We are using ProxyPass to redirect all "/r" requests to jboss on port 18080 as follows:
ProxyPreserveHost on
ProxyPass /r http://localhost:18080/redirectService/
ProxyPassReverse /r http://localhost:18080/redirectService/
But, that causes the IP address logged in jboss's access log as "127.0.0.1". Does somebody know how can we preserve the original IP from where the request came in HttpServletRequest? We want to acesss it from jboss servlet request in doGet()
You can get the original host from X-Forwarded-For header field.
The answer of JasonW is fine. But since apache httpd 2.4.6 there is a alternative: mod_remoteip
All what you must do is:
May be you must install the mod_remoteip package
Enable the module:
LoadModule remoteip_module modules/mod_remoteip.so
Add the following to your apache httpd config. Note that you must add this line not into the configuration of the proxy server. You must add this to the configuration of the proxy target httpd server (the server behind the proxy):
RemoteIPHeader X-Forwarded-For
# replace IP with the remote server you trust
RemoteIPInternalProxy 10.123.123.1/24
See at http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html for more information and more options.
Security warning! Only do this for proxies you trust. Otherwise someone can fake their IP.
This has a more elegant explanation and more than one possible solutions. http://kasunh.wordpress.com/2011/10/11/preserving-remote-iphost-while-proxying/
The post describes how to use one popular and one lesser known Apache modules to preserve host/ip while in a setup involving proxying.
Use mod_rpaf module, install and enable it in the backend server and add following directives in the module’s configuration.
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
(2017 edit) Current location of mod_rpaf: https://github.com/gnif/mod_rpaf
If you have the capability to do so, I would recommend using either mod-jk or mod-proxy-ajp to pass requests from Apache to JBoss. The AJP protocol is much more efficient compared to using HTTP proxy requests and as a benefit, JBoss will see the request as coming from the original client and not Apache.
If you are using Apache reverse proxy for serving an app running on a localhost port you must add a location to your vhost.
<Location />
ProxyPass http://localhost:1339/ retry=0
ProxyPassReverse http://localhost:1339/
ProxyPreserveHost On
ProxyErrorOverride Off
</Location>
To get the IP address have following options
console.log(">>>", req.ip);// this works fine for me returned a valid ip address
console.log(">>>", req.headers['x-forwarded-for'] );// returned a valid IP address
console.log(">>>", req.headers['X-Real-IP'] ); // did not work returned undefined
console.log(">>>", req.connection.remoteAddress );// returned the loopback IP address
So either use req.ip or req.headers['x-forwarded-for']
Related
I got a problem here, which could look trivial, but my basic knowledge in configuring apache and all the stuff I searched today didn't lead me to any satisfying solution.
I have two physical servers, and I run two applications on each one : one contained in a node.js instance, reachable and responding on port 4200 and another one contained in Tomcat on port 8080 (respectively my front-end and my back-end).
The requests from http client arrive on node server through port 80 and I configured an httpd to redirect them to the two instances according the path after the url.
The target behaviour is that httpd redirects every request to the node instance by default, and redirects to the remote tomcat the requests matching the following structure : physical_server_ip/api/*
So here's what I included in my httpd.conf on server hosting node instance and httpd :
<VirtualHost *:80>
#Filter on '/api/' path in url for node instance
ProxyPass /api/ !
ProxyPass / http://localhost:4200/
ProxyPassReverse / http://localhost:4200/
ProxyPreserveHost On
</VirtualHost>
<VirtualHost *:80>
# Proxy to remote machine on which tomcat runs and provides services
ProxyPass /api/ http://<tomcat_machine_alias>:8080/xd-service/api/
ProxyPassReverse /api/ http://<tomcat_machine_alias>:8080/xd-service/api/
ProxyPreserveHost On
</VirtualHost>
When i request my node machine through Apache, I can see the response from the first block (the node instance), but the others requests (those whose path begin with /api/) not.
In the browser console, it appears that these ones (the requests design to interrogate apis) are not proxied by apache and are sent to the node instance and not the tomcat.
What am I missing ?
Dusan Bajic's answer resolved the problem : the two proxy rules sets needed to be merged in one virtual host, ordered from the most specific to the less specific.
