Change name of local web service - dns

I setup a local guacamole server for people in my work to access several VM's that we have running in the server. IN order to access guacamole the have to type http://ip:port/guacamole or after the host override I did in my pfsense DNS resolver http://guac.loc:port/guacamole. The problem is that even that some times is problematic for some of them so I want to do something like http://guac.loc so they can remember it easily. I did it for some with the hosta file but I can't different functionallities for some of them. So can anyone help on how to do that? Can I do it somehow from the web server? Or do I need to setup a DNS Server?

If I understand correctly, you want to have "simpler" URL, without port and "guacamole" path.
Guacamole by default runs under Tomcat on port 8080. However, you can put Apache in front of the Tomcat and proxy request to the guacamole. Apache can proxy and forward all requests to the Guacamole on the given port and path.
Something like the example below should work and also will redirect all http requests to the htpts. It is not mandatory to have SSL enabled, you can proxy http as well.
<VirtualHost *:80>
ServerName guac.loc
Redirect permanent / https://guac.loc/
</VirtualHost>
<VirtualHost *:443>
ServerName guac.loc
SSLEngine on
SSLCertificateFile /etc/ssl/certs/guac-loc.cer
SSLCertificateKeyFile /etc/ssl/private/guac-loc.key
SSLCACertificateFile /etc/ssl/certs/guac-loc-ca.crt
<Location /guacamole/>
ProxyPass http://localhost:8080/guacamole/ flushpackets=on
ProxyPassReverse http://localhost:8080/guacamole/
Order allow,deny
Allow from all
</Location>
</VirtualHost>

Related

Why is my httpd.conf setup routing to https?

I have a number of domains, each one pointing to my server IP..
I've pinged each domain to check the DNS, That's fine, all domains are pointing to the correct server.
All my domains route through the httpd.conf correctly via HTTP, except one domain where for some reason the Http <Virtual: *:80> entry is forwarding to https: (https://preprod.testsite.org.uk) - For security, this isn't the real URL.
Why would this entry fail when the others are fine?
Is there some way of debugging or tracing through the request from the DNS through to the server, through to the httpd.conf?
<VirtualHost *:80>
DocumentRoot "/var/www/html/testsite/production"
ServerName preprod.testsite.org.uk
<Directory /var/www/html/testsite/production>
DirectoryIndex index.php
order allow,deny
allow from all
AllowOverride all
</Directory>
</VirtualHost>
DNS has nothing to do with HTTP to HTTPs redirection.
Test it using curl (-v option) and check if the server is sending a Location to the client telling him to connect over HTTPs.
If curl says there's no redirection to https, might be the application itself telling the client to connect over https OR, maybe, some entry in browser HSTS cache.

How can I make a ProxyPass work for all pages without defining a new rule for each page

I'm very new to setting up apache configs. The docs don't make much sense to me, I have a node app running on a port that functions as a website, but I want to be able to connect to it with my domain. I've been looking around and figured I need to use a ProxyPass to redirect traffic from port 443 (https) to the port the app is running on (I already use apache for other stuff so I didn't want to switch). And it works generally, but is there a way to make only a single ProxyPass rule that will handle all pages (e.g. I go to https://example.com/ it will use https://localhost:4450/ and if I go to https://example.com/example it will use https://localhost:4450/example and for all other pages).
I would think I need a RewriteRule, but I don't really understand how I can get the page (whatever is after the first / or none) using it.
You simply run apache as a reverse proxy here is an example configuration:
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/file.pem
ProxyPreserveHost On
ServerName localhost
ProxyPass / http://0.0.0.0:4450/
ProxyPassReverse / http://0.0.0.0:4450/
</VirtualHost>
and you have to enable the proxy modules like that
a2enmod proxy
a2enmod proxy_http

