httpd proxy Error during SSL Handshake with remote server - node.js

I got these errors
The proxy server could not handle the request
Reason: Error during SSL Handshake with remote server
with this config but I replaced many option I can but still got same errors
vhost.conf
<VirtualHost *:80>
ServerName mydomain.org
ProxyRequests Off
<Location />
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
</Location>
RewriteEngine on
RewriteCond %{SERVER_NAME} =mydomain.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
vhosts-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName wiki.bakji.kr
SSLEngine On
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
ProxyRequests off
ProxyPass / https://localhost:3000
ProxyPassReverse / https://localhost:3000
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
how can I fix this..?

Related

RewriteRule problem with Proxy balancer Apache

I configured an apache web server as a reverse proxy to my nodejs application.
This is my apache conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyRequests Off
ServerName mywebsite.com
ServerAlias www.mywebsite.com
<Location /custom/>
ProxyPass http://localhost:8055/
ProxyPassReverse http://localhost:8055/
RewriteEngine On
RewriteRule ^(.*)\[eq\](.*)$ $1$2 [NE,NC,L]
RewriteRule ^(.*)%5Beq%5D(.*)$ $1$2 [NC,L]
</Location>
RedirectPermanent /custom https://mywebsite.com/custom/
RedirectPermanent / https://mywebsite.com/custom/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
For compatibility I needed to rewrite some url and I used the RewriteRule. This is an example of rewriting:
https://mywebsite.com/custom/items?[test][eq]=1&anothertest=2 become https://mywebsite.com/custom/items?[test]=1&anothertest=2
With the configuration above everithing works fine.
I decided to create another instance of my nodejs to load balancing the requestes. So I modified my apache conf to this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
<Proxy balancer://my-cluster>
BalancerMember http://localhost:8055
BalancerMember http://localhost:8056
ProxySet lbmethod=bytraffic
</Proxy>
ProxyPreserveHost On
ProxyRequests Off
ServerName mywebsite.com
ServerAlias www.mywebsite.com
<Location /custom/>
ProxyPass balancer://my-cluster/
ProxyPassReverse balancer://my-cluster/
RewriteEngine On
RewriteRule ^(.*)\[eq\](.*)$ $1$2 [NE,NC,L]
RewriteRule ^(.*)%5Beq%5D(.*)$ $1$2 [NC,L]
</Location>
RedirectPermanent /custom https://mywebsite.com/custom/
RedirectPermanent / https://mywebsite.com/custom/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
With this configuration everything works fine, execept for rewrited urls that are wrong.
Using the same example previously defined:
https://mywebsite.com/custom/items?[test][eq]=1&anothertest=2 become https://mywebsite.com/custom/items?[test]=1&anothertest=2/custom/items
Can you help me to find the solution?
Thanks in advance.

Apache Website + Nodejs backend + Websocket server

I'm trying to make my website works with a nodejs backend and a websocket server
my website is entirely in https
my node backend is on port 8080 with my websocket server on 8080
I made a virtualhost like that
<VirtualHost *:8080>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/example.com
ServerName www.example.com
ServerAlias example.com
<Directory /var/www/example.com>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Allow from all
Require all granted
</Directory>
<Directory /var/www/example.com/wp-content>
Options -Indexes +FollowSymLinks +MultiViews
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15553000; includeSubDomains; preload"
</IfModule>
ErrorLog /var/log/apache2/error.example.com.log
CustomLog /var/log/apache2/access.example.com.log combined
</VirtualHost>
But when I tried to go on myip:8080 it doesn't work and same for connecting to my websocket
What did I do wrong ?
Enable mod_proxy_wstunnel
Then you should be able to forward only your location to your websocket server.
ProxyPass /wssurl/ ws://127.0.0.1:8080/
Ok after a lot of work. I figured out. I think the problem come with the firewall when I installed my website.
so I have to proxypass everything on my secure connection.
The mod_proxy_wstunnel is not working because when I tried to connect with wss:// so I had to use rewriteEngine.
Here is my final working virtual host
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/example.com
ServerName www.example.com
ServerAlias example.com
<Directory /var/www/example.com>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Allow from all
Require all granted
</Directory>
<Directory /var/www/example.com/wp-content>
Options -Indexes +FollowSymLinks +MultiViews
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15553000; includeSubDomains; preload"
</IfModule>
ErrorLog /var/log/apache2/error.example.com.log
CustomLog /var/log/apache2/access.example.com.log combined
ProxyRequests On
ProxyPreserveHost On
ProxyPass /api/test http://localhost:8080
ProxyPassReverse /api/test http://localhost:8080
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://localhost:8080/$1" [P,L]
</VirtualHost>

How to redirect to https in Apache2

We are hosting magento site in AWS. I configured SSL using certbot and it automatically created conf file. But when I am trying to hit the URL. It is showing too many attempts. Below are the Apache2 configuration files.
mysite.conf
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/magento
<Directory /var/www/html/magento>
Allowoverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
mysite-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/magento
<Directory /var/www/html/magento>
Allowoverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
In Magento, I changed config_url to https://example.com
Error
This page isn’t working
mysite.com redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
Did you restart apache? It seems like you're hitting VHOST on port 80 and redirecting constantly.

