I have a web application in node js, which is running on port 3000. I can't get it to work with the ssl certificates, I get the following:
/etc/apache2/domain.conf configuration is:
<VirtualHost *:443>
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPreserveHost on
ProxyPass / https://***.es:3000/
ProxyPassReverse / https://***.es:3000/
SSLEngine on
SSLCertificateFile /certs/certificateSSL.crt
SSLCertificateKeyFile /certs/keySSL.key
SSLCertificateChainFile /certs/DigiCertCA.crt
ServerAdmin webmaster#localhost
ServerName ***.es
ProxyRequests Off
ServerAlias www.***.es
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
It looks like the ssl is correct, but I can't fix the proxy error:
And I get the following error when I tail /var/log/apache2/error.log:
[Mon Jan 16 17:47:29.698548 2023] [proxy_http:error] [pid 22330:tid 140606592464640] [client ****:54470] AH01097: pass request body failed to *****:3000 (****.es) from **** ()
What can i do?
Thank you so much!!!
Given that you ProxyPass to something at port 3000 and it is a common setup to have some backend at this port which is not by itself https enabled you likely have your ProxyPass (and ProxyPassReverse) directive wrong. Try to use it with http://..., not https://... - the method should reflect what protocol the internal server actually speaks and not what protocol you want to use for the reverse proxy.
Related
I have my NodeJS application running on example.com:3000. Obviously, this would be unpresentable to have to tell a user to type in :3000. I want it running on example.com, and I cannot set Node to :80 since my Apache PHP front end is on :80.
I am running CentOS 8. I created a file called proxy.conf in /etc/httpd/conf.d and dropped the following lines in it.
<VirtualHost *:80>
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
ProxyRequests On
ProxyPass / http://localhost:3000
ProxyPassReverse / http://localhost:3000
</VirtualHost>
But, it's just going to my regular non node page.
The question is, how does apache know you when you want the PHP server, or when you want the Node server. You need to split them by ServerName.
You need a ServerName attribute so that apache knows to send that VirtualHost to the other process.
<VirtualHost *:80>
// PHP Server
ServerName example.com www.example.com
</VirtualHost>
<VirtualHost *:80>
// Node Server
ServerName node.example.com
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
ProxyRequests On
ProxyPass / http://localhost:3000
ProxyPassReverse / http://localhost:3000
</VirtualHost>
Additionally, you will have to put node.example.com within DNS.
I am new to asp.net core. I read the whole Microsoft official document and able to host the application in Linux Apache server. But I want to host multiple asp.net core web applications under a single IP Address. Please, anyone have the solution post here.
Thanks in Advance
The official document shows us a way to use Apache as a reverse proxy :
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ServerName www.example.com
ServerAlias *.example.com
ErrorLog ${APACHE_LOG_DIR}helloapp-error.log
CustomLog ${APACHE_LOG_DIR}helloapp-access.log common
</VirtualHost>
Basically, this configuration will make Apache listens on *:80 and proxy any HttpRequest whose ServerName equals www.example.com to http://127.0.0.1:5000/.
This is how Apache used as an proxy to ASP.NET Core works.
As for your question, suppose you have two asp.net core web applications:
the first one is called WebApp1 and listens on 0.0.0.0:5000 .
and the other is called WebApp2 and listens on 0.0.0.0:6000 .
Your Apache server listens on 0.0.0.0:80. For any incoming http request,
when Host equals www.webapp1.org, proxy this request to 0.0.0.0:5000
when Host equals www.webapp2.org, proxy this request to 0.0.0.0:6000
So you could add two proxies :
proxy 1 :
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ServerName www.webapp1.org
ServerAlias *.webapp1.org
ErrorLog ${APACHE_LOG_DIR}webapp1-error.log
CustomLog ${APACHE_LOG_DIR}webapp1-access.log common
</VirtualHost>
proxy 2 :
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:6000/
ProxyPassReverse / http://127.0.0.1:6000/
ServerName www.webapp2.org
ServerAlias *.webapp2.org
ErrorLog ${APACHE_LOG_DIR}webapp1-error.log
CustomLog ${APACHE_LOG_DIR}webapp2-access.log common
</VirtualHost>
We are using a combination of Apache Server and NodeJs (Express) for a website.
Without SSL, the Apache used to listen to port 80 and Nodejs to port 8080.
Now, I am installing SSL on the website. The Apache is set to listen to port 443. I tried to make the Nodejs listen to port 8443, 3333 etc. - setting the AWS Security Group as "Custom TCP" for the port. The problem is I am not getting any response from the Nodejs server.My hunch is that the problem is with the EC2 security group setting but cannot really put a finger on the exact issue.