I am trying to access the yacceleratorstorefront/electronics/en/?site=electronics URL from apache web server to Hybris where the electronic store URL is configured. The electronic store URL is accessible and working from any of the server in environment if apache web server is BY PASSED
http://10.0.1.141:9001 is my Hybris server.
ERROR ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
HTTP Status 500 - Cannot find CMSSite associated with current URL ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
type Status report
message Cannot find CMSSite associated with current URL
description The server encountered an internal error that prevented it from fulfilling this request.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Any suggestion or advice is highly appreciated. Thank you in advance.
-Regards, S#BS
------------------------------------------------httpd Code below----------------------------------------------------
<VirtualHost *:80> ProxyPreserveHost On
ProxyPass / http://10.0.1.141:9001/ ProxyPassReverse / http://10.0.1.141:9001/
ServerName localhost</VirtualHost>
<VirtualHost *:443> ServerName localhost
#ProxyRequests Off #ProxyPreserveHost On ProxyPass / https://10.0.1.141:9002/yacceleratorstorefront/electronics/en/?site=electronics ProxyPassReverse / https://10.0.1.141:9002/yacceleratorstorefront/electronics/en/?site=electronics
SSLEngine on SSLCertificateFile /etc/httpd/certs/mysite.com.crt SSLCertificateKeyFile /etc/httpd/certs/mysite.com.key
</VirtualHost>
The error message indicates that you are not setting the ?site=electronics parameter at the http version of you proxy (it also seems to be missing in the proxypass setting for port 80).
I'm not an apache buff but maybe it works if you configure your proxy settings for port 80 in the same way:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://10.0.1.141:9001/?site=electronics
ProxyPassReverse / http://10.0.1.141:9001/?site=electronics
ServerName localhost
</VirtualHost>
Just some more info: Apart from the site parameter approach you can also use a host name approach.
Not sure if you have access to the hybris wiki, but here are some more details:
https://wiki.hybris.com/display/pmtelco/Using+Modulegen+to+Create+a+B2C+Telco+Setup#UsingModulegentoCreateaB2CTelcoSetup-AccessingtheStorefront
(its for Telco accelerator, but it works the same for any other storefront).
Not sure how that works together with apache, I assume you have to setup some sub domains or something.
Does it work if you try to access apache on https directly? (There it seems you have the correct url containing the site parameter).
Note: The site parameter is basically only needed for the first http request of a session. It is used to determine which storefront, i.e. BaseSite is supposed to be used. All subsequent requests (of the same session) shouldn't require the site parameter.
Hope that helps!
Your http config is fine. Your https config is wrong.
Do not put ?site=electronics or anything like that in your apache config.
The site detection works based on the URL. In the sample data you are using that is at least a regex looking for "electronics" in the hostname.
One single apache config will be able to support all sites. You do not need to specify the site. You do not need to specify /yacceleratorstorefront.
Simply edit your hosts file to include "10.0.1.141 electronics.rtfm"
Now access http://electronics.rtfm/
You can avoid adding the site in the URL by going in HMC: WCMS > Websites
Under the Properties tab, add a new URL pattern that will match your site.
Once it is done, URLs that match the site's pattern will automatically use that site.
Using URL patterns for each site will simplify the web server's configuration.
I have multiple web servers running on a given machine (Apache, Tomcat, custom Python servers). I have Apache listening on port 80, as is the standard setup. In order to access one of my other servers over this port, I setup a ProxyPass in Apache like this:
ProxyPass / http://[mydomainname]:8880/
ProxyPassReverse / http://[mydomainname]:8880/
It works. When you browse to the domain name, with no port spec (since 80 is implied), instead of reaching the Apache root, you are transparently redirected to the root of another server on the machine (a Twisted server) listening on port 8880.
Here's the problem. It seems I have blocked anything from reaching my Apache files now. Is there a way to override that root proxy pass for various sub directories? For example, if you browse to mydomain/test can I get that to work as though I had no proxy pass at all, rather than routing that to a path on the port 8880 server?
I found the answer on the SO thread: ProxyPass and DocumentRoot on one domain.
BEFORE the root ProxyPass directive, just add a ProxyPass exclusion and a directory alias. Note: repeat for each Apache sub directory to be exposed.
ProxyPass /MySubDirectory !
