 32773 directly to 192.168.2.101 so I could validate that the rules were working at all. The above config worked as soon as I realized I wasn't even sending traffic to my Apache SSL enabled server.

Xampp + IIS working together on the same server

I have one server with 2 ip addresses.
I have multiples applications in .net (webapi, a console application, etc) and one specific using PHP which is running on apache (w/ xampp).
I configured IIS to run on default port 80 and xampp is using port 8080.
As I said before, I have two ip addresses and two domains (eg: domain1.com and domain2.com).
I need to pinpoint domain1.com.br to the IIS app (which is working) but my php app never get reached since all the requests are directed to port 80 (which iis takes control).
What can I do to solve this?
I know that I can point both ip's to port 80 but how to tell IIS whenever he gets a request from a specific domain/host (in this case, domain2.com.br) he redirects to the port 8080?
You may need to let the apache takes the control,due to apache's redirect features.The main idea is to setup the apache, use apache's redirect features(vhost,if you prefer to call it so) to direct the special requests to your IIS server.
Change your IIS listening to port 8080 (and set the domain to your domain,domain1.com for example).Leave your apache to listen on 80.
Enable the module below in your apache config file(http.conf):
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
And Enable:
Include conf/extra/httpd-vhosts.conf
3. The next step is to setup the virtual host. Edit the config fileconf\ extra\httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "x:\The\Dir\to\Your\Php\Site"
ServerName domain2.com.br
ErrorLog "logs/domain2-error.log"
CustomLog "logs/domain2-access.log" common
</VirtualHost>
And the setup to your domain2.com.br is Done.Restart your apache server,visit your site by domain name ,and your php site shall be working.
If the steps upon is working as expected,this shall be the last step.
<VirtualHost *:80>
ServerName your.net.site.domain.com
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:8080/"
ProxyPassReverse "/" "http://127.0.0.1:8080/"
ErrorLog "logs/domain1-error.log"
CustomLog "logs/domain1-access.log" common
</VirtualHost>
And now it should work as you expect it to.
Use
Reverse Proxy method
What is Reverse Proxy Method
A reverse proxy server is a type of proxy server that typically sits
behind the firewall in a private network and directs client requests
to the appropriate backend server. A reverse proxy provides an
additional level of abstraction and control to ensure the smooth flow
of network traffic between clients and servers.
Refer NGINX Documentation to know more about Reverse Proxy.
You can use reverse proxy either on your IIS or Apache(Xampp) Server. But since you have a Windows Server I recommend you to do reverse proxy on IIS server.
Example: Rewrite or Reverse proxy in IIS

Using httpd as reverse proxy

This is the first time I have to do something like this. I'm developing a front end application with some stuff I cannot change - it requests some specific address for the serverside data.
I need to redirect all those requests to say:
https://192.168.1.1:8443/server
to a different address, say
https://192.168.100.100:8443/server
I figured this is a job for Reverse Proxy and google brought me to httpd.
Now I work on Windows 7 machine, I've managed to get Apache24 binaries and started it on default 80 port, 127.0.0.1 says "It works!".
I tried to configure a virtual host but no matter what I do, I cannot get it to redirect.
I'm just trying to test the basic stuff first.
I've enabled required mods:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
I've uncommented following include:
Include conf/extra/httpd-vhosts.conf
And inside that file I got this:
<VirtualHost *:80>
ServerName mytest.com
ProxyPass /proxy/ http://myip:tomcatport/myapp/
ProxyPassReverse /proxy/ http://myip:tomcatport/myapp/
</VirtualHost>
I've looked through quite a few of tutorials on how to configure it and tried half a dozen different combinations of the same basic things, configured in this VirtualHost, but no matter what I do, I cannot get it to work.
From what I gathered, this configuration should redirect my browser from mytest.com to http://myip:tomcatport/myapp/, what am I doing wrong here?