The server is created for Nodejs as following :
var https = require('https');
var fs = require('fs');
...
...
var https_options = {
ca: fs.readFileSync ("/path/to/cabundle.ca-bundle", "utf8"),
key: fs.readFileSync("/path/to/sslkey.key", "utf8"),
cert: fs.readFileSync("/path/to/certificate.crt", "utf8")
};
var app = express();
var server = https.createServer(https_options, app);
....
....
server.listen(8443 or 3333);
Starting the Server does not cause any error.
Browser,from where I am calling the Nodejs server, does not show any error.
Any insight is appreciated.
After Arif pointed out that this can be solved by Apache settings, I am adding the Virtualhost seetings at
/etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName www.example.com
Redirect permanent / https://www.example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/mysite
Servername www.example.com
SSLEngine on
SSLCertificateKeyFile /path/to/sslkey.key
SSLCertificateFile /path/to/certificate.crt
SSLCertificateChainFile /path/to/cabundle.ca-bundle
<Directory /var/www/html/mysite>
AllowOverride All
Options FollowSymlinks
</Directory>
</Virtualhost>
The client side requests are sent to https://www.example.com:8443
First of all you need to enable ssl and reverse proxy apache module by following command
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
and then update apache ssl config(/etc/apache2/sites-available/default-ssl.conf) file bellow
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin admin#example.com
ServerName your_domain.com
ServerAlias www.your_domain.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/sslkey.key
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
<Proxy *>
Require all granted
</Proxy>
<Location />
ProxyPass http://localhost:8443
ProxyPassReverse http://localhost:8443
</Location>
</VirtualHost>
</IfModule>
now add ssl file and restart apache
sudo a2ensite default-ssl.conf
sudo service apache2 restart
Now it should work fine https://your_domain.com
Note: You must open http and https port from AWS console in security group
Sorry for delayed reply. The problem was the CSP settings which were not allowing HTTPS and WSS traffic.
Also, we needed to add
({secure: true})
while creating the client side Socket using socket.io. Now it is working fine. Thank you all for the inputs.
What I am trying to do
After running the command (export PORT=3000 && node server.js) my node.js app (StackEdit) is served at: http://example.com:3000/.
The command (export PORT=80 && node server.js) wouldn't work considering that Apache already uses port 80 on the server.
As I am new to Node.js, an easy way to make the node.js app available at http://example.com/ (i.e. port 80) would be to set up Apache as a reverse proxy.
Here's what I've tried
In /etc/apache2/sites-available/example.com.conf
Trial (1):
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/example.com/public
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/editor.aahanblog.com/logs/access.log combined
ProxyPass / http://example.com:3000/
ProxyPassReverse / http://example.com:3000/
</VirtualHost>
This simply shows the directory listing for the public directory. So, in this case the requests aren't reaching the node.js app.
Trial (2):
<VirtualHost *:80>
ServerName example.com
ServerAlias *.example.com
DocumentRoot /var/www/example.com/public
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /var/www/example.com/public>
ProxyPass http://mydomain:3000/
ProxyPassReverse http://mydomain:3000/
</Location>
</VirtualHost>
This doesn't work either. It takes me to some default apache page.
What I am missing here?
Change your Location directive as
<Location /> from <Location /var/www/example.com/public>
basically, Location directive is a prefix of the path component of the URL
I'm trying to get an SVN server up and running. CentOS 6.4, apache 2.2.15. More importantly, I need to have it running on https only. So I figure that I'll get ssl running first, as I've already tested it on port 80, and SVN works the way I want it to.
In /etc/httpd/ssl, I have ..
intermediate.crt wildcard.mycompany.com.crt wildcard.mycompany.com.key
We bought a wildcard certificate from GeoTrust, and I downloaded the intermediate.crt from their website. In /etc/httpd/httpd.conf, I have..
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin my.email#mycompany.com
ServerName hostname.mycompany.com
ErrorLog logs/error_log
CustomLog logs/access_log common
Redirect permanent / https://hostname.mycompany.com
</VirtualHost>
<VirtualHost hostname.mycompany.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/wildcard.mycompany.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/wildcard.mycompany.com.key
SSLCertificateChainFile /etc/httpd/ssl/intermediate.crt
ServerName hostname.mycompany.com
ServerAdmin my.email#mycompany.com
ErrorLog logs/subversion-error_log
CustomLog logs/subversion-access_log common
</VirtualHost>
I can connect to the server, but my browser tells me that the certificate is untrusted. So I'm guessing that there's an error in the permissions, or perhaps in the format of the file?
I can't see anything in the logs.
I set this up at home on my own server, but wasn't using a wildcard certificate.
Anyone care to advise as to what's gone wrong?
Thanks.