Alias /MySubDirectory /var/www/html/MySubDirectory
My work runs a couple different internal web apps on an ubuntu server (10.10) running apache. I'm currently developing another web app, and am seriously considering developing on top of a custom-built node.js web server. My reasoning for wanting to do this is:
Speed/Scalability
Security - Pages will be served with a switch...case, instead of just serving the (potentially malicious) user whatever they ask for.
Ease of setup - my intentions are for this to be an open-source project, and node.js is much easier for users to set up, rather than dealing with apache/IIS/etc.
My question is, on a server where I've got apache listening to port 80, how can I pass off a certain subdomains to node.js. I've seen a couple articles about using apache virtual hosts to pass it off, but that seems to defeat the purpose of using node.js. If I have to go through apache, then all three of my reasons for avoiding apache/IIS have voided themselves.
I know I could use a different port (:8080?), but from an end-user standpoint, it's pretty confusing having to put in custom ports. Any alternative ideas?
Thanks
<VirtualHost *:80>
ServerName subdomain.yourdomain.com
ProxyPreserveHost on
ProxyPass / http://localhost:8080/
</VirtualHost>
Thanks to http://www.chrisshiplet.com/2013/how-to-use-node-js-with-apache-on-port-80/
if socket.io node is running, be sure to enable also few apache mods:
a2enmod proxy
a2enmod proxy_balancer
a2enmod proxy_express
a2enmod proxy_http
in file /etc/apache2/sites-available/chat.example.com.conf
<VirtualHost *:80>
ServerName chat.example.com
<Location "/">
ProxyPreserveHost On
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
</Location>
</VirtualHost>
then of course service apache2 reload
How about doing things the other way round : bind node to port 80, handle the traffic targeted at the subdomain and use it as a reverse proxy to apache for everything else ?
Let me start from the ground up:
You have a DNS. And a dns server maps one DNS to one IP!
You then have apache running on your computer that listens for connections on port 80 for http:// and on port 443 for https://. http://example/ is actually a request on http://example:80/.
You can't use node.js to listen on the same machine on the same port as apache. That's why using port 8080 is viable.
You can also map the subdomain to a different IP. The only caveat here is that you need to have a public IP Address.
You can't serve port 80 from both Apache and node.js. Having Apache as a reverse proxy wouldn't be much efficient and that's why nginx is popular in this scenario. Other alternative than nginx based reverse proxy can be as Khez suggested mapping your subdomain to different IP address which will node.js program listen to or maybe use node.js itself as a reverse proxy for Apache.
You could configure a virtual host in apache for your new site and add a permanent redirect within it to the localhost and port used by node.js.
This is how I do it on a server with several other virtual hosts and my node.js application running on port 3000:
NameVirtualHost *:80
[Other virtual hosts omitted for brevity]
...
ServerName mynewsite.com
RedirectMatch (.*) http://localhost:3000$1
How can I set up a reverse proxy with mod_proxy without redirecting to another server or IP? This will be a virtual host environment. The reason I want to do this is so that mod_proxy handles the communication with the client's browser thereby freeing up web server processes to serve the next request instead of feeding the client's browser. This is especially important when using language modules such as mod_php with MPM Prefork. The flow that I'm trying to achieve is:
1. The traffic resolves to www.mydomain.com on port 80.
2. The proxy sends the request the web server.
3. The web server sends the answer back to the proxy and disconnects from the proxy.
4. The proxy feeds the client browser.
Once that is working I want to add nginx at the same IP address but for port 81 and proxy image requests to nginx on the same server. I do not want nginx handling the proxy nor do I want FCGI anything. I want my standard Apache mod_rewrite and .htaccess to work.
Thanks Tons!
Simply redirect to the localhost on a different port? Host your application on port 8080, and use mod_proxy to forward the requests:
ProxyPass /foo http://localhost:8080/foo
ProxyPassReverse /foo http://localhost:8080/foo
This may be helpful if you have application servers that are handling requests and you want multiple instances combined on a single machine. You can use one port per application server.
I don't know if it really would be faster than just using mod_php directly. Proxying requests also adds overhead.
Make sure you also use load these 2 modules
LoadModule proxy_module bin/mod_proxy.so
LoadModule proxy_http_module bin/mod_proxy_http.so
ProxyPass /TeamCity http://localhost/TeamCity
ProxyPassReverse /TeamCity http://localhost/TeamCity