Apache reverse proxy configuration issue

i have a problem with setting up an apache reverse proxy server and hope you can help.
I have 3 ubuntu web servers, available on https://service1.domain.com, https://service2.domain.com:4433 and so on...
Now, i will access these servers without typing the port in the addressbar.
So my idea is to use an reverse proxy server, that i can type in service2.domain.com and it redirects to service2 (https).
I installed an ubuntu server with apache and enabled the modules:
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
Then i set up the 000-default.conf on the proxy with the following content:
<VirtualHost service1.domain.com:80>
ProxyPreserveHost On
ProxyPass / https://service1.domain.com/
ProxyPassReverse / https://service1.domain.com/
</VirtualHost>
<VirtualHost service2.domain.com:80>
ProxyPreserveHost On
ProxyPass / https://service2.domain.com/
ProxyPassReverse / https://service2.domain.com/
</VirtualHost>
The ports 80 and 443 on the router are forwarded to the proxy server.
On the service(1-3) servers, SSL is enabled with certificates from Lets Encrypt.
Now, if i try to open site service1.domain.com, i get an error (cert_name).
The sites now should not be accessible directly, because there is no port forwarding anymore.
My question is now, how is the right config for reverse proxies? Do i need to enable a certificate for each service also on the proxy server?
Thank you for your help!
Not exactly sure what your end goal is. The certificate is for the client facing server. If you want people to hit the site without having to set the port, you can use the Redirect statement in the virtual host config.
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://www.example.com
</VirtualHost>
Which would forward any non ssl traffic to use the ssl virtual host.

Hide remote Node URL when reverse proxying with Apache

I have a CentOS VPS which is serving HTTP requests via Apache and delivers a HTML site. I am also hosting a Ghost blog on the same VPS, which listens on port 2368. Therefore the main site can be accessed via www.domain.co.uk and the Ghost blog via www.domain.co.uk:2368/blog.
I have configured a Reverse Proxy via Apache so that the port can be hidden from the user, i.e. www.domain.co.uk/blog proxies to www.domain.co.uk:2368/blog.
Is it possible for me to 'hide' the original blog URL so that a user never sees the 2368 port? Therefore, if a user ever accesses www.domain.co.uk:2368/blog this will actually 'redirect' to www.domain.co.uk/blog.
I guess something like a proxy from www.domain.co.uk:2368/blog -> www.domain.co.uk/blog; though this would have to be handled by the node application as it listens on that port?
Virtual Host configuration is as such:
<VirtualHost *:80>
ServerName www.domain.co.uk
ServerAlias domain.co.uk
DocumentRoot /var/www/domain.co.uk/public_html
ErrorLog /var/www/domain.co.uk/error.log
CustomLog /var/www/domain.co.uk/requests.log combined
ProxyRequests Off
ProxyPass /blog http://127.0.0.1:2368/blog
ProxyPassReverse /blog http://127.0.0.1:2368/blog
</VirtualHost>

Exposing a webserver not listening on port 80

My question is probably trivial and a duplicate, but either I cannot formulate it or it's not been answered on SO yet.
I have two webservers on a Digital Ocean droplet. One is listening on port 80 and can be accessed via example.com (DNS are on route 53), and the other is on port 8080: how can I make it accessible from example-2.com?
I suppose the software I'm looking for would intercept the HTTP requests, check the referrer, and route those coming from example.com to port 80 and those coming from example-2.com to port 8080. What is it?
This can not be done using only DNS. By default web browsers attempt to connect to port 80 when the url starts with "http" without specifying a port. The user would have to know to connect to port 8080 and explicitly access the URL as
http://example-2.com:8080
I am assuming you are running both web server instances on the same OS environment/IP address, though this would also work for separate hosting environments. What you probably want is a reverse web proxy which can inspect the requested domain name and route to an appropriate server instance. You would run the reverse web proxy on port 80, and probably move the server you are currently running on port 80 to another port (say, 8081).
Apache with mod_proxy and the virtual hosting settings is a possible solution. Assuming example.com and example-2.com point to the Apache instance configure it something like this:
<VirtualHost *:80>
ServerName example.com
ServerAdmin webmaster#example.com
ProxyRequests off
ProxyPreserveHost on
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
</VirtualHost>
<VirtualHost *:80>
ServerName example-2.com
ServerAdmin webmaster#example-2.com
ProxyRequests off
ProxyPreserveHost on
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
</VirtualHost>

Resources