I am trying to setup a server with multiple web applications which will all be served through apache VirtualHost (apache running on the same server). My main constrain is that each web application must use SSL encryption. After googling for a while and looking other questions on stackoverflow, I wrote the following configuration for the VirtualHost:
<VirtualHost 1.2.3.4:443>
ServerName host.domain.org
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
</VirtualHost>
Even though https://host.domain.org:8443 is accessible, https://host.domain.org is not, which defeats the purpose of my virtual host configuration. Firefox complains that even though it successfully connected to the server, the connection was interrupted. Chrome return an error 107: net::ERR_SSL_PROTOCOL_ERROR.
Finally I should also mention that the virtual host works perfectly fine when I do not use SSL.
How can I make this work ?
Thanks
You don't need to configure SSL in both Apache and Tomcat.
The easiest way to accomplish that is configure SSL just on Apache and proxy to tomcat using http.
Related
I've read a lot of questions and answers which seem exactly the same as mine, but I can't seem to get my setup to work. I have a VM running Apache with only HTTP support at 192.168.2.101:32773. I can access it on my local network as such just fine. I now am ready to expose it through my Apache web server that has Lets Encrypt setup to generate SSL certificates. So I added this to my server conf file:
<VirtualHost *:32773>
ServerName server.com
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://192.168.2.101:32773/
ProxyPassReverse / http://192.168.2.101:32773/
</VirtualHost>
However, I get an ERR_SSL_PROTOCOL_ERROR when I try to load it up as https://server.com:32773. If I however change my address to http://server.com:32773, it loads just fine. Anything look wrong in this snippet? Thanks!
HTTP and HTTPS need to be on different ports. Typically HTTPS is served on port 443.
This is embarrassing... At some point I changed my port forward rules to point 32773 directly to 192.168.2.101 so I could validate that the rules were working at all. The above config worked as soon as I realized I wasn't even sending traffic to my Apache SSL enabled server.
Good day,
I have a Apache server (10.8.111.67), I configure it to ProxyPass to my app server http port (10.8.1.63), its work. The thing I do in httpd.conf is just as follow:
ProxyPass "/mfp" "http://10.8.1.63:9080/mfp"
ProxyPassReverse "/mfp" "http://10.8.1.63:9080/mfp"
However, I should proxy pass to https url instead of http.
I google around, found that I need to configure something in the ssl.conf, the following is what I plan to do:
<VirtualHost 10.8.111.67:80>
SSLEngine on
SSLCertificateFile ???
SSLCertificateKeyFile ???
ProxyPass "/mfp" "http://10.8.1.63:9080/mfp"
ProxyPassReverse "/mfp" "http://10.8.1.63:9080/mfp"
</VirtualHost>
I am not sure that what cert actually I should put for SSLCertificateFile, is it cert from app server? I can use openssl command to download it?
And for the SSLCertificateKeyFile, what file I should put inside? private key from app server? May I know how to generate the private key from web server? I run ssh-keygen, I got the id_rsa.pub and id_rsa.
Kindly advise.
Kindly notify me if I am doing something wrong.
You don't need to configure certificates in virtualhost just to proxy to a SSL backend.
To reverse proxy to a SSL backend you just need to make sure mod_ssl is loaded and that you have the directive: SSLProxyEngine on to let the reverse proxy do it to an SSL backend.
Loading certificates in virtualhost is for virtualhosts that will listen to SSL connections, mainly virtualhosts with 443 port.
So based in your description to reverse proxy to the SSL backend, aside from the mod_ssl module loaded what you want is:
<VirtualHost 10.8.111.67:80>
ServerName youshouldefinethisalways.example.com
SSLProxyEngine on
ProxyPass /mfp https://backend-server.example.com/mfp
ProxyPassReverse /mfp https://backend-server.example.com/mfp
</VirtualHost>
I keep running into an issue with Apache's mod_proxy where it won't forward any traffic. I'm using a Windows Azure virtual machine running Ubuntu 13.04 and have configured the proper HTTPS endpoint (port 443) for it. The proper Apache modules (proxy, ssl, etc.) are all installed, and the error logs show nothing, not even a warning to explain why this is happening. My VirtualHost setup is as follows:
<VirtualHost *:443>
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
ServerName www.example.com
SSLEngine On
#SSLProxyEngine On
SSLCertificateFile /ssl/my.com.crt
SSLCertificateKeyFile /ssl/my.key
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
SSLRequireSSL
Order deny,allow
Allow from all
</Location>
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
I have Listen 443 and NameVirtualHost *:443 all set as well. My service on the other port is running fine as doing a wget responds with an HTTP 200 OK response and I can reach it by manually inputting the port number. I have disabled all firewalls (for testing) to no avail as well. However, whenever I try to reach the service from the outside world through mod_proxy (port 443), the request times out and I get the usual "website not available" browser error.
