Enable Cookies for reverse Proxy and Apache2 - web

i try to access an application on a tomcat server via a reverse proxy and apache2.
The reverse proxy is working just fine, but the application throws an error, that cookies are disabled.
I googled but nothing helped.
My vhost.conf file:
<VirtualHost *:80>
ServerName testcms.mydomain.de
ServerAdmin webmaster#localhost
DocumentRoot /var/www/cms
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/opencms/
ProxyPassReverse / http://127.0.0.1:8080/opencms/
ProxyPassReverseCookieDomain http://localhost:8080/opencms testcms.mydomain.de
ProxyPassReverseCookiePath / /cms/Cookies
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =testcms.mydomain.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName testcms.mydomain.de
ServerAdmin webmaster#localhost
DocumentRoot /var/www/cms
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/opencms/
ProxyPassReverse / http://127.0.0.1:8080/opencms/
ProxyPassReverseCookieDomain 127.0.0.1:8080/opencms/ testcms.mydomain.de
ProxyPassReverseCookiePath / /cms/cookies
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/testcms.mydomain.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/testcms.mydomain.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
The ProxyPassReverseCookieDomain and ProxyPassReverseCookiePath should help, but they dont.
Did I miss something while implementing the reverse proxy?
Thanks for the help!

Related

Apache2 Proxy Websocket connections

i followed many tutorials on how to add reverse proxy on Nodejs applications, i installed one on my VPS that uses websocket, this is my apache2 config.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName tracker.local.dev
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://127.0.0.1:8085/
ProxyPassReverse / http://127.0.0.1:8085/
SSLProxyEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/tracker.local.dev/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tracker.local.dev/privkey.pem
</VirtualHost>
# vim: syntax=apache ts=4</VirtualHost>
</IfModule>
I can connect to the NodeJS App but it won't connect the Websocket, i already enabled every module and checked everything on my config, but i can't make it work.

Certbot certificates not working on Apache for multiple Flask sites sharing an IP address

After two days of trying, I am completely at a loss with adding a certificate to my second domain. Here is my situation:
What works:
I have a dynamic site (domain1 / site1) hosted on a Digital Ocean droplet running Ubuntu. It is served using Apache and uses the Flask microframework. Everything works correctly, and I was able to install a Let's Encrypt certificate successfully using certbot.
I have added a second dynamic site (domain2 / site2) to the same droplet, sharing the single IP across the two domains/sites. I was able to get this working by following this answer: hosting multiple Flask apps for unique domains. Now I can:
(1) visit site1 via domain1 over HTTPS like I always could
(2) visit site2 via domain2 over HTTP.
What doesn't:
The problem comes in when I try to add a new Let's Encrypt certificate to site2/domain2. The tutorial at Digital Ocean and the certbot documentation suggest all I need to do is run certbot again with the new domain. A new certificate is created, but best case scenario, site1 becomes a "potential security risk" and site2 is still insecure.
Below are the contents of /etc/apache2/sites-available/ files BEFORE I attempt to install the second certificate.
000-default.conf
<VirtualHost *:80>
<Directory /var/www/FlaskApp>
Options +ExecCGI
DirectoryIndex index.py
</Directory>
AddHandler cgi-script .py
ServerAdmin webmaster#localhost
DocumentRoot /var/www/FlaskApp
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
FlaskApp.conf
<VirtualHost *:80>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =audiologysource.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail#email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.wsgi
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
FlaskApp-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/audiologysource.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/audiologysource.com/privkey.pem
</VirtualHost>
</IfModule>
My /var/www directory is organized like this:
\var\www
|
└─── FlaskApp
| | flaskapp.wsgi
| |
| └─── FlaskApp
| | __init__.py
| |
| └─── static
| └─── templates
| | home.html
| |
| └─── venv
|
└─── PersonalSiteApp #same as FlaskApp
| flaskapp.wsgi
|
└─── FlaskApp
| __init__.py
|
└─── static
└─── templates
| home.html
|
└─── venv
Here are the same files AFTER I run certbot and reload Apache:
sudo certbot --apache -d travismmoore.com -d www.travismmoore.com
000-default.conf: unchanged
FlaskApp.conf
<VirtualHost *:80>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =audiologysource.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanen$
</VirtualHost>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail#email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =travismmoore.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanen$
</VirtualHost>
FlaskApp-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias travismmoore.com
SSLCertificateFile /etc/letsencrypt/live/travismmoore.com/fullchain.p$
SSLCertificateKeyFile /etc/letsencrypt/live/travismmoore.com/privkey.$
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail#email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail#email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/travismmoore.com/fullchain.p$
SSLCertificateKeyFile /etc/letsencrypt/live/travismmoore.com/privkey.$
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Any help is greatly appreciated!