How to redirect all traffic to https except subdomains

I have recently redirect all traffic to https but I want to keep my subdomains on http only. Please help me to sort out this.
this is my rewriterules
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
this is my virtual host code
<VirtualHost *:80>
ServerAdmin test#example.com
ServerName staging.example.com
ServerAlias staging.example.com
SetEnv ENVIRONMENT staging
DocumentRoot /var/www/staging/
ErrorLog /var/log/apache2/example_staging_error.log
CustomLog /var/log/apache2/example_staging_access.log combined
<Directory /var/www/staging>
AllowOverride All
Include /etc/apache2/sites-available/example_dir_rules.conf
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin test#example.com
ServerName example.com
ServerAlias example.com
SetEnv ENVIRONMENT production
DocumentRoot /var/www/production/
ErrorLog /var/log/apache2/example_production_error.log
CustomLog /var/log/apache2/example_production_access.log combined
<Directory /var/www/production>
Include /etc/apache2/sites-available/example_dir_rules.conf
</Directory>
</VirtualHost>
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
#Listen 443
<VirtualHost *:443>
SSLEngine on
SSLHonorCipherOrder On
-------------ssl code----------
ServerName example.com
-------------ssl code----------
ServerAdmin test#example.com
ServerName example.com
ServerAlias example.com
SetEnv ENVIRONMENT production
DocumentRoot /var/www/production/
ErrorLog /var/log/apache2/example_ssl_error.log
CustomLog /var/log/apache2/example_ssl_access.log combined
<Directory /var/www/production>
Include /etc/apache2/sites-available/example_dir_rules.conf
</Directory>
</VirtualHost>
Please help me to sort out this. Thanks in advance.
You have two choices.
1. Either you add a condition in your file to only match main domain
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Note that the rule to match www main domain can be removed since your main domain is example.com (no trace of www in your vhosts).
Warning: useless in some cases, you should not include the same file in all vhosts (see next point).
2. Or you can directly put a rule in example.com (http) vhost block. Indeed, others two (example.com for https and stagging subdomain) do not require rules to do what you want.
So, your config should look like this
<VirtualHost *:80>
ServerAdmin test#example.com
ServerName staging.example.com
ServerAlias staging.example.com
SetEnv ENVIRONMENT staging
DocumentRoot /var/www/staging/
ErrorLog /var/log/apache2/example_staging_error.log
CustomLog /var/log/apache2/example_staging_access.log combined
<Directory /var/www/staging>
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin test#example.com
ServerName example.com
ServerAlias example.com
SetEnv ENVIRONMENT production
DocumentRoot /var/www/production/
ErrorLog /var/log/apache2/example_production_error.log
CustomLog /var/log/apache2/example_production_access.log combined
<Directory /var/www/production>
Options +FollowSymlinks
RewriteEngine On
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</Directory>
</VirtualHost>
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
#Listen 443
<VirtualHost *:443>
SSLEngine on
SSLHonorCipherOrder On
-------------ssl code----------
ServerName example.com
-------------ssl code----------
ServerAdmin test#example.com
ServerName example.com
ServerAlias example.com
SetEnv ENVIRONMENT production
DocumentRoot /var/www/production/
ErrorLog /var/log/apache2/example_ssl_error.log
CustomLog /var/log/apache2/example_ssl_access.log combined
<Directory /var/www/production>
</Directory>
</VirtualHost>

apache proxy configuration for socket.io (project not in root)

I know there are several questions like this but i can't find one solving my problem for a project which is not in the server root.
I have the following situation: I have an Apache server which runs several projects like:
0.0.0.0/project1
0.0.0.0/project2
I added a node.js project let's call it nodeproject. With ProxyPass I am passing requests made to 0.0.0.0/nodeproject to 0.0.0.0:8080 where my node server is running. This is all working fine except the websocket configuration for socket.io.
In my /etc/apache2/apache2.conf file i placed this code to do the proxying. mod_proxy_wstunnel is enabeld Which i basically copied from here.
ProxyRequests off
ProxyVia on
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/nodeproject/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
ProxyPass /nodeproject/socket.io http://localhost:8080/socket.io
ProxyPassReverse /nodeproject/socket.io http://localhost:8080/socket.io
<Location /nodeproject>
ProxyPass http://localhost:8080
ProxyPassReverse http://localhost:8080
</Location>
The failing request looks like this:
ws://0.0.0.0/nodeproject/socket.io/?EIO=3&transport=websocket&sid=MDuVcHmt3T1sa8ruAAAa
and i get a Bad Request 400 response.
I am not an expert in configuring this kind of stuff where did I go wrong?
Thanks in advance!
You shouldn't put the rewrite conditional in the /etc/apache2/apache2.conf, but in the virtual host directive in /etc/apache2/sites-available/000-project-whatever.conf.
Here's an example from one of my own little projects.
<VirtualHost *:80>
ServerName sockey.api
ServerAdmin webmaster#localhost
DocumentRoot /var/www/sockey.api
<Directory /var/www/sockey.api>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorDocument 404 /index.html
ErrorLog ${APACHE_LOG_DIR}/sockey.api.error.log
CustomLog ${APACHE_LOG_DIR}/sockey.api.access.log combined
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:8081/$1 [P,L]
ProxyPass /socket.io http://localhost:8081/socket.io
ProxyPassReverse /socket.io http://localhost:8081/socket.io
</VirtualHost>
I was able to use Apache as a proxy for socket.io using this configuration:
RewriteEngine On
RewriteCond %{QUERY_STRING} transport=polling [OR]
RewriteCond %{REQUEST_URI} /socket.io/socket.io.js
RewriteRule /socket.io/(.*)$ http://localhost:8082/socket.io/$1 [P]
ProxyPass /socket.io/ ws://localhost:8082/socket.io/
ProxyPassReverse /socket.io/ ws://localhost:8082/socket.io/
It takes into account that there are two types of requests going over https: the request for the js file socket.io.js itself, and the polling requests.

Resources