If it means anything, the app I am running on the other port I need to forward HTTPS traffic to is a Play Framework 2.1 application. I set the server up exactly as in their documentation but still have these problems, so I'm assuming it may have something to do with Azure.
Any ideas? Is there some other type of endpoint configuration that I need to do specific for Windows Azure virtual machines to support SSL/TLS?
So, apparently, I have no idea how or why - but the Azure Gods decided to shine upon my setup all of a sudden. Overnight, without so much as a reboot or anything, mod_proxy on Azure just started working. I have no idea what the issue was, or even if there was one in the first place, but apparently the problem lies with something in the Azure infrastructure.
Sorry I couldn't be of more help for others encountering similar issues, but just giving it time worked for some unknown reason.
What I'm basically trying to accomplish is having my main website running a CMS written in Go. This will be located at www.example.com.
I also have applications written in PHP located in directories, such as www.example.com/clients/
How can I serve example.com/clients using Apache/PHP while serving example.com using Go built-in web server?
Via mod_proxy in Apache2, you can proxy different paths into different destinations at localhost or anywhere else accessible by your server, including within your local network (if your server can access it).
For this you would use ProxyPass (Apache2 Docs for ProxyPass, which is very useful reading) like the example below:
<VirtualHost *:80>
ServerName some.example.host.xyz
DocumentRoot /var/www/your-document-root
Alias /clients/ /var/www/clients/
ProxyPass /clients/ !
ScriptAlias /something-using-cgi/ /var/www/cgi-stuff/
ProxyPass /something-using-cgi/ !
ProxyPreserveHost On
ProxyPass / http://localhost:9876/
ProxyPassReverse / http://localhost:9876/
ProxyPass /elsewhere/ http://elsewhere.example.host.xyz:1234/
ProxyPassReverse /elsewhere/ http://elsewhere.example.host.xyz:1234/
</VirtualHost>
You'll want to be sure that you set your proxy security such that external users can't use your reverse proxy as a forward proxy, too. You can do that via ProxyRequests as described in the official Apache2 docs. The way I did this on a server is to put this in your server-wide config (you should verify on your own that this is secure enough):
# disables forward proxy
ProxyRequests Off
Andrew Gerrand has a good blog post about this for nginx but the principle is the same for Apache.
You want to set up Apache as a reverse proxy for requests coming in for the Go application.
For Apache you want to look at mod_proxy
I have 3 tomcat instances running on Windows Server 2008 machine. Each one with one app:
http://host:8080/app0
http://host:8081/app1
http://host:8082/app2
How I can configure my server to map an address without the port number?
http://host/app0
http://host/app1
http://host/app2
Is it a tomcat configuration or something with DNS?
Thanks.
Ok, I tried the following:
Set up the Apache 2.2
Configure httpd.conf loading proxy modules
And add a proxy module configuration:
ProxyRequests Off
ProxyPass /app1 http://machine:8081/app
ProxyPassReverse /app1 http://machine:8081/app
<Location "/app">
Order allow,deny
Allow from all
</Location>
Now the redirect works well local in the machine. But it doesn't works when I try access from another machine in the same network. (this another machine can ping 'machine' host. And I tried putting the ip number too).
You can use nginx (http://nginx.org/en/docs/) as proxy for example.
Try simply (no load balancing etc.):
server {
listen here.your.ip:80/YourApp;
location / {
root /path/to/your/webapp;
proxy_pass http://host:8080/YourApp;
}
}
Same way for other ports
It is quite common to use multiple Tomcats behind Apache to do load balancing. While this is not load balancing the principle is the same. Instead of having one application with 3 load-balanced Tomcat workers, you would have 3 applications with 1 tomcat worker each.
You can find the tomcat documentation here: http://tomcat.apache.org/connectors-doc/
Try mod proxy configuration on below code in httpd:
ProxyPass /app0 http://localhost:8080/app0/
ProxyPassReverse /app0 http://localhost:8080/app0/
ProxyPass /app1 http://localhost:8081/app1/
ProxyPassReverse /app1 http://localhost:8081/app1/
ProxyPass /app2 http://localhost:8082/app2/
ProxyPassReverse /app2 http://localhost:8082/app2/