Best approach to set up PHP and Java application on same host

I have two web applications one in PHP and one in Java (Play framework).
I want to make both these applications available to my clients and I have only one server for test environment.
What would be the best and easy to maintain approach for my problem?
I am already looking at options of virtual hosts on Apache server. But is the best? Are there any third party tools which can help me to divert traffic to PHP and Java apps based on the port in the http request?
Port nos for PHP app is 80 and Java app is 9000.
Regards,
Suraj
assuming both ports are forwarded correctly and Apache is only listening for traffic on port 80 and java is only listening on 9000 then going to YourIp:80 should take you to apache and YourIP:9000 should take you to the java app
For PHP app create common vhost as usally, and for Play app create reverse-proxy vhost (with other domain and/or subdomain for this), take a look at samples in docs
LoadModule proxy_module modules/mod_proxy.so
...
<VirtualHost *:80>
DocumentRoot "/path/to/your/php/app/root/folder/"
ServerName your-php-app.com
ErrorLog "/path/to/apache/logs/folder/your-php-app.com-error_log"
CustomLog "/path/to/apache/logs/folder/your-php-app.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ServerName your-play-app.com
ProxyPass /excluded !
ProxyPass / http://127.0.0.1:9000/
ProxyPassReverse / http://127.0.0.1:9000/
</VirtualHost>
Thanks for your comment.
Yeah, I did the same thing. I am simply pointing my domain name to Apache Http server. So its using default port 80 and does not show up in urls.
Also, I am using Apache as front server for all my requests to port 9000. So, I am rerouting my requests for Play application at port 9000 through Apache port 80. It needed a change in url patterns so that play and apache specific urls can be distinguished.
Changed urls and used proxy_http_module + ProxyPassMatch directive to get the rerouting working.
Suraj

How to rewrite / proxy an Apache URI to an application listening on a specific port / server?

They say that Apache's mod_rewrite is the swiss-army knife of URL manipulation, but can it do this?
Lets say I want to add a new application to my Apache webserver, where the only configurable option of the app is a port number.
I want to use & give out URLs of the form "http://hostname.example.com/app" rather than "http://hostname.example.com:8080". This would ensure that clients would be getting through the institution's firewall as well, and it's generally tidier.
My application includes absolute URIs in php, javascript and css, so I want to prepend my own root location to the URI in the applications internal links. I have no access to DNS records and so can't create another name-based virtual server.
Using Apache's mod_rewrite and mod_proxy modules, I can transparently redirect a client to the correct home-page of the application. But links within that homepage don't point a client to links relative to the new base URL.
So, what's the best way of proxying a request to an application that is listening on a specific port?
For example, if I had an application listening on port 8080, I could put this in my Apache configuration:-
<VirtualHost *:80>
SSLProxyEngine On
ServerName myhost.example.com
RewriteEngine On
UseCanonicalName On
ProxyVia On
<Location "/application">
RewriteRule ^/application/?(.*) http://localhost:8080/$1 [P,L]
</Location>
</VirtualHost>
This would work fine if the application didn't use absolute URLs, but it does. What I need to do is rewrite URLs that are returned by the application's css, javascript and php.
I've looked at the ProxyPass and ReverseProxyPass documentation, but I don't think these would work..?
I've also come across Nick Kew's mod_proxy_html, but this isn't included in the standard Apache Distribution, and my institution's webserver seems to have been fine for years without it.. Other than trawling manually (or using a grep -r | sed type expression) through the application's source code, or using this 3rd party add-on, are there any other ways to go about this?
Could I perhaps use some of the internal server variables in a mod_rewrite rule? For example a rewrite rule based on ’HTTP_REFERER'?
Using mod_proxy would work just fine. For instance, I mapped https://localhost/yalla/ to point to a subdirectory of my webserver:
LoadModule proxy_module modules/mod_proxy.so
ProxyRequests On
<Proxy *>
Order deny,allow
Allow from localhost
</Proxy>
ProxyPass /yalla/ http://yalla.ynfonatic.de/tmp/
If you implement this, you'll note that the pictues of the directory-listing aren't visible; this is because they're below the /tmp/ directory on the remote server, hence not visible.
So, in your case you'd do:
LoadModule proxy_module modules/mod_proxy.so
ProxyRequests On
<Proxy *>
Order deny,allow
Allow from localhost # Or whatever your network is if you need an ACL
</Proxy>
ProxyPass /app/ http://hostname.example.com:8080/
Like with everything in Apache configuration, watch those trailing slashes when referring to directories.
Good luck!
Alex.