I thought I'd update this with what ended up working for those who run into the same issue. I ended up having to remove all the certificates, then add them one at a time manually, using:
sudo certbot --manual certonly -d domain_1.com -d www.domain_1.com
sudo certbot --manual certonly -d domain_2.com -d www.domain_2.com

Using wordpress for /blog route in nodejs website not working

I created a vhost like this in my apache2 server configuration:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName test.co
ServerAdmin webmaster#localhost
#wordpress
Alias /blog "/var/www/test_wp/public_html"
<Directory "/var/www/test_wp/public_html">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLCertificateFile /etc/letsencrypt/live/test.co/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/test.co/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I'm using alias to redirect /blog url (test.co/blog) to wordpress folder in my server.
i'm using proxypass for the nodejs website.
But when i hit test.co/blog , it shows 404 not found, in my nodejs website

Follow this: Exclude an alias from virtualhost proxypass
Add this line :
ProxyPassMatch ^/blog !
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/

Apache ProxyPass not loading Resources

I configured apache proxypass and it's working but not loading images, javascript, CSS etc... I want to proxypass to another server, not localhost. Below is my configuration.
see error image
<VirtualHost *:80>
ServerName app.server.com
DocumentRoot /var/www/html/subdomain
RewriteEngine on
ProxyRequests Off
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPass /apm http://192.168.1.102:9999/
ProxyPassReverse /apm http://192.168.1.102:9999/
</virtualHost>

After some research and reading some tutorials I got a solution.
<VirtualHost *:80>
ServerName app.server.com
DocumentRoot /var/www/html/subdomain
RewriteEngine on
ProxyRequests Off
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPass / http://192.168.1.102:9999/
ProxyPassReverse / http://192.168.1.102:9999/
</VirtualHost>

Apache virtualhost configuration

I am tring to set two virtual host (example.com.conf and test.com.conf):
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
and
<VirtualHost *:80>
ServerAdmin admin#test.com
ServerName test.com
ServerAlias www.test.com
DocumentRoot /var/www/test.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
The problem is that if I go on localhost in my browser it is shown the website www.example.com. If I type localhost/test.com there is error not found. My goal should be to address both website with localhost/example.com and localhost/test.com.

Sounds like you could use the ServerPath directive for apache, in your case something like this should work:
<VirtualHost 127.0.0.1>
# primary vhost
DocumentRoot "/var/www/example.com"
RewriteEngine On
RewriteRule "." "/var/www/example.com/public_html"
# ...
</VirtualHost>
<VirtualHost 127.0.0.1>
DocumentRoot "/var/www/example.com/public_html"
ServerName localhost
ServerPath "/example/"
RewriteEngine On
RewriteRule "^(/sub1/.*)" "/var/www/example$1"
# ...
</VirtualHost>
<VirtualHost 127.0.0.1>
DocumentRoot "/var/www/test.com/public_html"
ServerName localhost
ServerPath "/test/"
RewriteEngine On
RewriteRule "^(/sub2/.*)" "/var/www/test$1"
# ...
</VirtualHost>
The first Vhost would be so that localhost defaults to example.com page.

if you want to browse to these folders under any virtual host, like http://localhost/test.com, then you simply need an alias directive inside a location tag appended to the end of any active virtual host
<VirtualHost *:80>
ServerName localhost
ServerAdmin webmaster#localhost
DocumentRoot /var/www
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<Location "/example.com">
Alias "/var/www/example.com/public_html"
</Location>
<Location "/test.com">
Alias "/var/www/test.com/public_html"
</Location>
Or you can put it inside the virtual host if you don't want it available anywhere else
<VirtualHost *:80>
ServerName localhost
ServerAdmin webmaster#localhost
DocumentRoot /var/www
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location "/example.com">
Alias "/var/www/example.com/public_html"
</Location>
<Location "/test.com">
Alias "/var/www/test.com/public_html"
</Location>
</VirtualHost>

Resources